Brad<p>More info from tweet I wrote for my employer at: <a href="https://twitter.com/Unit42_Intel/status/1689645377027457027" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">twitter.com/Unit42_Intel/statu</span><span class="invisible">s/1689645377027457027</span></a></p><p>2023-08-09 (Wednesday) - Trojanized Webex .msix installer package contains PowerShell script to install <a href="https://infosec.exchange/tags/IcedID" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IcedID</span></a> (<a href="https://infosec.exchange/tags/Bokbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Bokbot</span></a>). We also saw <a href="https://infosec.exchange/tags/BackConnect" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BackConnect</span></a> traffic and <a href="https://infosec.exchange/tags/KeyholeVNC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KeyholeVNC</span></a> from the infection. List of indicators available at <a href="https://github.com/pan-unit42/tweets/blob/master/2023-08-09-IOCs-from-IcedID-infection.txt" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/pan-unit42/tweets/b</span><span class="invisible">lob/master/2023-08-09-IOCs-from-IcedID-infection.txt</span></a></p><p>I've been looking for Cobalt Strike activity from these IcedID infections, but haven't had much luck in recent months.</p><p><a href="https://infosec.exchange/tags/pcap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pcap</span></a> of the infection traffic and the associated malware/artifacts are available at <a href="https://www.malware-traffic-analysis.net/2023/08/09/index.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">malware-traffic-analysis.net/2</span><span class="invisible">023/08/09/index.html</span></a></p>
101010.pl is one of the many independent Mastodon servers you can use to participate in the fediverse.
101010.pl czyli najstarszy polski serwer Mastodon. Posiadamy wpisy do 2048 znaków.
Administered by:
Server stats:
491active users
101010.pl: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.5.0-alpha.1
#keyholevnc
0 posts · 0 participants · 0 posts today
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload