IcedID (Bokbot) with Dark VNC and Cobalt Strike
released on 2022-07-27 @ 11:40:52 AM
As early as April 2022, a long-running threat actor known as TA551 (designated by Proofpoint), Monster Libra (designated by Palo Alto Networks), or Shathak started distributing SVCReady malware. Since then, SANS have sometimes seen this same threat actor also push IcedID (Bokbot) malware.