From IcedID to Dagon Locker Ransomware in 29 Days
Essential information
- Published
- 29/04/2024 17:23
- Modified
- 01/05/2024 23:05
- Tags
- access token adfind anydesk aws collector cobalt strike discovery domain account encrypted icedid manipulation modify system powershell prometheustds rclone seatbelt sharefinder shell utility
- Related entities
- 33 observables, 33 techniques (mitre), 2 malware
Description
This intrusion started in August 2023 with a phishing campaign that distributed IcedID malware. The phishing operation utilized the Prometheus Traffic Direction System (TDS) to deliver the malware and victims were directed to a fraudulent website, mimicking an Azure download portal.