2021-03-22 IcedID IOCs

1. THREAT IDENTIFICATION: ICEDID
2.  
3. SUBJECTS OBSERVED
4. Re: Reset Password
5.  
6. SENDERS OBSERVED
7. ovonrueden@colegiomexicanocoloproctologia.org
8.  
9. MALDOC FILE HASHES
10. catalogue (39).zip
11. 02c59abccae9111eecb8d4b07320a1f2
12.  
13. document-1992284186.xlsm
14. 7f466e4a9bd2dccb435221e80a098b26
15.  
16. PAYLOAD DOWNLOAD URLS
17. http://rcwj22jxyvt03swnlt.xyz/grays.gif
18.  
19. grays.gif
20. 22f52089fd030b5f2c096631a61d5e01
21.  
22. This is a 64-bit .dll file
23.  
24. ICEDID C2s
25. http://lightopridum2.website
26.  
27. SUPPORTING EVIDENCE
28. https://app.any.run/tasks/3e106ce4-b362-4b6d-97b4-ed417e2d30b4/
29. https://tria.ge/210322-gm2a3h9emn
30. https://www.virustotal.com/gui/file/7b0290fdb87e425a869defb681c5fbbed330a000c0cdb6e8c9c52b0e8b1b5492/detection
31.