Bokbot (aka. IcedID) was discovered by Fox-IT in June 2017 and has been dated back to at least April 2017 and actively tracked since. This talk will detail what we’ve found so far during our tracking of the malware but also present findings that ties this specific malware threat to a well known group known as Vawtrak/Neverquest which targeted financial institutions between 2010-2017. We will also provide a rare insight into the development process and life cycle of this malware and also reveals a new type of debug logging technique via DNS.
Presented at Security Fest 2018.Speaker: Alfred Klason
Upon request of the author, this talk was not recorded.