2020-03-27 - PRICE_REQUEST_9830.DOC PUSHES ICEDID (BOKBOT)

ASSOCIATED FILES:

NOTES:

 

IMAGES


Shown above:  Screenshot of price_request_9830.doc.

 


Shown above:  Traffic from the infection filtered in Wireshark.

 


Shown above:  Certificate issuer data from the IcedID post-infection HTTPS traffic.

 


Shown above:  Artifacts that appeared after enabling macros.

 


Shown above:  IcedID persistent on the infected Windows host.

 


Shown above:  Scheduled task to keep IcedID persistent.

 

Click here to return to the main page.