IcedID Banking Trojan aka BokBot – Active IOCs
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Software - T1592.002 Vulnerabilities - T1588.006 |
Common Information
| Type | Value |
|---|---|
| UUID | d986830c-18a7-4b4c-a1dd-6101443fa050 |
| Fingerprint | 66bcf985bd055fc5 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 22, 2023, 8:44 a.m. |
| Added to db | Oct. 23, 2023, 11:20 a.m. |
| Last updated | Oct. 16, 2024, 5:17 p.m. |
| Headline | IcedID Banking Trojan aka BokBot – Active IOCs |
| Title | IcedID Banking Trojan aka BokBot – Active IOCs |
| Detected Hints/Tags/Attributes | 36/2/31 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 365 | ✔ | — | https://www.rewterz.com/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 43 | cve-2023-34052 |
|
| Details | CVE | 44 | cve-2023-44483 |
|
| Details | CVE | 41 | cve-2023-3676 |
|
| Details | Domain | 1 | mistulinno.com |
|
| Details | Domain | 2 | seedkraproboy.com |
|
| Details | Domain | 2 | joekairbos.com |
|
| Details | Domain | 1 | drignyaffk.com |
|
| Details | Domain | 2 | lazirusairnaf.com |
|
| Details | Domain | 1 | gonow.cl |
|
| Details | md5 | 1 | 7d152bb63e6d0e2fc6e2d5c9fb924195 |
|
| Details | md5 | 1 | ef8f74d09775668dba620178ac6a8b39 |
|
| Details | md5 | 1 | 455a4db495c309ab1e79eccd02016eee |
|
| Details | md5 | 1 | 81327aa680966db04736fe587f1e575d |
|
| Details | md5 | 1 | 5692c5708c71d0916ca48662a7ea9caf |
|
| Details | sha1 | 1 | 8cad1490be30d2d3d9b21c8b39649680451717c7 |
|
| Details | sha1 | 1 | 3d4e3f317b7746c76b963cb0035c1c1a5e5aee53 |
|
| Details | sha1 | 1 | 61b2191e64226ab19fad54277d981f012dda5da1 |
|
| Details | sha1 | 1 | 180d18b6a7b6b9f1c7adcdc5c996687dd0bb55a6 |
|
| Details | sha1 | 1 | fb4538d4b78bd28dfcb1392ddb95c623edb571b1 |
|
| Details | sha256 | 1 | bbdb7cbbef030d6cb11d264b975020a60c87900864bee415e626f11412ca13cb |
|
| Details | sha256 | 1 | 81368665503842359666147225c19100c4e8ba6ce1284930e9fbff355ba3ab02 |
|
| Details | sha256 | 1 | cad10418cc22a06f298443c7c531817aa09b45e50e7e067d26cd38be68e2c0de |
|
| Details | sha256 | 1 | af10f24b58d05e3775611aaa99c1747379917c95056be737700ee9e634ed7b33 |
|
| Details | sha256 | 1 | b3e7143c9eb1ca9a80a552fc354e4e31ba964486a9fe3af01b5bda1a627303d6 |
|
| Details | Url | 1 | http://mistulinno.com |
|
| Details | Url | 1 | https://seedkraproboy.com |
|
| Details | Url | 1 | https://joekairbos.com |
|
| Details | Url | 1 | https://drignyaffk.com/news |
|
| Details | Url | 1 | https://lazirusairnaf.com/news |
|
| Details | Url | 1 | https://skyalarabia.com/utsn/?wxxomoksqbtaoljycckmjmgvslcocigbmqavcrcmovfrxuhozpayblrfwjhibgtwcfetgsjoeqidbldl |
|
| Details | Url | 1 | https://gonow.cl/ud/?lkftobwulvjthczzqaixlmizaxcj |