Company

ABOUT ESENTIRE

eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.

About Us →

Leadership →

Careers →

Event Calendar →

Newsroom →

Aston Villa Football Club →

EVENT CALENDAR

May

May TRU Intelligence Briefing

May

Elevate IT Technology Summit Kansas City

May

Cybersecurity Summit Toronto

May

Cybersec Brussels

May

Cybersecurity Summit Austin

View Calendar →

LATEST PRESS RELEASE

Mar 06, 2025

eSentire Unleashes AI-Driven Atlas Nexus Network, Empowering Cybersecurity Partners to Build Differentiated Security Services at Scale

View Newsroom →

OUR PARTNERSHIPS

Aston Villa Football Club

AVFC takes its cyber protection to the Next Level with eSentire as its official cybersecurity partner.

Learn More

Partners

PARTNER PROGRAM

We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.

LEARN MORE →

Apply to become an e3 ecosystem partner with eSentire today.

APPLY NOW →

Speak With A Security Expert Now

TALK TO AN EXPERT

A new banking Trojan with advanced capabilities has been identified in the wild. Initial reports state that IcedID is delivered using the botnet infrastructure of the popular Trojan, Emotet. The Trojan is distributed using convincingly crafted phishing emails that contain malicious word documents.

This threat appears to be targeting the banking industry, mobile service providers, payroll portals, and e-commerce sites. Affected victims reside in Canada, the United States, and the U.K.

What we’re doing about it

Specific detection rules for IcedID and Emotet have been deployed to esNETWORKTM sensors.
The eSentire SOC is monitoring this threat and will continue to add malicious IPs to the eSentire global blacklist (Asset Manager Protect, via esNETWORK) as they’re detected.

What you should do about it

Ensure users are well informed about current threats through awareness programs and training.
Disable all Macros. If this is not possible, only allow macros from controlled/trusted sources.
If running Windows 10 version 1709 (or later), attack surface reduction rules can be implemented within Windows Defender Exploit Guard to further defend against this threat. [1] [2]

Additional information

The eSentire SOC has observed numerous cases of Emotet malware targeting customers in the past 72 hours. In these cases, the malware was delivered via email in an attached Microsoft Word document containing malicious VBA macros.
The IcedID Trojan has advanced features including browser redirection and web injection for the theft of user credentials. The early complexity and functionality lead analysts to believe that the Trojan will see future updates. IcedID is capable of spreading to multiple endpoints through terminal servers. This suggests that large organizations, where a widespread infection is possible, are the primary target for IcedID.
For additional information and technical details, see the link below [3].

Additional Sources

[1]https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard

[2]https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard

[3] https://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-force-research/

ESENTIRE SERVICES

Managed Detection and Response

All-In-One MDR Solution →

MDR for Microsoft →

MDR for GenAI →

Digital Forensics and Incident Response

Continuous Threat Exposure Management (CTEM)

PLATFORM, PEOPLE AND RESPONSE

Security Operations Center (SOC)

Extended Detection and Response (XDR)

Technology Integrations

Threat Response Unit (TRU)

Cyber Resilience Team

Response and Remediation

MDR Packages and 24/7 Protection

MDR Pricing and Packages

Atlas Essentials

Atlas Advanced

Atlas Complete

24/7 Coverage

Endpoint

Network

Log

Cloud

Identity

INDUSTRIES

Insurance

Construction

Finance

Legal

Manufacturing

Private Equity

Healthcare

Retail

Food Supply

Government and Education

Automotive Dealerships

USE CASES

Ransomware

Cybersecurity Compliance

Zero Day Attacks

Cloud Misconfiguration

Third-Party Risk

Do More With Less

Cyber Risk

Cyber Insurance

Sensitive Data Security

Security Leadership

Cyber Threat Intelligence

From The Blog

Pure Crypter Malware Analysis: 99 Problems but Detection Ain’t One

MDR Vendors: Complete Guide to Understanding Managed Detection & Response…

Identity is the New Attack Surface: Why Threat Detection Alone Isn't…

Resources

Case Studies

TRU Intelligence Center

Cybersecurity Tools

Videos

Reports

Webinars

Data Sheets

Real vs. Fake MDR

Compare MDR Vendors

Blogs

Security Advisories

SECURITY ADVISORIES

Maximum Severity SAP Vulnerability Exploited

CrushFTP Authentication Bypass