Threat Outbreak Alert RuleID21991: Email Messages Distributing Malicious Software on March 30, 2016

2016-03-30T19:22:03

Description

Medium Alert ID: 44370 First Published: 2016 March 30 19:22 GMT Version: 1 ## Summary * Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID21991) may contain the following files: **Name** | **Size in Bytes** | **MD5 Checksum** ---|---|--- SWIFT_remittance_advice_75.doc | Not Available | 0xBA5D4B3DC99F0C6C120F851EEEA213C1 The following text is a sample of the email message that is associated with this threat outbreak: > Subject: **SWIFT Remittance Advice (25/02/16)** Message Body: **Please find attached your remittance advice. If you do have any queries regarding this remittance advice, please contact: Threadneedle (Supplier Reference beginning TP) Tel No: 01242 415 288 Fax No: 02095 423 614 Email: Property-AccountsPayable@threadneedle.co.uk GBR Phoenix Beard (Supplier Reference beginning PB) Tel No: 02038 743 240 Fax No: 02032 084 533 Email: Rita.stoddard@gbrpb.com Colliers International (Supplier Reference beginning CI) Tel No: 02004 526 666 Fax No: 02051 521 371 Email: tpilclientaccountsteam@colliers.com Workman LLP (All Other Supplier References) Tel No: 02047 862 231 Fax No: 02027 730 082 Email: brian.gulliver@workman.co.uk Regards Keneth Randall Accounts Payable Threadneedle Property Investments Ltd Calls may be recorded. CONFIDENTIALITY: The information in this e-mail and any attachment is confidential. It is intended only for the named recipient(s). If you are not a named recipient, please notify the sender immediately and do not read, use, copy or disseminate this information. DISCLAIMER: The internet is not secure. Although reasonable care has been taken to minimise some risks from the internet there is no guarantee that this email and any attachment is or remains free from viruses or any other defects. Unless otherwise expressly authorised and stated to be the view of any legal entity, any views expressed in this message are those of the individual sender. Any and all liability is excluded to the maximum extent permitted by law. CONDITIONS: Any offer contained within this communication is subject to contract and formal approval by the legal entity giving the offer. Threadneedle Asset Management Limited (Entered on the FCA Register - FCA Number 1463499), Threadneedle Investment Services Limited (FCA Number 68554), Threadneedle Portfolio Services Limited (FCA Number 182861),Threadneedle International Limited (FCA Number 7376699), Threadneedle Unit Trust Manager Limited (FCA Number901337) and Threadneedle Navigator ISA Manager Limited (FCA Number 826963). Authorised and regulated by the Financial Conduct Authority - www.fca.org.uk/. Threadneedle Pensions Limited (authorisation number 20614) Threadneedle Pensions Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority. hxxp://www.bankofengland.co.uk/PRA/ Registered Address: Cannon Place, 78 Cannon Street, London EC4N 6AG** Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user. **Related Links** [Cisco Security](<http://www.cisco.com/security>) [Cisco SenderBase Security Network](<http://www.senderbase.org/>) ## Revision History * Version | Description | Section | Date ---|---|---|--- 1 | Initial Release | | 2016-March-30 19:22 GMT Show Less * * * ## Legal Disclaimer * THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products

{"id": "CISCO-THREAT-44370", "type": "ciscothreats", "bulletinFamily": "info", "title": "Threat Outbreak Alert RuleID21991: Email Messages Distributing Malicious Software on March 30, 2016", "description": "Medium\n\nAlert ID: \n\n44370\n\nFirst Published:\n\n2016 March 30 19:22 GMT\n\nVersion: \n\n1\n\n## \n\nSummary \n\n * Cisco Security has detected significant activity related to spam email messages distributing malicious software. \n \nEmail messages that are related to this threat (RuleID21991) may contain the following files: \n \n**Name** | **Size in Bytes** | **MD5 Checksum** \n---|---|--- \nSWIFT_remittance_advice_75.doc \n| Not Available \n| 0xBA5D4B3DC99F0C6C120F851EEEA213C1 \n \n \nThe following text is a sample of the email message that is associated with this threat outbreak: \n\n\n> Subject: **SWIFT Remittance Advice (25/02/16)** \n \nMessage Body: \n \n**Please find attached your remittance advice. \nIf you do have any queries regarding this remittance advice, please contact: \nThreadneedle (Supplier Reference beginning TP) \nTel No: 01242 415 288 \nFax No: 02095 423 614 \nEmail: Property-AccountsPayable@threadneedle.co.uk \nGBR Phoenix Beard (Supplier Reference beginning PB) \nTel No: 02038 743 240 \nFax No: 02032 084 533 \nEmail: Rita.stoddard@gbrpb.com \nColliers International (Supplier Reference beginning CI) \nTel No: 02004 526 666 \nFax No: 02051 521 371 \nEmail: tpilclientaccountsteam@colliers.com \nWorkman LLP (All Other Supplier References) \nTel No: 02047 862 231 \nFax No: 02027 730 082 \nEmail: brian.gulliver@workman.co.uk \nRegards \nKeneth Randall \nAccounts Payable \nThreadneedle Property Investments Ltd \nCalls may be recorded. \nCONFIDENTIALITY: The information in this e-mail and any attachment is confidential. \nIt is intended only for the named recipient(s). If you are not a named recipient, please notify the sender immediately and do not read, use, copy or disseminate this information. \nDISCLAIMER: The internet is not secure. Although reasonable care has been taken to minimise some risks from the internet there is no guarantee that this email and any attachment is or remains free from viruses or any other defects. Unless otherwise expressly authorised and stated to be the view of any legal entity, any views expressed in this message are those of the individual sender. Any and all liability is excluded to the maximum extent permitted by law. \nCONDITIONS: Any offer contained within this communication is subject to contract and formal approval by the legal entity giving the offer. \nThreadneedle Asset Management Limited (Entered on the FCA Register - FCA Number 1463499), Threadneedle Investment Services Limited (FCA Number 68554), Threadneedle Portfolio Services Limited (FCA Number 182861),Threadneedle International Limited (FCA Number 7376699), Threadneedle Unit Trust Manager Limited (FCA Number901337) and Threadneedle Navigator ISA Manager Limited (FCA Number 826963). Authorised and regulated by the Financial Conduct Authority - www.fca.org.uk/. Threadneedle Pensions Limited (authorisation number 20614) Threadneedle Pensions Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority. hxxp://www.bankofengland.co.uk/PRA/ Registered Address: Cannon Place, 78 Cannon Street, London EC4N 6AG** \n\n\nCisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user. \n \n**Related Links** \n[Cisco Security](<http://www.cisco.com/security>) \n[Cisco SenderBase Security Network](<http://www.senderbase.org/>)\n\n## \n\nRevision History \n\n * Version | Description | Section | Date \n---|---|---|--- \n1 | Initial Release | | 2016-March-30 19:22 GMT \nShow Less\n\n* * *\n\n## \n\nLegal Disclaimer \n\n * THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME. \n\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products \n", "published": "2016-03-30T19:22:03", "modified": "2016-03-30T19:22:03", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://tools.cisco.com/security/center/viewThreatOutbreakAlert.x?alertId=44370", "reporter": "Cisco", "references": [], "cvelist": [], "lastseen": "2018-07-26T11:56:40", "viewCount": 36, "enchantments": {"score": {"value": 0.2, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.2}, "ciscoThreat": {"md5": "0xBA5D4B3DC99F0C6C120F851EEEA213C1", "subject": "SWIFT Remittance Advice (25/02/16)", "messageBody": "Please find attached your remittance advice.\nIf you do have any queries regarding this remittance advice, please contact:\nThreadneedle (Supplier Reference beginning TP)\nTel No: 01242 415 288\nFax No: 02095 423 614\nEmail: Property-AccountsPayable@threadneedle.co.uk\nGBR Phoenix Beard (Supplier Reference beginning PB)\nTel No: 02038 743 240\nFax No: 02032 084 533\nEmail: Rita.stoddard@gbrpb.com\nColliers International (Supplier Reference beginning CI)\nTel No: 02004 526 666\nFax No: 02051 521 371\nEmail: tpilclientaccountsteam@colliers.com\nWorkman LLP (All Other Supplier References)\nTel No: 02047 862 231\nFax No: 02027 730 082\nEmail: brian.gulliver@workman.co.uk\nRegards\nKeneth Randall\nAccounts Payable\nThreadneedle Property Investments Ltd\nCalls may be recorded.\nCONFIDENTIALITY: The information in this e-mail and any attachment is confidential.\nIt is intended only for the named recipient(s). If you are not a named recipient, please notify the sender immediately and do not read, use, copy or disseminate this information.\nDISCLAIMER: The internet is not secure. Although reasonable care has been taken to minimise some risks from the internet there is no guarantee that this email and any attachment is or remains free from viruses or any other defects. Unless otherwise expressly authorised and stated to be the view of any legal entity, any views expressed in this message are those of the individual sender. Any and all liability is excluded to the maximum extent permitted by law.\nCONDITIONS: Any offer contained within this communication is subject to contract and formal approval by the legal entity giving the offer.\nThreadneedle Asset Management Limited (Entered on the FCA Register - FCA Number 1463499), Threadneedle Investment Services Limited (FCA Number 68554), Threadneedle Portfolio Services Limited (FCA Number 182861),Threadneedle International Limited (FCA Number 7376699), Threadneedle Unit Trust Manager Limited (FCA Number901337) and Threadneedle Navigator ISA Manager Limited (FCA Number 826963). Authorised and regulated by the Financial Conduct Authority - www.fca.org.uk/. Threadneedle Pensions Limited (authorisation number 20614) Threadneedle Pensions Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority. hxxp://www.bankofengland.co.uk/PRA/ Registered Address: Cannon Place, 78 Cannon Street, London EC4N 6AG", "files": "SWIFT_remittance_advice_75.doc", "size": null}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645420625, "score": 1659800006, "epss": 1678863173}, "_internal": {"score_hash": "d770bb5296878be39055e48231f02495"}}