#icedid — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #icedid, aggregated by home.social.
-
「 #ユーロポール 、 #IcedID 、 #TrickBot 、その他のマルウェアに関連した100台以上のサーバーを #シャットダウン 」: The Hacker News
「ユーロポールは木曜日、 #Operation #Endgame というコード名で行われる法執行機関の連携活動の一環として、IcedID、 #SystemB C、 #PikaBo t、 #SmokeLoader 、 #Bumblebee 、TrickBotなどのいくつかのマルウェアローダー操作に関連するインフラストラクチャを停止したと発表した 。
この措置は5月27日から5月29日までの間に行われ、 #アルメニア 、 #オランダ 、 #ポルトガル の16か所にわたる捜索の結果、世界中で100台以上のサーバーが解体され、アルメニアで1人、ウクライナで3人の計4人が #逮捕 された。 、そして #ウクライナ 。 」戦禍のウクライナでも、ややこしいことをしている奴がいる。
https://thehackernews.com/2024/05/europol-dismantles-100-servers-linked.html
-
「 #ユーロポール 、 #IcedID 、 #TrickBot 、その他のマルウェアに関連した100台以上のサーバーを #シャットダウン 」: The Hacker News
「ユーロポールは木曜日、 #Operation #Endgame というコード名で行われる法執行機関の連携活動の一環として、IcedID、 #SystemB C、 #PikaBo t、 #SmokeLoader 、 #Bumblebee 、TrickBotなどのいくつかのマルウェアローダー操作に関連するインフラストラクチャを停止したと発表した 。
この措置は5月27日から5月29日までの間に行われ、 #アルメニア 、 #オランダ 、 #ポルトガル の16か所にわたる捜索の結果、世界中で100台以上のサーバーが解体され、アルメニアで1人、ウクライナで3人の計4人が #逮捕 された。 、そして #ウクライナ 。 」戦禍のウクライナでも、ややこしいことをしている奴がいる。
https://thehackernews.com/2024/05/europol-dismantles-100-servers-linked.html
-
‘Operation Endgame’ Hits Malware Delivery Platforms
https://krebsonsecurity.com/2024/05/operation-endgame-hits-malware-delivery-platforms/
#Ne'er-Do-WellNews #OperationEndgame #TheComingStorm #MattBurgess #Smokeloader #Ransomware #trickbot #Europol #LockBit #IcedID #911S5
-
‘Operation Endgame’ Hits Malware Delivery Platforms https://krebsonsecurity.com/2024/05/operation-endgame-hits-malware-delivery-platforms/ #Ne'er-Do-WellNews #OperationEndgame #TheComingStorm #MattBurgess #Smokeloader #Ransomware #trickbot #Europol #LockBit #IcedID #911S5
-
Awesome work shutting down botnet infrastructure related to #icedid, #bumblebee, and #pikabot
https://www.europol.europa.eu/media-press/newsroom/news/largest-ever-operation-against-botnets-hits-dropper-malware-ecosystem -
We are proud to announce that Sekoia #TDR team contributed to the joint international law enforcement operation #OperationEndgame, targeting the notorious botnets #IcedID, #Smokeloader, #SystemBC and #Pikabot
-
Operation Endgame - Largest Ever Operation Against Botnets Hits Dropper Malware Ecosystem
Date: May 30, 2024
CVE: Not specified
Vulnerability Type: Malware
CWE: [[CWE-94]], [[CWE-502]]
Sources: Europol News, Eurojust NewsIssue Summary
Europol, in coordination with law enforcement agencies from multiple countries, conducted the largest ever operation targeting botnets. This operation, dubbed "Operation Endgame," took place from May 27 to 29, 2024, and led to the disruption of major malware droppers including IcedID, SystemBC, Pikabot, Smokeloader, and Bumblebee. The effort resulted in four arrests and the takedown of over 100 servers worldwide. These droppers were used to facilitate ransomware and other cyber-attacks by installing additional malware onto target systems. The operation was supported by Eurojust and involved contributions from countries including France, Germany, the Netherlands, Denmark, the UK, the US, and others. Private partners also played a role in the operation, which aimed to dismantle the infrastructure supporting these malicious activities. The success of this operation marks a significant step in combating cybercrime on a global scale.
Operation Endgame, coordinated by Europol, dismantled several major botnets including IcedID, SystemBC, Pikabot, Smokeloader, and Bumblebee. This international effort involved law enforcement agencies from multiple countries and led to the arrest of four individuals and the takedown of over 100 servers. The botnets targeted facilitated ransomware and other cyber-attacks.
Technical Key Findings
The malware droppers involved are designed to infiltrate systems and install additional malware, often avoiding detection through sophisticated evasion techniques. These droppers were used to deploy ransomware and other malicious payloads by bypassing security measures and enabling further system compromises.
Vulnerable Products
The operation did not specify particular products but targeted the infrastructures supporting droppers like IcedID, SystemBC, Pikabot, Smokeloader, and Bumblebee.
Impact Assessment
If abused, these vulnerabilities could lead to widespread ransomware attacks, financial losses, and significant disruption of services. The infrastructure taken down had facilitated numerous cyber-attacks globally, highlighting the severe impact on cybersecurity.
Patches or Workaround
The report did not mention specific patches or workarounds. However, continuous monitoring and updating of security measures are recommended to protect against such threats.
Tags
#Botnets #Malware #Ransomware #Cybersecurity #Europol #OperationEndgame #Cybercrime #IcedID #SystemBC #Pikabot #Smokeloader #Bumblebee
-
We are proud to announce that we assisted the joint international law enforcement operation #OperationEndgame, targeting the notorious botnets #IcedID, #Smokeloader, #SystemBC and #Pikabot 🔥
abuse.ch has provided key infrastructure to LEA and internal partners to disrupt these botnet operations 🛑
More information on the operation is available here:
👉 https://operation-endgame.com/ -
🚨#IcedID, #Smokeloader, #SystemBC, #Pikabot and #Bumblebee botnets have been disrupted by Operation Endgame!! This is the largest operation EVER against botnets involved with ransomware, with gargantuan thanks to a coordinated effort led by international agencies 👏👏
As with the #Qakbot and #Emotet takedowns, Spamhaus are again providing remediation support - those affected will be contacted from today with steps to take.
👉 For more information, read our write-up here: https://www.spamhaus.org/resource-hub/malware/operation-endgame-botnets-disrupted-after-international-action/
-
🚨#IcedID, #Smokeloader, #SystemBC, #Pikabot and #Bumblebee botnets have been disrupted by Operation Endgame!! This is the largest operation EVER against botnets involved with ransomware, with gargantuan thanks to a coordinated effort led by international agencies 👏👏
As with the #Qakbot and #Emotet takedowns, Spamhaus are again providing remediation support - those affected will be contacted from today with steps to take.
👉 For more information, read our write-up here: https://www.spamhaus.org/resource-hub/malware/operation-endgame-botnets-disrupted-after-international-action/
-
🚨#IcedID, #Smokeloader, #SystemBC, #Pikabot and #Bumblebee botnets have been disrupted by Operation Endgame!! This is the largest operation EVER against botnets involved with ransomware, with gargantuan thanks to a coordinated effort led by international agencies 👏👏
As with the #Qakbot and #Emotet takedowns, Spamhaus are again providing remediation support - those affected will be contacted from today with steps to take.
👉 For more information, read our write-up here: https://www.spamhaus.org/resource-hub/malware/operation-endgame-botnets-disrupted-after-international-action/
-
🚨#IcedID, #Smokeloader, #SystemBC, #Pikabot and #Bumblebee botnets have been disrupted by Operation Endgame!! This is the largest operation EVER against botnets involved with ransomware, with gargantuan thanks to a coordinated effort led by international agencies 👏👏
As with the #Qakbot and #Emotet takedowns, Spamhaus are again providing remediation support - those affected will be contacted from today with steps to take.
👉 For more information, read our write-up here: https://www.spamhaus.org/resource-hub/malware/operation-endgame-botnets-disrupted-after-international-action/
-
🚨#IcedID, #Smokeloader, #SystemBC, #Pikabot and #Bumblebee botnets have been disrupted by Operation Endgame!! This is the largest operation EVER against botnets involved with ransomware, with gargantuan thanks to a coordinated effort led by international agencies 👏👏
As with the #Qakbot and #Emotet takedowns, Spamhaus are again providing remediation support - those affected will be contacted from today with steps to take.
👉 For more information, read our write-up here: https://www.spamhaus.org/resource-hub/malware/operation-endgame-botnets-disrupted-after-international-action/
-
New Latrodectus Downloader Malware Linked to IcedID and Qbot Creators https://www.hackread.com/latrodectus-downloader-malware-icedid-qbot/ #Latrodectus #BlackBasta #Ransomware #Security #Malware #IcedID #TA577 #TA588 #QBot
-
New Latrodectus Downloader Malware Linked to IcedID and Qbot Creators https://www.hackread.com/latrodectus-downloader-malware-icedid-qbot/ #Latrodectus #BlackBasta #Ransomware #Security #Malware #IcedID #TA577 #TA588 #QBot
-
New Latrodectus Downloader Malware Linked to IcedID and Qbot Creators https://www.hackread.com/latrodectus-downloader-malware-icedid-qbot/ #Latrodectus #BlackBasta #Ransomware #Security #Malware #IcedID #TA577 #TA588 #QBot
-
New Latrodectus Downloader Malware Linked to IcedID and Qbot Creators https://www.hackread.com/latrodectus-downloader-malware-icedid-qbot/ #Latrodectus #BlackBasta #Ransomware #Security #Malware #IcedID #TA577 #TA588 #QBot
-
Proofpoint and Team Cymru collaborated on a report on Latrodectus malware. Latrodectus is an up-and-coming downloader with various sandbox evasion functionality. It first appeared in email threat campaigns in late November 2023. Latrodectus shares infrastructure overlap with historic IcedID operations. It is being distributed by financially motivated TA577, as well as TA578. Proofpoint provides malware analysis, C2 infrastructure, links to IcedID, and list of IOC. 🔗 https://www.proofpoint.com/us/blog/threat-insight/latrodectus-spider-bytes-ice
#Latrodectus #threatintel #IcedID ##IOC #TA577 #TA578 #cybercrime
-
Proofpoint and Team Cymru collaborated on a report on Latrodectus malware. Latrodectus is an up-and-coming downloader with various sandbox evasion functionality. It first appeared in email threat campaigns in late November 2023. Latrodectus shares infrastructure overlap with historic IcedID operations. It is being distributed by financially motivated TA577, as well as TA578. Proofpoint provides malware analysis, C2 infrastructure, links to IcedID, and list of IOC. 🔗 https://www.proofpoint.com/us/blog/threat-insight/latrodectus-spider-bytes-ice
#Latrodectus #threatintel #IcedID ##IOC #TA577 #TA578 #cybercrime
-
Proofpoint and Team Cymru collaborated on a report on Latrodectus malware. Latrodectus is an up-and-coming downloader with various sandbox evasion functionality. It first appeared in email threat campaigns in late November 2023. Latrodectus shares infrastructure overlap with historic IcedID operations. It is being distributed by financially motivated TA577, as well as TA578. Proofpoint provides malware analysis, C2 infrastructure, links to IcedID, and list of IOC. 🔗 https://www.proofpoint.com/us/blog/threat-insight/latrodectus-spider-bytes-ice
#Latrodectus #threatintel #IcedID ##IOC #TA577 #TA578 #cybercrime
-
Proofpoint and Team Cymru collaborated on a report on Latrodectus malware. Latrodectus is an up-and-coming downloader with various sandbox evasion functionality. It first appeared in email threat campaigns in late November 2023. Latrodectus shares infrastructure overlap with historic IcedID operations. It is being distributed by financially motivated TA577, as well as TA578. Proofpoint provides malware analysis, C2 infrastructure, links to IcedID, and list of IOC. 🔗 https://www.proofpoint.com/us/blog/threat-insight/latrodectus-spider-bytes-ice
#Latrodectus #threatintel #IcedID ##IOC #TA577 #TA578 #cybercrime
-
Proofpoint and Team Cymru collaborated on a report on Latrodectus malware. Latrodectus is an up-and-coming downloader with various sandbox evasion functionality. It first appeared in email threat campaigns in late November 2023. Latrodectus shares infrastructure overlap with historic IcedID operations. It is being distributed by financially motivated TA577, as well as TA578. Proofpoint provides malware analysis, C2 infrastructure, links to IcedID, and list of IOC. 🔗 https://www.proofpoint.com/us/blog/threat-insight/latrodectus-spider-bytes-ice
#Latrodectus #threatintel #IcedID ##IOC #TA577 #TA578 #cybercrime
-
The DFIR Report provides a case study of a ransomware incident in February to late March 2023 where the initial access was Microsoft OneNote files to deliver IcedID malware. Cobalt Strike and AnyDesk were used to target a file server and a backup server. After exfiltrating data with FileZilla, Nokoyawa ransomware was executed. The DFIR Report provides everything from attack chain, to IOC, to MITRE ATT&CK and also Diamond Model. 🔗 https://thedfirreport.com/2024/04/01/from-onenote-to-ransomnote-an-ice-cold-intrusion/
#threatintel #IOC #Nokoyawa #ransomware #cybercrime #CobaltStrike #FileZilla #IcedID #Anydesk
-
The DFIR Report provides a case study of a ransomware incident in February to late March 2023 where the initial access was Microsoft OneNote files to deliver IcedID malware. Cobalt Strike and AnyDesk were used to target a file server and a backup server. After exfiltrating data with FileZilla, Nokoyawa ransomware was executed. The DFIR Report provides everything from attack chain, to IOC, to MITRE ATT&CK and also Diamond Model. 🔗 https://thedfirreport.com/2024/04/01/from-onenote-to-ransomnote-an-ice-cold-intrusion/
#threatintel #IOC #Nokoyawa #ransomware #cybercrime #CobaltStrike #FileZilla #IcedID #Anydesk
-
The DFIR Report provides a case study of a ransomware incident in February to late March 2023 where the initial access was Microsoft OneNote files to deliver IcedID malware. Cobalt Strike and AnyDesk were used to target a file server and a backup server. After exfiltrating data with FileZilla, Nokoyawa ransomware was executed. The DFIR Report provides everything from attack chain, to IOC, to MITRE ATT&CK and also Diamond Model. 🔗 https://thedfirreport.com/2024/04/01/from-onenote-to-ransomnote-an-ice-cold-intrusion/
#threatintel #IOC #Nokoyawa #ransomware #cybercrime #CobaltStrike #FileZilla #IcedID #Anydesk
-
The DFIR Report provides a case study of a ransomware incident in February to late March 2023 where the initial access was Microsoft OneNote files to deliver IcedID malware. Cobalt Strike and AnyDesk were used to target a file server and a backup server. After exfiltrating data with FileZilla, Nokoyawa ransomware was executed. The DFIR Report provides everything from attack chain, to IOC, to MITRE ATT&CK and also Diamond Model. 🔗 https://thedfirreport.com/2024/04/01/from-onenote-to-ransomnote-an-ice-cold-intrusion/
#threatintel #IOC #Nokoyawa #ransomware #cybercrime #CobaltStrike #FileZilla #IcedID #Anydesk
-
The DFIR Report provides a case study of a ransomware incident in February to late March 2023 where the initial access was Microsoft OneNote files to deliver IcedID malware. Cobalt Strike and AnyDesk were used to target a file server and a backup server. After exfiltrating data with FileZilla, Nokoyawa ransomware was executed. The DFIR Report provides everything from attack chain, to IOC, to MITRE ATT&CK and also Diamond Model. 🔗 https://thedfirreport.com/2024/04/01/from-onenote-to-ransomnote-an-ice-cold-intrusion/
#threatintel #IOC #Nokoyawa #ransomware #cybercrime #CobaltStrike #FileZilla #IcedID #Anydesk
-
Zeus, #IcedID malware gangs leader pleads guilty, faces 40 years in prison
-
Kai Lu shared the following reverse engineered code of #IcedID's C2 communication loop on Fortinet’s blog back in 2019. The
WaitForSingleObject(handle, 0x493E0u)call in thewhile(true)loop waits for0x493e0milliseconds (5 minutes) every time before it connects to the C2 server. -
Here’s what CapLoader’s Alerts tab looks like after loading 2023-10-16-IcedID-infection.pcap from @malware_traffic. The malicious protocol alerts for GzipLoader, #BackConnect and #IcedID over TLS are obvious indicators of IcedID. But what about the periodic connections made every 5 minutes?
https://netresec.com/?b=23B6bcd -
Quick #malware analysis: #ICEDID variant with #BACKCONNECT, #ANUBIS #VNC, #COBALTSTRIKE & #SCREENCONNECT pcap from 2023-10-18
Thanks to
@malware_traffic
for sharing this #pcap!More details:
https://blog.securityonion.net/2023/11/quick-malware-analysis-icedid-variant.html -
Here's the decrypted #IcedID #BackConnect traffic from @malware_traffic latest #PCAP. It was just a bunch of "SLEEP 60 seconds" commands this time 😞
-
IcedID Malware Delivered Via ZIP Archive by TA571
Pulse ID: 6541c56f233020e79b87f7df
Pulse Link: https://otx.alienvault.com/pulse/6541c56f233020e79b87f7df
Pulse Author: cryptocti
Created: 2023-11-01 03:26:39Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#OTX #OpenThreatExchange #InfoSec #bot #CyberSecurity #malware #IcedID #TA571 #cryptocti
-
Nice reminder to learn various ways of pivoting. New builds can change the hash, but changing the IAT is more effort than TAs are willing to put in so check that IMPHASH.
Similarly, check the VT relationship tab and compare network activity. Finding a new domain/IP can lead to some interesting results.
#ThreatIntel #IcedID #Malware
https://medium.com/walmartglobaltech/icedid-gets-loaded-af073b7b6d39 -
Attacker launches #BackConnect C2 on #IcedID infected machine and starts a reverse VNC session. The VNC session is used to download #CobaltStrike binary http64.exe from 85.209.11.48 and save it as “http.exe”. Cobalt Strike beacon is then executed from the command line.
For more details and the original #pcap file, see @malware_traffic’s toot here:
https://infosec.exchange/@malware_traffic/111267554603030001 -
This #IcedID #BackConnect C2 server keeps telling the bot to sleep for 60 seconds. This goes on for 3 hours. No reverse shell, no VNC, no file manager 😿
HELLO #TA577, IT’S TIME TO WAKE UP!!
-
This #IcedID #BackConnect C2 server keeps telling the bot to sleep for 60 seconds. This goes on for 3 hours. No reverse shell, no VNC, no file manager 😿
HELLO #TA577, IT’S TIME TO WAKE UP!!
-
This #IcedID #BackConnect C2 server keeps telling the bot to sleep for 60 seconds. This goes on for 3 hours. No reverse shell, no VNC, no file manager 😿
HELLO #TA577, IT’S TIME TO WAKE UP!!
-
This #IcedID #BackConnect C2 server keeps telling the bot to sleep for 60 seconds. This goes on for 3 hours. No reverse shell, no VNC, no file manager 😿
HELLO #TA577, IT’S TIME TO WAKE UP!!
-
This #IcedID #BackConnect C2 server keeps telling the bot to sleep for 60 seconds. This goes on for 3 hours. No reverse shell, no VNC, no file manager 😿
HELLO #TA577, IT’S TIME TO WAKE UP!!
-
See how the attackers use #IcedID's reverse VNC to buy an iPhone 14 from the Apple Store and then drop #CobaltStrike on the victim machine.
Thanks to @malware_traffic for sharing the #pcap file!
https://netresec.com/?b=23A4de6 -
NetworkMiner 2.8.1 released today! It now extracts:
🖥️ #VNC desktop graphics
🐀 #njRAT transfers and screenshots
🧊 #IcedID reverse VNC graphics
⌨️ #IcedID reverse VNC keylog
📂 #BackConnect file uploads
https://netresec.com/?b=23A41e6 -
The list of #IcedID BackConnect C2 servers published by @teamcymru_S2 in Inside the IcedID BackConnect Protocol (Part 2) is fantastic! 💜💜💜
-
#HappyMonday everyone! The DFIR Report released another amazing report, this time they provide details of an incident that started with #IcedID and ended with #Nokoyawa #ransomware. Interesting enough, it was a malicious EXCEL doc this time that used utilized a VBA macro to download the payload. Enjoy and Happy Hunting!
IcedID Macro Ends in Nokoyawa Ransomware
https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-nokoyawa-ransomware/Notable MITRE ATT&CK TTPs:
The DFIR team did all the hard work on this one!#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting
-
#HappyMonday everyone! The DFIR Report released another amazing report, this time they provide details of an incident that started with #IcedID and ended with #Nokoyawa #ransomware. Interesting enough, it was a malicious EXCEL doc this time that used utilized a VBA macro to download the payload. Enjoy and Happy Hunting!
IcedID Macro Ends in Nokoyawa Ransomware
https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-nokoyawa-ransomware/Notable MITRE ATT&CK TTPs:
The DFIR team did all the hard work on this one!#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting
-
#HappyMonday everyone! The DFIR Report released another amazing report, this time they provide details of an incident that started with #IcedID and ended with #Nokoyawa #ransomware. Interesting enough, it was a malicious EXCEL doc this time that used utilized a VBA macro to download the payload. Enjoy and Happy Hunting!
IcedID Macro Ends in Nokoyawa Ransomware
https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-nokoyawa-ransomware/Notable MITRE ATT&CK TTPs:
The DFIR team did all the hard work on this one!#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting
-
#HappyMonday everyone! The DFIR Report released another amazing report, this time they provide details of an incident that started with #IcedID and ended with #Nokoyawa #ransomware. Interesting enough, it was a malicious EXCEL doc this time that used utilized a VBA macro to download the payload. Enjoy and Happy Hunting!
IcedID Macro Ends in Nokoyawa Ransomware
https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-nokoyawa-ransomware/Notable MITRE ATT&CK TTPs:
The DFIR team did all the hard work on this one!#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting
-
#HappyMonday everyone! The DFIR Report released another amazing report, this time they provide details of an incident that started with #IcedID and ended with #Nokoyawa #ransomware. Interesting enough, it was a malicious EXCEL doc this time that used utilized a VBA macro to download the payload. Enjoy and Happy Hunting!
IcedID Macro Ends in Nokoyawa Ransomware
https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-nokoyawa-ransomware/Notable MITRE ATT&CK TTPs:
The DFIR team did all the hard work on this one!#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting
-
Introducing the newest major @tidalcyber TTP intelligence content roundup, the Initial Access & Malware Delivery Landscape matrix, now live in our free Community Edition platform: https://app.tidalcyber.com/share/43836024-a194-4ac7-9659-b51e88632e7f
The matrix covers 25 major & emerging #malware typically used to gain early footholds in victim environments, often leading to ingress of more impactful threats, especially #ransomware, #infostealers, cryptominers, & more. It includes many recognizable names (#QakBot, #IcedID, #Emotet, #Bumblebee, #Gootloader) plus several newer and less-discussed threats
The matrix includes 13 custom Technique Sets for threats not currently tracked in the #mitreattack knowledge base. All technique references derive from a large volume of recent, public #threat reporting (click the labels in the ribbon at the top of the matrix to view relevant source URLs for each threat)
An interactive link analysis visualization of connections among these threats, also derived from public reports, is also available here: https://onodo.org/visualizations/235067/
Community Edition matrices support easy identification of shared (and outlier) techniques among multiple threats, and quick & easy overlay or pivoting to defensive & offensive security capabilities relevant to your own #security stack. We’ll have a blog out soon reviewing our analysis of top & trending techniques common among these initial access threats
Tidal’s #Adversary Intelligence team remains focused on providing up-to-date #TTPintelligence, especially around traditionally under-represented yet widely relevant threats like crimeware. Other popular matrices in this theme include our Ransomware & Data Extortion Landscape matrix (https://app.tidalcyber.com/share/9a0fd4e6-1daf-4f98-a91d-b73003eb2d6a) and Major & Emerging Infostealers matrix (https://app.tidalcyber.com/share/ec62f5e0-bd40-476b-a560-7ad2779ea9e3), which each cover 20+ threats
Financially motivated adversaries often display a rapid pace of #TTP evolution, and this is especially apparent for #initialaccess threats. Register for our webinar on May 31 dedicated to TTP evolution, its drivers, and discussion around what defenders can do to address it and its implications: https://hubs.la/Q01NC23k0
#SharedWithTidal #threatinformeddefense #malware #infostealer #cryptominer #IAB #blueteam #detectionengineering #purpleteam #cyber