top of page
Search

IcedID (Bokbot) with Dark VNC and Cobalt Strike

As early as April 2022, a long-running threat actor known as TA551 (designated by Proofpoint), Monster Libra (designated by Palo Alto Networks), or Shathak started distributing SVCReady malware. Since then, SANS have sometimes seen this same threat actor also push IcedID (Bokbot) malware.




TARGETED COUNTRY: Italy


MALWARE FAMILIES: Cobalt Strike, DarkVNC, IcedID


ATT&CK ID: T1547 - Boot or Logon Autostart Execution


Read More:

0 views
bottom of page