IcedID2

IcedID BokBot banking trojan 2017. TrickBot associated. Cobalt Strike loader. Process hollowing browser hook. NSABX.GG.

Threat Profile
Type Backdoor
Programming LanguageC++
C2 ProtocolHTTPS
First Seen2017
Targets Küresel Finans
Purpose / Capabilities
  • Banking+Backdoor

C2 Servers 1

Address Port Protocol Status Action
nsabx.gg
443 HTTPS INACTIVE

⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.

Research Reports (1)

High

IcedID -- info_IR-99661418.msi MSI Lure, NSABX.GG Guernsey TLD C2 | Yüksek

IcedID 1.1MB info_IR-99661418.msi fatura MSI. NSABX.GG .gg Guernsey TLD domain C2. IsDebuggerPresent.

Read Report →