Project Hyphae
Search

IcedID with Cobalt Strike and Dark VPN

Share This Post

IcedID has been being seen quite a bit in the wild recently. Brad Duncan, Threat Intelligence Analyst at Palo Alto Networks, has shared a blog on SANS reviewing the a recent IcedID infection which lead to Dark VPN activity and Cobalt Strike.

IcedID had it’s start as a modular banking trojan aimed at stealing user financial information, but is also capable and has been being used as a dropper for other malware. IcedID has been recently seen coming within a password protected ZIP attachment, which contains an ISO image containing the hidden malware, but previously has also been seen as a secondary payload to other droppers, such as Emotet.

With it’s popularity recently, IcedID is definitely a piece of malware defenders need to be aware of, and sharpen up on ways to detect it in their environments.

Brad Duncan’s post and included IoCs can be found here: https://isc.sans.edu/diary/rss/28884



Reach out to our incident response team for help

More To Explore

Information Security News 6-10-2024

Frontier Warns 750,000 of a Data Breach After Extortion Threats Article Link: https://www.bleepingcomputer.com/news/security/frontier-warns-750-000-of-a-data-breach-after-extorted-by-ransomhub ‘Fog’ Ransomware Rolls in to Target Education, Recreation Sectors Article Link: https://www.darkreading.com/threat-intelligence/fog-ransomware-rolls-in-to-target-education-recreation-sectors

Information Security News 6-3-2024

Snowflake Data Breach Impacts Ticketmaster, Other Organizations Article Link: https://www.securityweek.com/snowflake-hack-impacts-ticketmaster-other-organizations/ 2.8 Million Impacted by Data Breach at Prescription Services Firm Sav-Rx Article Link: https://www.securityweek.com/2-8-million-impacted-by-data-breach-at-prescription-services-firm-sav-rx/ LastPass

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.