← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID — Elastic Security Labs
WHITE AustinBH 2024-05-20 Modified: 2024-05-20
15
IOCs
MEDIUM VOLUME
latrodectusicedidbelowc2 serverwindowsicedid payloadwindows serverelastic defendwalmartpikaboterrordownloadexecutionpythonwebdav
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (15)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL YARA domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 da8ae8e1de522b20a462239c6893613e MD5 of aee22a35cbdac3f16c3ed742c0b1bfe9739a13469cf43b36fb2c63565111028c 2024-05-20
FileHash-SHA1 7f65ef885815d81d220f9f42877ff0d696b0134c SHA1 of aee22a35cbdac3f16c3ed742c0b1bfe9739a13469cf43b36fb2c63565111028c 2024-05-20
FileHash-SHA256 aee22a35cbdac3f16c3ed742c0b1bfe9739a13469cf43b36fb2c63565111028c 2024-05-20
URL http://www.meow123.com/dll 2024-05-20
URL http://www.meow123.com/test 2024-05-20
URL https://aytobusesre.com/live/ 2024-05-20
YARA da45560d3d24464831b5f84de7e1fbb4d52b5c46 2024-05-20
domain aytobusesre.com 2024-05-20
domain gyxplonto.com 2024-05-20
domain host.name 2024-05-20
domain neaachar.com 2024-05-20
domain process.name 2024-05-20
domain scifimond.com 2024-05-20
hostname logs-endpoint.events.network 2024-05-20
hostname www.meow123.com 2024-05-20
References (1)
↗ https://www.elastic.co/security-labs/spring-cleaning-with-latrodectus