Botconf Author Listing

Rachelle Goddin


Last known affiliation: Team Cymru

TLP:AMBER
Date: 2024-04-26
IcedID’s Icy Depths: A Year in Infrastructure and Trends
Rachelle Goddin 🗣 | Josh Hopkins 🗣

Abstract (click to view)

This talk is a continuation on the subject of IcedID, which we presented at Botconf 2023. In our previous talk we covered methodologies for hunting IcedID infrastructure, subsequently explaining how we use these findings to pivot to the management of IcedID using network telemetry data. In doing so we were able to explore the threat actors’ pattern of life, as well as uncovering the tools and services they utilize on a day to day basis.

In this talk we will provide an in-depth overview of IcedID infrastructure and activity behind-the-scenes, covering the intervening period since we last met in Strasbourg. Broken down into key infrastructure elements we will examine how the threat actors have adapted and evolved, to both improve their capabilities and in reaction to changes in the threat landscape.

We will show that during periods of apparent “quiet”, the threat actors continue to access and update their infrastructure, in preparation for an inevitable return. Finally, we will consider the impacts of events such as Operation Duck Hunt on the botnet ecosystem, as well as highlighting potential connections to other emerging threats such as DarkGate (reloaded) and PikaBot.

Scroll to Top