icedid (2)

10293756893?profile=RESIZE_400xActivity Summary - Week Ending on 8 April 2022:

  • Red Sky Alliance identified 1,898 connections from new IP’s checking in with our Sinkholes
  • Go Daddy LLC domain - 61 x
  • Analysts identified 1,311 new IP addresses participating in various Botnets
  • IcedID Trojan
  • DoubleZero Wiper Malware
  • ChronoPay
  • Inverse Finance
  • TX Infrastructure
  • CN also attacking UA

Link to full report: IR-22-098-001_weekly098.pdf

8802222653?profile=RESIZE_400xIcedID, also known as Bokbot is a banking trojan and information stealer and can be used as an entry point for subsequent attacks, such as manually operated ransomware for high-value targets. It is typically proliferated using another trojan called Emotet, which is often distributed using spam email campaigns. Human-operated ransomware attacks are increasingly common and require the attacker to sit at the keyboard and orchestrate the attack, in contrast to an automated attack.

Microsoft is warni