← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID — Elastic Security Labs
WHITE bluenumberone 2024-05-20 Modified: 2024-06-19
30
IOCs
MEDIUM VOLUME
latrodectusicedidbelowc2 serverwindowsicedid payloadwindows serverelastic defendwalmartpikaboterrordownloadexecutionpythonwebdav
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (30)
All CIDR FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL YARA domain hostname
TYPEINDICATORDESCRIPTIONCREATED
CIDR 100.64.0.0/10 2024-05-20
CIDR 127.0.0.0/8 2024-05-20
CIDR 169.254.0.0/16 2024-05-20
CIDR 192.0.0.0/24 2024-05-20
CIDR 192.0.0.0/29 2024-05-20
CIDR 192.0.2.0/24 2024-05-20
CIDR 192.175.48.0/24 2024-05-20
CIDR 192.31.196.0/24 2024-05-20
CIDR 192.52.193.0/24 2024-05-20
CIDR 192.88.99.0/24 2024-05-20
CIDR 198.18.0.0/15 2024-05-20
CIDR 198.51.100.0/24 2024-05-20
CIDR 203.0.113.0/24 2024-05-20
CIDR 224.0.0.0/4 2024-05-20
CIDR 240.0.0.0/4 2024-05-20
FileHash-MD5 da8ae8e1de522b20a462239c6893613e MD5 of aee22a35cbdac3f16c3ed742c0b1bfe9739a13469cf43b36fb2c63565111028c 2024-05-20
FileHash-SHA1 7f65ef885815d81d220f9f42877ff0d696b0134c SHA1 of aee22a35cbdac3f16c3ed742c0b1bfe9739a13469cf43b36fb2c63565111028c 2024-05-20
FileHash-SHA256 aee22a35cbdac3f16c3ed742c0b1bfe9739a13469cf43b36fb2c63565111028c 2024-05-20
URL http://www.meow123.com/dll 2024-05-20
URL http://www.meow123.com/test 2024-05-20
URL https://aytobusesre.com/live/ 2024-05-20
YARA da45560d3d24464831b5f84de7e1fbb4d52b5c46 2024-05-20
domain aytobusesre.com 2024-05-20
domain gyxplonto.com 2024-05-20
domain host.name 2024-05-20
domain neaachar.com 2024-05-20
domain process.name 2024-05-20
domain scifimond.com 2024-05-20
hostname logs-endpoint.events.network 2024-05-20
hostname www.meow123.com 2024-05-20
References (1)
↗ https://www.elastic.co/security-labs/spring-cleaning-with-latrodectus