2020-03-03 - ICEDID (BOKBOT) INFECTION
NOTICE:
- The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.
ASSOCIATED FILES:
- 2020-03-03-IcedID-IOCs.txt.zip 1.0 kB (970 bytes)
- 2020-03-03-IcedID-IOCs.txt (1,461 bytes)
- 2020-03-03-IcedID-infection-traffic.pcap.zip 3.5 MB (3,536,840 bytes)
- 2020-03-03-IcedID-infection-traffic.pcap (4,296,941 bytes)
- 2020-03-03-malware-and-artifacts-from-IcedID-infection.zip 1.6 MB (1,625,991 bytes)
- 2020-03-03-downloaded-Word-doc-with-macro-for-IcedID.doc (645,451 bytes)
- 2020-03-03-scheduled-task-to-keep-IcedID-persistent.txt (3,856 bytes)
- C-DiskDrive/1/Volume/errorfix.bat (2,900 bytes)
- C-DiskDrive/1/Volume/BackFiles/pinumber.vbs (0 bytes)
- C-DiskDrive/1/Volume/BackFiles/Ranlsojf.jse (386 bytes)
- C-DiskDrive/1/Volume/BackFiles/ZXTRTU.exe (733,244 bytes)
- C-Users-joeyjojo-AppData-Local-joeyjojo/{85E586B6-2102-4596-A37B-C8767A1C9761}/kb2048719295.exe (733,244 bytes)
- C-Users-joeyjojo-AppData-Local-joeyjojo/photo.png (624,500 bytes)
IMAGES
Shown above: Downloading the Word doc from link (from what I assume was malspam).
Shown above: Screenshot of the downloaded Word doc.
Shown above: Traffic from the infection filtered in Wireshark.
Click here to return to the main page.