2020-03-16 - QUICK POST: MALSPAM KNOWN FOR URSNIF SWITCHES TO ICEDID

ASSOCIATED FILES:

NOTES:

 

IMAGES


Shown above:  VirusTotal Intelligence search for the password-protected zip archives.

 


Shown above:  Screenshot of a Word doc extracted from one of the zip archives.

 


Shown above:  After enabling macros, I saw a scheduled task for IcedID on an infected Windows host.

 


Shown above:  Traffic from the infection filtered in Wireshark.

 

Click here to return to the main page.