Rewterz Threat Alert – BazarLoader Malware – Active IOCs
February 21, 2022Rewterz Threat Alert – Devil Ransomware – Active IOCs
February 21, 2022Rewterz Threat Alert – BazarLoader Malware – Active IOCs
February 21, 2022Rewterz Threat Alert – Devil Ransomware – Active IOCs
February 21, 2022Severity
High
Analysis Summary
IcedID banking trojan first appeared in the threat landscape in 2017, it has capabilities similar to other financial threats like Gozi, Zeus, and Dridex. Researchers first analyzed it noticed that the threat does not borrow code from other banking malware, but it implements comparable capabilities, including launching man-in-the-browser attacks, and intercepting and stealing financial information from victims. The attachment comes in the form of a password-protected zip attachment asking user to enable macros which leads to installer dll and execution of IceID.exe
Impact
- Financial Loss
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 2b07ac31626856b98fe6468ed87d2d2a
- a41168ce0ee183b85f5364d18e76bdf7
SHA-256
- e7bc45ecfb1cd2b7bad3d9f2b95463a2d9eccdaa9c40989f4703999ec85a090b
- ff5ee54a35e10a07cd60daef7f6e87cfd01772fe254457756eac7b2f492e5f5c
SHA-1
- ca4b2a533649003c16b7f502ecd995a0920c7907
- 9f882f921d5542ae3f370b5ac0d2ab7327a40b20
Remediation
- Block all threat indicators at their respective controls.
- Search for IOCs in your environment.