Description
[IcedID](https://attack.mitre.org/software/S0483) is a modular banking malware designed to steal financial information that has been observed in the wild since at least 2017. [IcedID](https://attack.mitre.org/software/S0483) has been downloaded by [Emotet](https://attack.mitre.org/software/S0367) in multiple campaigns.(Citation: IBM IcedID November 2017)(Citation: Juniper IcedID June 2020)
External References
Techniques Used by This Malware
- T1016 — System Network Configuration Discovery
- T1027.002 — Software Packing
- T1027.003 — Steganography
- T1027.009 — Embedded Payloads
- T1027.013 — Encrypted/Encoded File
- T1036.005 — Match Legitimate Resource Name or Location
- T1047 — Windows Management Instrumentation
- T1048.002 — Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
- T1053.005 — Scheduled Task
- T1055.004 — Asynchronous Procedure Call
- T1055.012 — Process Hollowing
- T1059.005 — Visual Basic
- T1069 — Permission Groups Discovery
- T1071.001 — Web Protocols
- T1082 — System Information Discovery
- T1087.002 — Domain Account
- T1105 — Ingress Tool Transfer
- T1106 — Native API
- T1135 — Network Share Discovery
- T1185 — Browser Session Hijacking
- T1189 — Drive-by Compromise
- T1204.002 — Malicious File
- T1218.007 — Msiexec
- T1218.011 — Rundll32
- T1482 — Domain Trust Discovery
- T1497 — Virtualization/Sandbox Evasion
- T1518.001 — Security Software Discovery
- T1547.001 — Registry Run Keys / Startup Folder
- T1566.001 — Spearphishing Attachment
- T1573.002 — Asymmetric Cryptography
- T1614.001 — System Language Discovery