2020-10-06 - TA551 (SHATHAK) WORD DOCS PUSH ICEDID

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2020-10-06-TA551-IOCs-for-IcedID.txt.zip   4.4 kB   (4,492 bytes)
• 2020-10-06-TA551-Word-docs-45-examples.zip   6.1 MB   (6,123,964 bytes)
• 2020-10-06-TA551-pushes-IcedID.pcap.zip   4.2 MB   (4,217,836 bytes)
• 2020-10-06-TA551-installer-DLL-files.zip   782 kB   (781,998 bytes)
• 2020-10-06-TA551-IcedID-malware-and-artifacts.zip   1.7 MB   (1,739,860 bytes)

 

IMAGES

Shown above:  Screenshot of a Word doc with macros for TA551 (new template started today).

 

Shown above:  Traffic from an infection filtered in Wireshark.

 

Shown above:  Example of installer DLL saved to the victim's host.

 

Shown above:  Example of initial IcedID EXE created by installer DLL.

 

Shown above:  PNG file with encoded data created after the initial EXE is run.

 

Shown above:  Example of IcedID EXE persistent through scheduled task.

 

Click here to return to the main page.