Rewterz Threat Advisory – CVE-2021-32926 – ICS: Rockwell Automation Micro800 and MicroLogix 1400
May 26, 2021Rewterz Threat Advisory – Multiple Google Chrome Security Vulnerabilities
May 27, 2021Rewterz Threat Advisory – CVE-2021-32926 – ICS: Rockwell Automation Micro800 and MicroLogix 1400
May 26, 2021Rewterz Threat Advisory – Multiple Google Chrome Security Vulnerabilities
May 27, 2021Severity
High
Analysis Summary
Dridex is a sophisticated strain of banking malware that targets the Windows platform, delivering spam campaigns to infect computers and steal banking credentials and other personal information to facilitate fraudulent money transfer. Through its history and development, Dridex has used several exploits and methods for execution, including modification of directory files, using system recovery to escalate privileges, and modification of firewall rules to facilitate peer-to-peer communication for extraction of data. The malware’s main use is to steal banking credentials and it has been attributed to the TA505 threat group (aka Evil Corp) known to have been active since at least Q3 2014.
Impact
- Credential theft
- Financial loss
- Exposure of sensitive data
Indicators of Compromise
Filename
Document%2026490043[.]xls
Alan_Brown[.]doc[.]bin
MD5
33b4e2c2b5adb59346ac5a6f59200304
f4e2d8db5540ad5ec0534f964f9d9f7d
2d9a11eb47440a002dd5c039f3ee202a
SHA-256
58fb1e40fe114c343e8617844ccf7a8229fac847dbb946b7e9e49856d5ca73ca
9f0cf4ee5cf7088680486b39c9166f1b755290828a6353932cf68b40924799e0
0e63af8a4d8d58a1577dfc14e9a6f2eccd3017a5fd8f007d20baf1bcab9999f5
c0802735a537b2f8a908fb58b05b38cab10dc67497a9d67fa8ba96a01c0208aa
SHA1
67e542033ffbbd66f3af4a0f85aeb8288e712a7a
376743e56ddb3b4149df1b42dc68fef403db680c
3a3b6784a522fc48483f9386e4c8b6e4332f0c3d
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.