ioc.exchange is one of the many independent Mastodon servers you can use to participate in the fediverse.
INDICATORS OF COMPROMISE (IOC) InfoSec Community within the Fediverse. Newbies, experts, gurus - Everyone is Welcome! Instance is supposed to be fast and secure.

Administered by:

Server stats:

1.4K
active users

#icedid

0 posts0 participants0 posts today
abuse.ch :verified:<p>We are proud to announce that we assisted the joint international law enforcement operation <a href="https://ioc.exchange/tags/OperationEndgame" class="mention hashtag" rel="tag">#<span>OperationEndgame</span></a>, targeting the notorious botnets <a href="https://ioc.exchange/tags/IcedID" class="mention hashtag" rel="tag">#<span>IcedID</span></a>, <a href="https://ioc.exchange/tags/Smokeloader" class="mention hashtag" rel="tag">#<span>Smokeloader</span></a>, <a href="https://ioc.exchange/tags/SystemBC" class="mention hashtag" rel="tag">#<span>SystemBC</span></a> and <a href="https://ioc.exchange/tags/Pikabot" class="mention hashtag" rel="tag">#<span>Pikabot</span></a> 🔥</p><p>abuse.ch has provided key infrastructure to LEA and internal partners to disrupt these botnet operations 🛑</p><p>More information on the operation is available here:<br />👉 <a href="https://operation-endgame.com/" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="">operation-endgame.com/</span><span class="invisible"></span></a></p>
Simon<p>Part 2 of my series into looking at icedid malware artefacts - <a href="https://blog.techevo.uk/analysis/binary/2024/01/01/carving-the-icedid-part-2.html" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">blog.techevo.uk/analysis/binar</span><span class="invisible">y/2024/01/01/carving-the-icedid-part-2.html</span></a></p><p><a href="https://ioc.exchange/tags/icedid" class="mention hashtag" rel="tag">#<span>icedid</span></a> <a href="https://ioc.exchange/tags/malware" class="mention hashtag" rel="tag">#<span>malware</span></a></p>
Just Another Blue Teamer<p><a href="https://ioc.exchange/tags/HappyMonday" class="mention hashtag" rel="tag">#<span>HappyMonday</span></a> everyone! The DFIR Report released another amazing report, this time they provide details of an incident that started with <a href="https://ioc.exchange/tags/IcedID" class="mention hashtag" rel="tag">#<span>IcedID</span></a> and ended with <a href="https://ioc.exchange/tags/Nokoyawa" class="mention hashtag" rel="tag">#<span>Nokoyawa</span></a> <a href="https://ioc.exchange/tags/ransomware" class="mention hashtag" rel="tag">#<span>ransomware</span></a>. Interesting enough, it was a malicious EXCEL doc this time that used utilized a VBA macro to download the payload. Enjoy and Happy Hunting!</p><p>IcedID Macro Ends in Nokoyawa Ransomware<br /><a href="https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-nokoyawa-ransomware/" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">thedfirreport.com/2023/05/22/i</span><span class="invisible">cedid-macro-ends-in-nokoyawa-ransomware/</span></a></p><p>Notable MITRE ATT&amp;CK TTPs:<br />The DFIR team did all the hard work on this one!</p><p><a href="https://ioc.exchange/tags/CyberSecurity" class="mention hashtag" rel="tag">#<span>CyberSecurity</span></a> <a href="https://ioc.exchange/tags/ITSecurity" class="mention hashtag" rel="tag">#<span>ITSecurity</span></a> <a href="https://ioc.exchange/tags/InfoSec" class="mention hashtag" rel="tag">#<span>InfoSec</span></a> <a href="https://ioc.exchange/tags/BlueTeam" class="mention hashtag" rel="tag">#<span>BlueTeam</span></a> <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="tag">#<span>ThreatIntel</span></a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="tag">#<span>ThreatHunting</span></a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="tag">#<span>ThreatDetection</span></a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="tag">#<span>HappyHunting</span></a></p>
Just Another Blue Teamer<p>Good morning and Happy Monday! We are going to kick this week off with my <a href="https://ioc.exchange/tags/readoftheday" class="mention hashtag" rel="tag">#<span>readoftheday</span></a> from The DFIR Report! They report on an incident that involved <a href="https://ioc.exchange/tags/IcedID" class="mention hashtag" rel="tag">#<span>IcedID</span></a> delivering a malicious email that contained an ISO image which ultimately led to domain wide ransomware. As usual this report is full of technical details and helpful information to fuel your hunting! Have a wonderful day and Happy Hunting!</p><p>Malicious ISO File Leads to Domain Wide Ransomware<br /><a href="https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">thedfirreport.com/2023/04/03/m</span><span class="invisible">alicious-iso-file-leads-to-domain-wide-ransomware/</span></a></p><p><a href="https://ioc.exchange/tags/CyberSecurity" class="mention hashtag" rel="tag">#<span>CyberSecurity</span></a> <a href="https://ioc.exchange/tags/ITSecurity" class="mention hashtag" rel="tag">#<span>ITSecurity</span></a> <a href="https://ioc.exchange/tags/InfoSec" class="mention hashtag" rel="tag">#<span>InfoSec</span></a> <a href="https://ioc.exchange/tags/BlueTeam" class="mention hashtag" rel="tag">#<span>BlueTeam</span></a> <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="tag">#<span>ThreatIntel</span></a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="tag">#<span>ThreatHunting</span></a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="tag">#<span>ThreatDetection</span></a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="tag">#<span>HappyHunting</span></a></p>
abuse.ch :verified:<p>A search for Microsoft Teams on Google currently leads to a rogue ad spreading <a href="https://ioc.exchange/tags/IcedID" class="mention hashtag" rel="tag">#<span>IcedID</span></a> 🔍👀</p><p>Payload domains:<br />🌐 teams-mss .online<br />🌐 mlcrosofteams-us .top</p><p>Payload hosted on Cloud Storage for Firebase:<br />👉 <a href="https://urlhaus.abuse.ch/url/2525469/" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="">urlhaus.abuse.ch/url/2525469/</span><span class="invisible"></span></a></p><p>Payload:<br />📄 <a href="https://bazaar.abuse.ch/sample/3a585be7037b0dd24dbc719e8a05d1a1502108bb6e0fea62d6b90980be75a7d9/" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">bazaar.abuse.ch/sample/3a585be</span><span class="invisible">7037b0dd24dbc719e8a05d1a1502108bb6e0fea62d6b90980be75a7d9/</span></a></p><p>IcedID C2:<br />🔥 restorahlith .com </p><p>Full list of IOCs:<br />📣 <a href="https://threatfox.abuse.ch/browse/tag/133894510/" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">threatfox.abuse.ch/browse/tag/</span><span class="invisible">133894510/</span></a></p>
TribalCyberSecurity<p>&quot;All You Need to Know About Emotet in 2022&quot;</p><p><a href="https://ioc.exchange/tags/Emotet" class="mention hashtag" rel="tag">#<span>Emotet</span></a> <a href="https://ioc.exchange/tags/malware" class="mention hashtag" rel="tag">#<span>malware</span></a> &gt; <a href="https://ioc.exchange/tags/XMRig" class="mention hashtag" rel="tag">#<span>XMRig</span></a> <a href="https://ioc.exchange/tags/CobaltStrike" class="mention hashtag" rel="tag">#<span>CobaltStrike</span></a> <a href="https://ioc.exchange/tags/IcedID" class="mention hashtag" rel="tag">#<span>IcedID</span></a> <a href="https://ioc.exchange/tags/exploitkit" class="mention hashtag" rel="tag">#<span>exploitkit</span></a> <a href="https://ioc.exchange/tags/trojan" class="mention hashtag" rel="tag">#<span>trojan</span></a><br /><a href="https://ioc.exchange/tags/cybersecurity" class="mention hashtag" rel="tag">#<span>cybersecurity</span></a> <a href="https://ioc.exchange/tags/infosec" class="mention hashtag" rel="tag">#<span>infosec</span></a> <a href="https://ioc.exchange/tags/TTP" class="mention hashtag" rel="tag">#<span>TTP</span></a> <a href="https://ioc.exchange/tags/IoC" class="mention hashtag" rel="tag">#<span>IoC</span></a></p><p><a href="https://thehackernews.com/2022/11/all-you-need-to-know-about-emotet-in.html" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2022/11/all-</span><span class="invisible">you-need-to-know-about-emotet-in.html</span></a></p>