top of page
Search
Writer's pictureStormsec

IcedID (Bokbot) with Dark VNC and Cobalt Strike

As early as April 2022, a long-running threat actor known as TA551 (designated by Proofpoint), Monster Libra (designated by Palo Alto Networks), or Shathak started distributing SVCReady malware. Since then, SANS have sometimes seen this same threat actor also push IcedID (Bokbot) malware.




TARGETED COUNTRY: Italy


MALWARE FAMILIES: Cobalt Strike, DarkVNC, IcedID


ATT&CK ID: T1547 - Boot or Logon Autostart Execution


Read More:

6 views

Comments


Commenting has been turned off.
bottom of page