Skip to Content

IcedID malware botnet development

Updated on 2022-11-04

Elastic’s security team has a breakdown of the command and control infrastructure of the IcedID trojan and how defenders can track. Read more: ICEDIDs network infrastructure is alive and well

Updated on 2022-10-14: IcedID’s BackConnect protocol

Security firm Netresec has published a report on BackConnect, a proprietary command-and-control (C2) protocol used by the IcedID botnet. Read more: IcedID BackConnect Protocol

Updated on 2022-10-12

And a similar report from Team Cymru on the recent tactics of the IcedID malware botnet. Read more: Reconstructing Threat Actor Metrics with Pure Signal™ Recon

Updated on 2022-10-11

Threat actors behind the IcedID malware have been using a variety of propagation methods, including changing the management of C2 server IPs, in their phishing campaigns, found Team Cymru. Read more: Hackers behind IcedID malware attacks diversify delivery tactics

New tool—IcedID Decryptor

Matthew B., a security researcher at Huntress Labs, has open-sourced a new tool called IcedID Decryptor that can extract configuration data from systems infected with the IcedID malware, information typically stored in a file called license.dat. Read more: matthewB-huntress/IcedID



    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.