2020-06-08 - QUICK POST: ICEDID (BOKBOT)

ASSOCIATED FILES:

NOTES:

 

IMAGES


Shown above:  Link for malicious Word doc, presumably from malspam.

 


Shown above:  Screenshot of the malicious Word doc.

 


Shown above:  Items dropped after enabling macros.

 


Shown above:  Items in the previous image caused this file to get downloaded.

 


Shown above:  IcedID persistent on the infected host.

 

Click here to return to the main page.