CERT-UA, Ukraine’s Computer Emergency Response Team, has issued a warning about a new wave of social engineering attacks that exploit IcedID malware and Zimbra vulnerabilities to steal sensitive data. According to the CIA, the IcedID phishing assaults are tied to a threat cluster known as UAC-0041. The infection begins with a simple email attachment containing a Microsoft Excel document (олани pестp.xls or Mobilization Register.xls) that, when read, encourages users to enable macros, culminating in IcedID deployment. BokBot, also known as TrickBot, Emotet, and ZLoader, is a data-stealing virus that has progressed from its early days as a banking trojan to a full-fledged crimeware service that aids in the recovery of next-stage infections such as ransomware.
While we’re on the issue of IcedID Malware, BokBot OALabs created a video in 2018 in which he unpacks IcedID Malware. I recommend watching the OALabs video if you want to learn more about how this malware operates.