2020-06-08 - QUICK POST: ICEDID (BOKBOT)

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2020-06-08-IcedID-infection-traffic.pcap.zip   7.5 MB (7,464,108 bytes)
• 2020-06-08-IcedID-malware-and-artifacts.zip   6.6 MB (6,597,445 bytes)

 

IMAGES

Shown above:  Link for malicious Word doc, presumably from malspam.

 

Shown above:  Screenshot of the malicious Word doc.

 

Shown above:  Items dropped after enabling macros.

 

Shown above:  Items in the previous image caused this file to get downloaded.

 

Shown above:  IcedID persistent on the infected host.

 

Click here to return to the main page.