Threat Outbreak Alert RuleID32722: Email Messages Distributing Malicious Software on May 8, 2018

2018-05-08T16:28:33
ID CISCO-THREAT-57826
Type ciscothreats
Reporter Cisco
Modified 2018-05-08T16:28:33

Description

Medium

Alert ID:

57826

First Published:

2018 May 8 16:28 GMT

Version:

1

Summary

  • Cisco Security has detected significant activity related to spam email messages distributing malicious software.

Email messages that are related to this threat (RuleID32722) may contain the following files:

Name | Size in Bytes | MD5 Checksum
---|---|---
RFQ.zip / RFQ.exe
| 655,360
| 0x60EBC9D0A92D36DDFB819911CB1787A7

The following text is a sample of the email message that is associated with this threat outbreak:

> Subject: Request for Quotation (RFQ). For the modernization of SOCAR Azerikimya petrochemical complex Project

> Message Body:

>
Dear Sirs
We are please to contact you from Technip Netherlands.
Regarding our awarded Project contract for modernization of SOCAR
Azerikimya petrochemical complex, for the engineering
procurement,
And construction (EPC) services for the SOCAR Azerikimya plant,
located in the city of Sumgait, Azerbaijan.
The scope of work for the above Azerikimya Project includes
1. The modernization of the EP-300 steam cracker with
construction of new cracker furnaces licensed by Technip,
2. The installation of a new refinery dry gas treatment unit, new
ethylene and propylene storage and related utilities and off-
sites facilities.
We would like to invite your company to participate by providing
FIRM pricing for the Equipment's / Material supply as listed in
our RFQ ATTACHMENT. Business / Project Requirements Portal, and
Bidder is highly requested to submit before the due date, Monday
14th MAY, 2018
The above project information is as below, for your kindly
reference
1. The Owner of the Project : The State Oil Company of the
Azerbaijan Republic (SOCAR)
2. Project Name : SOCAR Azerikimya Project
3. Project Location : Sumgait, Azerbaijan
For this (SOCAR Azerikimya Project) All the general project
documentations relating to this RFQ are hereby ATTACHED. Find
attachment for your kindly reference.
Please note that any, and all this SOCAR Azerikimya project
inquiry documents included in this RFQ are highly and strictly
confidential,
and should not be reviewed to any other Engineering Company or
other Organization, if we Technip Netherlands, did not authorize
You can find the below following documents for this RFQ package
on the ATTACHED RFQ:
1. RFQ Instructions To Bidders (Contains general project
information and requirements for information that should be
provided with your quote.)
2. TNSP-760-00-FM-51001- Terms and Conditions of Purchase
3. TNSP-760-05-FM-10013 - Export Packing, Marking, Preservation
and Documentation Guidelines
4. TNSP-830-00-FM-02045 - Technical Exclusion and Deviations
Summary Form
5. TNSP-830-05-SP-01004 - General Purchase Specification for
Equipment's / Materials
6. TNSP-760-05-GL-10004 - Guideline for Shipping & Equipment's /
Material Handling
We strongly request you to provide your best bid prices and
delivery for the Equipment's / Material services, for the above,
SOCAR Azerikimya Project, Earlier as to avoid delays on our
project construction schedule
Hope to your kindly, acknowledgement receipt response of this,
RFQ, by a return email, as to enable us, register your company in
our (TNSP) system date base, for further proceedings on this
project requirements. and also bidder's are required to clarify
there interest compliance. to participate on this, SOCAR
Azerikimya Project
Please confirm receipt of this request within 24 hours and advise
whether or not you will be able to provide your pricing in the
time allowed,
We will appreciate your assistance on this very important
project. If you have any questions, please do not hesitate to
let me know
Kind Regards,
Azerikimya Project: Project Procurement Manager / Project
Expeditor
Technip Benelux B.V.
Afrikaweg 30

Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.

Revision History

  • Version | Description | Section | Date
    ---|---|---|---
    1 | Initial release to report significant activity detected by Cisco Security on May 8, 2018. | — | 2018-May-08
    Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products