IceApple
MITRE
Malware Type:
Other
Other
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[IceApple](https://attack.mitre.org/software/S1022) is a modular Internet Information Services (IIS) post-exploitation framework, that has been used since at least 2021 against the technology, academic, and government sectors.(Citation: CrowdStrike IceApple May 2022)
Associated Techniques (19)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1003.002 | Security Account Manager | - |
| T1003.004 | LSA Secrets | - |
| T1005 | Data from Local System | - |
| T1016 | System Network Configuration Discovery | - |
| T1027.010 | Command Obfuscation | - |
| T1036.005 | Match Legitimate Resource Name or Location | - |
| T1041 | Exfiltration Over C2 Channel | - |
| T1056.003 | Web Portal Capture | - |
| T1070.004 | File Deletion | - |
| T1071.001 | Web Protocols | - |
| T1082 | System Information Discovery | - |
| T1083 | File and Directory Discovery | - |
| T1087.002 | Domain Account | - |
| T1140 | Deobfuscate/Decode Files or Information | - |
| T1505.004 | IIS Components | - |
Metadata
| ID: | 604 |
| Created: | 13/01/2026 17:48 |
| Updated: | 21/04/2026 04:00 |