API tools faq
paste
Advertisement
malware_traffic

2020-07-16 (Thursday) - Word docs with macros for IcedID

malware_traffic
Jul 16th, 2020
9,477
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.44 KB | None | 0 0
raw download clone embed print report
  1. 2020-07-16 (THURSDAY) - WORD DOCS WITH MACROS FOR ICEDID (BOKBOT)
  2.  
  3. 22 EXAMPLES OF WORD DOCS WITH MACRO FOR ICEDID:
  4.  
  5. - 478d1191f92203ad6218d8fe0ce4bc2037398041348ede79883fb1d0f76b8d93 adjure_07.20.doc
  6. - 936a65fe248db0e965745b5ec3b5bbbd8c585b2f0b0456ff07b4ecc5a15ec403 command-07.20.doc
  7. - cee72540814e77901b176b97945f48a290c020b9112f67762bcae683827c2be3 commerce ,07.20.doc
  8. - eb7862c0ff64eebae5e76505fafc8378455066617262465b6a91aa6f6f6feaa2 deed contract_07.20.doc
  9. - 8107c65cd00056c3e2e3d596bb63c8c38abeeb67a7388e1bb827a6792be54577 details 07.20.doc
  10. - 1c6833985a98a304861e5f419b0adaddd1a76fc61dc1e6f1a0dec6ed38a92a69 dictate,07.20.doc
  11. - 7e507facbc76e4740ba576474fe4f8658bd897170543bb710629c457f9571962 docs.07.16.2020.doc
  12. - f8eee3456a031244b56a8e3c090614291133bd7fb8949450dac33c81c00691c7 document-07.20.doc
  13. - 24cbc6105e6605919a7fc4031c70e9623a4cf8c69625ea2c870f19b2ca39d94d enjoin,07.16.20.doc
  14. - e0c169656f1ace9ee7b33c86fe89b1002b97b3c36d81e62f901642e253b1adb4 facts,07.20.doc
  15. - 62fcc01c7087d8ff8d718a7aa4943ae260c79a68d77f43dc1061551c48ddd8eb figures 07.20.doc
  16. - 48002de862fd0663523fc68381da6b6ad3c30e407a4e358f01d913fab471bbd2 figures,07.16.2020.doc
  17. - 0955f51b1403c1db16153606e930f6ccc8fa9721ba5d383876cd643a65734c69 file,07.16.2020.doc
  18. - e20c1c4c8e940461d66d73cb1b667f62660c2e485e98280dd55d931a2c4016b0 input 07.20.doc
  19. - f83ad7e209103fa51223541536f00982ebc64f0b99177a8ab588af64c794c638 inquiry.07.20.doc
  20. - b500e4af65eb9eea068b784f2ff09a2f300f86bea8d09fe4ee8aabd8858c32ed official paper 07.20.doc
  21. - d497705f023035653e78c80de4f9cc408746c2acebd4dedea37885b1fdc069a7 ordain.07.20.doc
  22. - 9ad814fed86667f207543b4e5c3f9a684ef6e16f40b420a5f4232b1153f33e82 prescribe _07.16.20.doc
  23. - bbfc894be5c7a8f0991e951f728f0ee45f9f6eed8e134e978f833d14c820380a require.07.16.2020.doc
  24. - 8209ca20bd6f6750b5b37bd626b327f6ada77afe45a662278315887a430d3d3b rule-07.20.doc
  25. - 09f2711b92acc1bb481d33382309e0f69ec88ce906e6cadb3afaba30a193aef5 specifics 07.16.2020.doc
  26. - 4f72f2946c3ed8fd8df86ef27971705d781a2657eef8fd3cc26530c53e8e4c89 statistics 07.20.doc
  27.  
  28. DOMAINS HOSTING ICEDID INSTALLER DLL:
  29.  
  30. - 9qjjytj66p[.]com
  31. - d50y1psaqv[.]com
  32. - jars1umcf5[.]com
  33. - osk4iim2jg[.]com
  34. - pv60oib8e7[.]com
  35. - xakkpl3nwc[.]com
  36. - zxe9tmtff3[.]com
  37.  
  38. HTTP GET REQUESTS FOR ICEDID INSTALLER DLL:
  39.  
  40. - GET /hboneb/sol95.php?l=xtm1.cab
  41. - GET /hboneb/sol95.php?l=xtm2.cab
  42. - GET /hboneb/sol95.php?l=xtm3.cab
  43. - GET /hboneb/sol95.php?l=xtm4.cab
  44. - GET /hboneb/sol95.php?l=xtm5.cab
  45. - GET /hboneb/sol95.php?l=xtm6.cab
  46. - GET /hboneb/sol95.php?l=xtm7.cab
  47. - GET /hboneb/sol95.php?l=xtm8.cab
  48. - GET /hboneb/sol95.php?l=xtm9.cab
  49. - GET /hboneb/sol95.php?l=xtm10.cab
  50. - GET /hboneb/sol95.php?l=xtm11.cab
  51. - GET /hboneb/sol95.php?l=xtm12.cab
  52.  
  53. 12 EXAMPLES OF ICEDID INSTLLER DLL FILES:
  54.  
  55. - 0de955a00a6d5c2c9af0f9c5de06e059362ea4db657680b1a4a8ff7ca1ef7469
  56. - 0e1cfebe2c6c817b44b5d7529f5997db8c61701fd6a5a40c3cb61afd2a0c4d0e
  57. - 13601bc568dabe5036eb4cc0980be5420a5124c8d12fd31b85b88037c288267e
  58. - 18800dee61803d12a92a904d3fedc1b2eca3b2b28a5932976f8e20f1875102a6
  59. - 22a028d138a87ac7c6f7e5eb054032eecddae1a76361c9443095e65fb6f51850
  60. - 253af6bb3c7415b92c05c70a9893ad9cb736d8139c0dfeddce3719a731a7fceb
  61. - 785443266b3911b85a2a6892a30e51111773ad232960accd9d1b62c17c859349
  62. - 74d7c4fe08f186755d032d96d3be7db49aae3307809b9bace9f6658b1879226c
  63. - 82dcc8933fa93bec8b9393115079940d3727e305e0d3a9174d4b879e54580f90
  64. - a850d37d6d33d8e0799cb2c158396c6a9102442d1add1ca2e4d8f1d40f157845
  65. - b783f34e68766095e481eab871562dfada2256d87f18f518f580999eb94fa97c
  66. - bb2e091bd9f8be73501e20b9e05ad014d496482069814628e36abfdd84acb955
  67. - e9e643722767e6dc2458c66e61f6a1ea1aba915bdc52058b06eb89a29aa8fec8
  68.  
  69. EXAMPLES OF LOCATIONS FOR ICEDID INSTALLER DLL FILES:
  70.  
  71. - C:\Users\[username]\Documents\Ld.tmp
  72. - C:\ProgramData\44178.jpg
  73.  
  74. RUN METHOD FOR ICEDID INSTALLER DLL:
  75.  
  76. - regsvr32.exe [filename]
  77.  
  78. TRAFFIC GENERATED BY ICEDID INFECTION:
  79.  
  80. - 45.153.240[.]223 port 443 - ldrtango[.]casa
  81. - 194.5.249[.]158 port 443 - circleoccupy[.]best
  82. - 194.5.249[.]158 port 443 - mramoritto[.]top
  83.  
  84. ICEDID EXE:
  85.  
  86. - SHA256 hash: b2c0ad0445ada5704c720204bba4d7c0ea34c5d860d98f207bd16d3ae85bdd67
  87. - File size: 355,328 bytes
  88. - File location: C:\Users\[username]\AppData\Local\Temp\~378578.exe
  89.  
  90. ICEDID EXE PERSISTENT ON INFECTED HOST:
  91.  
  92. - SHA256 hash: fa6514c219d45c76ccc2f17cbd31c310cffad7b72df46a6102f70dc92c9989f4
  93. - File size: 355,328 bytes
  94. - File location: C:\Users\[username]\AppData\Roaming\[username]\Azowwu1.exe
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!