From IcedID to Dagon Locker Ransomware in 29 Days
May 1, 2024, 11:05 p.m.
Tags
External References
Description
This intrusion started in August 2023 with a phishing campaign that distributed IcedID malware. The phishing operation utilized the Prometheus Traffic Direction System (TDS) to deliver the malware and victims were directed to a fraudulent website, mimicking an Azure download portal.
Date
Published: April 29, 2024, 5:23 p.m.
Created: April 29, 2024, 5:23 p.m.
Modified: May 1, 2024, 11:05 p.m.
Indicators
f6e5dbff14ef272ce07743887a16decbee2607f512ff2a9045415c8e0c05dbb4
a0191a300263167506b9b5d99575c4049a778d1a8ded71dcb8072e87f5f0bbcf
9da84133ed36960523e3c332189eca71ca42d847e2e79b78d182da8da4546830
839cf7905dc3337bebe7f8ba127961e6cd40c52ec3a1e09084c9c1ccd202418e
65edf9bc2c15ef125ff58ac597125b040c487640860d84eea93b9ef6b5bb8ca6
332afc80371187881ef9a6f80e5c244b44af746b20342b8722f7b56b61604953
87.251.67.168
51.89.133.3
45.15.161.97
194.58.68.187
159.89.124.188
151.236.9.176
151.236.9.166
159.223.95.82
143.110.245.38
23.159.160.88
http://87.251.67.168:443
http://194.58.68.187:443
http://159.89.124.188:443
http://159.223.95.82:443
http://151.236.9.176:443
http://151.236.9.166:443
http://143.110.245.38:443
winupdate.us.to
ultrascihictur.com
rpgmagglader.com
restohalto.site
patricammote.com
oopscokir.com
moashraya.com
magiraptoy.com
fraktomaam.com
ewacootili.com
Attack Patterns
IcedID
Cobalt Strike
T1069
T1039
T1135
T1490
T1482
T1124
T1136
T1567
T1614
T1552
T1087
T1021
T1573
T1489
T1486
T1218
T1082
T1105
T1083
T1071
T1047
T1055
T1020
T1219
T1134
T1204
T1033
T1027
T1560
T1053
T1562
T1003
T1059