Rewterz Threat Alert – Pegasus Spyware – Finnish Diplomats Under Attack
February 1, 2022Rewterz Threat Advisory – CVE-2021-44142 – Samba Server Vulnerability
February 1, 2022Rewterz Threat Alert – Pegasus Spyware – Finnish Diplomats Under Attack
February 1, 2022Rewterz Threat Advisory – CVE-2021-44142 – Samba Server Vulnerability
February 1, 2022Severity
High
Analysis Summary
IcedID banking trojan first appeared in the threat landscape in 2017, it has capabilities similar to other financial threats like Gozi, Zeus, and Dridex. Researchers first analyzed it noticed that the threat does not borrow code from other banking malware, but it implements comparable capabilities, including launching man-in-the-browser attacks, and intercepting and stealing financial information from victims. The attachment comes in the form of a password-protected zip attachment asking user to enable macros which leads to installer dll and execution of IceID.exe
Impact
- Financial Loss
- Exposure of Sensitive Data
Indicators of Compromise
Filename
- update[.]dll
- update1[.]dll
- update2[.]dll
- document-1808993719[.]xlsm
MD5
- 54cb6766cd0705c5957dbcedbfee85a2
SHA-256
- 602d0c29f8a8c2f0b60e62d68097b6b90558704dd79d8b696755ef1f8d74ef6e
SHA-1
- 68d925a88c90875bcc9ae495dc67d08490f59c62
URL
- http[:]//daferton[.]top/30fdh3fdh/
- http[:]//daferton[.]top/30fdh3fdh/update[.]dll
- http[:]//daferton[.]top/30fdh3fdh/update1[.]dll
- http[:]//daferton[.]top/30fdh3fdh/update2[.]dll
Remediation
- Block all threat indicators at their respective controls.
- Search for IOCs in your environment.