API tools faq
paste
Advertisement
malware_traffic

2020-07-15 (Wednesday) - Word docs pushing IcedID

malware_traffic
Jul 16th, 2020
9,518
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.85 KB | None | 0 0
raw download clone embed print report
  1. 2020-07-15 (WEDNESDAY) - WORD DOCS PUSHING ICEDID (BOKBOT)
  2.  
  3. REFERENCE:
  4.  
  5. - https://twitter.com/JAMESWT_MHT/status/1283450384061800453
  6.  
  7. 28 EXAMPLES OF WORD DOCUMENTS WITH MACROS FOR ICEDID:
  8.  
  9. - 0548735aa27305bb9eaebebc4733636fd618a30f0ffbe5bf96e604bbaff2c690 commerce ,07.20.doc
  10. - 0b54e812706f8193ab4cb8cac6108089a425ee8611c5f54ec11ab26f5dcc80a0 statistics.07.20.doc
  11. - 24d8d7ca5bff15f41dce67743aa149ae281fb16a4db37597e6f5a010cfffae8f material-07.20.doc
  12. - 2638b58e41a4c7bb765268d166a444604dd9114dbeec9620dde61c253bedf540 question 07.20.doc
  13. - 399355035df9573d0eb323331f0de7528e40745fa1a1f135e23cfe41c089c821 require_07.15.2020.doc
  14. - 43d8cf74e96b0bc5baf63c28cb371e5fd3e850eebc43c151fe1ebd890abc845d document 07.20.doc
  15. - 455b4f5863cd83b4b8a24b9d1a2c5149f4063cf1da508e5c1e87f346dce77cf8 statistics_07.15.20.doc
  16. - 5f38dbdecda29af0cd46f2d3f0143686acba2e06e09f63583013d0de0fdeebde command,07.20.doc
  17. - 61649936034989b7e6946309b97b08c35ed011710af8837423929f6ffd5fc966 instrument indenture 07.20.doc
  18. - 63bee746b7d894d319cafd5a66ba5ba8d603fb5addc2b33bd8e79587103d9fcc document_07.20.doc
  19. - 773d37d8445cd2fc624285d0f4d410931cd4fa82e00b98176271b9d4b232b87b bid.07.20.doc
  20. - 773d37d8445cd2fc624285d0f4d410931cd4fa82e00b98176271b9d4b232b87b intelligence_07.20.doc
  21. - 83f7ac065a63f82824e294e70535988c8cd6e9a26ea72f2ebe6e7cf986395189 prescribe -07.15.2020.doc
  22. - 8faa351a2bcfe0be0ed146f253f2e3dfcbc74c423c297b949eba79f0bf38521e legislate 07.20.doc
  23. - 944c58b2165b9cd5169ce0bdb16b5d5e53304c9a203132655a4dc0d0de275f93 file-07.15.20.doc
  24. - 94881157ad0567eba0288e3e2f2efa909b1435e1583d1ad5113a7ee5d75df411 adjure,07.15.2020.doc
  25. - 9f58c2f69268558d7b65db44bf7ae100750566857a65f7667e5479ad49b29b88 file.07.15.2020.doc
  26. - acd559e8448208972b8bd4d2e9d1335affedcc6c1ee949a949713be9e2562b13 instruct_07.15.2020.doc
  27. - aee49cdbdf37fab97bca6fd5ad671359bfd52a3e418f64a9fbe0599fb3aa92cd tell,07.15.2020.doc
  28. - b6ebe519d3bdb49007313f7754932a0e5bd9c54c9c5d1f005e524376ac7b43fc order-07.20.doc
  29. - b8f30ca9b962d45509fd21e3e30278166258f0363a232c54cefbc5fc1079d20b inquiry 07.20.doc
  30. - d01e351634cc2806d9b56f3b2898d6c3a2dd4f5a0988b8839b7dea324ec8915e official paper 07.15.2020.doc
  31. - e3b6fe72f819bca052772ca484a38f06475c07f6545be420dc5f3754d1684369 intelligence.07.15.2020.doc
  32. - e8f286d72e1f646a1cc24bb76b9e1b16fc4176235a853993a50cc9650ce304d0 direct 07.15.2020.doc
  33. - ea4275c23d1f52323d75cb595283c655dc9722f8adbb839ad6255f22e5269e75 documents,07.20.doc
  34. - ec10c14179e57598a88f37a722e85f8a0f2a0f1032f699be63f6fc95afb94d89 commerce .07.15.2020.doc
  35. - ed9bd7418cd023de453630f9beced66ed0bab5c4b4c2ad0a3c0b240ef677ce02 details 07.20.doc
  36. - f1fe3a443fea2d5d9995871a649c72543a5ad8820d120e418baeb1ff6c75b122 require.07.20.doc
  37.  
  38. DOMAINS HOSTING ICEDID INSTALLER DLL:
  39.  
  40. - 3ogrrst[.]com - 93.189.41[.]77
  41. - 7ty3r5x[.]com - 45.12.4[.]188
  42. - bne0g5e[.]com - 185.118.167[.]51
  43. - dc57p88[.]com - 92.63.97[.]211
  44. - g0x5byv[.]com - 185.174.172[.]165
  45. - kxwh2gp[.]com - 93.189.42[.]236
  46. - l4fnses[.]com - 45.12.4[.]188
  47.  
  48. URLS GENERATED BY WORD MACROS FOR ICEDID INSTALLER DLL:
  49.  
  50. - GET /hboneb/sol95.php?l=puom1.cab
  51. - GET /hboneb/sol95.php?l=puom2.cab
  52. - GET /hboneb/sol95.php?l=puom3.cab
  53. - GET /hboneb/sol95.php?l=puom4.cab
  54. - GET /hboneb/sol95.php?l=puom5.cab
  55. - GET /hboneb/sol95.php?l=puom6.cab
  56. - GET /hboneb/sol95.php?l=puom7.cab
  57. - GET /hboneb/sol95.php?l=puom8.cab
  58. - GET /hboneb/sol95.php?l=puom9.cab
  59. - GET /hboneb/sol95.php?l=puom10.cab
  60. - GET /hboneb/sol95.php?l=puom11.cab
  61. - GET /hboneb/sol95.php?l=puom12.cab
  62.  
  63. 25 EXAMPLES OF SHA256 HASHES FOR ICEDID INSTALLER DLL:
  64.  
  65. - 0a4e55e0a4c0923cd7ee8c40c1d2dcdfe07ca0a6af0c1b9478acc200211850e0
  66. - 1ac978743f3c738fbe213cdb8bef8dba090a773ee91d02023ccd3055255d5189
  67. - 22da48b3e61772b9fca68a5dd8130de9baafd5ac5b8cd4f3fb0dd93f158dd3bb
  68. - 294f878ab215f5a0284f7deb43236437dcc5a5daf7c13c1db187d1b4958d8e71
  69. - 35eeb9e5f71884ff8875f24447d8b7fea2226894cd6c678ac2c1f147eb357259
  70. - 3b0d7357c12a63507becbe5e8a715adf959a35d430f93602258ce6bf0d59c7e5
  71. - 3e38f4d77d95d416355902a0402ea29ebad3a2c751927ea36b093ba207139994
  72. - 41133ba77b17e44bfcb66532c3128b665e488221df3ed6dd002fc71f830473e1
  73. - 4a88af00bab63fa4471a016b03ab3eb8d58b45404632f338e23199ea7cd96129
  74. - 4d598f04f28c7977927b4addce64b4f8c9249ee412aa037093904b69e7a5e158
  75. - 5b8602784584f640e4696e7616c146564b16baa97355eaad33bbb996d3566659
  76. - 64cfb4f00a7231b0f1637a4b3587137823072bfccf3fdac71e47f9e4e0702956
  77. - 981ed91197415ca156a0156fc4cafa6fdfa57c8f938559082ecd67748c29520a
  78. - 997b1a6d4d95a139f1b5f223d315d82e1698219c442cf8d7042d33b4e90b1659
  79. - 99a022b26cb682a2655f17164315947927407fdd3f2846d810efc1d49bb18e38
  80. - a4ef74879f390d02355d8ec2bdc05c17025489f316e6b1d8bfc716df82328ff4
  81. - b45990c0919508be5baf7796951f74e3060bca8931b51611d6d5bf5d1428b6d8
  82. - b69db5233dc53539cf6239d7a79dec78746392bfb0e71286754c5d44fc432569
  83. - db1542f02c4f6626ef6fc536f61d3228900d16d8c1ba7c6fd111efea90e42e5d
  84. - dba22b14f7d14fc7658c549fc12db6be4a5ca09ece9a5a9340fcc3aeb274be1d
  85. - dd6ba6ab67a73b9234cbe66ba9308bc00bd4a8edafae56075622997b561c26a0
  86. - ecff96aabe84d7be30a0a68fcfb9242718a44e932f473110229813b6ac6fe318
  87. - f056b276ce3dc23899f7575f2688af273de3bf86fde8d4c5a05af0a1a7f16c02
  88. - fa632164e89644a21e624f50581256ab2830f22250f2919785f2f60fa9f755c3
  89. - fb0a1c0af50bd188f84d65ca5f01326f35bb1684ddc71c81e41a076d96d7a8b5
  90.  
  91. LOCATION OF ICEDID INSTALLER DLL FILES:
  92.  
  93. - C:\ProgramData\11174.jpg
  94. - C:\ProgramData\22917.jpg
  95. - C:\ProgramData\28516.jpg
  96. - C:\ProgramData\49631.jpg
  97. - C:\ProgramData\54358.jpg
  98. - C:\ProgramData\60713.jpg
  99. - C:\Users\[username]\Documents\BX.tmp
  100. - C:\Users\[username]\Downloads\MR.tmp
  101. - C:\Users\[username]\Desktop\Pa.tmp
  102. - C:\Users\[username]\Documents\iM.tmp
  103. - C:\Users\[username]\Downloads\tE.tmp
  104. - C:\Users\[username]\Desktop\vH.tmp
  105. - C:\Users\[username]\Documents\y0.tmp
  106.  
  107. RUN METHOD FOR ICEDID INSTALLER DLL FILES:
  108.  
  109. - regsvr32.exe -s [filename]
  110.  
  111. NOTE:
  112.  
  113. - I was unable to see the follow-up IcedID malware from infections with these Word docs/downloaded DLL files. I only saw the IcedID installer.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!