2020-06-08 - QUICK POST: ICEDID (BOKBOT)

ASSOCIATED FILES:

• 2020-06-08-IcedID-infection-traffic.pcap.zip   7.5 MB (7,464,108 bytes)
• 2020-06-08-IcedID-malware-and-artifacts.zip   6.6 MB (6,596,437 bytes)

NOTES:

• All zip archives on this site are password-protected with the standard password.  If you don't know it, see the "about" page of this website.

 

IMAGES

Shown above:  Link for malicious Word doc, presumably from malspam.

 

Shown above:  Screenshot of the malicious Word doc.

 

Shown above:  Items dropped after enabling macros.

 

Shown above:  Items in the previous image caused this file to get downloaded.

 

Shown above:  IcedID persistent on the infected host.

 

Click here to return to the main page.