NUEVO MAIL MALICIOSO QUE ANEXA FICHERO TROYANO CON EXTENSION DOC PERO QUE ES REALMENTE UN RTF CON EXPLOIT

Nuevo mail de hoy que anexa fichero que resulta ser un RTF malicioso con exploit CVE 2017-8570, con remitente de .ga (Gabón) y .sg (Singapur)

El texto con el que llega es el siguiente:

____________

Asunto: FW: Swift Payment Copy – Incorrect Bank Details provided
De: “United Scientific Equipment Pte Ltd”<info@baziin.ga>
Fecha: 11/04/2019 15:01
Para: undisclosed-recipients:;

Good Morning,

Friday last week, we received your Proforma Invoice from your colleague for prepayment for our order.
While arranging payment, we noticed that the bank details are different from your old one.
Also when I try to reach your colleague, the email never gets replied. I suspect something might be wrong with his mail box.
Please find the attached payment slip draft from our bank and confirm that the bank details are correct.

I wrote with our second email box because we believe someone is blocking our emails to you from our main domain.

The invoice is also attached for your reference.

Waiting for your kind reply. Thank you.

Best Regards,

Yan Ting (Ms)

United Scientific Equipment Pte Ltd

48 Toh Guan Road East #09-97 Enterprise Hub Singapore 608586

Tel: +65 6472-2711 | Mobile: +65 9733-0685 | Fax: +65 6473-4145

Email: yanting@united.com.sg | Web: www.united.com.sg

anexado: bank swift.doc —> es realmente un RTF con exploit malicioso

__________

total ofrece el siguiente informe>

Como tantas veces recordamos que NO DEBE PULSARSE SOBRE FICHEROS NI ENLACES NI IMAGENES RECIBIDOS EN MAILS NO SOLICITADOS, pero además em este caso resulta ser realmente un RTF renombrada su extension a .DOC, lo cual ya se avisa en nuestro articulo al respecto:

blog.satinfo.es/2018/aviso-importante-sobre-mails-no-solicitados/

Esperamos que lo indicado les sea de utilidad

saludos

ms, 12-4-2019