Malware-Traffic-Analysis.net - 2022-08-31 - IcedID (Bokbot) with Cobalt Strike
Tags
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Rundll32 - T1218.011 Rundll32 - T1085 |
Common Information
| Type | Value |
|---|---|
| UUID | b43d00bb-b9e6-4282-a51a-98f9f669fa80 |
| Fingerprint | 6c97395a36a7c487 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 31, 2022, midnight |
| Added to db | Jan. 18, 2023, 11:28 p.m. |
| Last updated | Dec. 21, 2024, 3:41 a.m. |
| Headline | UNKNOWN |
| Title | Malware-Traffic-Analysis.net - 2022-08-31 - IcedID (Bokbot) with Cobalt Strike |
| Detected Hints/Tags/Attributes | 18/1/35 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.malware-traffic-analysis.net/2022/08/31/index.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | 2022-08-31-icedid-with-cobalt-strike-carved-and-sanitized.pcap.zip |
|
| Details | Domain | 1 | 2022-08-31-icedid-malware-and-artifacts.zip |
|
| Details | Domain | 1 | lionafuyesas.com |
|
| Details | Domain | 3 | empladeefly.wiki |
|
| Details | Domain | 1 | colorsuckbeh.com |
|
| Details | Domain | 1 | dromfiregreti.com |
|
| Details | Domain | 1 | autobrag.cloud |
|
| Details | Domain | 1 | ferdianbanga.com |
|
| Details | Domain | 1 | yoretebi.com |
|
| Details | File | 39 | pcap.zip |
|
| Details | File | 1 | 2022-08-31-icedid-malware-and-artifacts.zip |
|
| Details | File | 1 | invoice_unpaid_08-31_documents_265.zip |
|
| Details | File | 1 | invoice_unpaid_08-31_documents_265.iso |
|
| Details | File | 1 | lexicon.bat |
|
| Details | File | 1 | dumbfoundering.dll |
|
| Details | File | 1101 | rundll32.exe |
|
| Details | File | 1 | licence.dat |
|
| Details | File | 34 | license.dat |
|
| Details | File | 1 | epukcb1.dll |
|
| Details | sha256 | 1 | 9977013ff25deb2c9162232b3f0a82136b4d10d63161e1ddc8696c26bfdf0025 |
|
| Details | sha256 | 1 | 272221763511b6eb09d62e9b18b48b682eb7940cdc7206c2bee472b46f4a6943 |
|
| Details | sha256 | 1 | 2c4c46deadeee55e74cbdf788485b418397c3bbfc599c0126beb2d211f538ce1 |
|
| Details | sha256 | 1 | 604fb39be96c1d28c3b0d8e34c270059e2a4452782fa7f211a825e1761ea8497 |
|
| Details | sha256 | 1 | 38fa1fc2a23d94e17784eb807d98bb836713aec7db1c28aad0ab4b6e5764bf7e |
|
| Details | sha256 | 1 | 338065f662d4096f2d6abc94e93c1d706404aad4ce4b192b4f295437c6f42b38 |
|
| Details | sha256 | 3 | 1de8b101cf9f0fabc9f086bddb662c89d92c903c5db107910b3898537d4aa8e7 |
|
| Details | sha256 | 1 | 3e8db60887adfbf7af20f7611b527f11620785e9eaeac188b0758c7ba82d3cf3 |
|
| Details | IPv4 | 1 | 207.154.202.192 |
|
| Details | IPv4 | 1 | 45.147.229.196 |
|
| Details | IPv4 | 1 | 212.46.38.48 |
|
| Details | IPv4 | 1 | 128.199.120.41 |
|
| Details | IPv4 | 1 | 5.252.177.233 |
|
| Details | IPv4 | 1 | 5.199.173.27 |
|
| Details | IPv4 | 1 | 45.147.230.242 |
|
| Details | Url | 1 | http://lionafuyesas.com |