Rewterz Threat Alert – “GPI CODE” Scam Targeting Corporate Sector

Severity

Medium

Analysis Summary

Recently, there has been an increase in malicious e-mails with PDF attachments explaining the benefits of using GPI CODE. These emails are targeting corporate sector (mainly small institutions which are not connected to SWIFT) and banks. These e-mails usually come from senders who represent small companies that offer an interesting business proposal if the recipient can do business using a “GPI CODE”. To make the emails appear legitimate, the emails contain operating procedures and documentation attached as files. Attached below are the screenshots.

Impact

Unknown

Indicators of Compromise

Filename

• GPI CODE FEATURES updated[.]pdf

MD5

• 4513d091c86a464b4d95c75f874ab561

SHA-256

• cb0165a3bfade6ff0286069ba2100427c76dcdd71c976514f02fb3527e3cda11

SHA1

• 16e619ce78d3ef66ffb26f5cc5b5a0506661b129

Remediation

• Block the threat indicators at respective controls.
• Be vigilant when receiving new business opportunities from unknown sources.