IcedID: The Coolest Way to Hack Your Active Directory

Share This Post

An IcedID malware attack enabled the threat actor to compromise the Active Directory domain of an unnamed target less than 24 hours after gaining initial access, while also borrowing techniques from other groups like Conti to meet its goals. IcedID, also known by the name BokBot, started its life as a banking trojan in 2017 before evolving into a dropper for other malware, joining the likes of Emotet, TrickBot, Qakbot, Bumblebee, and Raspberry Robin. The intrusion detailed by Cybereason is no different in that the infection chain begins with an ISO image file contained within a ZIP archive that culminates in the execution of the IcedID payload. The malware then establishes persistence on the host via a scheduled task and communicates with a remote server to download next-stage payloads, including a Cobalt Strike Beacon for follow-on reconnaissance and attack activity.

Link:

https://thehackernews.com/2023/01/icedid-malware-strikes-again-active.html



Reach out to our incident response team for help

More To Explore

Information Security News – 6/23/2025

Law Enforcement Takedowns Disrupt Cybercrimes Across the Globe Article Link: https://cyberscoop.com/cybercrime-crackdown-operation-endgame-operation-secure/   Microsoft 365 to Block File Access Via Legacy Auth by Default Article link:

Information Security News – 6/16/2025

Grocery Wholesale Giant United Natural Foods Hit by Cyberattack Article Link: https://www.bleepingcomputer.com/news/security/grocery-wholesale-giant-united-natural-foods-hit-by-cyberattack/ The Worsening Landscape of Educational Cybersecurity Article Link: https://blog.knowbe4.com/the-worsening-landscape-of-educational-cybersecurity Gov. Abbott Signs Texas

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.