Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike

0
169

Introduction

Since 2019, threat actor Monster Libra (also known as TA551 or Shathak) has pushed different families of malware. During the past few months, Monster Libra has primarily pushed SVCready or IcedID. Today’s diary reviews an example of Monster Libra pushing IcedID on Thursday 2022-08-11, and that IcedID infection led to Dark VNC activity and Cobalt Strike.

Shown above: Chain of events for IcedID infection distributed through Monster Libra.

Images From the Infection

Shown …

Read More