2020-10-06 - TA551 (SHATHAK) WORD DOCS PUSH ICEDID
- 2020-10-06-TA551-IOCs-for-IcedID.txt.zip 4.4 kB (4,492 bytes)
- 2020-10-06-TA551-Word-docs-45-examples.zip 6.1 MB (6,120,248 bytes)
- 2020-10-06-TA551-pushes-IcedID.pcap.zip 4.2 MB (4,217,836 bytes)
- 2020-10-06-TA551-installer-DLL-files.zip 781 kB (781,056 bytes)
- 2020-10-06-TA551-IcedID-malware-and-artifacts.zip 1.7 MB (1,738,904 bytes)
- All zip archives on this site are password-protected with the standard password. If you don't know it, see the "about" page of this website.
Shown above: Screenshot of a Word doc with macros for TA551 (new template started today).
Shown above: Traffic from an infection filtered in Wireshark.
Shown above: Example of installer DLL saved to the victim's host.
Shown above: Example of initial IcedID EXE created by installer DLL.
Shown above: PNG file with encoded data created after the initial EXE is run.
Shown above: Example of IcedID EXE persistent through scheduled task.
Click here to return to the main page.