2021-04-29 (THURSDAY) - TA551 (SHATHAK) PUSHES ICEDID (BOKBOT)
- 2021-04-29-TA551-IcedID-IOCs.txt.zip 2.0 kB (1,971 bytes)
- 2021-04-29-TA551-IcedID-infection-traffic.pcap.zip 1.1 MB (1,081,098 bytes)
- 2021-04-29-TA551-IcedID-malware-and-artifacts.zip 1.2 MB (1,205,559 bytes)
- All zip archives on this site are password-protected. If you don't know the password, see the "about" page of this website.
Shown above: Word doc extracted from password-protected zip archive.
Shown above: Artifacts seen after enabling macros on the Word doc.
Shown above: Traffic from the infection filtered in Wireshark.
Shown above: Scheduled task to keep IcedID malware persistent on the infected Windows host.
Click here to return to the main page.