From Raashida Sufi [Raashida.Sufii@dmgmedia.co.uk]I have seen three different versions of the malicious attachment Invoice.doc (VirusTotal results   ). The Malwr analysis of these documents    shows that the payload is identical to the Dridex banking trojan described here.
Date Tue, 19 Jan 2016 11:40:37 +0300
Subject Daily Mail - Payment overdue
I have currently taken over from my colleague Jenine so will be your new POC going
I have attached an invoice that is currently overdue for £360.00. Kindly email me
payment confirmation today so we can bring your account up to date?
Credit Controller, dmg media Finance Services
Telephone: +44(0)203 615 5083 Email: Raashida.Sufi@dmgmedia.co.uk
Shared Values: Customer Focus, Excellence, Innovation, Integrity, Teamwork, Accountability,
P.O. Box 6795, St. George Street, Leicester, LE1 1ZP
This e-mail and any attached files are intended for the named addressee only. It
contains information, which may be confidential and legally privileged and also protected
by copyright. Unless you are the named addressee (or authorised to receive for the
addressee) you may not copy or use it, or disclose it to anyone else. If you received
it in error please notify the sender immediately and then delete it from your system.
Associated Newspapers Ltd. Registered Office: Northcliffe House, 2 Derry St, Kensington,
London, W8 5TT. Registered No 84121 England.