Alias Description | Votes |
---|---|
QakBot is a possible alias for IcedID. Qakbot is a potent piece of malware, or malicious software, that infiltrates computer systems through suspicious downloads, emails, or websites. Once installed, it can steal personal information, disrupt operations, or even hold data hostage for ransom. This malware, built by various groups includin | 9 |
Emotet is a possible alias for IcedID. Emotet is a notorious malware, short for malicious software, that is designed to exploit and damage computers or devices. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user, with the potential to steal personal information, disrupt operations, | 8 |
TrickBot is a possible alias for IcedID. TrickBot is a notorious malware developed by cybercriminals to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. This malicious software can steal personal information, disrupt operations, or even hold data hostage for ransom. Vladimir Dunaev, | 8 |
Bokbot is a possible alias for IcedID. BokBot, also known as IcedID or Anubis, is a type of malware first discovered by X-Force in September 2017. It's a banking trojan that has been widely used in cybercrime operations to steal sensitive information such as banking credentials from infected computers. The malware infects systems through | 7 |
Pikabot is a possible alias for IcedID. Pikabot is a type of malware that serves as a trojan, providing initial access to infected computers. This enables the execution of ransomware deployments, remote takeovers, and data theft. It is part of a wider array of malicious software, including IcedID, Qakbot, Gozi, DarkGate, AsyncRAT, JinxLoa | 4 |
Anubis is a possible alias for IcedID. Anubis, also known as IcedID or Bokbot, is a sophisticated piece of malware primarily functioning as a banking trojan. It was first discovered by X-Force in September 2017 and has since evolved to target a wide range of financial applications. Notably, Anubis has consistently ranked among the top fi | 4 |
Latrodectus is a possible alias for IcedID. Latrodectus is a malicious software (malware) first discovered in late 2023, which has been gaining momentum among threat actors. Named after a string of code found during analysis, the malware is not a variant of IcedID but shares similar characteristics. This led researchers to conclude that both | 4 |
Gozi is a possible alias for IcedID. Gozi is a notorious malware that has been linked to numerous cyber attacks. It's typically delivered through sophisticated malvertising techniques, often used in conjunction with other initial access malware such as Pikabot botnet agent and IcedID information stealer. When an individual accesses a c | 3 |
Bazarloader is a possible alias for IcedID. BazarLoader is a type of malware developed by the TrickBot group, primarily used to gain initial access to a victim's infrastructure in ransomware attacks. This malware has been associated with various threat groups, including ITG23, which has used BazarLoader alongside other malware like Trickbot a | 3 |
Nokoyawa is a possible alias for IcedID. Nokoyawa is a prominent malware, specifically ransomware, that has been linked to numerous cybercrime activities since it first emerged in 2022. It has been associated with various other malware families including Quantum, Royal, BlackBasta, and a variety of others such as Emotet, IcedID, CobaltStri | 2 |
Smokeloader is a possible alias for IcedID. SmokeLoader is a malicious software (malware) used by threat actors to infect systems and exfiltrate data. It operates in conjunction with other open-source tools like Cobalt Strike and Bloodhound, but most notably with Phobos ransomware. Threat actors often use SmokeLoader as a hidden payload in sp | 2 |
Ta544 is a possible alias for IcedID. TA544 is a financially motivated, advanced persistent threat (APT) actor that has been tracked by cybersecurity firm Proofpoint and others since at least 2017. This malicious actor typically uses Ursnif malware to target organizations, predominantly in Italy and Japan. The Ursnif banking trojan, als | 2 |
Cobaltstrike is a possible alias for IcedID. CobaltStrike is a type of malware, or malicious software, that infiltrates systems to exploit and damage them. It can gain access via suspicious downloads, emails, or websites and then steal personal information, disrupt operations, or hold data for ransom. CobaltStrike has been observed in conjunct | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Bumblebee Malware is associated with IcedID. Bumblebee is a type of malware that has been linked to ITG23, a cyber threat group. Over the past year, it has been used in conjunction with other initial access malwares such as Emotet, IcedID, Qakbot, and Gozi during ITG23 attacks. The same values for self-signed certificates seen in Bumblebee hav | Unspecified | 7 |
The Dridex Malware is associated with IcedID. Dridex is a notorious malware, specifically a banking Trojan, designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. This malicious software was primarily used by the Russian cybercriminal group, Evil Corp, founded in 2014. The group ta | Unspecified | 4 |
The Qbot Malware is associated with IcedID. Qbot, also known as Qakbot or Pinkslipbot, is a modular information stealer malware that first emerged in 2007 as a banking trojan. Its evolution has seen it become an advanced strain of malware used by multiple cybercriminal groups to prepare compromised networks for ransomware infestations. The fi | Unspecified | 4 |
The Zeus Malware is associated with IcedID. Zeus is a notorious malware, short for malicious software, designed to exploit and damage computer systems. It is often spread through suspicious downloads, emails, or websites and can infiltrate systems without the user's knowledge. Once inside, it can steal personal information, disrupt operations | is related to | 4 |
The Conti Malware is associated with IcedID. Conti is a notorious type of malware, specifically ransomware, that infiltrates computer systems to steal data and disrupt operations. The malicious software often spreads through suspicious downloads, emails, or websites, and once inside, it can hold data hostage for ransom. The Conti ransomware op | Unspecified | 3 |
The Darkgate Malware is associated with IcedID. DarkGate is a multifunctional malware that poses significant threats to computer systems and networks. It has been associated with various malicious activities such as information theft, credential stealing, cryptocurrency theft, and ransomware delivery. DarkGate infiltrates systems through suspicio | Unspecified | 3 |
The Bazaloader Malware is associated with IcedID. BazaLoader is a type of malware, malicious software designed to exploit and damage computers or devices. It was typically distributed through email campaigns by threat actors such as TA578, who also used it to deliver other types of malware including Ursnif and IcedID. BazaLoader was last observed i | Unspecified | 3 |
The malware Emotet, Trickbot is associated with IcedID. | Unspecified | 3 |
The Royal Ransomware Malware is associated with IcedID. The Royal Ransomware, a harmful malware program designed to exploit and damage computer systems, operated from September 2022 through June 2023. It employed multi-threaded encryption to disrupt operations and hold data hostage for ransom. The ransomware was primarily disseminated through suspicious | Unspecified | 2 |
The Systembc Malware is associated with IcedID. SystemBC is a type of malware that has been heavily utilized in various cyber attacks, including those involving the BlackBasta ransomware group in 2023. The Play ransomware actors have also been known to use SystemBC alongside other command and control (C2) applications such as Cobalt Strike and to | Unspecified | 2 |
The Dave Loader Malware is associated with IcedID. Dave Loader, also known as Domino Backdoor, is a potent malware that has been utilized in various cybercrime operations. This malicious software is designed to infiltrate computer systems and compromise user data, often without the victim's knowledge. It can be delivered through dubious downloads, e | Unspecified | 2 |
The SVCReady Malware is associated with IcedID. SVCReady is a relatively new malware family first observed in malicious spam campaigns at the end of April 2022. This harmful software, designed to exploit and damage computers or devices, was initially unknown but has since been identified through IDS rules published by Proofpoint. The malware infe | Unspecified | 2 |
The Netsupport Malware is associated with IcedID. NetSupport is a legitimate remote access software that has been exploited as a malware tool by various threat actors. It's often used in combination with other malicious software like BlackBasta Ransomware, IcedID, and occasionally Lumma Stealer, the most common infostealer in the world today. The m | Unspecified | 2 |
The Redline Stealer Malware is associated with IcedID. RedLine Stealer is a malicious software (malware) that was first identified in a packet capture (pcap) infection from July 2023. This malware, sold as a service on Telegram and online hacker forums, targets browsers to collect various data saved by the user, such as credentials and payment card deta | Unspecified | 2 |
The Netsupport Manager Malware is associated with IcedID. NetSupport Manager is a malicious software (malware) that poses significant threats to computer systems and networks. It is often disguised as legitimate software or tools, such as the 7-zip compression utility or a fake Chrome browser update, to trick users into downloading and installing it. Once | Unspecified | 2 |
The Xworm Malware is associated with IcedID. XWorm is a sophisticated piece of malware designed to infiltrate and exploit computer systems, often without the user's knowledge. It can be delivered through various means such as suspicious downloads, emails, or websites, and once inside a system, it can steal personal information, disrupt operati | Unspecified | 2 |
The Batloader Malware is associated with IcedID. Batloader is a malware downloader posing as installers or updates for legitimate applications such as Microsoft Teams, Zoom, and others. This malicious software can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal | Unspecified | 2 |
The Ursnif Malware is associated with IcedID. Ursnif, also known as Gozi or ISFB, is a type of malware that has been distributed by threat actor group TA551. This harmful software can infiltrate systems via suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or even hold data for ra | Unspecified | 2 |
The Truebot Malware is associated with IcedID. Truebot is a malicious software (malware) utilized by the CL0P actors, designed to exploit and damage computer systems. This malware can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Truebot serves multiple purposes: it can dow | Unspecified | 2 |
The Raspberry Robin Malware is associated with IcedID. Raspberry Robin is a sophisticated piece of malware that uses a variety of tactics to infiltrate and exploit computer systems. It employs the CPUID instruction to conduct several checks, enabling it to assess the system's characteristics and vulnerabilities. Furthermore, Raspberry Robin has been obs | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The TA551 Threat Actor is associated with IcedID. TA551, also known as Hive0106, Shathak, and UNC2420, is a financially motivated threat group that has been active in the cybercrime landscape. This threat actor has been linked to various malware distribution activities, including those involving QakBot, IcedID, Emotet, Bumblebee, Gozi, and other ma | Unspecified | 3 |
The Shadowsyndicate Threat Actor is associated with IcedID. ShadowSyndicate, a threat actor that emerged in 2019, has been implicated in multiple ransomware operations according to cybersecurity firm Group-IB. The group is known for its affiliations with various ransomware groups and programs, and has been involved in several ransomware projects such as JSWO | Unspecified | 2 |
The TA577 Threat Actor is associated with IcedID. TA577 is a threat actor, or malicious entity, known for its extensive use of QBot, a banking Trojan. In November 2023, Proofpoint's Threat Research Team identified TA577 as an initial access broker that began using Latrodectus, a new malware, in three separate intrusion campaigns. The group typicall | Unspecified | 2 |
The Ta542 Threat Actor is associated with IcedID. TA542, also known as Mealybug or Mummy Spider, is a notable threat actor in the cybersecurity landscape that operates the Emotet malware family. Active since 2014, this group has evolved the initial banking Trojan into a sophisticated and profitable malware delivery vehicle. The group's operations a | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The vulnerability CVE-2022-41073 is associated with IcedID. | Unspecified | 2 |
Preview | Source Link | CreatedAt | Title |
---|---|---|---|
Securityaffairs | 9 days ago | ||
Unit42 | a month ago | ||
Securityaffairs | 3 months ago | ||
Securityaffairs | 3 months ago | ||
Securityaffairs | 3 months ago | ||
Securityaffairs | 3 months ago | ||
Securityaffairs | 4 months ago | ||
Securityaffairs | 4 months ago | ||
Securityaffairs | 4 months ago | ||
Pulsedive | 5 months ago | ||
Krebs on Security | 5 months ago | ||
BankInfoSecurity | 5 months ago | ||
Securityaffairs | 5 months ago | ||
Securelist | 6 months ago | ||
InfoSecurity-magazine | 7 months ago | ||
BankInfoSecurity | 7 months ago | ||
DARKReading | 7 months ago | ||
Securityaffairs | 7 months ago | ||
DARKReading | 7 months ago | ||
CERT-EU | 8 months ago |