Show in Graph
Common Information
Type Value
Value 
rule Windows_Trojan_IcedID_cert_pinning {
	meta:
		author = "Elastic Security"
		creation_date = "2022-10-17"
		last_modified = "2022-10-17"
		threat_name = "Windows.Trojan.IcedID"
		arch_context = "x86"
		license = "Elastic License v2"
		os = "windows"
	strings:
		$cert_pinning = { 74 ?? 8B 50 ?? E8 ?? ?? ?? ?? 48 8B 4C 24 ?? 0F BA F0 ?? 48 8B 51 ?? 48 8B 4A ?? 39 01 74 ?? 35 14 24 4A 38 39 01 74 ?? }
	condition:
		$cert_pinning
}
Category
Type Yara Rule
Misp Type
Description
Details Published Attributes CTI Title
Details Website 2022-10-31 21 ICEDIDs network infrastructure is alive and well — Elastic Security Labs
Details Website 2022-05-05 15 ICEDIDs network infrastructure is alive and well