2021-04-12 (MONDAY) - ICEDID (BOKBOT) ACTIVITY
ASSOCIATED FILES:
- 2021-04-12-IOCs-from-IcedID-infection.txt.zip 1.8 kB (1,825 bytes)
- 2021-04-12-IcedID-infection-part-1-of-2.pcap.zip 20.5 MB (20,474,355 bytes)
- 2021-04-12-IcedID-infection-part-2-of-2.pcap.zip 34.9 MB (34,932,916 bytes)
- 2021-04-12-IcedID-malware-and-artifacts.zip 1.1 MB (1,072,036 bytes)
NOTES:
- I originally provided details of this infection in a tweet from @Unit42_Intel on Twitter.
- In response to the tweet, @netresec asked if a pcap would be available, so I santized the traffic and created this blog to share two pcaps from the infection.
- The pcap was originally too big and took too long to load in Wireshark, so I split the traffic into two pcaps.
- For details on the campaign using this method to spread IcedID, read this blog post from the Microsoft 365 Defender Threat Intelligence Team.
- All zip archives on this site are password-protected. If you don't know the password, see the "about" page of this website.
Click here to return to the main page.