IcedID2
IcedID BokBot banking trojan 2017. TrickBot associated. Cobalt Strike loader. Process hollowing browser hook. NSABX.GG.
Threat Profile
Type
Backdoor
Programming LanguageC++
C2 ProtocolHTTPS
First Seen2017
Targets
Küresel Finans
Purpose / Capabilities
- Banking+Backdoor
C2 Servers 1
| Address | Port | Protocol | Status | Action |
|---|---|---|---|---|
nsabx.gg
|
443 | HTTPS | INACTIVE |
⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.
Research Reports (1)
IcedID -- info_IR-99661418.msi MSI Lure, NSABX.GG Guernsey TLD C2 | Yüksek
IcedID 1.1MB info_IR-99661418.msi fatura MSI. NSABX.GG .gg Guernsey TLD domain C2. IsDebuggerPresent.
Read Report →