Project Hyphae
Search

IcedID with Cobalt Strike and Dark VPN

Share This Post

IcedID has been being seen quite a bit in the wild recently. Brad Duncan, Threat Intelligence Analyst at Palo Alto Networks, has shared a blog on SANS reviewing the a recent IcedID infection which lead to Dark VPN activity and Cobalt Strike.

IcedID had it’s start as a modular banking trojan aimed at stealing user financial information, but is also capable and has been being used as a dropper for other malware. IcedID has been recently seen coming within a password protected ZIP attachment, which contains an ISO image containing the hidden malware, but previously has also been seen as a secondary payload to other droppers, such as Emotet.

With it’s popularity recently, IcedID is definitely a piece of malware defenders need to be aware of, and sharpen up on ways to detect it in their environments.

Brad Duncan’s post and included IoCs can be found here: https://isc.sans.edu/diary/rss/28884



Reach out to our incident response team for help

More To Explore

Information Security News 3-25-2024

Developer Sues Minnesota Contractor After $735K Payment Disappears Article Link: https://www.constructiondive.com/news/beck-sues-ryan-fsa-title-cybercrime/710708/ Truck-to-Truck Worm Could Infect and Disrupt Entire US Commercial Fleet Article Link: https://www.theregister.com/2024/03/22/boffins_tucktotruck_worm/ NIST’s

Information Security News 3-18-2024

Threat Actors Leaked 70 Million Records Allegedly Stolen From AT&T Article Link: https://securityaffairs.com/160627/data-breach/70m-att-records-leaked.html Former Telecom Manager Admits to Doing SIM Swaps for $1,000 Article Link:

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.