Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike

Monster Libra is the latest threat actor to push malware into the Windows operating system, and that infection has led to Dark VNC and Cobalt Strike, as well as a series of other infections.

REFERENCE: https://isc.sans.edu/diary/rss/28934

TAGS: cobalt strike, monster libra, icedid, darkvnc, Shathak, TA551

ADVERSARY: Monster Libra

MALWARE FAMILIES: Cobalt Strike, IcedID - S0483, Trojan:Win32/Bokbot

ATT&CK IDS: T1219 - Remote Access Software, T1193 - Spearphishing Attachment, T1137.001 - Office Template Macros, T1573 - Encrypted Channel

Read More:

https://otx.alienvault.com/pulse/62f644e2ef4308266b29f446