Project Hyphae

IcedID: The Coolest Way to Hack Your Active Directory

Share This Post

An IcedID malware attack enabled the threat actor to compromise the Active Directory domain of an unnamed target less than 24 hours after gaining initial access, while also borrowing techniques from other groups like Conti to meet its goals. IcedID, also known by the name BokBot, started its life as a banking trojan in 2017 before evolving into a dropper for other malware, joining the likes of Emotet, TrickBot, Qakbot, Bumblebee, and Raspberry Robin. The intrusion detailed by Cybereason is no different in that the infection chain begins with an ISO image file contained within a ZIP archive that culminates in the execution of the IcedID payload. The malware then establishes persistence on the host via a scheduled task and communicates with a remote server to download next-stage payloads, including a Cobalt Strike Beacon for follow-on reconnaissance and attack activity.


More To Explore

Information Security News 1-23-2023

MailChimp Discloses New Breach After Employees Got Hacked Article Link: T-Mobile Suffers 8th Data Breach in Less Than 5 Years Article Link: Hackers

BianLian Ransomware Decryptor Made Public

BianLian, a Windows ransomware variant written in Go, the Google-created open source programming language, has been steadily increasing in popularity among threat actors since it

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.