A new malware family, IcedID, is being pushed by TA551 (Shathak) via the RIG exploit kit.

This malware has been observed dropping a cryptocurrency miner and stealing browser data. It also appears to be using the same infrastructure as other recent campaigns from this actor. 
– The campaign was first identified on December 3rd when we saw an increase in detections for a new variant of the Rig Exploit Kit (EK). We quickly discovered that it was pushing a new payload: IcedID .  – This campaign uses some interesting techniques including domain shadowing and abusing Google Translate API to bypass security controls such as URL filtering and sandboxing solutions

Back to Main