mirror of
https://github.com/vuldb/cyber_threat_intelligence
synced 2024-07-03 08:58:21 +00:00
464 lines
32 KiB
Markdown
464 lines
32 KiB
Markdown
# IcedID - Cyber Threat Intelligence
|
|
|
|
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [IcedID](https://vuldb.com/?actor.icedid). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
|
|
|
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.icedid](https://vuldb.com/?actor.icedid)
|
|
|
|
## Campaigns
|
|
|
|
The following _campaigns_ are known and can be associated with IcedID:
|
|
|
|
* Cobalt Strike
|
|
* Nokoyawa
|
|
|
|
## Countries
|
|
|
|
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with IcedID:
|
|
|
|
* [US](https://vuldb.com/?country.us)
|
|
* [CN](https://vuldb.com/?country.cn)
|
|
* [RU](https://vuldb.com/?country.ru)
|
|
* ...
|
|
|
|
There are 14 more country items available. Please use our online service to access the data.
|
|
|
|
## IOC - Indicator of Compromise
|
|
|
|
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of IcedID.
|
|
|
|
ID | IP address | Hostname | Campaign | Confidence
|
|
-- | ---------- | -------- | -------- | ----------
|
|
1 | [2.56.177.14](https://vuldb.com/?ip.2.56.177.14) | 2-56-177-14.serversfinder.com | - | High
|
|
2 | [2.56.177.122](https://vuldb.com/?ip.2.56.177.122) | 2-56-177-122.serversfinder.com | - | High
|
|
3 | [5.2.65.217](https://vuldb.com/?ip.5.2.65.217) | - | - | High
|
|
4 | [5.2.67.119](https://vuldb.com/?ip.5.2.67.119) | - | - | High
|
|
5 | [5.2.70.56](https://vuldb.com/?ip.5.2.70.56) | - | - | High
|
|
6 | [5.2.70.89](https://vuldb.com/?ip.5.2.70.89) | - | - | High
|
|
7 | [5.2.74.83](https://vuldb.com/?ip.5.2.74.83) | - | - | High
|
|
8 | [5.2.75.126](https://vuldb.com/?ip.5.2.75.126) | - | - | High
|
|
9 | [5.2.75.189](https://vuldb.com/?ip.5.2.75.189) | - | - | High
|
|
10 | [5.2.76.156](https://vuldb.com/?ip.5.2.76.156) | - | - | High
|
|
11 | [5.2.77.232](https://vuldb.com/?ip.5.2.77.232) | - | - | High
|
|
12 | [5.2.78.150](https://vuldb.com/?ip.5.2.78.150) | - | - | High
|
|
13 | [5.2.79.7](https://vuldb.com/?ip.5.2.79.7) | - | - | High
|
|
14 | [5.2.79.218](https://vuldb.com/?ip.5.2.79.218) | - | - | High
|
|
15 | [5.34.180.162](https://vuldb.com/?ip.5.34.180.162) | - | - | High
|
|
16 | [5.34.181.34](https://vuldb.com/?ip.5.34.181.34) | vds-842965.hosted-by-itldc.com | - | High
|
|
17 | [5.34.181.44](https://vuldb.com/?ip.5.34.181.44) | vds-950771.hosted-by-itldc.com | - | High
|
|
18 | [5.39.63.101](https://vuldb.com/?ip.5.39.63.101) | - | - | High
|
|
19 | [5.39.63.102](https://vuldb.com/?ip.5.39.63.102) | - | - | High
|
|
20 | [5.39.222.193](https://vuldb.com/?ip.5.39.222.193) | - | - | High
|
|
21 | [5.39.223.131](https://vuldb.com/?ip.5.39.223.131) | - | - | High
|
|
22 | [5.39.223.134](https://vuldb.com/?ip.5.39.223.134) | - | - | High
|
|
23 | [5.61.32.172](https://vuldb.com/?ip.5.61.32.172) | - | - | High
|
|
24 | [5.61.34.133](https://vuldb.com/?ip.5.61.34.133) | mta3.mailup.ru | - | High
|
|
25 | [5.61.34.153](https://vuldb.com/?ip.5.61.34.153) | - | - | High
|
|
26 | [5.61.36.120](https://vuldb.com/?ip.5.61.36.120) | - | - | High
|
|
27 | [5.61.36.180](https://vuldb.com/?ip.5.61.36.180) | - | - | High
|
|
28 | [5.61.37.89](https://vuldb.com/?ip.5.61.37.89) | mailer.ampm.casino | - | High
|
|
29 | [5.61.37.224](https://vuldb.com/?ip.5.61.37.224) | - | - | High
|
|
30 | [5.61.40.78](https://vuldb.com/?ip.5.61.40.78) | - | - | High
|
|
31 | [5.61.42.115](https://vuldb.com/?ip.5.61.42.115) | 0.0.0.0 | - | High
|
|
32 | [5.61.42.123](https://vuldb.com/?ip.5.61.42.123) | stirok.ru | - | High
|
|
33 | [5.61.42.128](https://vuldb.com/?ip.5.61.42.128) | - | - | High
|
|
34 | [5.61.43.172](https://vuldb.com/?ip.5.61.43.172) | - | - | High
|
|
35 | [5.61.43.191](https://vuldb.com/?ip.5.61.43.191) | b3.bareandblushy.com | - | High
|
|
36 | [5.61.44.146](https://vuldb.com/?ip.5.61.44.146) | - | - | High
|
|
37 | [5.61.44.218](https://vuldb.com/?ip.5.61.44.218) | - | - | High
|
|
38 | [5.61.44.234](https://vuldb.com/?ip.5.61.44.234) | - | - | High
|
|
39 | [5.61.45.179](https://vuldb.com/?ip.5.61.45.179) | - | - | High
|
|
40 | [5.61.46.161](https://vuldb.com/?ip.5.61.46.161) | - | - | High
|
|
41 | [5.61.46.164](https://vuldb.com/?ip.5.61.46.164) | - | - | High
|
|
42 | [5.61.61.35](https://vuldb.com/?ip.5.61.61.35) | - | - | High
|
|
43 | [5.135.255.246](https://vuldb.com/?ip.5.135.255.246) | - | - | High
|
|
44 | [5.144.132.47](https://vuldb.com/?ip.5.144.132.47) | 47-132-144-5.static.hostiran.name | - | High
|
|
45 | [5.149.252.179](https://vuldb.com/?ip.5.149.252.179) | hnh7.arenal.xyz | - | High
|
|
46 | [5.181.27.192](https://vuldb.com/?ip.5.181.27.192) | gcl-lon.com | - | High
|
|
47 | [5.181.80.213](https://vuldb.com/?ip.5.181.80.213) | ip-80-213-bullethost.net | - | High
|
|
48 | [5.181.80.215](https://vuldb.com/?ip.5.181.80.215) | anelpones.xyz | - | High
|
|
49 | [5.181.80.218](https://vuldb.com/?ip.5.181.80.218) | ip-80-218-bullethost.net | - | High
|
|
50 | [5.188.0.52](https://vuldb.com/?ip.5.188.0.52) | saycain.example.com | - | High
|
|
51 | [5.188.93.137](https://vuldb.com/?ip.5.188.93.137) | free.ds | - | High
|
|
52 | [5.196.103.145](https://vuldb.com/?ip.5.196.103.145) | - | - | High
|
|
53 | [5.196.196.251](https://vuldb.com/?ip.5.196.196.251) | - | - | High
|
|
54 | [5.196.196.252](https://vuldb.com/?ip.5.196.196.252) | - | - | High
|
|
55 | [5.199.162.56](https://vuldb.com/?ip.5.199.162.56) | - | - | High
|
|
56 | [5.199.162.81](https://vuldb.com/?ip.5.199.162.81) | - | - | High
|
|
57 | [5.199.162.123](https://vuldb.com/?ip.5.199.162.123) | - | - | High
|
|
58 | [5.199.162.162](https://vuldb.com/?ip.5.199.162.162) | - | - | High
|
|
59 | [5.199.162.166](https://vuldb.com/?ip.5.199.162.166) | - | - | High
|
|
60 | [5.199.162.174](https://vuldb.com/?ip.5.199.162.174) | - | - | High
|
|
61 | [5.199.162.235](https://vuldb.com/?ip.5.199.162.235) | - | - | High
|
|
62 | [5.199.168.14](https://vuldb.com/?ip.5.199.168.14) | - | - | High
|
|
63 | [5.199.168.24](https://vuldb.com/?ip.5.199.168.24) | - | - | High
|
|
64 | [5.199.168.34](https://vuldb.com/?ip.5.199.168.34) | - | - | High
|
|
65 | [5.199.168.125](https://vuldb.com/?ip.5.199.168.125) | - | - | High
|
|
66 | [5.199.168.213](https://vuldb.com/?ip.5.199.168.213) | - | - | High
|
|
67 | [5.199.168.214](https://vuldb.com/?ip.5.199.168.214) | - | - | High
|
|
68 | [5.199.168.255](https://vuldb.com/?ip.5.199.168.255) | - | - | High
|
|
69 | [5.199.173.20](https://vuldb.com/?ip.5.199.173.20) | - | - | High
|
|
70 | [5.199.173.24](https://vuldb.com/?ip.5.199.173.24) | - | - | High
|
|
71 | [5.199.173.27](https://vuldb.com/?ip.5.199.173.27) | - | - | High
|
|
72 | [5.199.173.29](https://vuldb.com/?ip.5.199.173.29) | - | - | High
|
|
73 | [5.199.173.51](https://vuldb.com/?ip.5.199.173.51) | - | - | High
|
|
74 | [5.199.173.107](https://vuldb.com/?ip.5.199.173.107) | - | - | High
|
|
75 | [5.199.173.120](https://vuldb.com/?ip.5.199.173.120) | - | - | High
|
|
76 | [5.199.173.141](https://vuldb.com/?ip.5.199.173.141) | - | - | High
|
|
77 | [5.199.173.150](https://vuldb.com/?ip.5.199.173.150) | - | - | High
|
|
78 | [5.199.173.162](https://vuldb.com/?ip.5.199.173.162) | - | - | High
|
|
79 | [5.199.173.173](https://vuldb.com/?ip.5.199.173.173) | - | - | High
|
|
80 | [5.199.173.210](https://vuldb.com/?ip.5.199.173.210) | - | - | High
|
|
81 | [5.199.173.217](https://vuldb.com/?ip.5.199.173.217) | - | - | High
|
|
82 | [5.199.173.233](https://vuldb.com/?ip.5.199.173.233) | - | - | High
|
|
83 | [5.199.173.234](https://vuldb.com/?ip.5.199.173.234) | - | - | High
|
|
84 | [5.199.174.189](https://vuldb.com/?ip.5.199.174.189) | - | - | High
|
|
85 | [5.199.174.232](https://vuldb.com/?ip.5.199.174.232) | - | - | High
|
|
86 | [5.199.174.234](https://vuldb.com/?ip.5.199.174.234) | - | - | High
|
|
87 | [5.206.224.50](https://vuldb.com/?ip.5.206.224.50) | ko.pro | - | High
|
|
88 | [5.206.224.239](https://vuldb.com/?ip.5.206.224.239) | aqualisbra.com | - | High
|
|
89 | [5.206.227.5](https://vuldb.com/?ip.5.206.227.5) | jiojoip.com | - | High
|
|
90 | [5.230.57.30](https://vuldb.com/?ip.5.230.57.30) | - | - | High
|
|
91 | [5.230.57.194](https://vuldb.com/?ip.5.230.57.194) | - | - | High
|
|
92 | [5.230.66.157](https://vuldb.com/?ip.5.230.66.157) | - | - | High
|
|
93 | [5.230.67.128](https://vuldb.com/?ip.5.230.67.128) | placeholder.noezserver.de | - | High
|
|
94 | [5.230.67.227](https://vuldb.com/?ip.5.230.67.227) | placeholder.noezserver.de | - | High
|
|
95 | [5.230.68.22](https://vuldb.com/?ip.5.230.68.22) | pleasantly.autocraftz.biz | - | High
|
|
96 | [5.230.68.48](https://vuldb.com/?ip.5.230.68.48) | ounahiskills.co.uk | - | High
|
|
97 | [5.230.68.66](https://vuldb.com/?ip.5.230.68.66) | fracturedprunesurfcitync.com | - | High
|
|
98 | [5.230.68.163](https://vuldb.com/?ip.5.230.68.163) | placeholder.noezserver.de | - | High
|
|
99 | [5.230.68.190](https://vuldb.com/?ip.5.230.68.190) | ua190.ualist.com | - | High
|
|
100 | [5.230.70.43](https://vuldb.com/?ip.5.230.70.43) | placeholder.noezserver.de | - | High
|
|
101 | [5.230.70.57](https://vuldb.com/?ip.5.230.70.57) | placeholder.noezserver.de | - | High
|
|
102 | [5.230.70.135](https://vuldb.com/?ip.5.230.70.135) | placeholder.noezserver.de | - | High
|
|
103 | [5.230.70.140](https://vuldb.com/?ip.5.230.70.140) | placeholder.noezserver.de | - | High
|
|
104 | [5.230.70.146](https://vuldb.com/?ip.5.230.70.146) | placeholder.noezserver.de | - | High
|
|
105 | [5.230.71.72](https://vuldb.com/?ip.5.230.71.72) | placeholder.noezserver.de | - | High
|
|
106 | [5.230.72.37](https://vuldb.com/?ip.5.230.72.37) | placeholder.noezserver.de | - | High
|
|
107 | [5.230.72.131](https://vuldb.com/?ip.5.230.72.131) | placeholder.noezserver.de | - | High
|
|
108 | [5.230.72.158](https://vuldb.com/?ip.5.230.72.158) | placeholder.noezserver.de | - | High
|
|
109 | [5.230.73.61](https://vuldb.com/?ip.5.230.73.61) | placeholder.noezserver.de | - | High
|
|
110 | [5.230.73.139](https://vuldb.com/?ip.5.230.73.139) | - | - | High
|
|
111 | [5.230.73.157](https://vuldb.com/?ip.5.230.73.157) | - | - | High
|
|
112 | [5.230.73.172](https://vuldb.com/?ip.5.230.73.172) | - | - | High
|
|
113 | [5.230.73.200](https://vuldb.com/?ip.5.230.73.200) | placeholder.noezserver.de | - | High
|
|
114 | [5.230.73.244](https://vuldb.com/?ip.5.230.73.244) | placeholder.noezserver.de | - | High
|
|
115 | [5.230.74.71](https://vuldb.com/?ip.5.230.74.71) | - | - | High
|
|
116 | [5.230.74.153](https://vuldb.com/?ip.5.230.74.153) | placeholder.noezserver.de | - | High
|
|
117 | [5.230.74.202](https://vuldb.com/?ip.5.230.74.202) | - | - | High
|
|
118 | [5.230.74.203](https://vuldb.com/?ip.5.230.74.203) | - | - | High
|
|
119 | [5.230.74.223](https://vuldb.com/?ip.5.230.74.223) | placeholder.noezserver.de | - | High
|
|
120 | [5.230.74.242](https://vuldb.com/?ip.5.230.74.242) | - | - | High
|
|
121 | [5.230.75.11](https://vuldb.com/?ip.5.230.75.11) | - | - | High
|
|
122 | [5.230.75.134](https://vuldb.com/?ip.5.230.75.134) | placeholder.noezserver.de | - | High
|
|
123 | [5.230.75.188](https://vuldb.com/?ip.5.230.75.188) | - | - | High
|
|
124 | [5.230.75.247](https://vuldb.com/?ip.5.230.75.247) | ma247.manidatravel.com | - | High
|
|
125 | [5.230.76.44](https://vuldb.com/?ip.5.230.76.44) | - | - | High
|
|
126 | [5.230.76.198](https://vuldb.com/?ip.5.230.76.198) | - | - | High
|
|
127 | [5.230.78.208](https://vuldb.com/?ip.5.230.78.208) | - | - | High
|
|
128 | [5.252.23.141](https://vuldb.com/?ip.5.252.23.141) | mail.exclusive-meetingg.com | - | High
|
|
129 | [5.252.177.10](https://vuldb.com/?ip.5.252.177.10) | no-rdns.mivocloud.com | - | High
|
|
130 | [5.252.177.13](https://vuldb.com/?ip.5.252.177.13) | no-rdns.mivocloud.com | - | High
|
|
131 | [5.252.177.59](https://vuldb.com/?ip.5.252.177.59) | no-rdns.mivocloud.com | - | High
|
|
132 | [5.252.177.65](https://vuldb.com/?ip.5.252.177.65) | no-rdns.mivocloud.com | - | High
|
|
133 | [5.252.177.103](https://vuldb.com/?ip.5.252.177.103) | no-rdns.mivocloud.com | - | High
|
|
134 | [5.252.177.106](https://vuldb.com/?ip.5.252.177.106) | bestsevenreviews.com | - | High
|
|
135 | [5.252.177.107](https://vuldb.com/?ip.5.252.177.107) | no-rdns.mivocloud.com | - | High
|
|
136 | [5.252.177.233](https://vuldb.com/?ip.5.252.177.233) | 5-252-177-233.mivocloud.com | - | High
|
|
137 | [5.252.178.142](https://vuldb.com/?ip.5.252.178.142) | no-rdns.mivocloud.com | - | High
|
|
138 | [5.255.98.126](https://vuldb.com/?ip.5.255.98.126) | - | - | High
|
|
139 | [5.255.99.21](https://vuldb.com/?ip.5.255.99.21) | - | - | High
|
|
140 | [5.255.99.51](https://vuldb.com/?ip.5.255.99.51) | - | - | High
|
|
141 | [5.255.99.108](https://vuldb.com/?ip.5.255.99.108) | - | - | High
|
|
142 | [5.255.100.8](https://vuldb.com/?ip.5.255.100.8) | - | - | High
|
|
143 | [5.255.100.32](https://vuldb.com/?ip.5.255.100.32) | - | - | High
|
|
144 | [5.255.100.55](https://vuldb.com/?ip.5.255.100.55) | - | - | High
|
|
145 | [5.255.100.65](https://vuldb.com/?ip.5.255.100.65) | - | - | High
|
|
146 | [5.255.100.207](https://vuldb.com/?ip.5.255.100.207) | chronostech.io | - | High
|
|
147 | [5.255.100.250](https://vuldb.com/?ip.5.255.100.250) | - | - | High
|
|
148 | [5.255.101.31](https://vuldb.com/?ip.5.255.101.31) | - | - | High
|
|
149 | [5.255.101.68](https://vuldb.com/?ip.5.255.101.68) | - | - | High
|
|
150 | [5.255.102.88](https://vuldb.com/?ip.5.255.102.88) | - | - | High
|
|
151 | [5.255.102.167](https://vuldb.com/?ip.5.255.102.167) | - | - | High
|
|
152 | [5.255.103.75](https://vuldb.com/?ip.5.255.103.75) | - | - | High
|
|
153 | [5.255.103.108](https://vuldb.com/?ip.5.255.103.108) | - | - | High
|
|
154 | [5.255.103.144](https://vuldb.com/?ip.5.255.103.144) | - | - | High
|
|
155 | [5.255.103.245](https://vuldb.com/?ip.5.255.103.245) | - | - | High
|
|
156 | [5.255.104.11](https://vuldb.com/?ip.5.255.104.11) | - | - | High
|
|
157 | [5.255.104.22](https://vuldb.com/?ip.5.255.104.22) | - | - | High
|
|
158 | [5.255.104.45](https://vuldb.com/?ip.5.255.104.45) | - | - | High
|
|
159 | [5.255.104.52](https://vuldb.com/?ip.5.255.104.52) | - | - | High
|
|
160 | [5.255.104.93](https://vuldb.com/?ip.5.255.104.93) | - | - | High
|
|
161 | [5.255.104.97](https://vuldb.com/?ip.5.255.104.97) | - | - | High
|
|
162 | [5.255.104.113](https://vuldb.com/?ip.5.255.104.113) | - | - | High
|
|
163 | [5.255.104.120](https://vuldb.com/?ip.5.255.104.120) | - | - | High
|
|
164 | [5.255.104.130](https://vuldb.com/?ip.5.255.104.130) | - | - | High
|
|
165 | [5.255.104.143](https://vuldb.com/?ip.5.255.104.143) | - | - | High
|
|
166 | [5.255.104.145](https://vuldb.com/?ip.5.255.104.145) | - | - | High
|
|
167 | [5.255.104.153](https://vuldb.com/?ip.5.255.104.153) | - | - | High
|
|
168 | [5.255.104.184](https://vuldb.com/?ip.5.255.104.184) | - | - | High
|
|
169 | [5.255.104.220](https://vuldb.com/?ip.5.255.104.220) | - | - | High
|
|
170 | [5.255.104.233](https://vuldb.com/?ip.5.255.104.233) | - | - | High
|
|
171 | [5.255.105.55](https://vuldb.com/?ip.5.255.105.55) | - | - | High
|
|
172 | [5.255.105.239](https://vuldb.com/?ip.5.255.105.239) | - | - | High
|
|
173 | [5.255.106.72](https://vuldb.com/?ip.5.255.106.72) | - | - | High
|
|
174 | [5.255.106.78](https://vuldb.com/?ip.5.255.106.78) | smtp.gespollas.com | - | High
|
|
175 | [5.255.106.136](https://vuldb.com/?ip.5.255.106.136) | - | - | High
|
|
176 | [5.255.106.240](https://vuldb.com/?ip.5.255.106.240) | - | - | High
|
|
177 | [5.255.107.149](https://vuldb.com/?ip.5.255.107.149) | - | - | High
|
|
178 | [5.255.109.46](https://vuldb.com/?ip.5.255.109.46) | - | - | High
|
|
179 | [5.255.109.175](https://vuldb.com/?ip.5.255.109.175) | - | - | High
|
|
180 | [5.255.110.177](https://vuldb.com/?ip.5.255.110.177) | - | - | High
|
|
181 | [5.255.111.220](https://vuldb.com/?ip.5.255.111.220) | - | - | High
|
|
182 | [5.255.113.157](https://vuldb.com/?ip.5.255.113.157) | - | - | High
|
|
183 | [5.255.115.226](https://vuldb.com/?ip.5.255.115.226) | - | - | High
|
|
184 | [5.255.119.21](https://vuldb.com/?ip.5.255.119.21) | - | - | High
|
|
185 | [5.255.120.33](https://vuldb.com/?ip.5.255.120.33) | - | - | High
|
|
186 | [5.255.122.79](https://vuldb.com/?ip.5.255.122.79) | - | - | High
|
|
187 | [5.255.124.55](https://vuldb.com/?ip.5.255.124.55) | - | - | High
|
|
188 | [6.43.51.17](https://vuldb.com/?ip.6.43.51.17) | - | - | High
|
|
189 | [8.39.147.62](https://vuldb.com/?ip.8.39.147.62) | vyc1.achlycole.org.uk | - | High
|
|
190 | [23.82.128.186](https://vuldb.com/?ip.23.82.128.186) | - | - | High
|
|
191 | [23.82.128.215](https://vuldb.com/?ip.23.82.128.215) | - | - | High
|
|
192 | [23.88.35.240](https://vuldb.com/?ip.23.88.35.240) | static.240.35.88.23.clients.your-server.de | - | High
|
|
193 | [23.106.124.26](https://vuldb.com/?ip.23.106.124.26) | - | - | High
|
|
194 | [23.106.124.168](https://vuldb.com/?ip.23.106.124.168) | - | - | High
|
|
195 | [23.106.124.181](https://vuldb.com/?ip.23.106.124.181) | - | - | High
|
|
196 | [23.106.215.93](https://vuldb.com/?ip.23.106.215.93) | - | - | High
|
|
197 | [23.160.193.140](https://vuldb.com/?ip.23.160.193.140) | unknown.ip-xfer.net | - | High
|
|
198 | [23.227.202.165](https://vuldb.com/?ip.23.227.202.165) | 23-227-202-165.static.hvvc.us | - | High
|
|
199 | [23.227.203.131](https://vuldb.com/?ip.23.227.203.131) | 23-227-203-131.static.hvvc.us | - | High
|
|
200 | [23.227.206.161](https://vuldb.com/?ip.23.227.206.161) | 23-227-206-161.static.hvvc.us | - | High
|
|
201 | [23.227.206.195](https://vuldb.com/?ip.23.227.206.195) | 23-227-206-195.static.hvvc.us | - | High
|
|
202 | [23.254.202.234](https://vuldb.com/?ip.23.254.202.234) | hwsrv-1055605.hostwindsdns.com | - | High
|
|
203 | [23.254.211.137](https://vuldb.com/?ip.23.254.211.137) | hwsrv-1045976.hostwindsdns.com | - | High
|
|
204 | [23.254.224.115](https://vuldb.com/?ip.23.254.224.115) | hwsrv-1031288.hostwindsdns.com | - | High
|
|
205 | [23.254.224.148](https://vuldb.com/?ip.23.254.224.148) | client-23-254-224-148.hostwindsdns.com | - | High
|
|
206 | [23.254.226.152](https://vuldb.com/?ip.23.254.226.152) | hwsrv-1069457.hostwindsdns.com | - | High
|
|
207 | [23.254.229.208](https://vuldb.com/?ip.23.254.229.208) | hwsrv-1015537.hostwindsdns.com | - | High
|
|
208 | [23.254.253.106](https://vuldb.com/?ip.23.254.253.106) | WIN-KP9WSUDC4N.com | - | High
|
|
209 | [31.13.195.119](https://vuldb.com/?ip.31.13.195.119) | sm.cfconsult.net | - | High
|
|
210 | [31.13.195.127](https://vuldb.com/?ip.31.13.195.127) | - | - | High
|
|
211 | [31.24.224.12](https://vuldb.com/?ip.31.24.224.12) | 1f18e00c.setaptr.net | - | High
|
|
212 | [31.24.228.170](https://vuldb.com/?ip.31.24.228.170) | 31.24.228.170.static.midphase.com | - | High
|
|
213 | [31.184.199.11](https://vuldb.com/?ip.31.184.199.11) | dalesmanager.com | - | High
|
|
214 | [37.1.192.40](https://vuldb.com/?ip.37.1.192.40) | - | - | High
|
|
215 | [37.1.193.136](https://vuldb.com/?ip.37.1.193.136) | webcomdition.com | - | High
|
|
216 | [37.1.195.84](https://vuldb.com/?ip.37.1.195.84) | - | - | High
|
|
217 | [37.1.195.238](https://vuldb.com/?ip.37.1.195.238) | autoreflash.com | - | High
|
|
218 | [37.1.205.217](https://vuldb.com/?ip.37.1.205.217) | - | - | High
|
|
219 | [37.1.208.48](https://vuldb.com/?ip.37.1.208.48) | reveltip.com | - | High
|
|
220 | [37.1.213.234](https://vuldb.com/?ip.37.1.213.234) | - | - | High
|
|
221 | [37.1.221.209](https://vuldb.com/?ip.37.1.221.209) | - | - | High
|
|
222 | [37.46.129.17](https://vuldb.com/?ip.37.46.129.17) | info50.fvds.ru | - | High
|
|
223 | [37.61.229.95](https://vuldb.com/?ip.37.61.229.95) | zeno.igorclark.net | - | High
|
|
224 | [37.120.222.100](https://vuldb.com/?ip.37.120.222.100) | - | - | High
|
|
225 | [37.221.115.12](https://vuldb.com/?ip.37.221.115.12) | - | - | High
|
|
226 | [37.235.55.75](https://vuldb.com/?ip.37.235.55.75) | 75.55.235.37.in-addr.arpa | - | High
|
|
227 | [37.235.55.103](https://vuldb.com/?ip.37.235.55.103) | 103.55.235.37.in-addr.arpa | - | High
|
|
228 | [37.235.56.30](https://vuldb.com/?ip.37.235.56.30) | 30.56.235.37.in-addr.arpa | - | High
|
|
229 | [37.235.56.37](https://vuldb.com/?ip.37.235.56.37) | 37.56.235.37.in-addr.arpa | - | High
|
|
230 | [37.235.56.94](https://vuldb.com/?ip.37.235.56.94) | 94.56.235.37.in-addr.arpa | - | High
|
|
231 | [37.235.56.185](https://vuldb.com/?ip.37.235.56.185) | 185.56.235.37.in-addr.arpa | - | High
|
|
232 | [37.252.5.228](https://vuldb.com/?ip.37.252.5.228) | - | - | High
|
|
233 | [37.252.6.77](https://vuldb.com/?ip.37.252.6.77) | - | - | High
|
|
234 | [37.252.10.231](https://vuldb.com/?ip.37.252.10.231) | - | - | High
|
|
235 | [37.252.11.170](https://vuldb.com/?ip.37.252.11.170) | - | - | High
|
|
236 | [37.252.11.221](https://vuldb.com/?ip.37.252.11.221) | - | - | High
|
|
237 | [38.180.0.89](https://vuldb.com/?ip.38.180.0.89) | - | - | High
|
|
238 | [38.180.8.107](https://vuldb.com/?ip.38.180.8.107) | - | - | High
|
|
239 | [38.180.8.169](https://vuldb.com/?ip.38.180.8.169) | - | - | High
|
|
240 | [38.180.34.14](https://vuldb.com/?ip.38.180.34.14) | - | - | High
|
|
241 | [45.11.19.121](https://vuldb.com/?ip.45.11.19.121) | - | - | High
|
|
242 | [45.11.19.168](https://vuldb.com/?ip.45.11.19.168) | - | - | High
|
|
243 | [45.11.182.61](https://vuldb.com/?ip.45.11.182.61) | - | - | High
|
|
244 | [45.11.182.114](https://vuldb.com/?ip.45.11.182.114) | - | - | High
|
|
245 | [45.11.182.115](https://vuldb.com/?ip.45.11.182.115) | - | - | High
|
|
246 | [45.11.182.117](https://vuldb.com/?ip.45.11.182.117) | - | - | High
|
|
247 | [45.11.182.118](https://vuldb.com/?ip.45.11.182.118) | - | - | High
|
|
248 | [45.11.182.119](https://vuldb.com/?ip.45.11.182.119) | - | - | High
|
|
249 | [45.11.182.120](https://vuldb.com/?ip.45.11.182.120) | - | - | High
|
|
250 | [45.11.182.121](https://vuldb.com/?ip.45.11.182.121) | - | - | High
|
|
251 | [45.12.109.136](https://vuldb.com/?ip.45.12.109.136) | kemp.strongwallsys.com | - | High
|
|
252 | [45.12.109.195](https://vuldb.com/?ip.45.12.109.195) | ryan.earthbroadcasting.com | - | High
|
|
253 | [45.12.109.221](https://vuldb.com/?ip.45.12.109.221) | weaver.earthbroadcasting.com | - | High
|
|
254 | [45.12.139.90](https://vuldb.com/?ip.45.12.139.90) | - | - | High
|
|
255 | [45.15.161.254](https://vuldb.com/?ip.45.15.161.254) | - | - | High
|
|
256 | [45.41.204.5](https://vuldb.com/?ip.45.41.204.5) | fastshipus.xyz | - | High
|
|
257 | [45.55.42.13](https://vuldb.com/?ip.45.55.42.13) | - | - | High
|
|
258 | [45.55.53.206](https://vuldb.com/?ip.45.55.53.206) | - | - | High
|
|
259 | [45.55.56.244](https://vuldb.com/?ip.45.55.56.244) | - | - | High
|
|
260 | [45.61.136.6](https://vuldb.com/?ip.45.61.136.6) | - | - | High
|
|
261 | [45.61.136.193](https://vuldb.com/?ip.45.61.136.193) | - | - | High
|
|
262 | [45.61.137.119](https://vuldb.com/?ip.45.61.137.119) | - | - | High
|
|
263 | [45.61.137.159](https://vuldb.com/?ip.45.61.137.159) | - | - | High
|
|
264 | [45.61.137.220](https://vuldb.com/?ip.45.61.137.220) | svenska.re | - | High
|
|
265 | [45.61.138.171](https://vuldb.com/?ip.45.61.138.171) | - | - | High
|
|
266 | [45.61.138.175](https://vuldb.com/?ip.45.61.138.175) | - | - | High
|
|
267 | [45.61.138.181](https://vuldb.com/?ip.45.61.138.181) | - | - | High
|
|
268 | [45.61.138.227](https://vuldb.com/?ip.45.61.138.227) | - | - | High
|
|
269 | [45.61.139.138](https://vuldb.com/?ip.45.61.139.138) | - | - | High
|
|
270 | [45.61.139.144](https://vuldb.com/?ip.45.61.139.144) | - | - | High
|
|
271 | [45.61.139.179](https://vuldb.com/?ip.45.61.139.179) | - | - | High
|
|
272 | [45.61.139.196](https://vuldb.com/?ip.45.61.139.196) | - | - | High
|
|
273 | [45.61.139.235](https://vuldb.com/?ip.45.61.139.235) | - | - | High
|
|
274 | [45.61.139.243](https://vuldb.com/?ip.45.61.139.243) | - | - | High
|
|
275 | [45.66.248.7](https://vuldb.com/?ip.45.66.248.7) | mta0.burjeela.gq | - | High
|
|
276 | [45.66.248.37](https://vuldb.com/?ip.45.66.248.37) | mta0.quarrantinereport-center.gq | - | High
|
|
277 | [45.66.248.69](https://vuldb.com/?ip.45.66.248.69) | outbound5.imaille.com | - | High
|
|
278 | [45.66.248.71](https://vuldb.com/?ip.45.66.248.71) | - | - | High
|
|
279 | [45.66.248.79](https://vuldb.com/?ip.45.66.248.79) | mta0.coldspikes.autos | - | High
|
|
280 | [45.66.248.119](https://vuldb.com/?ip.45.66.248.119) | finixdeal.com | Nokoyawa | High
|
|
281 | [45.66.248.148](https://vuldb.com/?ip.45.66.248.148) | QuanTs.defaultproduct.com | - | High
|
|
282 | [45.66.248.244](https://vuldb.com/?ip.45.66.248.244) | mta0.axminster-carpets.cf | - | High
|
|
283 | [45.66.249.26](https://vuldb.com/?ip.45.66.249.26) | 8axj5rsx1e.marketingforbreweries.com | - | High
|
|
284 | [45.66.249.221](https://vuldb.com/?ip.45.66.249.221) | mta0.lizengeneering.com | - | High
|
|
285 | [45.67.231.235](https://vuldb.com/?ip.45.67.231.235) | am-tun2.warwish.pro | - | High
|
|
286 | [45.82.247.87](https://vuldb.com/?ip.45.82.247.87) | - | - | High
|
|
287 | [45.82.247.121](https://vuldb.com/?ip.45.82.247.121) | - | - | High
|
|
288 | [45.82.247.148](https://vuldb.com/?ip.45.82.247.148) | prostatehealth.click | - | High
|
|
289 | [45.82.251.34](https://vuldb.com/?ip.45.82.251.34) | - | - | High
|
|
290 | [45.82.251.36](https://vuldb.com/?ip.45.82.251.36) | - | - | High
|
|
291 | [45.82.251.44](https://vuldb.com/?ip.45.82.251.44) | - | - | High
|
|
292 | [45.86.229.46](https://vuldb.com/?ip.45.86.229.46) | - | - | High
|
|
293 | [45.86.229.94](https://vuldb.com/?ip.45.86.229.94) | - | - | High
|
|
294 | [45.86.229.105](https://vuldb.com/?ip.45.86.229.105) | 1lf7cf33e.northernstarmarketing.com | - | High
|
|
295 | [45.86.229.180](https://vuldb.com/?ip.45.86.229.180) | - | - | High
|
|
296 | [45.86.229.253](https://vuldb.com/?ip.45.86.229.253) | 32l.edUcated-352.insuranceforourfamily.com | - | High
|
|
297 | [45.86.230.43](https://vuldb.com/?ip.45.86.230.43) | google.com | - | High
|
|
298 | [45.86.230.141](https://vuldb.com/?ip.45.86.230.141) | mta0.ungho.cf | - | High
|
|
299 | [45.86.230.149](https://vuldb.com/?ip.45.86.230.149) | - | - | High
|
|
300 | [45.86.230.181](https://vuldb.com/?ip.45.86.230.181) | - | - | High
|
|
301 | [45.86.231.210](https://vuldb.com/?ip.45.86.231.210) | - | - | High
|
|
302 | [45.87.154.181](https://vuldb.com/?ip.45.87.154.181) | vm.solutions | - | High
|
|
303 | [45.88.221.211](https://vuldb.com/?ip.45.88.221.211) | - | - | High
|
|
304 | [45.89.98.138](https://vuldb.com/?ip.45.89.98.138) | ruiz.thegamersnet.com | - | High
|
|
305 | [45.89.107.120](https://vuldb.com/?ip.45.89.107.120) | d120.lifedigitz.com | - | High
|
|
306 | [45.92.162.84](https://vuldb.com/?ip.45.92.162.84) | butler.egnerarch.com | - | High
|
|
307 | [45.92.163.123](https://vuldb.com/?ip.45.92.163.123) | vars-long-kks.currishfine.com | - | High
|
|
308 | [45.92.163.233](https://vuldb.com/?ip.45.92.163.233) | landing-messy.samewaged.com | - | High
|
|
309 | ... | ... | ... | ...
|
|
|
|
There are 1231 more IOC items available. Please use our online service to access the data.
|
|
|
|
## TTP - Tactics, Techniques, Procedures
|
|
|
|
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _IcedID_. This data is unique as it uses our predictive model for actor profiling.
|
|
|
|
ID | Technique | Weakness | Description | Confidence
|
|
-- | --------- | -------- | ----------- | ----------
|
|
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
|
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
|
3 | T1055 | CWE-74 | Injection | High
|
|
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
|
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
|
6 | ... | ... | ... | ...
|
|
|
|
There are 22 more TTP items available. Please use our online service to access the data.
|
|
|
|
## IOA - Indicator of Attack
|
|
|
|
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by IcedID. This data is unique as it uses our predictive model for actor profiling.
|
|
|
|
ID | Type | Indicator | Confidence
|
|
-- | ---- | --------- | ----------
|
|
1 | File | `//proc/kcore` | Medium
|
|
2 | File | `/admin.php/Admin/adminadd.html` | High
|
|
3 | File | `/Admin/add-student.php` | High
|
|
4 | File | `/admin/addemployee.php` | High
|
|
5 | File | `/admin/maintenance/view_designation.php` | High
|
|
6 | File | `/admin/settings/save.php` | High
|
|
7 | File | `/admin/userprofile.php` | High
|
|
8 | File | `/api/` | Low
|
|
9 | File | `/api/baskets/{name}` | High
|
|
10 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
|
11 | File | `/api/sys_username_passwd.cmd` | High
|
|
12 | File | `/apply.cgi` | Medium
|
|
13 | File | `/card_scan.php` | High
|
|
14 | File | `/cgi-bin/wlogin.cgi` | High
|
|
15 | File | `/College/admin/teacher.php` | High
|
|
16 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
|
17 | File | `/cwc/login` | Medium
|
|
18 | File | `/dcim/rack-roles/` | High
|
|
19 | File | `/debug/pprof` | Medium
|
|
20 | File | `/etc/quagga` | Medium
|
|
21 | File | `/forms/doLogin` | High
|
|
22 | File | `/forum/away.php` | High
|
|
23 | File | `/goform/addUserName` | High
|
|
24 | File | `/goform/aspForm` | High
|
|
25 | File | `/goform/delAd` | High
|
|
26 | File | `/goform/wifiSSIDset` | High
|
|
27 | File | `/gpac/src/bifs/unquantize.c` | High
|
|
28 | File | `/h/calendar` | Medium
|
|
29 | File | `/inc/topBarNav.php` | High
|
|
30 | File | `/index.asp` | Medium
|
|
31 | File | `/index.php` | Medium
|
|
32 | File | `/index.php?app=main&func=passport&action=login` | High
|
|
33 | File | `/jfinal_cms/system/role/list` | High
|
|
34 | File | `/kelas/data` | Medium
|
|
35 | File | `/management/api/rcx_management/global_config_query` | High
|
|
36 | File | `/members/view_member.php` | High
|
|
37 | File | `/mkshop/Men/profile.php` | High
|
|
38 | File | `/Moosikay/order.php` | High
|
|
39 | File | `/nova/bin/console` | High
|
|
40 | File | `/nova/bin/detnet` | High
|
|
41 | ... | ... | ...
|
|
|
|
There are 358 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
|
|
|
## References
|
|
|
|
The following list contains _external sources_ which discuss the actor and the associated activities:
|
|
|
|
* https://bazaar.abuse.ch/sample/38b742be48b426b5c89408092fb6ebdd93eefcb584b131abd9c7e3561641c3f1/
|
|
* https://blog.malwarebytes.com/threat-analysis/2019/12/new-version-of-icedid-trojan-uses-steganographic-payloads/
|
|
* https://blog.talosintelligence.com/2018/04/icedid-banking-trojan.html
|
|
* https://cert.gov.ua/article/39609
|
|
* https://gist.githubusercontent.com/myrtus0x0/0fb09259ac2b63e86200f844e1b90bb1/raw/dc6b5bafaa1ac0a50834a3d7ade19ff07eb6ddbd/IcedID_07_20_2021.txt
|
|
* https://gist.githubusercontent.com/myrtus0x0/4bb17522271df974a6285b42214c4622/raw/e6d13ab2a0e4d789a0d19d693e9f5fc4828da553/IcedID_07_02_2021.txt
|
|
* https://gist.githubusercontent.com/myrtus0x0/45231dd1cbb0c3673bce9a3995f19322/raw/b6d8ebfced321c338714b4e14d4271803d4fe098/IcedID_07_28_2021.txt
|
|
* https://gist.githubusercontent.com/myrtus0x0/e8b191faa086c9b05e3978c3836fca51/raw/4550a14e8f883b81a10cbedf29782f75f138c414/IcedID_06_07_2021.txt
|
|
* https://github.com/A-dd-Y/secops/blob/main/MalwareIOC/mwdb-icedid-c2.txt
|
|
* https://isc.sans.edu/diary/28974
|
|
* https://isc.sans.edu/diary/Google+ads+lead+to+fake+software+pages+pushing+IcedID+Bokbot/29344
|
|
* https://isc.sans.edu/forums/diary/Analysis+from+March+2021+Traffic+Analysis+Quiz/27232/
|
|
* https://isc.sans.edu/forums/diary/Emotet+infection+with+IcedID+banking+Trojan/24312/
|
|
* https://isc.sans.edu/forums/diary/Emotet+infections+and+followup+malware/24532/
|
|
* https://isc.sans.edu/forums/diary/Malspam+links+to+passwordprotected+Word+docs+that+push+IcedID+Bokbot/24428/
|
|
* https://isc.sans.edu/forums/diary/Malspam+with+links+to+Word+docs+pushes+IcedID+Bokbot/25640/
|
|
* https://isc.sans.edu/forums/diary/Malspam+with+passwordprotected+word+docs+still+pushing+IcedID+Bokbot+with+Trickbot/24708/
|
|
* https://isc.sans.edu/forums/diary/Microsoft+Word+document+with+malicious+macro+pushes+IcedID+Bokbot/26146/
|
|
* https://isc.sans.edu/forums/diary/One+Emotet+infection+leads+to+three+followup+malware+infections/24140/
|
|
* https://raw.githubusercontent.com/pan-unit42/tweets/master/2021-03-24-IOCs-for-IcedID-infection-with-Cobalt-Strike.txt
|
|
* https://raw.githubusercontent.com/pan-unit42/tweets/master/2022-08-29-IOCs-for-Monster-Libra-TA551-IcedID-with-Cobalt-Stike.txt
|
|
* https://research.checkpoint.com/2021/melting-ice-tracking-icedid-servers-with-a-few-simple-steps/
|
|
* https://sandnet.abuse.ch/report/5d9c2b17f30765462ff5e3eaa0931885/
|
|
* https://thedfirreport.com/2021/07/19/icedid-and-cobalt-strike-vs-antivirus/
|
|
* https://thedfirreport.com/2021/10/18/icedid-to-xinglocker-ransomware-in-24-hours/
|
|
* https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-nokoyawa-ransomware/
|
|
* https://threatfox.abuse.ch
|
|
* https://tria.ge/220106-tlm53abdc7
|
|
* https://tria.ge/220112-fqpb2abca2
|
|
* https://tria.ge/220222-31shrsfdg2
|
|
* https://tria.ge/220224-svsw8seebr
|
|
* https://twitter.com/1ZRR4H/status/1441951333347729409
|
|
* https://twitter.com/Kostastsale/status/1615733462388047872
|
|
* https://twitter.com/malware_traffic/status/1577779933895659520
|
|
* https://twitter.com/teamcymru_S2/status/1576997553169522689
|
|
* https://twitter.com/TheDFIRReport/status/1376496307888611333
|
|
* https://www.cyber45.com
|
|
* https://www.cybereason.com/blog/cybereason-vs.-quantum-locker-ransomware
|
|
* https://www.fortinet.com/blog/threat-research/icedid-malware-analysis-part-two.html
|
|
* https://www.malware-traffic-analysis.net/2019/05/01/index.html
|
|
* https://www.team-cymru.com/post/inside-the-icedid-backconnect-protocol-part-2
|
|
|
|
## Literature
|
|
|
|
The following _articles_ explain our unique predictive cyber threat intelligence:
|
|
|
|
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
|
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
|
|
|
## License
|
|
|
|
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|