IOC Radar
TLP:WHITE8 IOCs

Latrodectus [IceNova] – Technical Analysis of the… New IcedID… Its Continuation… Or its Replacement?

0M
0x0d4y Malware Research
Published April 30, 2024Original Report

Threat Actors

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYContiPlayREvilINFRASTRUCTUREwireoneinternet.infohttps://skinnyjeanso.…https://titnovacrion.…CAPABILITYContiIcedIDMETA StealerVICTIMunknown
Adversary(3)
Infrastructure(3)
Capability(6)
Victim

Attack Flow9 steps · MITRE ATT&CK mapped

Initial AccessTA0001·T1566
1/9
Phishing
ActionDeliver JavaScript downloader
The infection chain begins with a JavaScript downloader, which is often delivered via phishing emails or malicious links.

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise8

TypeIndicatorConfidenceScoreFirst Seen
MD5277c879bba623c8829090015437e002b
file-hashintel-blogloader
Medium
53
Jun 2, 26
SHA25665da6d9f781ff5fc2865b8850cfa64993b36f00151387fdce25859781c1eb711
file-hashintel-blogloader
Medium
53
Jun 2, 26
Domainwireoneinternet.info
intel-blogmalwarenetwork
High
58
Jun 2, 26
MD54508703ec934ed04519afe04f93ff532
exploitfile-hashintel-blog
Medium
53
Jun 2, 26
URLhttps://skinnyjeanso.com/live/
botnetintel-blogmalware
High
86
Jun 2, 26
SHA256fad25892e5179a346cdbdbba1e40f53bd6366806d32b57fa4d7946ebe9ae8621
file-hashintel-blogmalware
Medium
53
Jun 2, 26
URLhttps://titnovacrion.top/live/
botnetintel-blogmalware
High
86
Jun 2, 26
SHA256b9dbe9649c761b0eee38419ac39dcd7e90486ee34cd0eb56adde6b2f645f2960
file-hashintel-blogloader
Medium
53
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph8 total IOCs
MD5SHA256DomainURL
SHA2563MD52URL2Domain1Actors3Malware5REPORTLatrodectus [IceNova] – TeContiPlayREvilContiIcedIDMETA StealerPlayREvil
scroll to zoom · drag to pan · click IOC to open