Threat Outbreak Alert RuleID16483: Email Messages Distributing Malicious Software on September 30, 2015

2015-07-08T17:42:23
ID CISCO-THREAT-39791
Type ciscothreats
Reporter Cisco
Modified 2015-10-01T15:17:07

Description

Medium

Alert ID:

39791

First Published:

2015 July 8 17:42 GMT

Last Updated:

2015 October 1 15:17 GMT

Version:

13

Summary

  • Cisco Security has detected significant activity related to spam email messages distributing malicious software.

Email messages that are related to this threat (RuleID16483 and RuleID16483KVR) may contain the following files:

Name | Size in Bytes | MD5 Checksum
---|---|---
UMOWA KUPNA data 2015.07.06.(doc).zip /
UMOWA KUPNA data 2015.07.06.(doc).exe
| 203,264
| 0x9F71EBB36695DC21A426D27BF53C8993
baset.zip / baset.exe
| 18,776,064
| 0x9338A47BDEE408453A8F10F77B3AA1AE
Anexo.zip / Anexo.exe | 163,840
| 0xFBEF1F33900EC581C3C3276A25720E31
Quote.zip / Quote.exe | 355,993
| 0x881748B2F9E0688444A56E27CD8565F6

order.zip / order.exe
| 384,000 | 0x4FEE0FD36F8552EE826D18BC7F0A59B2
Order.zip / Order.exe | 190,283 | 0xd1A7C4EE6DD4579503ECD2983C9261FF

Cupom.zip / Cupom.exe
| 39,628 | 0x474F485E7F2B3C0CB7E25DCB24E4853D
ORDER.zip / ORDER.exe | 660,480 | 0x92A452EE164FDEBBAA7BAE33649BFF59
order.zip/order.exe | 1,034,373 | 0x6BD7E6911CD8BC66BC9D5C1AE7EFC52A
Order.zip / Order.exe | 365,400
| 0x3E0A20DD31BED77946BCAE4DA75F1FF2

SWIFT.zip / SWIFT.exe | 652,288
| 0xFEE7A07BFB8A89997CB5E689ACD2A1AB

Image.zip / Image.exe | 562,688
| 0x922E71EE23B58BA3B5C703756E9DD4B7

Order.zip / _Approved01.exe | 801,792
| 0x7115B95F48845054A1ADAFAEAECF354D

Fedex.zip / Fedex.exe | 643,584
| 0x6D5589833DA0BA973EDF06C411C91AAE

The following text is a sample of the email message that is associated with this threat outbreak:

>
Subject: PD: w zal. - umowa

Message Body:

Pozdrawiam

Or

>
Subject: Curriculo + Carta de Recomendacao - 6703502

Message Body:

É uma honra poder entrar em contato com você, como me foi repassado, estou entrando em contato pois,
tenho o maior interesse em voltar ao mercado de trabalho, e encontra-se em anexo o meu currículo.
Espero que possa apreciar e me indicar para algum cargo. Obrigada.
Atenciosamente,

Or

>

> Subject: Quote for BCL-381814-07-2015

Message Body:

Hello,
We have matched a Bid Announcement with your company for our old client Please
see the detailed bid information below:
Bid Identifier:BCL-381814-07-2015
Specification: Attached
This bid will appear on top of the attached demands doc for to you give us the total calculation.
This order is needed from one of my client and it is urgent, your reply to this mail with your best price.
Thanks & Regards

Or

> Subject: Order

Message Body:

Hello,
Kindly find attached order and get back to us with your price list.
Thank you.

Or

> Subject: Promocao Dias Dos Pais & Cacau Show - Vale Cupom 8369324

Message Body:

PROMOCAO DIAS DO PAIS CACAU SHOW
CLIENTE PREMIADO DIAS DOS PAIS
Caro cliente premiado dias dos pais acaba de ganha um vale cupom de
presente da Cacau Show para presentea seu pai no dia especial para ele.
Imprima agora seu vale cupom e compareca a uma de nossas lojas e escolher
entrei os quatro produtos disponivel da promocao Dias Dos Pais.
Todas informacoes sobre o seu vale presente estao no cupom anexado,
basta imprimir e escolher um dos quatro produtos abaixo da promocao.
pai vc e show
mini show

Or

>
Subject: Purchase order

Message Body:

**Dear sir/Madam,
Please find attached purchase order and get back with your best price for
my companys perusal.
Thank you.
Peter Lyon
Dear sir/Madam,
Please find attached purchase order and get back with your best price for
my companys perusal.
Thank you.
Peter Lyon

**

Or

> Subject: NEW ORDER SPECIFICATIONS

Message Body:

Good Day,
I have attached the Order specifications,we are ready to proceed with the Order,
please confirm us your best price and send contract,invoice for us to sign and send back .
Payment will be 100% by irrevocable & confirmed TT or L/C at sight Validity
Kind Regards,

Or

> Subject: FOB & CIF price

Message Body:

Good Morning
We request you to quote your best FOB & CIF price for the supply of
your products listed in the attached listing document along with the information
of availability and delivery time.
please follow the procedures on the attached file to view the product lists, samples, and specifications.
Waiting for your urgent response
Best regards,

Or

> Subject: SWIFT

Message Body:

Good Day
We have made the payment this morning 9/23/2015
Please find attached the payment swift copy and advice when you are to complete the shipment.
As delivery is important to us.
Best regards
General manager

Or

> Subject: Hello

Message Body:

Dear Sir/Madam,
I'm the purchasing manager of NZ Trading Ltd.
My company has directed me to purchase certain products and from our research you deal on those items.
We are hereby attaching the products we want to purchase for your perusal.
Could you please give us a favorable quote?
We await your response ASAP.
Purchasing Manager

Or

>
Subject: Approval needed

Message Body:

Hello,
Please kindly let us know if you need more information.
Best regards,

Or

> Subject: FedEx International Mail Service‏

Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.

Related Links
Cisco Security
Cisco SenderBase Security Network

Revision History

  • Version | Description | Section | Date
    ---|---|---|---
    13 | Cisco Security has detected significant activity on September 30, 2015. | | 2015-October-01 15:17 GMT
    12 | Cisco Security has detected significant activity on September 29, 2015. | | 2015-September-30 12:52 GMT
    11 | Cisco Security has detected significant activity on September 26, 2015. | | 2015-September-28 12:42 GMT
    10 | Cisco Security has detected significant activity on September 17, 2015. | | 2015-September-18 12:51 GMT
    9 | Cisco Security has detected significant activity on August 19, 2015. | | 2015-August-19 19:25 GMT
    8 | Cisco Security has detected significant activity on August 13, 2015. | | 2015-August-14 13:22 GMT
    7 | Cisco Security has detected significant activity on August 7, 2015. | | 2015-August-10 14:31 GMT
    6 | Cisco Security has detected significant activity on July 30, 2015. | | 2015-July-30 19:04 GMT
    5 | Cisco Security has detected significant activity on July 22, 2015. | | 2015-July-23 12:37 GMT
    4 | Cisco Security has detected significant activity on July 17, 2015. | | 2015-July-20 13:14 GMT
    3 | Cisco Security has detected significant activity on July 16, 2015. | | 2015-July-17 13:52 GMT
    2 | Cisco Security has detected significant activity on July 14, 2015. | | 2015-July-16 11:18 GMT
    1 | Cisco Security has detected significant activity on July 7, 2015. | | 2015-July-08 17:42 GMT
    Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products