Bokbot

Malware updated 3 months ago (2024-07-14T02:17:36.458Z)
Download STIX
Preview STIX
BokBot, also known as IcedID or Anubis, is a type of malware first discovered by X-Force in September 2017. It's a banking trojan that has been widely used in cybercrime operations to steal sensitive information such as banking credentials from infected computers. The malware infects systems through suspicious downloads, emails, or websites and can disrupt operations or even hold data hostage for ransom. Notably, BokBot was distributed via an .msi file in an IcedID infection event reported by Unit42_Intel in November. More recently, BokBot has been observed using HTML smuggling, showing similarities with Qakbot in terms of delivery method. From November 2018 through February 2021, Vyacheslav Igorevich Penchukov, alias Vyacheslav Andreev and "Tank", led a conspiracy that resulted in numerous computers being infected with BokBot. Despite being added to the FBI’s Cyber Most Wanted List, Penchukov returned to criminal activity, leading to significant damages and losses. For instance, when the University of Vermont Medical Center was hit by BokBot, it caused $30 million in losses and disrupted critical patient services for over two weeks, posing serious risks to patients. The widespread use and damaging effects of BokBot led to a coordinated international police action dubbed Operation Endgame, which aimed to take down the infrastructure sustaining botnets including BokBot. This operation involved European, British, and U.S. police forces and targeted several other malicious botnets. In connection with his BokBot activities, Penchukov pleaded guilty to one count of conspiracy to commit a racketeer-influenced and corrupt organizations offense and one count of conspiracy to commit wire fraud. His conviction marks a significant step in combating the spread of this dangerous malware.
Description last updated: 2024-07-14T02:15:33.905Z
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
IcedID is a possible alias for Bokbot. IcedID is a type of malware, malicious software designed to exploit and damage computer systems. It has been identified in association with various other malwares such as Qakbot, BazarLoader, CobaltStrike, Conti, Gozi, Trickbot, Quantum, Emotet, and Pikabot. The IcedID IntBot Loader (int-bot.dll) is
7
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Ransomware
Trojan
Cybercrime
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Bokbot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
3 months ago
BankInfoSecurity
5 months ago
Flashpoint
8 months ago
Securityaffairs
8 months ago
BankInfoSecurity
8 months ago
Unit42
10 months ago
SecurityIntelligence.com
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CSO Online
2 years ago
Unit42
a year ago
CERT-EU
2 years ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Unit42
a year ago