Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Didier Stevens

Threat Level: green

Date	Author	Title
2023-04-12	Brad Duncan	Recent IcedID (Bokbot) activity
2023-02-24	Brad Duncan	URL files and WebDAV used for IcedID (Bokbot) infection
2022-11-02	Brad Duncan	Who put the "Dark" in DarkVNC?
2022-10-23	Didier Stevens	Video: PNG Analysis
2022-10-15	Guy Bruneau	Malware - Covid Vaccination Supplier Declaration
2022-09-29	Didier Stevens	PNG Analysis
2022-08-24	Brad Duncan	Monster Libra (TA551/Shathak) --> IcedID (Bokbot) --> Cobalt Strike & DarkVNC
2022-08-12	Brad Duncan	Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike
2022-07-27	Brad Duncan	IcedID (Bokbot) with Dark VNC and Cobalt Strike
2021-12-16	Brad Duncan	How the "Contact Forms" campaign tricks people
2021-12-02	Brad Duncan	TA551 (Shathak) pushes IcedID (Bokbot)
2020-10-14	Brad Duncan	More TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-08-07	Brad Duncan	TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-07-15	Brad Duncan	Word docs with macros for IcedID (Bokbot)
2020-05-20	Brad Duncan	Microsoft Word document with malicious macro pushes IcedID (Bokbot)
2019-12-24	Brad Duncan	Malspam with links to Word docs pushes IcedID (Bokbot)
2019-03-06	Brad Duncan	Malspam with password-protected word docs still pushing IcedID (Bokbot) with Trickbot
2019-01-16	Brad Duncan	Emotet infections and follow-up malware
2018-12-18	Brad Duncan	Malspam links to password-protected Word docs that push IcedID (Bokbot)
2018-11-15	Brad Duncan	Emotet infection with IcedID banking Trojan
2018-09-26	Brad Duncan	One Emotet infection leads to three follow-up malware infections