March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Alert – Magento Stores Hacking

September 16, 2020

Rewterz Threat Alert – Rudeminer, Blacksquid and Lucifer DDoS Attacks

September 16, 2020

Rewterz Threat Alert – IcedID banking Trojan – IOCs

September 16, 2020

Severity

High

Analysis Summary

IcedID banking trojan first appeared in the threat landscape in 2017, it has capabilities similar to other financial threats like Gozi, Zeus, and Dridex. Researchers first analyzed it noticed that the threat does not borrow code from other banking malware, but it implements comparable capabilities, including launching man-in-the-browser attacks, and intercepting and stealing financial information from victims. The attachment comes in the form of password-protected zip attachment asking user to enable macros which leads to installer dll and execution of IceID.exe.

Impact

Stealing financial information
Exposure of sensitive data

Indicators of Compromise

SHA-256

9555ea9a1909120dd9be988d91cad345302b38884d2343ee16ab994ac6c5c7df
beeec802fbc1b3669eea5bcb0dbecda60786e9911c08be2bf4025af1eae55f03
5c89cd7df8d50da7bac65f5eac60deeb668a41604c209e68902e90c8447efd98
ec66541255d8c41caa9e4d7fbed1e580c410671124a0a0c6f1aac140a80e23da
d10fd0bb3004fe19b9b286c60f6fc30621cd875d21e5020391145d3830e59b21
57860656b14305825893eec23084f2170e79044d8253f13b25a505281256aa31
316e2af251e7d6eb7f50c04a3747853f208b0f21bc5477447bb9a742c4dadc82
563071255dd2ac36f86ec3ecd6dfd0ce5c8ff09fdf700c9a14ce29d48287a34a
2ea2879f8942ec62a686861bf860838e1d999a9df4e206e786e338f40235d8b2
d2fbe0ca20c66a8df7663ca95d4ffe3b2d7a5fc284e8bf4b861029ae60ab6927
cd57ed9b1dcd92b383db09f3c2de686355b1f4abe9bc902a0d1632161b990bf6
431e35ca85f5e28a303866833f5a780d5ff7ea1f079ab31c76f1ea0d3121d4b1
a21eaa46b493488c94b9021143fd30fe432726bc6e8ad01088609c251bb990d2
f215a8f3bb61b1c2f6213c790f76058559947f92b2732cde1e82e9a39396dae2
e31ae107b6d2f74f1bee459d67897a96f167c24c38ca84d75a51f320d1683f1a
758a9965c32ec6a916721a2a1b9925afafe65ab11899c71ff0a8a2c6d1eb043e
191f3a21827b412cbe583c4a0d2e6ef20732326c7ce3a1434fd2b47e7b6186b5
1624672f2d51c3999c48c65bd2d7f5cc40750cd592f943245c3f903276a45278
1f57a13b9b3b7684744ea350b05211c00d889079698f31dad6866d834a1717f1
62238cb1bf6d80648da90206e430a98382e2e1c3a59bba441b477bc63d2dac81

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Magento Stores Hacking

Rewterz Threat Alert – Rudeminer, Blacksquid and Lucifer DDoS Attacks