API tools faq
paste
Advertisement
malware_traffic

2020-07-27 (Monday) - TA551 Word docs push IcedID (Bokbot)

malware_traffic
Jul 27th, 2020 (edited)
17,549
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.18 KB | None | 0 0
raw download clone embed print report
  1. 2020-07-27 (MONDAY) TA551 WORD DOCS PUSH ICEDID (BOKBOT)
  2.  
  3. NOTE:
  4.  
  5. - The TA551 (Shathak) campaign is using cURL to retrieve the IcedID installer DLL.
  6.  
  7. WORD DOCS WITH MACRO FOR ICEDID INSTALLER DLL:
  8.  
  9. - 3926d1217c89b82a7419b797f377216c3db42846257c1520fb4e964e8e282b46 material 07.20.doc
  10. - 592825151156acae2d4a297c8ce51a9463a37704296c03cb7aacebf351cd94f0 deed contract-07.27.2020.doc
  11. - 5d156a20bfed6264ce68de2012e388cf37fd95dec5d91d5a5fe77de81207e4d2 instruct.07.27.2020.doc
  12. - 623199472cdce0202a5abee989856c2978b5cf199ced18f2ddbbfe1c3ca945d1 specifics-07.20.doc
  13. - 789ee1ce89629227170ffbc9673de397091d424ff160698087c95b8d5546d576 inquiry,07.20.doc
  14. - 8eeeb7ac80405271a7b0f9a510a9f97eb0d6a428624a4d2e8794141d443aec5d deed contract_07.20.doc
  15. - 96670a04939f764228869885da65a9918a16fb9c4655b096b7856368327a523a require.07.20.doc
  16. - d7d857686694a722392bd6b9d0b801cc51d4bfe1e15ef692e00523018bac453d files,07.27.2020.doc
  17.  
  18. DOMAINS HOSTING ICEDID INSTALLER DLL:
  19.  
  20. - 1s3yvvw[.]com - 92.63.98[.]141
  21. - q9kixdq[.]com - 185.252.147[.]69
  22. - aqjdl9x[.]com - 92.64.98[.]49
  23. - ey0ta54[.]com - 185.195.24[.]244
  24. - res66hh[.]com - 92.64.98[.]30
  25. - y7y3h25[.]com - 185.255.134[.]11
  26.  
  27. URLS FOR ICEDID INSTALLER DLL:
  28.  
  29. - GET /bolb/jaent.php?l=tdny1.cab
  30. - GET /bolb/jaent.php?l=tdny2.cab
  31. - GET /bolb/jaent.php?l=tdny3.cab
  32. - GET /bolb/jaent.php?l=tdny4.cab
  33. - GET /bolb/jaent.php?l=tdny5.cab
  34. - GET /bolb/jaent.php?l=tdny6.cab
  35. - GET /bolb/jaent.php?l=tdny7.cab
  36. - GET /bolb/jaent.php?l=tdny8.cab
  37. - GET /bolb/jaent.php?l=tdny9.cab
  38. - GET /bolb/jaent.php?l=tdny10.cab
  39. - GET /bolb/jaent.php?l=tdny11.cab
  40. - GET /bolb/jaent.php?l=tdny12.cab
  41.  
  42. SHAA256 HASHES FOR ICEDID INSTALLER DLL:
  43.  
  44. - 161ebb2b29d0362ad3deff3a978bfff53fbb89d24e43cf627042067eb5a23b81
  45. - 1920a849569bad7fa70d127d46800d019ecd8fb267e1a62be02cfd45acde64d3
  46. - 3d1e3457f26f35c6f0fe3fb251aa4f3770d8804dd154719cf37a797549b6f469
  47. - 651005b32b8d80dccde8e7d43cbf1f1be284d83cc1b9067efd26d69b2b859519
  48. - 672e7ee738b02a9140d9e55ad3a1c386c55d4fd02f2698cbd65aed02567f85e1
  49. - 888d74ef1e73ea16cf2fa45d52afd8cdd81eface1c2e7e36f9ffa9429a4e78be
  50. - a3ca5df52e8c5a5790df596ad5d6687268e8a45f9c96bfd4463b1d00532e4d6c
  51. - ecfe29ac7905d40cd43e79c1ade25e12c3d01827a49f4a6a7abbea2b65eae839
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!