Threat Outbreak Alert RuleID32382: Email Messages Distributing Malicious Software on April 5, 2018

2018-04-09T19:32:09
ID CISCO-THREAT-57421
Type ciscothreats
Reporter Cisco
Modified 2018-04-09T19:32:09

Description

Medium

Alert ID:

57421

First Published:

2018 April 9 19:32 GMT

Version:

1

Summary

  • Cisco Security has detected significant activity related to spam email messages distributing malicious software.

Email messages that are related to this threat (RuleID32382) may contain the following files:

Name | Size in Bytes | MD5 Checksum
---|---|---
5001-200 ENPPI Bid doc.rar / 5001-200 ENPPI Bid doc.exe
| 396,288
| 0xC69F5093DFF8BFD2940420E1462C4007

The following text is a sample of the email message that is associated with this threat outbreak:

Subject: RFQ PETROSALAM Bid Materials materials for 5001-200 ENPPI

Message Body:

Dear Sir,
Hope you are fine,
We are leading Engineering Company for Petroleum & Process Industries "ENPPI", one of the Egyptian General Petroleum Corporation Companies.
We are acting on behalf of PETROSALAM to carry out the Detailed Engineering, Procurement services for all attached equipment and materials for 5001-200, PETROSALAM, Offshore Production Unit with Drilling Offshore Jack-Up Rig.
We are pleased to invite you to submit your firm Bid on/or before BID DUE DATE shown in our request, we kindly request you acknowledge if attached specified product are in your production and submit your best selling prices the following:
1- Material requisition for quotation
2- Request for Quotation
You have to confirm your intention to quote on/before the due date mentioned in the R.F.Q within 3 days max.
You have to provide your company stamp on all bid documents (Technical offer, terms and conditions, specifications and all attachments), For the purpose of acceptance to the documents to facilitate offers evaluation accordingly.
Note that, above captioned project is scheduled for mid of May, your offer shall be valid for a period of 08 Weeks. Based upon project start date, we can accept the material deliveries starting 06-08 Weeks from now, provided your offer is technically acceptable and commercially competitive.
Furthermore, please be informed that this is complete material for 27 identical units. Delivery shall be progressive and according to our delivery and fabrication schedule (to be shared later). The unit rate shall remain firm for the complete lot of material.
Thanking you and looking forward to revive the most competitive offered latest by April 06, 2018.
Kind Regards,
Procurement Engineer
Enviromental Please consider the environment before printing this email
This Email and any attachments may contain HCT confidential and privileged information.If you are not the intended recipient, please notify the sender immediately by return email, delete this email and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. Unless otherwise stated, opinions expressed in this email are those of the author and are not endorsed by the author's employer.
The information in this email and any attachments are confidential and solely for the use of the individual or entity to whom it is addressed to and authorized to receive it. If you are not the intended recipient, be advised that you have received this email in error and that any use, disclosure, copying, distribution or taking any action in reliance on the content of this information is strictly prohibited and may be unlawful. If you have received this email in error, please delete along with any attachments and inform the Higher Colleges of Technology immediately at disclaimer@hct.ac.ae. We do not guarantee the integrity of any emails or attachments and are not responsible for any changes made to them by any other person.

Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.

Revision History

  • Version | Description | Section | Date
    ---|---|---|---
    1 | Initial release to report significant activity detected by Cisco Security on April 5, 2018. | — | 2018-April-09
    Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products