Threat Outbreak Alert RuleID22311: Email Messages Distributing Malicious Software on April 22, 2016

2016-04-18T13:59:04
ID CISCO-THREAT-44710
Type ciscothreats
Reporter Cisco
Modified 2016-04-22T18:56:15

Description

Medium

Alert ID:

44710

First Published:

2016 April 18 13:59 GMT

Last Updated:

2016 April 22 18:56 GMT

Version:

5

Summary

  • Cisco Security has detected significant activity related to spam email messages distributing malicious software.

Email messages that are related to this threat (RuleID22311 and RuleID22311KVR) may contain the following files:

Name | Size in Bytes | MD5 Checksum
---|---|---
30reilly.zip / charisma.exe
| 276,480
| 0x00940BC192047D81602E2B2A1859AD0F
morris79.zip / devyn.exe | 261,632 | 0xBBF1838B8510BCE40A52756BC8AD0F44

wisdom24.zip / lockwood.exe | 265,728 | 0x7A9C796266C86D9A0DDB573138F68288
13dorothy.zip / madelaine.exe | 258,560 | 0x6252225F519506DA17CA9741CFB5C67B
jessika37.zip / simmons.exe | 262,144
| 0x1C2D90AEA144742170AE7AEEC39F1382
martin31.zip / kaylyn.exe | 286,208 | 0x575FAAC20ADBBBA2B9AF7C9013AABA03
driscoll16.zip / edmund.exe | 516,096
| 0x81B1715C69D4FCAD007E6D6B75448E52

alden25.zip / fay.exe | 518,656 | 0xC286FF72312B88AEDAC69893B693808A

The following text is a sample of the email message that is associated with this threat outbreak:

> Subject: Di recente,lei ha ottenuto un appunto audio

Message Body:

breve Immagine rimossa dal
mittente. WhatsApp

Or

> Subject: A sound warning has been downloaded!

Or

> Subject: A video mail was delivered.

Or

> Subject: Perdió un documento vocal

Or

> Subject: A short video file has been downloaded.

Message Body:

WhatsApp
Attachment: (12: 35 PM)

Or

> Subject: A voice notice was transfered!

Or

> Subject: Eine akustische Akte wurde downgeloadet
Das Bild wurde vom Absender entfernt. WhatsApp
Angeheftet: Ingeburg Kunst (07:49 AM)

Or

> Subject: Ai descarcat cu putin timp in urma un anunt audio

Message Body:

WhatsApp

Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.

Related Links
Cisco Security
Cisco SenderBase Security Network

Revision History

  • Version | Description | Section | Date
    ---|---|---|---
    5 | Cisco Security has detected significant activity on April 22, 2016. | | 2016-April-22 18:56 GMT
    4 | Cisco Security has detected significant activity on April 21, 2016. | | 2016-April-21 12:28 GMT
    3 | Cisco Security has detected significant activity on April 18, 2016. | | 2016-April-20 13:19 GMT
    2 | Cisco Security has detected significant activity on April 18, 2016. | | 2016-April-18 18:16 GMT
    1 | Cisco Security has detected significant activity on April 17, 2016. | | 2016-April-18 13:59 GMT
    Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products