Add files via upload

patch-1
pussycat0x 2023-06-14 00:53:02 +05:30 committed by GitHub
parent 8eeffc59ad
commit b1b6a31a9a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 26 additions and 0 deletions

26
ssl/c2/icedid.yaml Normal file
View File

@ -0,0 +1,26 @@
id: icedid
info:
name: IcedID Infrastructure - Detect
author: pussycat0x
severity: info
description: |
IcedID, also known as BokBot, is a modular banking trojan that targets user financial information and is capable of acting as a dropper for other malware. It uses a man-in-the-browser attack to steal financial information, including login credentials for online banking sessions. Once it successfully completes its initial attack, it uses the stolen information to take over banking accounts and automate fraudulent transactions. IcedID is primarily dropped as a secondary payload from other malware, most notably Emotet, in addition to its own malspam campaigns. IcedID uses multiple injection methods to evade antivirus and other malware detection methods, such as injecting itself into operating system (OS) memory and regular processes. The malware authors are known to update IcedID to increase persistence and evade new detection efforts.
metadata:
verified: "true"
censys-query: "CN=localhost, C=AU, ST=Some-State, O=Internet Widgits Pty Ltd"
tags: c2,ir,osint,malware,bokbot,trojan
ssl:
- address: "{{Host}}:{{Port}}"
matchers:
- type: word
part: subject_dn
words:
- "O=Internet Widgits Pty Ltd, ST=Some-State, C=AU, CN=localhost"
extractors:
- type: json
json:
- ".subject_dn"