Rewterz Threat Alert – KONNI APT Group – Active IOCs
January 4, 2022Rewterz Threat Advisory – doorLock Vulnerability Affecting Apple Homekit
January 4, 2022Rewterz Threat Alert – KONNI APT Group – Active IOCs
January 4, 2022Rewterz Threat Advisory – doorLock Vulnerability Affecting Apple Homekit
January 4, 2022Severity
High
Analysis Summary
IcedID banking trojan first appeared in the threat landscape in 2017, it has capabilities similar to other financial threats like Gozi, Zeus, and Dridex. Researchers first analyzed it noticed that the threat does not borrow code from other banking malware, but it implements comparable capabilities, including launching man-in-the-browser attacks, and intercepting and stealing financial information from victims. The attachment comes in the form of password-protected zip attachment asking user to enable macros which leads to installer dll and execution of IceID.exe
Impact
- Financial Loss
- Exposure of Sensitive Data
Indicators of Compromise
Domain Name
- hipnoguard[.]com
- carpricegoods[.]com
MD5
- 327bc591edfea72eed1103fabe754937
- 92e307d3ca590e80b08518e8d3db0fa0
SHA-256
- 074cef597dc028b08dc2fe927ea60f09cfd5e19f928f2e4071860b9a159b365d
- 20a605a18b48b55adb6ae9c0024013be69ec884e7407ca50b39177035dc7b948
SHA-1
- 8e567ab87620c4a9ca1c000aa8b3583f17b09bcf
- 95c2c93e9874489a9c2e03177e083b12c0012d61
Remediation
- Block all threat indicators at their respective controls.
- Search for IOCs in your environment.