Date Author Title
2023-04-12Brad DuncanRecent IcedID (Bokbot) activity
2023-02-24Brad DuncanURL files and WebDAV used for IcedID (Bokbot) infection
2022-11-02Brad DuncanWho put the "Dark" in DarkVNC?
2022-10-23Didier StevensVideo: PNG Analysis
2022-10-15Guy BruneauMalware - Covid Vaccination Supplier Declaration
2022-09-29Didier StevensPNG Analysis
2022-08-24Brad DuncanMonster Libra (TA551/Shathak) --> IcedID (Bokbot) --> Cobalt Strike & DarkVNC
2022-08-12Brad DuncanMonster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike
2022-07-27Brad DuncanIcedID (Bokbot) with Dark VNC and Cobalt Strike
2021-12-16Brad DuncanHow the "Contact Forms" campaign tricks people
2021-12-02Brad DuncanTA551 (Shathak) pushes IcedID (Bokbot)
2020-10-14Brad DuncanMore TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-08-07Brad DuncanTA551 (Shathak) Word docs push IcedID (Bokbot)
2020-07-15Brad DuncanWord docs with macros for IcedID (Bokbot)
2020-05-20Brad DuncanMicrosoft Word document with malicious macro pushes IcedID (Bokbot)
2019-12-24Brad DuncanMalspam with links to Word docs pushes IcedID (Bokbot)
2019-03-06Brad DuncanMalspam with password-protected word docs still pushing IcedID (Bokbot) with Trickbot
2019-01-16Brad DuncanEmotet infections and follow-up malware
2018-12-18Brad DuncanMalspam links to password-protected Word docs that push IcedID (Bokbot)
2018-11-15Brad DuncanEmotet infection with IcedID banking Trojan
2018-09-26Brad DuncanOne Emotet infection leads to three follow-up malware infections