Rewterz Threat Alert – IconDown Downloader used by Attack Group BlackTech

October 24, 2019

Severity

Medium

Analysis Summary

IconDown Downloader used by Attack Group BlackTech targeting different Japanese organizations. Although it has not been confirmed by what means IconDown is installed / executed, according to the blog published by ESET, it has been confirmed that the update function of ASUS WebStorage is exploited. It is said that. This time, details of IconDown confirmed in the Japanese organization.

Indicators of Compromise

Domain Name

panasocin[.]com

Hostname

update[.]panasocin[.]com

SHA256

2e789fc5aa1318d0286264d70b2ececa15664689efa4f47c485d84df55231ac4
6bf301b26a919f86655e4ccb20237cc3b6b6888f258d96aac4d62df7980e51a5
634839b452e43f28561188a476af462c301b47bddd0468dd8c4f452ae80ea0af

Remediation

Block all threat indicators at your respective controls.
Always be suspicious about emails sent by unknown senders.
Never click on the links/attachments sent by unknown senders.

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

GitHub Tools Deployed in CrazyHunter Ransomware Campaigns – Active IOCs

North Korean APT Kimsuky aka Black Banshee – Active IOCs

Sophisticated BPFDoor Malware Detected Targeting Linux Systems – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – MedusaLocker Ransomware Infecting Victims Worldwide

Rewterz Threat Alert – CES Themed Targeting from Lazarus

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.