Inside the IcedID BackConnect Protocol
released on 2022-12-23 @ 01:22:45 PM
As part of our ongoing tracking of IcedID / BokBot, Team Cymru wanted to share some insights derived from infrastructure associated with IcedID’s BackConnect (BC) protocol. When deployed post “initial” compromise, the BC protocol allows the threat actor(s) additional functionality, using the infected host as a proxy.