IcedID (also known as Bokbot) is an information stealer/backdoor malware that can lead to other activity like Cobalt Strike and Virtual Network Computing (VNC) traffic.
IcedID is often distributed through email, and analysts had also seen it delivered by fake software sites from Google ad traffic.
SkyWatchSM Alert Legend
Glesec Information Sharing Protocol
GLESEC CYBER SECURITY INCIDENT REPORTS are in compliance with the U.S. Department of Homeland Security (DHS) Traffic-Light Protocol (TLP).
Disclosure is Not Limited.
Limited Disclosure, Restricted Only to the Community.
Limited Disclosure, restricted to the Participant's Organization.
Not for Disclosure, Restricted/ Classified - Only Shared with US DHS.