Thawing the permafrost of ICEDID
Common Information
| Type | Value |
|---|---|
| UUID | eddaad6a-1d79-4f8b-9555-552d317b7539 |
| Fingerprint | da713888e25b7a403243be677e8d6646f52e08a6bbb17e86e0235dc8be9376c1 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | None |
| Added to db | March 10, 2024, 3:39 a.m. |
| Last updated | Aug. 31, 2024, 7:51 a.m. |
| Headline | Thawing the permafrost of ICEDID |
| Title | Thawing the permafrost of ICEDID |
| Detected Hints/Tags/Attributes | 89/3/23 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 66 | www.malwarebytes.com |
|
| Details | Domain | 21 | blog.group-ib.com |
|
| Details | Domain | 3 | yolneanz.com |
|
| Details | File | 1 | hollowx64.dat |
|
| Details | File | 34 | license.dat |
|
| Details | File | 1 | c:\users\rem\appdata\local\rem\uvxovenw.dll |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 1 | bobt1.dat |
|
| Details | File | 31 | microsoftedgecp.exe |
|
| Details | File | 199 | firefox.exe |
|
| Details | File | 263 | iexplore.exe |
|
| Details | File | 271 | chrome.exe |
|
| Details | File | 1 | c:\\tmp\\meow.txt |
|
| Details | File | 1 | sqlite64.dll |
|
| Details | File | 15 | formhistory.sql |
|
| Details | File | 2126 | cmd.exe |
|
| Details | File | 172 | dllhost.exe |
|
| Details | Github username | 35 | hasherezade |
|
| Details | IPv4 | 3 | 51.89.190.220 |
|
| Details | Url | 1 | https://github.com/hasherezade/funky_malware_formats/blob/master/iced_id_parser/icei |
|
| Details | Url | 1 | https://www.malwarebytes.com/blog/news/2019/12/new-version-of-icedid-trojan-uses-ste |
|
| Details | Url | 2 | https://blog.group-ib.com/icedid |