IcedID

GPTKB entity

Statements (58)
Predicate Object
gptkbp:instanceOf malware
gptkbp:abilities data exfiltration
malware delivery
credential theft
lateral movement
man-in-the-browser attack
ransomware delivery
web injection
gptkbp:alsoKnownAs gptkb:BokBot
gptkbp:area gptkb:Asia
gptkb:Europe
gptkb:North_America
global
gptkbp:associatedWith gptkb:Conti_ransomware
gptkb:Emotet
gptkb:TA551_threat_group
gptkb:TrickBot
gptkbp:detects gptkb:security
gptkbp:discoveredBy 2017
https://www.w3.org/2000/01/rdf-schema#label IcedID
gptkbp:notable_campaign 2020 ransomware attacks
2021 phishing campaigns
gptkbp:platform gptkb:Windows
gptkbp:remedy network monitoring
patch management
endpoint detection and response
user awareness training
gptkbp:spreadTo malicious email attachments
malicious links
malvertising
gptkbp:status active
gptkbp:target individuals
businesses
financial institutions
gptkbp:threats high
gptkbp:uses phishing emails
PowerShell scripts
command and control servers
modular architecture
C2 infrastructure
DLL injection
VNC module
encrypted communication
exploit kits
info-stealer module
living-off-the-land binaries
loader module
malicious documents
malicious macros
malspam
process hollowing
proxy module
web injects
gptkbp:usesMalware malware
gptkbp:writtenBy gptkb:C++
C
gptkbp:bfsParent gptkb:Operation_Endgame
gptkbp:bfsLayer 5