2022-07-26 (TUESDAY) - FILES FOR AN ISC DIARY (ICEDID WITH BACKCONNECT & COBALT STRIKE)

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

NOTES:

• The ISC diary is for Wednesday 2022-07-27:  IcedID (Bokbot) with Dark VNC and Cobalt Strike
• In the referenced ISC diary, I mistakenly reported the BackConnect traffic as "DarkVNC."
• I've fixed this blog post and the material to show the correct activity.
• For more on Backconnect, see: https://www.netresec.com/?page=Blog&month=2022-10&post=IcedID-BackConnect-Protocol

ASSOCIATED FILES:

• 2022-07-26-IOCs-for-IcedID-with-BackConnect-and-Cobalt-Strike.txt.zip   2.1 kB   (2,074 bytes)
• 2022-07-26-IcedID-with-BackConnect-and-Cobalt-Strike-carved.pcap.zip   3.2 MB   (3,249,074 bytes)
• 2022-07-26-IcedID-and-Cobalt-Strike-malware-and-artifacts.zip   2.6 MB   (2,553,053 bytes)

 

Click here to return to the main page.