Rewterz Threat Advisory – Multiple Linux Kernel Vulnerabilities
December 16, 2021Rewterz Threat Alert – Dark Crystal RAT – Active IOCs
December 16, 2021Rewterz Threat Advisory – Multiple Linux Kernel Vulnerabilities
December 16, 2021Rewterz Threat Alert – Dark Crystal RAT – Active IOCs
December 16, 2021Severity
High
Analysis Summary
IcedID banking trojan first appeared in the threat landscape in 2017, it has capabilities similar to other financial threats like Gozi, Zeus, and Dridex. Researchers first analyzed it noticed that the threat does not borrow code from other banking malware, but it implements comparable capabilities, including launching man-in-the-browser attacks, and intercepting and stealing financial information from victims. The attachment comes in the form of password-protected zip attachment asking user to enable macros which leads to installer dll and execution of IceID.exeThis Backdoor gathers the following information and sends it to its servers:
Impact
- Financial Loss
- Exposure of Sensitive Data
Indicators of Compromise
Domain Name
- firenicatrible[.]com
MD5
- d5ea6809b1e468b70fd2169e7430a58d
SHA-256
- 39d042df0e1068cfde7277fa9f52aaf40b561a98401f43e170e81728d15a2a62
SHA-1
- 2b8883dd2226159abed2ab6e4f556177b12f7c0a
Remediation
- Block all threat indicators at their respective controls.
- Search for IOCs in your environment.