• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Agent Tesla Old RAT Uses New Tricks to Stay on Top
August 11, 2020
Rewterz Threat Advisory – CVE-2020-6554 – Google Chrome code execution
August 11, 2020

Rewterz Threat Alert – TA551 (Shathak) Word docs push IcedID (Bokbot)

August 11, 2020

Severity

High

Analysis Summary

Researchers have been tracking malicious Word documents from the TA551 (Shathak) campaign  This year, we’ve seen a lot of Valak malware from TA551, but in recent weeks this campaign has been pushing IcedID malware tp English-speaking targets. The chain starts from a malicious spam email which is password protected and is a word docs. User is asked to enable macros and when done, installer dll will push the malware and execute the iceid.exe infection chain. 

Impact

  • Infostealer
  • Exposure of sensitive data

Indicators of Compromise

MD5

  • 9545a9585fd792973c6fcfd5892712e4
  • bea044259b4c7f450dc1f43638fadece
  • 4e54feaff3e4d8cbf29a87d62b78e2b2
  • 626e8c0bd397d1dcafae18d6798a63ef
  • 1a4f65ed7281bc34f2ac6a374f6690c6
  • d412d3968e9fd797018548b6b249bf0f
  • 883d52e7a365b5453338985615261f92
  • 8185054506eeff9ceb5c7b003a633aef
  • 58ae6069e608ab21e9c5116e589d43ff
  • ef189b41626c554e2c680054c07ddd34
  • d5b05672478e54a7dc47fa5d93fd599a
  • 361e7f9b5d1d1870f0c0e2c10c84ccd1
  • 28e772eef3553d8c13b226ae76e92f1e
  • 348b012e996bb2359d9fade51c484315
  • 0b01aac170af7c6420590b4a1a0f5386
  • fb454e41d76dbcacff2d84b4d0199a1e
  • cdc8c1aeaed26eda670d8c61ffe74633
  • ceed187769141298937d610e72db081a

SHA-256

  • c187247c655ab22dc5e67fe174af4fca1e14cff224dc5b60beff948a8a297dd2
  • acd6793d8210f51004f617765bdd882544d389c5191f35470c7f2a2aa6e3a337
  • 0c57c1af0d46a31bb43a4881026c6f392ac53faac9780f6924dff91aed07d28d
  • 74e802b554527a8d3bc212eb0b107a63197daa1987a6f8cdd1c9c8ddae269c86
  • 6badbba16b4cad10bfbb2cc245f4d63c7781aa9678417df84078273a12d3eaa1
  • b23322f71771729668c866c9e3772eddb428c3c5d68bfba9433da3fe63f0c286
  • a3ba4baa49060dd73324c9d6f63a67f23a13b466fae33f85ad7493d58c5f8e6a
  • 83d98c2bf9d4d544aa67e0610c7e6b6a4829e201b5878e30b7d11729f90c358e
  • 379eba5d8122133d69c864cc01dd3a7be50c976be5616372dd065c2c52c08b5f
  • f1bb1db729644b0135c8ad3e124a8d1b79755b027cda3b12c8200b31a6720069
  • 65ae12426a34a5802ca0c627aa4749206e2a75b57d9f938c69112af9be55be1a
  • 3fe92d49ce855b4f02a99ba5c4a89edd2255603a4e0b5d9f3cc8767dd0809066
  • ba2ca8258dd95cecc853ae56ff339d70f5af851f4bdef53ff8bf9998817f68da
  • 9855f48a5449f3d156ade176ba56e57094f654f5ea974cbdf90a4ab79dd6125e
  • f6d12ccf893cb4c51b3c049bb07c7e51f3c0f73f55379310459bdd89c5421edf
  • b453fe2b22df0a3447c9f1e64d5e2c9d2c0ef6e1d6e47aaaca3b611e868c00d3
  • 9ea63df909a4947f18ae4e5d35cfea604905a275167de3d5418bc4917a27e281
  • e48c527a596751834d830a7c663f8e6e14e7b9d8ee9edbc41d344f4bf1ecbd9c
  • a611374f8b55cee7c3a6cf6f05bf074c66cbc234e6f4f07f18762eace713cf88
  • 6e92b206fb95f1e58e078571fe46c8d36632bf9f265af2cea59c8f1c5e4fab7f
  • 6d8dd12ffb7ee93a6cd9f1051e17a1087d66f070cc534454fb04d9d8c33bb90c
  • affd7dd7f9bd8ec763c8646123f414bd25e68352d742a5bd3904ffa42580cf9f
  • 24368bddac344e5579e583cf86053d53894542c18f67a718400f62ff56d5a674
  • 66471bb23ffb948309e48e5316f37da19938dcca7e0f1687e1ca5882fe16865f
  • addd6c62f38bd5b004abed3cf7edfece4d002ca56a35539f2657754be291bbea
  • c6bc5f8db1173945fca0b270656b059c69559a939480561296776938be03730c
  • b947929a2eb373ca547896b5bb3932140a51fdf68a093ac78407e19b9659b5aa
  • dfd2333edc0622b49a01367a1fa60a85d64456e6f53350010a11d2f175e90b0b
  • df144083cb485322e601c9b188c676b989e003f279fa9328b79ec713489968aa
  • ab74fb431a13b818341dce88c95cde771d096b5e5c93ccba33249e264ebfe9c4
  • 6c371a63e61f8ee4e379d862bb96403eb10864463a517d6c6c423cb3ea296ce8
  • 48576d904ca6a41f7be143e6aa30a01e9577dde2f744ebe2a43579c05550cc4e
  • 0642b8b82c8b1949da4dc684b6f75a180e942673ac9428383a39c3a9ef10e1ca
  • e64f5c95f57e265b882d1f3d8b17455ffac350ff7c4ee22bb9187a7e10ec66b4

SHA1

  • 59c8c3352b235c21325a022eb723bab4950c48c8
  • e49c404dcebfe5d29b1c830ba6274155577d7ca8
  • 98e51da06c5e579b02c5b3673c97c9f3efd84ec0
  • 0990125a3711747aa01e279a1b3ea1967da37877
  • 153f67654f2ed38436562dfbcf6f0a22835f0c5b
  • 8ab387173c7cbce1ec27d236d398054af8a798d2
  • e3a50898b4f60a9108385ad7d6bc735b00a500f8
  • 23f6a0509680711da627c95a0bbf05b513498dc2
  • 06d61870e89689cfac90b5d05bf0faa305951fae
  • 544ae71a3d47e384b46428d23277c76046dbbeac
  • 36485af8771b129b7002433fa0b1fecd90b9bb02
  • fd9400be12742a4fa642e66528d2358472c4052b
  • 272b30c28a1c95fca627072ded7583c4736400b6
  • 1d10f6874d90b9f92f44a7fbacbac9b96db9df08
  • 9861183af9c90dc10ea7258fb51fad7f72d0890d
  • 7ce3f57f950123a2b3f29ee5bbb21d934b69afcc
  • cf860d9a2c0859f2ee0a17579c37884a79250fdc
  • 069a8b4b31eb8d094141714a13b53dbcb155c1f7

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.