Updated 2023-11-27-IOCs-for-TA577-pushing-IcedID-variant.txt

2023-11-27-IOCs-for-TA577-pushing-IcedID-variant.txt

@@ -1,5 +1,10 @@
 2023-11-27 (MONDAY): TA577 PUSHES ICEDID (BOKBOT) VARIANT
 
+REFERENCES:
+
+- https://www.linkedin.com/posts/unit42_ta577-icedid-bokbot-ugcPost-7135285478743822336-Hwga
+- https://twitter.com/Unit42_Intel/status/1729519857908015333
+
 INFECTION CHAIN OF EVENTS:
 
 - email --> link --> victim downloads, mounts & opens IMG --> victim double-clicks LNK to run hidden DLL -->
@@ -56,4 +61,4 @@ CERTIFICATE INFO FROM THE C2 SERVERS FOR HTTPS TRAFFIC:
 
 - mazdakrichest[.]com - Let's Encrypt certificate, valid since: 2023-10-09 05:56:27 UTC
 - mraskopal[.]link -  Google Trust Services LLC certificate, valid since: 2023-10-12 07:25:11 UTC
-- missisanjoup[.]shop - Let's Encrypt certificate, valid since: 2023-10-16 08:02:44 UTC
+- missisanjoup[.]shop - Let's Encrypt certificate, valid since: 2023-10-16 08:02:44 UTC