Threat Outbreak Alert RuleID28890: Email Messages Distributing Malicious Software on April 26, 2017

2017-04-26T17:30:53
ID CISCO-THREAT-53578
Type ciscothreats
Reporter Cisco
Modified 2017-04-26T17:30:53

Description

Medium

Alert ID:

53578

First Published:

2017 April 26 17:30 GMT

Version:

1

Summary

  • Cisco Security has detected significant activity related to spam email messages distributing malicious software.

Email messages that are related to this threat (RuleID28890) may contain the following files:

Name | Size in Bytes | MD5 Checksum
---|---|---
Ship particulars & Final Prov Stwg 04-17 (2).zip / Ship particulars & Final Prov Stwg 04-17.pif
| 947,200
| 0xE613372B5A490B4C3B6FE8A3A9454F17

The following text is a sample of the email message that is associated with this threat outbreak:

> Subject: LUMPHINI PARK / V4-17 - ZODIAC D/A PROFORMA REQUEST MSG#:<7711402>**

Message Body:

DEAR SIRS/MADAM,
WE ARE OWNERS' MANAGERS FOR THE ABOVE VESSEL SCHEDULED TO CALL YOUR PORT FOR DISCHARGE ONLY ETA ABOUT 16/05/17 ALL GOING WELL AND WEATHER
PERMITTING.
THE VESSEL HAS BEEN FIXED UNDER A VOYAGE CHARTER TO MESSRS #CHARTERER#. CHARTERERS, IN ACCORDANCE WITH THE CHARTER PARTY TERMS, HAVE NOMINATED
YOURSELVES AS THE AGENTS FOR THIS CALL.
ACCORDINGLY WE ARE PLEASED TO CONFIRM YOUR APPOINTMENT AS AGENTS FOR THE SUBJECT VESSEL'S CALL ETA ABOUT 16/05/17 ALL GOING WELL AND WEATHER
PERMITTING.
FOR YOUR GUIDANCE THE VESSEL'S MAIN PARTICULARS/FINAL STOWAGE PLAN ARE ATTACHED:
PLEASE ADVISE ANY RELEVANT INFORMATION WHICH YOU CONSIDER SHOULD BE BROUGHT TO THE NOTICE OF THE OWNERS OR THE MASTER CONCERNING PORT REGULATIONS,
RESTRICTIONS AND REQUIREMENTS. PLEASE LIASE CLOSELY WITH MASTER TO ENSURE THAT HE IS AWARE OF ALL PORT REGULATIONS WITH REGARD TO HEALTH, SAFETY AND
ENVIRONMENTAL ISSUES SUCH AS BUNKERING, BALLAST EXCHANGE, GARBAGE, DUNNAGE REMOVAL ETC. PLEASE KEEP OWNERS/MASTER POSTED WITH VESSEL'S PROSPECTS.
PLEASE SUBMIT BREAKDOWN OF ESTIMATED PORT DISBURSEMENTS AND AGENCY FEE.
PLEASE REVERT WITH YOUR MOST COMPETITIVE ITEMISED QUOTE FOR OWNER'S CONSIDERATION. ORDER ENABLES NECESSARY PROCEDURES TO BE COMPLETED FOR PAYMENT TO
YOURSELVES ACCORDINGLY.
THE OWNERS OF THE VESSEL AND ZODIAC MARITIME AS THE MANAGERS OF THE VESSEL, DO NOT PERMIT THE PAYMENT OF ANY EX-GRATIA PAYMENTS TO ANY OFFICERS OR
PORT OFFICIALS, NOR DO THEY ACCEPT SUCH PAYMENTS BEING MADE BY AGENTS ON THEIR BEHALF.
THIS AGENCY APPOINTMENT IS ID 18953, AND WAS MADE BY EMILE DE BARR.
THE VESSEL HAS BEEN FIXED UNDER A VOYAGE CHARTER TO OCP DATED 02-12-2016 TO DISCHARGE AS FOLLOWS
CARGO: PHOSPHORIC ACID
QUANTITY: AS ATTACHED PROVISIONAL
LOADPORT: SAFI
1- IN CASE THE DISCHARGING IS PLANNED AT MORE THAN ONE BERTH, PLEASE ADVISE. SHIFTING COSTS ARE FOR CHARTERERS ACCOUNT AS PER C/P.
2- PLEASE ARRANGE AT CHARTERERS TIME AND COST FOR ANY DISPOSAL OF MARPOL/ANNEX2 REQUIRED PREWASH (E.G LAURIC ACID) AT A SUITABLE RECEPTION
FACILITY/BARGE.
3- PLEASE KEEP US UPDATED WITH BERTHING PROSPECTS AND ETC /ETD. ETA NOTICES AND NOTICE OF READINESS (WHETHER VESSEL IN BERTH OR NOT) FROM THE MASTER
ARE TO BE PASSED TO ALL CONCERNED PARTIES PROMPTLY.
4- KINDLY ADVISE ANY RELEVANT PORT INFORMATION SUCH AS RESTRICTIONS, DRAFTS, DEPTH, PORT REGULATIONS AND REQUIREMENTS (INCLUDING LOCAL ENVIRONMENTAL
REGULATIONS, BALLAST WATER EXCHANGE REQUIREMENTS, ETC) AND IN PARTICULAR ANYTHING THAT WILL AFFECT VESSEL'S ABILITY TO LOAD AND SAIL FROM
DISCHARGING TERMINAL.
5- PLEASE PROVIDE THE MASTER/US WITH DETAILS OF PFSO, SECURITY CONTACT DETAILS, CURRENT LEVEL OF SECURITY IN PORT AND ANY SPECIFIC REQUIREMENTS IN
PLACE.
6- CARGO DOCUMENTS (INCLUDING AGENTS/TERMINAL?S SIGNED COPY OF STATEMENT OF FACTS) SHOULD BE EMAILED TO OUR OFFICE UPON VESSEL'S SAILING. THESE
DOCUMENTS MUST BE COUNTER SIGNED BY SHIPPERS OR THEIR REPRESENTATIVES. THIS IS ESPECIALLY IMPORTANT FOR ANY NOTES OF PROTEST ISSUED BY THE MASTER.
7- FOR VESSEL COMMUNICATION, E-MAIL IS OUR PREFERABLE MEANS OF COMMUNICATION. ALL MESSAGES TO VESSEL MUST BE COPIED TO US. ALL EMERGENCY MESSAGES
SHOULD STILL BE SENT BY TELEX AS WELL AS EMAILS, THE COST BEING COVERED BY ZODIAC.
8- Initial information:
===================
Upon receipt of this message please furnish the Master with copy to operations of all relevant information not limited to but such as:
A-Berthing prospects including total estimated time in port
B- Name of scheduled berth(s) including number and size of cargo & vapor connections
C- Confirm that all the hoses will be provided by the terminal/receiver/barge etc
D- Estimated time alongside each berth and expected average discharge rate.
E- Side alongside each berth(s).
F- Night navigation restrictions (if applicable).
G- Number of tugs to be used.( if compulsory)
H- Maximum allowed drafts in the channels, approaches and at all scheduled berths, including information as to minimum water depths at these
locations. Include information as to any local policy by relevant authorities.
I- Maximum allowed drafts at the scheduled berth(s), channel(s), approach(es) including information of actual water depths at these locations so
that an assessment of Underkeel Clearance can be done. Also include information as to any local UKC policy by relevant authorities.
J-All other relevant port / berth restrictions (e.g. compulsory towage, no night time navigation, etc)
K-Tide table if applicable
9 - PLEASE BE CERTAIN ALSO TO ACKNOWLEDGE RECEIPT TO THE MASTER OF ANY MESSAGES FROM THE VESSEL SO THAT MASTER IS AWARE THAT YOU HAVE RECEIVED SAME.
Kindest Regards

Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.

Revision History

  • Version | Description | Section | Date
    ---|---|---|---
    1 | Initial release to report significant activity detected by Cisco Security on April 26, 2017. | — | 2017-April-26
    Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products