Date Author Title

DARK VNC

2022-08-24Brad DuncanMonster Libra (TA551/Shathak) --> IcedID (Bokbot) --> Cobalt Strike & DarkVNC
2022-08-12Brad DuncanMonster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike
2022-07-27Brad DuncanIcedID (Bokbot) with Dark VNC and Cobalt Strike

DARK

2022-08-24/a>Brad DuncanMonster Libra (TA551/Shathak) --> IcedID (Bokbot) --> Cobalt Strike & DarkVNC
2022-08-12/a>Brad DuncanMonster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike
2022-07-27/a>Brad DuncanIcedID (Bokbot) with Dark VNC and Cobalt Strike
2022-04-20/a>Brad Duncan"aa" distribution Qakbot (Qbot) infection with DarkVNC traffic
2021-12-16/a>Brad DuncanHow the "Contact Forms" campaign tricks people
2021-10-04/a>Johannes UllrichBoutique "Dark" Botnet Hunting for Crumbs
2021-02-19/a>Xavier MertensDynamic Data Exchange (DDE) is Back in the Wild?
2018-01-25/a>Xavier MertensRansomware as a Service

VNC

2022-08-24/a>Brad DuncanMonster Libra (TA551/Shathak) --> IcedID (Bokbot) --> Cobalt Strike & DarkVNC
2022-08-12/a>Brad DuncanMonster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike
2022-07-27/a>Brad DuncanIcedID (Bokbot) with Dark VNC and Cobalt Strike
2022-04-20/a>Brad Duncan"aa" distribution Qakbot (Qbot) infection with DarkVNC traffic
2022-03-16/a>Brad DuncanQakbot infection with Cobalt Strike and VNC activity
2021-12-16/a>Brad DuncanHow the "Contact Forms" campaign tricks people
2021-05-14/a>Xavier Mertens"Open" Access to Industrial Systems Interface is Also Far From Zero
2013-10-12/a>Richard PorterReported Spike in tcp/5901 and tcp/5900
2011-11-19/a>Pedro BuenoDragon Research Group (DRG) announced the white paper entitled "VNC: Threats and Countermeasures" : https://dragonresearchgroup.org/insight/vnc-tac.html
2009-10-03/a>Daniel WesemannCyber Security Awareness Month - Day 3 - Port 5900 - VNC