Analysis of the current malware – Icedid - Threat hunting with hints of incident response
Tags
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Rundll32 - T1218.011 Software - T1592.002 Powershell - T1086 Rundll32 - T1085
Show in Graph
Common Information
Type Value
UUID 0262e2e2-c345-4053-aff1-7a485a1173b1
Fingerprint e6d10ff0fa30b5a
Analysis status DONE
Considered CTI value 0
Text language
Published March 19, 2023, 4:01 p.m.
Added to db Nov. 6, 2023, 6:34 p.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline Analysis of the current malware – Icedid
Title Analysis of the current malware – Icedid - Threat hunting with hints of incident response
Detected Hints/Tags/Attributes 49/1/14
Source URLs
Redirection Url
Details Source https://threathunt.blog/analysis-of-the-current-malware-icedid/?utm_source=rss&utm_medium=rss&utm_campaign=analysis-of-the-current-malware-icedid
URL Provider
Details Provider Source level domain
Details threathunt.blog threathunt.blog
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 252 | Threat hunting with hints of incident response https://threathunt.blog/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 1 
conalom.top
Details Domain 1 
umoxlopator.com
Details File 376 
wscript.exe
Details File 2126 
cmd.exe
Details File 1 
gatef1.php
Details File 1018 
rundll32.exe
Details File 127 
c:\windows\system32\rundll32.exe
Details File 1 
bpltjzss.dat
Details File 155 
cscript.exe
Details File 1208 
powershell.exe
Details sha256 1 
9e66b2a30d5244d1dffb968cc1c67fe705ce208eed450ae81f9f48552187749b
Details IPv4 1 
176.124.193.25
Details IPv4 6 
80.78.24.30
Details Url 1 
http://conalom.top/gatef1.php