Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Diaries by Keyword

SANS Site Network

Current Site

SANS Internet Storm Center

Other SANS Sites Help

Graduate Degree Programs

Security Training

Security Certification

Security Awareness Training

Penetration Testing

Industrial Control Systems

Cyber Defense Foundations

DFIR

Software Security

Government OnSite Training

Diaries by Keyword

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Date	Author	Title
2020-10-14	Brad Duncan	More TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-08-07	Brad Duncan	TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-07-15	Brad Duncan	Word docs with macros for IcedID (Bokbot)
2020-05-20	Brad Duncan	Microsoft Word document with malicious macro pushes IcedID (Bokbot)
2019-12-24	Brad Duncan	Malspam with links to Word docs pushes IcedID (Bokbot)
2019-03-06	Brad Duncan	Malspam with password-protected word docs still pushing IcedID (Bokbot) with Trickbot
2018-12-18	Brad Duncan	Malspam links to password-protected Word docs that push IcedID (Bokbot)
2018-11-15	Brad Duncan	Emotet infection with IcedID banking Trojan
2018-09-26	Brad Duncan	One Emotet infection leads to three follow-up malware infections