Updated 2023-09-28-IOCs-for-IcedID-with-KeyholeVNC-and-Cobalt-Strike.txt

PaloAltoNetworks · Jan 29, 2024 · c165065 · c165065
1 parent bcb66d4
commit c165065
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/2023-09-28-IOCs-for-IcedID-with-KeyholeVNC-and-Cobalt-Strike.txt b/2023-09-28-IOCs-for-IcedID-with-KeyholeVNC-and-Cobalt-Strike.txt
@@ -1,4 +1,9 @@
-2023-08-29 (TUESDAY): ICEDID (BOKBOT) INFECTION WITH KEYHOLE VNC AND COBALT STRIKE
+2023-09-28 (TUESDAY): ICEDID (BOKBOT) INFECTION WITH KEYHOLE VNC AND COBALT STRIKE
+
+REFERENCES:
+
+- https://www.linkedin.com/posts/unit42_icedid-bokbot-backconnect-activity-7114605962115616768-ZK1o
+- https://twitter.com/Unit42_Intel/status/1707898425973280907
 
 INFECTION CHAIN:
 
@@ -91,4 +96,4 @@ BACKCONNECT AND KEYHOLE VNC TRAFFIC:
 
 COBALT STRIKE TRAFFIC:
 
-- 141.98.80[.]158 port 443 - umomrmwa[.]com - TLSv1.2 traffic using Let's Encrypt certificate
+- 141.98.80[.]158 port 443 - umomrmwa[.]com - TLSv1.2 traffic using Let's Encrypt certificate