Colin CowieFake Microsoft Teams website used to download IcedID malware
πβ mlcrosofteams[.]top
β¬οΈβ Downloads .zip containing .msi
#IcedID C2: whothitheka[.]com
This is likely being distributed by #malvertising but I wasn't able to capture the advertisement
193.222.62[.]37 is also hosting fake IRS & Royal mail websites
π¦β irs-forms[.]top
π¦β royalmail.orders-info[.]uk
πhttps://www.virustotal.com/gui/file/8ed2026fd98d54f9ad85d721223b60bd8b6c1362faeb4c24492d2bb63a7c357b/details
πhttps://urlscan.io/result/a0e5de3e-75ea-46f4-8340-0ab09c440850/
πhttps://urlscan.io/ip/193.222.62.37
π²ππππ πΆππππ’