SANS has analyzed an IcedID (Bokbot) infection based on Monster Libra (also known as TA551 or Shathak).
REFERENCE: https://isc.sans.edu/diary/rss/28974
ADVERSARY: TA551 Shathak
MALWARE FAMILIES: IcedID, Bokbot
ATT&CK IDS: T1566 - Phishing, TA0037 - Command and Control, T1001 - Data Obfuscation, T1002 - Data Compressed, T1204.002 - Malicious File, T1204.001 - Malicious Link, T1598.002 - Spearphishing Attachment, T1137.001 - Office Template Macros, T1073 - DLL Side-Loading
Read More:
Comments