2015 October 7 19:29 GMT
2015 October 8 13:49 GMT
Email messages that are related to this threat (RuleID18533 and RuleID18533KVR) may contain the following files:
Name | Size in Bytes | MD5 Checksum
fax_9397811_138772686_Internet.zip / 518443736449.exe
fax_086531948_0341983892_Internet.zip / 997868581118.exe | 23,040 | 0xAC7521F6D475A5292970CE7C9C17713E
131202_858506.zip / 866358222578.exe | 52,224
The following text is a sample of the email message that is associated with this threat outbreak:
> Subject: hi, fax 9397811
INVOICE #9397811 TOTAL 138772686.35
> Subject: Internet Fax Job
Image data has been attached.
Subject: Undeliverable: hi, fax 086531948
Your message to email@example.com couldn't be delivered.
aurelia.noran wasn't found at ausenco.com.au
aterin.al-salman Office 365 aurelia.noran
Action Required Recipient
Unknown TO address
How to Fix It
The address may be misspelled or may not exist. Try the following:
Retype the email address then resend the message.
Clear the recipient nickname cache in Outlook or Outlook Web App by following the steps in this
article: NDR Response Code 5.1.10 in Exchange Online and Office 365.
Contact the recipient (by phone or instant messaging, for example) to check that the address is correct.
The recipient may have set up mail forwarding to an incorrect address. Ask them to check that any forwarding they've set up is working correctly.
If the problem continues, forward this message to your email admin.
Was this helpful? Send feedback.
> Subject: Company notice
Attached you'll find the inter-company invoice for the period from October 2014 till October 2015.
Thank you for support in setting up this process.
Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products