top of page
Search
Writer's pictureStormsec

Monster Libra (TA551/Shathak) infects with IcedID (Bokbot) and pushes Cobalt Strike & DarkVNC

SANS has analyzed an IcedID (Bokbot) infection based on Monster Libra (also known as TA551 or Shathak).




ADVERSARY: TA551 Shathak


MALWARE FAMILIES: IcedID, Bokbot


ATT&CK IDS: T1566 - Phishing, TA0037 - Command and Control, T1001 - Data Obfuscation, T1002 - Data Compressed, T1204.002 - Malicious File, T1204.001 - Malicious Link, T1598.002 - Spearphishing Attachment, T1137.001 - Office Template Macros, T1073 - DLL Side-Loading


Read More:

1 view

Comments


Commenting has been turned off.
bottom of page