IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment
Tags
Show in Graph
Common Information
Type Value
UUID 0dbdd3d2-505f-42c2-b64c-5e9463acaaef
Fingerprint 86a3b7fb0b2a8416
Analysis status DONE
Considered CTI value 0
Text language
Published June 10, 2024, 12:44 a.m.
Added to db Aug. 31, 2024, 8:26 a.m.
Last updated Nov. 17, 2024, 7:44 p.m.
Headline IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment
Title IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment
Detected Hints/Tags/Attributes 0/0/27
Source URLs
Redirection Url
Details Source https://thedfirreport.com/2024/06/10/icedid-brings-screenconnect-and-csharp-streamer-to-alphv-ransomware-deployment/
URL Provider
Details Provider Source level domain
Details thedfirreport.com thedfirreport.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 249 The DFIR Report https://thedfirreport.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 32 
temp.sh
Details Domain 49 
wmiexec.py
Details Domain 2 
modalefastnow.com
Details Domain 5 
jkbarmossen.com
Details Domain 2 
evinakortu.com
Details Domain 2 
hofsaalos.com
Details Domain 3 
jerryposter.com
Details Domain 2 
skrechelres.com
Details Domain 20 
1768.py
Details Domain 52 
socket.io
Details Domain 372 
wscript.shell
Details Domain 18 
wshshell.run
Details Domain 10 
detection.fyi
Details Domain 9 
sigmasearchengine.com
Details Domain 4127 
github.com
Details File 1 
toovey.exe
Details File 1 
cslite.exe
Details File 376 
wscript.exe
Details File 1 
c:\windows\temp\0370-1.dll
Details File 45 
wmiexec.py
Details File 1 
http64.exe
Details File 1 
c:\programdata\rr.exe
Details File 1 
https64.dll
Details File 1 
%userprofile%\appdata\local\temp folder using a .tmp
Details File 212 
winlogon.exe
Details File 1018 
rundll32.exe
Details File 81 
werfault.exe