Tuesday, October 19, 2021

TheDFIRReport: IcedID and Cobalt Strike vs Antivirus

Intro

Although IcedID was originally discovered back in 2017, it did not gain in popularity until the latter half of 2020. We have now analyzed a couple ransomware cases in 2021 (Sodinokibi & Conti) that used IcedID as the initial foothold into the environment.

In June, we saw another threat actor utilize IcedID to download Cobalt Strike, which was used to pivot to other systems in the environment. Similar to the Sodinokibi case, anti-virus (AV) slowed down the attackers. AV frustrated them to…

Read More

Latest news
Related news