IcedID
CapLoader 1.9.6 Released
CapLoader now detects even more malicious protocols and includes several new features such as JA4 fingerprints, API support for sharing IOCs to ThreatFox and OSINT lookups of malware families on Malpedia. The ...
Forensic Timeline of an IcedID Infection
The BackConnect and VNC parsers that were added to NetworkMiner 2.8.1 provide a unique possibility to trace the steps of an attacker with help of captured network traffic from a hacked computer ...
NetworkMiner 2.8.1 Released
I am happy to announce the release of NetworkMiner 2.8.1 today! This new release brings a VNC parser to NetworkMiner, so that screenshots, keystrokes and clipboard data can be extracted from unencrypted ...
How to Identify IcedID Network Traffic
Brad Duncan published IcedID (Bokbot) from fake Microsoft Teams page earlier this week. In this video I take a closer look at the PCAP file in that blog post. The video cannot ...
Analysing a malware PCAP with IcedID and Cobalt Strike traffic
This network forensics walkthrough is based on two pcap files released by Brad Duncan on malware-traffic-analysis.net. The traffic was generated by executing a malicious JS file called StolenImages_Evidence.js in a sandbox environment ...
TrickBot: New Injects, New Host
What’s in the Name: Call it IcedID or TrickBot? Tell that to a security researcher (Arsh Arora in this case) and watch them RANT(Gar-note: today's blog post is a guest blog from ...
Mapping Out a Malware Distribution Network
More than a dozen US-based web servers were used to host 10 malware families, distributed through mass phishing campaigns. Malware families include Dridex, GandCrab, Neutrino, IcedID and others. Evidence suggests the existence ...
IBM Warns Retailers of Trojan Threat
IBM has issued a cybersecurity advisory warning about an attack method originally developed for defraud banks that now is being applied to the retail sector. Limor Kessem, global executive security advisor for ...