Unit 42 on X: "2023-02-13 (Monday) - Fake Microsoft Teams page on microsofteamsus[.]top pushing #IcedID (#Bokbot). Page established on Thursday, 2023-02-09, likely set up for the same type of #malvertising seen recently using Google Ads. IoCs available at https://t.co/3ZcdXVK5Rd https://t.co/jK1L542bQQ" / X

Post

2023-02-13 (Monday) - Fake Microsoft Teams page on microsofteamsus[.]top pushing #IcedID (#Bokbot). Page established on Thursday, 2023-02-09, likely set up for the same type of #malvertising seen recently using Google Ads. IoCs available at bit.ly/3IiKHPq

Fake Microsoft Teams page, including download notification

Domain registered and server established for fake Microsoft Teams page on Thursday 2023-02-09

Downloaded zip contains inflated exe to install IcedID malware

Wireshark pcap showing fake teams page, malware download and IcedID infection traffic

7:39 PM · Feb 13, 202322.5KViews