Date Author Title
2022-08-24Brad DuncanMonster Libra (TA551/Shathak) --> IcedID (Bokbot) --> Cobalt Strike & DarkVNC
2022-08-12Brad DuncanMonster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike
2022-07-27Brad DuncanIcedID (Bokbot) with Dark VNC and Cobalt Strike
2021-12-16Brad DuncanHow the "Contact Forms" campaign tricks people
2021-12-02Brad DuncanTA551 (Shathak) pushes IcedID (Bokbot)
2020-10-14Brad DuncanMore TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-07-15Brad DuncanWord docs with macros for IcedID (Bokbot)
2020-05-20Brad DuncanMicrosoft Word document with malicious macro pushes IcedID (Bokbot)
2019-12-24Brad DuncanMalspam with links to Word docs pushes IcedID (Bokbot)
2019-03-06Brad DuncanMalspam with password-protected word docs still pushing IcedID (Bokbot) with Trickbot
2019-01-16Brad DuncanEmotet infections and follow-up malware
2018-12-18Brad DuncanMalspam links to password-protected Word docs that push IcedID (Bokbot)