IcedID (Bokbot) Trojan IOCs - Part 14

IcedID - это банковский троян, который позволяет злоумышленникам использовать его для кражи банковских реквизитов жертв. IcedID aka BokBot в основном нацелен на бизнес и крадет платежную информацию, он также действует как загрузчик и может доставлять другие вирусы или загружать дополнительные модули.

Indicators of Compromise

Domains

• alcatrazsecurity.co.za
• bellazami.com
• bologna.epu.edu.iq
• casababadenopal.com
• chasehomes.ae
• corporacioncatverde.org
• fontswiki.com
• hanbro.in
• hypermeals.in
• ironreward.com
• kntelecom.pro.br
• lahigram.ir
• nopaltepec.gob.mx
• ourbimi.com.mx
• productupdate.net
• softgro.com
• synagoguecityministries.org
• tast-sv.com

URLs

• http://193.168.141.169/EAgTzBF/mesoc
• http://198.98.61.173/Ftn/arcua
• http://89.147.111.46/gWUA/Enven
• http://89.147.111.46/gWUA/hyper
• http://aptekoagraliy.com/
• https://alcatrazsecurity.co.za/onte/?86550431
• https://bellazami.com/ugae//?ltlr=1697484862
• https://bellazami.com/ugae/?91270431
• https://bologna.epu.edu.iq/dn//?1bAp=1697475810
• https://bologna.epu.edu.iq/dn/?EHCEVSMzlJLfeIKyLSMuFUOlajNhYjpbtCHyfAghHRIBjiDUBvUzCBwHEcer
• https://casababadenopal.com/aot//?uh=1697475793
• https://casababadenopal.com/aot/?hEtquyqHMtHcytmagomjxYzXrzkujAUaTvLHbLYWHuHxJkcEtoDPEtgpwFqZtMmuJ
• https://chasehomes.ae/ier//?jQp=1697475774
• https://chasehomes.ae/ier/?EDxReCGwsezMOBzauE
• https://corporacioncatverde.org/mtt//?SrnQpSD=1697484856
• https://corporacioncatverde.org/mtt/?84370431
• https://fontswiki.com/ubu//?DrYtq3=1697484857
• https://fontswiki.com/ubu/?31680431
• https://hanbro.in/cu/?18650431
• https://hypermeals.in/tr/?65550431
• https://ironreward.com/ri//?SrglytJQZ=1697484857
• https://ironreward.com/ri/?99370431
• https://kntelecom.pro.br/mao//?LVD=1697484858
• https://kntelecom.pro.br/mao/?58170431
• https://lahigram.ir/eu//?ZodUKVT0w7Z=1697484857
• https://lahigram.ir/eu/?15550431
• https://nopaltepec.gob.mx/ipit//?n65c=1697475775
• https://nopaltepec.gob.mx/ipit/?XiRHKPHksekZcxqOMgqgqAwTvkJNKwZMIXMCUynQxaAehhgPeBciGxuDo
• https://ourbimi.com.mx/aaev//?Is=1697484856
• https://ourbimi.com.mx/aaev/?42370431
• https://productupdate.net/aman//?3rQ=1697475774
• https://productupdate.net/aman/?qypGjYcZAbovGiaEBcaLUCyRTcPAXEAJhXUljkKlWPRypWVBxmmAMaZyYIlGtTlYXZvUljJvGFXdQpCuzRz
• https://softgro.com/aumd/?51850431
• https://softgro.com/aumd/?54550431
• https://synagoguecityministries.org/uis//?vwufAQIeC1xR=1697484858
• https://synagoguecityministries.org/uis/?82750431
• https://tast-sv.com/ag//?Pc6pJeFp7ME=1697475774
• https://tast-sv.com/ag/?kIYJOHlOQxbFiIKvloEyEDnsMBnafa
• https://videfi.org/rmon/?vfUqXHduAVwnbKLIvTlaCazWkPZqrI

Emails

• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]

MD5

• 01098d2c914301edc5bc01f09f72d3df
• 0769259835884a10871f2d5ccaa7385f
• 08a1033196e25823df6c17ece99cc613
• 0c9c65fdf470f80cdb3646bb9c90763e
• 0db586d3961d58cf37969a3b5f141004
• 16324d72dfca5a026232e3caec8d99ef
• 238e5f91d2dae220e732b678efb05c5c
• 26674ede90a832074a9127df55b222dd
• 2cb403372743f2d6fe43e062701b3b27
• 2d89d348fe0d9a7c437c8352289c0324
• 37d65c28b3b3a361c285ff720515de9a
• 386b8a75b187c08bc6813dd0ac626d03
• 44945569cc45b78dc9c5ee5db36de636
• 482665ec0d8973a7588f8708ea5c533d
• 487ad5736c173c8fb03b2eeb037c2a98
• 512ce07aed08040beccc0660e272b31f
• 5590d80e55e894180d29efdbe53f436c
• 5f1ba235641b3ee614d24cc8ce3db6ea
• 6a11c9f6a63b74ff694ab3a042e8d944
• 6b152dea619035cbb0b1068ac8390fe0
• 7548a9fd1686a34cbef59839e2c743b4
• 876d6aae62c31ff556739e44e5db2335
• 8c56b9d8408f934affef69118573f877
• 955e98650a404e7ae835eb85b32e81a5
• 969f2ec5a3ca7e88e6084e169308e1fb
• 96adf374da293a9113976f4a29f9a15a
• 9935a6efbb7b81c5a2e9a361adba10bf
• bb25fd038c5f75c0d3f69237643a9619
• bda6c79a458c486a82f55e620653019e
• c6cb45077fe20e3a8f5f5cf32023a10d
• cdf9a66c5d54f042211b27e406d72ae0
• d081f662450b8b09c055cfe9ad1365c9
• d0a9c76dcd96c9c6194ea183e5d25f9e
• d1094d2dfc4ad224908ef892c275bf0c
• dac5d6d4b22dd9909ac8b4859563653d
• e18c84f27f49bf07afdf7dd490b3ce93
• f33006f8b07590baaabd9c77f4a06d1d