2021-02-25 - TA551 (SHATHAK) BACK TO PUSHING ICEDID (BOKBOT)
- 2021-02-25-IOCs-for-IcedID-from-TA551.txt.zip   3.6 kB   (3,622 bytes)
- 2021-02-25-TA551-IcedID-infection-traffic.pcap.zip   8.0 MB   (7,979,570 bytes)
- 2021-02-25-Word-docs-and-installer-DLL-files.zip   15.4 MB   (15,382,175 bytes)
- 2021-02-25-malware-and-artifacts-from-an-infection.zip   9.4 MB   (9,415,415 bytes)
- From 2021-01-22 through at least 2021-02-05, the TA551 (Shathak) campaign was pushing Qakbot (Qbot) malware. Today it returned to pushing IcedID (Bokbot).
- All zip archives on this site are password-protected. If you don't know the password, see the "about" page of this website.
Shown above: Exeample from one of the Word documents seen today.
Shown above: Traffic from an infection filtered in Wireshark.
Click here to return to the main page.