# Telekom Security Malare Analysis Repository

**github.com/telekom-security/icedid_analysis**

telekom-security

This repository comprises scripts, signatures, and additional IOCs of our blog posts at the
[telekom.com blog as well as of our Twitter account.](https://www.telekom.com/en/blog)

[2021-05-17: Let’s set ice on fire: Hunting and detecting IcedID infections (IcedID)](https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240)
2021-07-14: LOCKDATA Auction – Another leak marketplace showing the recent shift
[of ransomware operators (CryLock)](https://github.com/telekom-security/malware_analysis/tree/main/crylock)
[2021-09-14: Flubot's Smishing Campaigns under the Microscope (Flubot/Teabot)](https://www.telekom.com/en/blog/group/article/flubot-under-the-microscope-636368)
2021-10-29: #YARA rule for hunting XOR encrypted #PlugX / #Korplug
[payloads(PlugX)](https://github.com/telekom-security/malware_analysis/tree/main/plugx)
[2022-01-14: #100DaysOfYara Detect Hacktools that modify RDP settings (Hacktools)](https://twitter.com/DTCERT/status/1481925582019571712?s=20)
2022-03-11: [SystemBC YARA rule and extractor (SystemBC)](https://twitter.com/DTCERT/status/1502214236268900354)
[2022-03-18: #100DaysOfYara Detect Vatet Loader in backedoored Rufus([Defray777])](https://twitter.com/DTCERT/status/1504778715913408512)
[(https://github.com/telekom-security/malware_analysis/tree/main/defray777)](https://github.com/telekom-security/malware_analysis/tree/main/defray777)


-----