Home

White Paper

ICEAPPLE: A NOVEL INTERNET INFORMATION SERVICES (IIS) POST-EXPLOITATION FRAMEWORK

ICEAPPLE: A NOVEL INTERNET INFORMATION SERVICES (IIS) POST-EXPLOITATION FRAMEWORK

Crowdstrike
Pages 22 Pages

CrowdStrike’s white paper introduces IceApple, a sophisticated post-exploitation framework targeting Microsoft IIS servers. Discovered by the Falcon OverWatch™ team in late 2021, IceApple operates entirely in memory to evade detection and is believed to support state-sponsored intelligence collection, likely China-linked. With at least 18 identified modules, the framework is actively evolving. The paper details IceApple’s capabilities, its use in real-world intrusions, and offers mitigation strategies. CrowdStrike Falcon detects known modules, and OverWatch continues to hunt for new variants.

Join for free to read

You Might Also Like


Internet of Things - Services and Solutions 2021
Report Internet of Things - Services and Solutions 2021
Information Services Group

IIS File Processing
Case Study IIS File Processing
Variance Infotech

Strategic Cybersecurity Talent Framework
White Paper Strategic Cybersecurity Talent Framework
World Economic Forum

Raytheon Intelligence and Information Systems (IIS)
Case Study Raytheon Intelligence and Information Systems (IIS)
Deltek

More from Crowdstrike


Healthcare Cybersecurity in 2025: Staying Ahead of Emerging Threats
White Paper Healthcare Cybersecurity in 2025: Staying Ahead of Emerging…
Crowdstrike

NIS2 Compliance Package: Helping Businesses Comply with the Network and Information Systems (NIS2) Directive
White Paper NIS2 Compliance Package: Helping Businesses Comply with the…
Crowdstrike

Exposing the Open, Deep, and Dark Web and Beyond
White Paper Exposing the Open, Deep, and Dark Web and Beyond
Crowdstrike

Falcon Launch Services
Ebook Falcon Launch Services
Crowdstrike
© 2025 Contentree.  All Rights Reserved   |   Privacy and Cookies   |   Legal   |   Do not sell my info