2021-03-11 - ICEDID (BOKBOT) FROM EXCEL SPREADSHEET MACRO

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2021-03-11-IOCs-for-IcedID-infection.txt.zip   1.4 kB   (1,446 bytes)
• 2021-03-11-IcedID-infection-traffic.pcap.zip   5.1 MB   (5,094,830 bytes)
• 2021-03-11-malware-and-artifacts.zip   221 kB   (221,375 bytes)

NOTES:

• Originally from tweet by @ps66uk at: https://twitter.com/ps66uk/status/1370026963604099081

 

IMAGES

Shown above:  Screenshot of spreadsheet used for this infection.

 

Shown above:  Traffic from the infection filtered in Wireshark.

 

Shown above:  Scheduled task to keep IcedID persistent.

 

 

Click here to return to the main page.