← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Cold as Ice: Answers to Unit 42 Wireshark Quiz for IcedID
WHITE CyberHunter_NL 2023-06-05 Modified: 2023-07-05
16
IOCs
MEDIUM VOLUME
This blog is part of the Unit 42 series of posts by Palo Alto Networks about malware, IcedID, which can lead to ransomware and other malware. and is based on the Windows operating system.
icedidcobalt strikefigureunitip addresstcp streampalo altohttps trafficwiresharkhttp getwireshark quizaprilwildfirealliancefebruarygozicoldbokbotvirustotalscrollcookiebumblebeeemotetqbotqakbotanubis
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Cobalt Strike IcedID
Indicators of Compromise (16)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 46353431423635424230383346354633 2023-06-05
FileHash-MD5 c8b98d467304de875b53d6132882c828 MD5 of fc96c893a462660e2342febab2ad125ce1ec9a90fdf7473040b3aeb814ba7901 2023-06-05
FileHash-SHA1 57da25c2a28ff74c13856cc5201f7f3e0fa70f8e SHA1 of fc96c893a462660e2342febab2ad125ce1ec9a90fdf7473040b3aeb814ba7901 2023-06-05
FileHash-SHA256 bd24b6344dcde0c84726e620818cb5795c472d9def04b259bf9bff1538e5a759 2023-06-05
FileHash-SHA256 fc96c893a462660e2342febab2ad125ce1ec9a90fdf7473040b3aeb814ba7901 2023-06-05
URL http://104.168.53.18:443 2023-06-05
URL http://192.153.57.223:80 2023-06-05
URL http://193.149.176.100:443 2023-06-05
URL http://217.199.121.56:443 2023-06-05
URL http://80.77.24.175/main.php 2023-06-05
URL http://80.77.25.175/main.php 2023-06-05
URL http://skigimeetroc.com/ 2023-06-05
domain askamoshopsi.com 2023-06-05
domain boogienights.live 2023-06-05
domain skansnekssky.com 2023-06-05
domain skigimeetroc.com 2023-06-05
References (1)
↗ https://unit42.paloaltonetworks.com/wireshark-quiz-icedid-answers/#post-128267-_v8176g40kstn