Rewterz

Rewterz Threat Alert – Magento Stores Hacking

September 16, 2020
Rewterz

Rewterz Threat Alert – Rudeminer, Blacksquid and Lucifer DDoS Attacks

September 16, 2020

Rewterz Threat Alert – IcedID banking Trojan – IOCs

Severity

High

Analysis Summary

IcedID banking trojan first appeared in the threat landscape in 2017, it has capabilities similar to other financial threats like Gozi, Zeus, and Dridex. Researchers first analyzed it noticed that the threat does not borrow code from other banking malware, but it implements comparable capabilities, including launching man-in-the-browser attacks, and intercepting and stealing financial information from victims. The attachment comes in the form of password-protected zip attachment asking user to enable macros which leads to installer dll and execution of IceID.exe.

Impact

  • Stealing financial information
  • Exposure of sensitive data 

Indicators of Compromise

SHA-256

  • 9555ea9a1909120dd9be988d91cad345302b38884d2343ee16ab994ac6c5c7df
  • beeec802fbc1b3669eea5bcb0dbecda60786e9911c08be2bf4025af1eae55f03
  • 5c89cd7df8d50da7bac65f5eac60deeb668a41604c209e68902e90c8447efd98
  • ec66541255d8c41caa9e4d7fbed1e580c410671124a0a0c6f1aac140a80e23da
  • d10fd0bb3004fe19b9b286c60f6fc30621cd875d21e5020391145d3830e59b21
  • 57860656b14305825893eec23084f2170e79044d8253f13b25a505281256aa31
  • 316e2af251e7d6eb7f50c04a3747853f208b0f21bc5477447bb9a742c4dadc82
  • 563071255dd2ac36f86ec3ecd6dfd0ce5c8ff09fdf700c9a14ce29d48287a34a
  • 2ea2879f8942ec62a686861bf860838e1d999a9df4e206e786e338f40235d8b2
  • d2fbe0ca20c66a8df7663ca95d4ffe3b2d7a5fc284e8bf4b861029ae60ab6927
  • cd57ed9b1dcd92b383db09f3c2de686355b1f4abe9bc902a0d1632161b990bf6
  • 431e35ca85f5e28a303866833f5a780d5ff7ea1f079ab31c76f1ea0d3121d4b1
  • a21eaa46b493488c94b9021143fd30fe432726bc6e8ad01088609c251bb990d2
  • f215a8f3bb61b1c2f6213c790f76058559947f92b2732cde1e82e9a39396dae2
  • e31ae107b6d2f74f1bee459d67897a96f167c24c38ca84d75a51f320d1683f1a
  • 758a9965c32ec6a916721a2a1b9925afafe65ab11899c71ff0a8a2c6d1eb043e
  • 191f3a21827b412cbe583c4a0d2e6ef20732326c7ce3a1434fd2b47e7b6186b5
  • 1624672f2d51c3999c48c65bd2d7f5cc40750cd592f943245c3f903276a45278
  • 1f57a13b9b3b7684744ea350b05211c00d889079698f31dad6866d834a1717f1
  • 62238cb1bf6d80648da90206e430a98382e2e1c3a59bba441b477bc63d2dac81

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment. 

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.