Threat Intelligence – IcedID Malware Latest IOCs

0

IcedID, also known as BokBot, is a modular banking trojan that targets user financial information and is capable of acting as a dropper for other malware. It uses a man-in-the-browser attack to steal financial information, including login credentials for online banking sessions.

Credits : Research by ExecuteMalware

Indicators of Compromise

THREAT IDENTIFICATION: ICEDID

SUBJECTS OBSERVED
Re: Reset Password

SENDERS OBSERVED
ovonrueden@colegiomexicanocoloproctologia [.]org

MALDOC FILE HASHES
catalogue (39) [.]zip
02c59abccae9111eecb8d4b07320a1f2

document-1992284186 [.]xlsm
7f466e4a9bd2dccb435221e80a098b26

PAYLOAD DOWNLOAD URLS
http://rcwj22jxyvt03swnlt [.]xyz/grays [.]gif

grays [.]gif
22f52089fd030b5f2c096631a61d5e01

This is a 64-bit [.]dll file

ICEDID C2s
http://lightopridum2 [.]website

SUPPORTING EVIDENCE
https://app [.]any [.]run/tasks/3e106ce4-b362-4b6d-97b4-ed417e2d30b4/
https://tria [.]ge/210322-gm2a3h9emn
https://www [.]virustotal [.]com/gui/file/7b0290fdb87e425a869defb681c5fbbed330a000c0cdb6e8c9c52b0e8b1b5492/detection

Previous articleThreat Intelligence – Bazarcall Malware Latest IOCs
Next articleThreat Intelligence – Bazarcall Malware Latest IOCs
BalaGanesh
Balaganesh is a Incident Responder. Certified Ethical Hacker, Penetration Tester, Security blogger, Founder & Author of Soc Investigation.

LEAVE A REPLY

Please enter your comment!
Please enter your name here