SentinelOne vs IcedID – Detection and Remediation

Massive IcedID Campaign Aims For Stealth with Benign Macros. SentinelLabs has uncovered a recent IcedID campaign and analyzed nearly 500 artifacts associated with the attacks.
IcedID Office macro documents use multiple techniques in an attempt to bypass detection.
To further obfuscate the attack, data embedded in the document itself is used by the malicious macro. Analyzing only the macro provides an incomplete view of the attack.
The HTA dropper embedded in the document is obfuscated JavaScript, which executes in memory and utilizes additional techniques to evade AV/EDR.

#cybersecurity #security #malware #dataprotection #Linux #Docker #containersecurity
#ransomware #prometheus #cybersecurity #infosec #REvil #darkweb