Advertisement
ExecuteMalware

2021-05-28 IcedID IOCs

May 28th, 2021
16,397
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.51 KB | None | 0 0
  1. THREAT IDENTIFICATION: ICEDID
  2.  
  3. FORM CONTENTS
  4. Hi!
  5.  
  6. My name is Tommy.
  7.  
  8. Your website or a website that your company hosts is infringing on a copyrighted images owned by me personally.
  9.  
  10. Check out this official document with the hyperlinks to my images you utilized at www.<yourdomainname>.com and my earlier publication to find the evidence of my copyrights.
  11.  
  12. Download it now and check this out for yourself:
  13.  
  14. https://sites.google.com/view/b93uhfgdfj38fdh-3ifdshi3dhj/d/shared/0/download/file?f=412487269847230846
  15.  
  16. In my opinion you have deliberately violated my rights under 17 USC Section 101 et seq. and could possibly be liable for statutory damages as high as $150,000 as set-forth in Section 504 (c)(2) of the Digital millennium copyright act (DMCA) therein.
  17.  
  18. This letter is official notification. I demand the elimination of the infringing materials mentioned above. Take note as a service provider, the Digital Millennium Copyright Act requires you, to remove or/and deactivate access to the infringing content upon receipt of this particular notification letter. In case you do not stop the utilization of the above mentioned copyrighted content a legal action will be initiated against you.
  19.  
  20. I do have a good belief that use of the copyrighted materials mentioned above as allegedly violating is not permitted by the copyright owner, its legal agent, or the laws.
  21.  
  22. I swear, under consequence of perjury, that the information in this message is accurate and that I am currently the legal copyright proprietor or am authorized to act on behalf of the proprietor of an exclusive right that is allegedly infringed.
  23.  
  24. Regards,
  25. Tommy Cohen
  26.  
  27. 05/28/2021
  28.  
  29. MALDOC DOWNLOAD URL
  30. https://sites.google.com/view/b93uhfgdfj38fdh-3ifdshi3dhj/d/shared/0/download/file?f=412487269847230846
  31.  
  32. MALDOC FILE HASHES
  33. Stolen Images Evidence.zip
  34. 5b1eb1248d06343a79c592bec9faa4e8
  35.  
  36. Stolen Images Evidence.js
  37. c17a93ce071880665ee8ba926dec6804
  38.  
  39. ICEDID PAYLOAD DOWNLOAD URLS
  40. http://manusart.top/034g100/index.php
  41. http://manusart.top/034g100/main.php
  42.  
  43. ICEDID PAYLOAD FILE HASHES
  44. main.php
  45. 48f2f59ffbcb987055b7d04f9a0cce5c
  46.  
  47. ICEDID C2
  48. http://lascakatheather.shop/
  49. 172.67.192.197
  50.  
  51. C2 TRAFFIC
  52. GET / HTTP/1.1
  53. Connection: Keep-Alive
  54. Cookie: __gads=1810231353:1:931:125; _gat=10.0.17134.64; _ga=1.329303.2020557398.150; _u=4D534544474557494E3130:494555736572:41433442433845314533423344454637; __io=21_1058341133_2092417715_4019509128; _gid=40084938E048
  55. Host: lascakatheather.shop
  56.  
  57. HTTP/1.1 404 Not Found
  58. Date: Fri, 28 May 2021 15:51:26 GMT
  59. Content-Type: text/html; charset=UTF-8
  60. Transfer-Encoding: chunked
  61. Connection: keep-alive
  62. CF-Cache-Status: DYNAMIC
  63. cf-request-id: 0a55456c0e0000e6ccac186000000001
  64. Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=qEVzvSLnSGLcmr5EiFakDpRbviDKt76DMM%2F%2B5BsvL7hJv7IHeTnpKvbMph%2Bujd5%2Bq7Gk1Y%2FxPXZhmFgHezyHrZYCoqCuDyd3CpZvMksUkq2Gq5SH9UvYmUomXngs7AoUxpg%3D"}],"group":"cf-nel","max_age":604800}
  65. NEL: {"report_to":"cf-nel","max_age":604800}
  66. Server: cloudflare
  67. CF-RAY: 6568a4f34b1ce6cc-EWR
  68. alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
  69.  
  70. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  71. <html><head>
  72. <title>404 Not Found</title>
  73. </head><body>
  74. <h1>Not Found</h1>
  75. <p>The requested URL was not found on this server.</p>
  76. <hr>
  77. <address>Apache Server at lascakatheather.shop Port 80</address>
  78. </body></html>
  79.  
  80. SUPPORTING EVIDENCE
  81. https://www.microsoft.com/security/blog/2021/04/09/investigating-a-unique-form-of-email-delivery-for-icedid-malware/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement