PCAPS FOR JANUARY 2022 OISF WEBINAR ABOUT ICEDID ACTIVITY

ASSOCIATED FILES:

• 1st example: 2021-12-06-Contact-Forms-campaign-IcedID-and-Anubis-VNC.pcap.zip   7.6 MB   (7,647,575 bytes)
• 2nd example: 2022-01-05-TA551-IcedID-with-Cobalt-Strike-and-Anubis-VNC.pcap.zip   31.1 MB   (31,121,338 bytes)
• 3rd example: 2021-04-26-IcedID-with-Cobalt-Strike-and-Anubis-VNC.pcap.zip   17.3 MB   (17,250,840 bytes)

• PDF file of the presentation slides: 2022-01-13-OISF-presentation-IcedID.pdf.zip   1.4 MB   (1,403,338 bytes)

NOTES:

• These are pcaps for the January 2022 OISF webinar for my presentation "IcedID Infection Activity: Traffic & Other Indicators with Brad Duncan"
• A recording of the webinar is available on YouTube at: https://www.youtube.com/watch?v=pKD9p0EIZEs
• In the webinar, I mistakenly refer to the VNC traffic associated with this IcedID activity as "DarkVNC" which is incorrect.  It is actually "Anbuis VNC".
• I updated the slides and pcap file names to change any references from DarkVNC to Anubis VNC.

• All zip archives on this site are password-protected.  The password-protected zip archives now have a new password (see below).

 

Shown above:  Screenshot of decoded video from the VNC traffic associated with these pcaps.

 

Click here to return to the main page.