2020-10-06 - TA551 (SHATHAK) WORD DOCS PUSH ICEDID

ASSOCIATED FILES:

• 2020-10-06-TA551-IOCs-for-IcedID.txt.zip   4.4 kB   (4,492 bytes)
• 2020-10-06-TA551-Word-docs-45-examples.zip   6.1 MB   (6,120,248 bytes)
• 2020-10-06-TA551-pushes-IcedID.pcap.zip   4.2 MB   (4,217,836 bytes)
• 2020-10-06-TA551-installer-DLL-files.zip   781 kB   (781,056 bytes)
• 2020-10-06-TA551-IcedID-malware-and-artifacts.zip   1.7 MB   (1,738,904 bytes)

NOTES:

• All zip archives on this site are password-protected with the standard password.  If you don't know it, see the "about" page of this website.

 

IMAGES

Shown above:  Screenshot of a Word doc with macros for TA551 (new template started today).

 

Shown above:  Traffic from an infection filtered in Wireshark.

 

Shown above:  Example of installer DLL saved to the victim's host.

 

Shown above:  Example of initial IcedID EXE created by installer DLL.

 

Shown above:  PNG file with encoded data created after the initial EXE is run.

 

Shown above:  Example of IcedID EXE persistent through scheduled task.

 

Click here to return to the main page.