TA551 (Shathak) pushes IcedID (Bokbot) - SANS Internet Storm Center
Tags
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Regsvr32 - T1218.010 Rundll32 - T1218.011 Regsvr32 - T1117 Rundll32 - T1085
Show in Graph
Common Information
Type Value
UUID b6591bec-a479-4141-973a-9493b08d9491
Fingerprint 2e95b91d76c64497
Analysis status DONE
Considered CTI value 2
Text language
Published Dec. 3, 2021, midnight
Added to db Sept. 26, 2022, 9:33 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Internet Storm Center
Title TA551 (Shathak) pushes IcedID (Bokbot) - SANS Internet Storm Center
Detected Hints/Tags/Attributes 29/1/24
Source URLs
Redirection Url
Details Source https://isc.sans.edu/forums/diary/TA551+Shathak+pushes+IcedID+Bokbot/28092/
URL Provider
Details Provider Source level domain
Details sans.edu isc.sans.edu
Attributes
Details Type #Events CTI Value
Details Domain 17 
request.zip
Details Domain 1 
winrentals2017b.com
Details Domain 72 
aws.amazon.com
Details Domain 1 
normyils.com
Details Domain 1 
baeswea.com
Details Domain 1 
bersaww.com
Details File 17 
request.zip
Details File 6 
2021.doc
Details File 1 
c:\users\public\downext.jpg
Details File 459 
regsvr32.exe
Details File 34 
license.dat
Details File 1 
giowcosi64.dll
Details File 1018 
rundll32.exe
Details sha256 1 
d68fb04c96e925efcdb3484669365bed0cda22a272e486e99a43f9626019d31c
Details sha256 1 
0a42f6762ae4f3b1d95aae0f8977cde6361f1d59b5ccc400c41772db0205f7c5
Details sha256 1 
c7f40608ce8a3dda25c13d117790d08ef757b07b8c2ccb645a27a71adc322fb2
Details sha256 1 
d54a870ba5656c5d3ddfab5f7f325c2fb8ee256b25e2872847c5ff244bc6ee6e
Details sha256 2 
cfc202b44509f2f607d365858a8218dfdc6b26f8087efcc5e46f4fef9ab53705
Details sha256 1 
c340ae2dde2bd8fbae46b15abef0c7e706fe8953c837329bde409959836d6510
Details IPv4 1 
143.204.155.37
Details IPv4 1 
87.120.254.190
Details IPv4 1 
87.120.8.98
Details IPv4 1 
91.92.109.95
Details Url 1 
http://winrentals2017b.com/tegz