Brad · @malware_traffic
2362 followers · 140 posts · Server infosec.exchange
Originally posted at: https://twitter.com/malware_traffic/status/1634042775850082304
2023-03-08 (Wednesday): #IcedID (#Bobkot) infection with #BackConnect and #VNC traffic. Email --> PDF with link --> downloaded zip --> extracted .msi --> IcedID infection. 1 malspam example, #pcap from an infection, associated malware & IOCs available at https://www.malware-traffic-analysis.net/2023/03/08/index.html
#icedid #bobkot #backconnect #vnc #pcap
Team Cymru - S2 Research · @teamcymru_S2
39 followers · 3 posts · Server infosec.exchangeBonjour #IcedID #BackConnect!
We've spotted a new C2 server being set up on:
5.196.196.252 (🇫🇷)
Expect to see this IP in infection chains in the coming days / hours.
#Recon 👀
cc @netresec
Brad · @malware_traffic
2176 followers · 96 posts · Server infosec.exchange
Posted at: https://twitter.com/malware_traffic/status/1615905700839825409
2023-01-16 (Monday): An #IcedID (#Bokbot) infection I did thanks to @pr0xylife
sharing a PDF on Malware Bazaar. This one has #BackConnect traffic with #VNC activity, and there's #CobaltStrike too! The #pcap was too good -not- to share! Have a peek at: https://malware-traffic-analysis.net/2023/01/16/index2.html
#icedid #Bokbot #backconnect #vnc #cobaltstrike #pcap