IcedID - FIRST AMS 2023
Common Information
| Type | Value |
|---|---|
| UUID | 530852db-ade8-487c-a17e-a40e39bc679a |
| Fingerprint | 970a7167e497421fb5680f6b9121de77f2bfcec6c12e45fe72ad8230d4a5399b |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | None |
| Added to db | April 14, 2024, 3:40 a.m. |
| Last updated | Aug. 31, 2024, 5:29 a.m. |
| Headline | IcedID - FIRST AMS 2023 |
| Title | IcedID - FIRST AMS 2023 |
| Detected Hints/Tags/Attributes | 150/4/74 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Autonomous System Number | 3 | AS57678 |
|
| Details | Domain | 43 | sites.google.com |
|
| Details | Domain | 1 | mm-ss.zip |
|
| Details | Domain | 97 | abuse.ch |
|
| Details | Domain | 48 | storage.googleapis.com |
|
| Details | Domain | 14 | firebasestorage.googleapis.com |
|
| Details | Domain | 2 | acridpanel.com |
|
| Details | Domain | 2 | main.info |
|
| Details | Domain | 1 | networkforensic.dk |
|
| Details | Domain | 1 | team-viewer-com.top |
|
| Details | Domain | 1 | www.phishlabs.com |
|
| Details | Domain | 124 | www.sentinelone.com |
|
| Details | Domain | 98 | www.secureworks.com |
|
| Details | Domain | 47 | www.slideshare.net |
|
| Details | Domain | 6 | sysopfb.github.io |
|
| Details | Domain | 280 | thehackernews.com |
|
| Details | Domain | 5 | blogs.juniper.net |
|
| Details | Domain | 224 | unit42.paloaltonetworks.com |
|
| Details | Domain | 182 | www.mandiant.com |
|
| Details | Domain | 13 | www.binarydefense.com |
|
| Details | Domain | 14 | www.silentpush.com |
|
| Details | Domain | 2 | resource.redcanary.com |
|
| Details | Domain | 370 | www.proofpoint.com |
|
| Details | Domain | 16 | www.netresec.com |
|
| Details | Domain | 101 | www.group-ib.com |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 2 | blog.reconinfosec.com |
|
| Details | Domain | 2 | blogs.opentext.com |
|
| Details | File | 34 | license.dat |
|
| Details | File | 1 | setup_win_dd-mm-2023_hh-mm-ss.zip |
|
| Details | File | 1 | irs_form_dd-mm-2023_hh-mm-ss.zip |
|
| Details | File | 11 | zero.exe |
|
| Details | File | 16 | lazagne.exe |
|
| Details | File | 3 | invoke-sharefinder.ps1 |
|
| Details | File | 456 | mshta.exe |
|
| Details | File | 212 | winlogon.exe |
|
| Details | File | 34 | winhttp.dll |
|
| Details | File | 1 | compute_botid_and_regkeys.py |
|
| Details | File | 3 | icedids-updated-photoloader.html |
|
| Details | File | 1 | neverquest-fbi-hacker.html |
|
| Details | File | 85 | www.bin |
|
| Details | File | 1 | 2021-threat-detection-report.pdf |
|
| Details | Github username | 1 | felixweyne |
|
| Details | Github username | 7 | telekom-security |
|
| Details | Github username | 17 | elastic |
|
| Details | Github username | 1 | colincowie |
|
| Details | Mandiant Uncategorized Groups | 7 | UNC2198 |
|
| Details | Url | 1 | https://networkforensic.dk |
|
| Details | Url | 1 | https://www.phishlabs.com/blog/the-unrelenting-evolution-of-vawtrak |
|
| Details | Url | 1 | https://www.justice.gov/usao-sdny/pr/nikita-kuzmin-creator-gozi-virus-sentenced-manhattan-federal-court |
|
| Details | Url | 1 | https://www.sentinelone.com/labs/icedid-botnet-the-iceman-goes-phishing-for-us-tax-returns |
|
| Details | Url | 1 | https://www.secureworks.com/research/dyre-banking-trojan |
|
| Details | Url | 1 | https://www.slideshare.net/nel08221/networkinsightsintovawtrakv2 |
|
| Details | Url | 3 | https://sysopfb.github.io/malware,/icedid/2020/04/28/icedids-updated-photoloader.html |
|
| Details | Url | 1 | https://thehackernews.com/2017/01/neverquest-fbi-hacker.html |
|
| Details | Url | 2 | https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us |
|
| Details | Url | 1 | https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back |
|
| Details | Url | 1 | https://unit42.paloaltonetworks.com/ta551-shathak-icedid |
|
| Details | Url | 1 | https://www.mandiant.com/resources/blog/melting-unc2198-icedid-to-ransomware-operations |
|
| Details | Url | 3 | https://www.binarydefense.com/icedid-gziploader-analysis |
|
| Details | Url | 1 | https://www.silentpush.com/blog/icedid-command-and-control-infrastructure |
|
| Details | Url | 1 | https://resource.redcanary.com/rs/003-yru-314/images/2021-threat-detection-report.pdf |
|
| Details | Url | 1 | https://www.microsoft.com/en-us/security/blog/2021/04/09/investigating-a-unique-form-of-email-delivery-for-icedid-malware |
|
| Details | Url | 3 | https://www.secureworks.com/blog/gold-ulrick-leaks-reveal-organizational-structure-and-relationships |
|
| Details | Url | 1 | https://www.proofpoint.com/us/blog/threat-insight/fork-ice-new-era-icedid |
|
| Details | Url | 1 | https://www.netresec.com/?page=blog&month=2022 |
|
| Details | Url | 3 | https://www.group-ib.com/blog/icedid |
|
| Details | Url | 1 | https://github.com/felixweyne/imaginaryc2/tree/master/examples/use-case-7-bokbot_icedid |
|
| Details | Url | 1 | https://blog.reconinfosec.com/an-encounter-with-ta551-shathak |
|
| Details | Url | 1 | https://github.com/telekom-security/malware_analysis/blob/main/icedid/icedid_20210507.yar |
|
| Details | Url | 1 | https://github.com/telekom-security/malware_analysis/blob/main/icedid/compute_botid_and_regkeys.py |
|
| Details | Url | 2 | https://blogs.opentext.com/dissecting-icedid-behavior-on-an-infected-endpoint |
|
| Details | Url | 1 | https://github.com/elastic/protections-artifacts/blob/main/yara/rules/windows_trojan_icedid.yar |
|
| Details | Url | 1 | https://github.com/colincowie/100daysofyara_2023 |