Rewterz Threat Advisory – CVE-2019-16675 – ICS: PHOENIX CONTACT Automation Worx Software Suite
October 30, 2019Rewterz Threat Alert – Phishing Attack Targeting United Nations and Humanitarian Organizations
October 31, 2019Rewterz Threat Advisory – CVE-2019-16675 – ICS: PHOENIX CONTACT Automation Worx Software Suite
October 30, 2019Rewterz Threat Alert – Phishing Attack Targeting United Nations and Humanitarian Organizations
October 31, 2019Severity
Medium
Analysis Summary
The TrickBot malware is one of the more prolific banking Trojans in the wild today, and according to a SentinelOne report, is still being continuously developed. The report provides an analysis of how TrickBot hooks web browser functions to inject itself in order to conduct web injections and grabbing form content. Four browser’s processes, chrome.exe, firefox.exe, iexplore.exe, microsoftedgecp.exe, and an associated process, runtimebroker.exe, are targeted by TrickBot. The payload injection is carried out using the “ReflectiveLoader” method and also makes changes to the browser’s security posture.
Impact
Exposure of sensitive information
Indicators of Compromise
SHA1
- 0785d0c5600d9c096b75cc4465be79d456f60594
- C546D40D411D0F0BB7A1C9986878F231342CDF8B
- D5F98BFF5E33A86B213E05344BD402350FC5F7CD
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.