![]() ![]() Validating your security program performance against these behaviors is vital in reducing risk. Its use is shared amongst various ransomware groups such as XingLocker, Quantum, REvil, and Conti.ĪttackIQ has released two new attack graphs that emulate BokBot’s behaviors to help customers validate their security controls and their ability to defend against this threat. BokBot has not only been observed interacting with Emotet, but also with other malware families, such as Smoke Loader and Gootloader. ![]() In the past, BokBot was primarily distributed via Emotet-related infections, a Malware-as-a-Service (MaaS) developed and operated by the adversary known as Mummy Spider, which AttackIQ has previously emulated. Furthermore, with its modular functionality BokBot has the ability to increase and evolve its capabilities by receiving additional modules during its execution.īokBot’s is now commonly delivered using spearphishing but leverages multiple payload delivery vectors such as malicious Office documents, ISO images, and polyglot files with embedded payloads. The core module provides robust functionality allowing the malware to collect system information, acquire persistence, and establish a communication channel with the adversary’s infrastructure. Read MoreīokBot, also known as IcedID, is a modular banking Trojan that has been active since at least April 2017. This new release continues our focused research on emulating shared e-crime malware used in attacks by multiple adversaries. Adversary Emulation Emulating the Infamous Modular Banking Trojan BokBot Published March 23, 2023ĪttackIQ has released two new attack graphs that emulate recent activities involving the banking trojan known as BokBot, which has been primarily focused on exfiltrating data and stealing credentials. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |