Rewterz Threat Advisory – ICS: mySCADA myDESIGNER
November 10, 2021Rewterz Threat Advisory – CVE-2021-42727 – Adobe RoboHelp Server Directory Traversal
November 11, 2021Rewterz Threat Advisory – ICS: mySCADA myDESIGNER
November 10, 2021Rewterz Threat Advisory – CVE-2021-42727 – Adobe RoboHelp Server Directory Traversal
November 11, 2021Severity
High
Analysis Summary
IcedID banking trojan first appeared in the threat landscape in 2017, it has capabilities similar to other financial threats like Gozi, Zeus, and Dridex. Researchers first analyzed it noticed that the threat does not borrow code from other banking malware, but it implements comparable capabilities, including launching man-in-the-browser attacks, and intercepting and stealing financial information from victims. The attachment comes in the form of password-protected zip attachment asking user to enable macros which leads to installer dll and execution of IceID.exe
Impact
- Stealing Financial Information
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 073afba961621635a503024c19f14579
- df90b2e12b0377db82d6a1cdcf3b8ad8
- ff5f9201e8bca81a126ea15a536e5eed
SHA-256
- f4d185f32721b1c2da2dfdf291154a0c3927fea3e267a4f88f99a49d36ef149a
- f071bb54ef89464b10aec76d59532d8eb0087b32508a584fbf7a9e3f78cff9d0
- efa0c9fc855126fffc9e80bf8de21fa10ab736e14d1956d025b450969a38450c
SHA-1
- 6d0ae234e260e1075f50eed96743d3b65271331f
- 84c9316a004ec33e5a049583091c1ec1c31b76fb
- 9c009acb34a16c0a185df24d362da1b690003978
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.