API tools faq
paste
ExecuteMalware

2021-02-25 Trickbot IOCs

ExecuteMalware
Feb 25th, 2021
5,605
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.08 KB | None | 0 0
raw download clone embed print report
  1. THREAT IDENTIFICATION: TRICKBOT
  2.  
  3. TRICKBOT GTAG
  4. gtag: rob64
  5.  
  6. SUBJECTS OBSERVED
  7. Important Notification: Precept # 69299
  8.  
  9. SENDERS OBSERVED
  10. [email protected]
  11.  
  12. MALDOC FILE NAMES
  13. Att_1950394704_743646710.xls
  14. 06b7763a62cbdd2cee1b3055fbdf9617
  15.  
  16. MALDOC FILE HASHES
  17. 06b7763a62cbdd2cee1b3055fbdf9617
  18.  
  19. TRICKBOT PAYLOAD URLS
  20. http://sundancemotelwy.com/dummy/counter.php
  21.  
  22. TRICKBOT PAYLOAD FILE HASHES
  23. 8.strike
  24. 2b1eb009e6282801c4ec6a417e9861e5
  25.  
  26. renamed to:
  27. VDRK.OLASE
  28. 2b1eb009e6282801c4ec6a417e9861e5
  29.  
  30. TRICKBOT C2
  31. https://103.146.185.107:447
  32. https://131.255.106.152:449
  33. https://45.155.173.242
  34.  
  35. TRICKBOT ADDITIONAL DOWNLOAD FILE HASH
  36. networkDll64
  37. e643d3ab98806bd1ec90cafac3c83589
  38.  
  39. pwgrab64
  40. 783802a08864d86405a99adc3ca0179e
  41.  
  42. importDll64
  43. 2fc0809e1ebae2165a91a44396037f0c
  44.  
  45. TRICKBOT CONFIG FILE
  46. PluginManager.ini
  47. 28b312447a63f02cf76a9777c95135b8
  48.  
  49. FIDDLER TRAFFIC CAPTURE
  50. http://sundancemotelwy.com/dummy/counter.php
  51. http://45.155.173.242:443
  52. https://45.155.173.242/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/5/file/
  53. http://131.255.106.152:449
  54. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/5/file/
  55. http://www.myexternalip.com:443
  56. https://www.myexternalip.com/raw
  57. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/0/Windows%207%20x64%20SP1/1104/62.182.99.63/B7E4CBA0AC3BFD329AB910D91B19E896CD3FC46BD43AB29ED7A447624A92BB20/HPQ81NpzsygqjpHhWg8INXz92Oq/
  58. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/14/user/analyst/0/
  59. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/14/path/C:%5CUsers%5Canalyst%5CAppData%5CRoaming%5CWNetMonitor9913433283%5ChmVDRKrj.rrd/0/
  60. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/23/100012/
  61. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/14/DNSBL/not%20listed/0/
  62. http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?acc524294d6983a7
  63. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/14/NAT%20status/client%20is%20behind%20NAT/0/
  64. http://103.146.185.107:447
  65. https://103.146.185.107:447/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/5/pwgrab64/
  66. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/5/dpost/
  67. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/64/pwgrab/VERS//
  68. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/10/62/UCSYWOUAEWCIGYEKOG/1/
  69. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/1/WWu0IueGcEKsEqaCYSCoAm/
  70. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/64/pwgrab/DEBG//
  71. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/64/pwgrab/DPST//
  72. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/1/vNFxzj7r9PHX3HBhvRrZbLBTl1t9f/
  73. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/1/WYkx5uXMUhwlH6LYgV8x5IXMsh/
  74. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/1/zjNXhJTttfp5F11RbDNnnZ/
  75. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/1/9rjKvb8lmyZcDPU3eKrUVhILw/
  76. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/1/be8hGuTQhdCrQMda9nMJaW5kJFWT2gFC/
  77. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/1/L1nxh3DZJlpB1NRtdz/
  78. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/1/VZjFpBVrRt7P9VfBl7RnNp3L/
  79. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/1/uOClupuGtGPFOlSkt/
  80. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/1/zZx5LTx5LTx5TTx5TT/
  81. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/10/62/137905/1/
  82. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/63/pwgrab/sTart/U3VjY2Vzcw==//
  83. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/1/nzt0uH2DJUFgWhipj6r28J/
  84. https://103.146.185.107:447/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/5/importDll64/
  85. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/10/62/137906/1/
  86. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/63/importDll/getdata///
  87. http://127.0.0.1:50969/30321
  88. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/1/ZX7BX3Pt3Zvzl5RVr/
  89. https://103.146.185.107:447/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/5/networkDll64/
  90. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/64/importDll/InternetExplorer/grabber/
  91. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/64/networkDll/NETWORKDLL//
  92. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/10/62/137908/1/
  93. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/63/networkDll/start///
  94. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/64/importDll/Firefox/grabber/
  95. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/64/importDll/DebugLog/USER/
  96. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/1/Tz9F199JP9DNTXHRXbfVXfjpbj/
  97. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/1/vr5VRNj3TLL5VxN73z/
  98. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/1/h9xRb99ntLV59hrLV33hnFPz3bl/
  99. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/1/m4ksmu6E8GSaUcowqyYICKueYgG0u2c/
  100. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/1/Xfpr7PTVp379ThlnvLPRZz35Ddhjr5/
  101. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/1/PzfjRNvrdZF7tpNJ55dZLHpl/
  102. https://131.255.106.152:449/rob64/WIN7PC_W617601.B34A3556F7BB9A2197D9BB04D51155BF/1/B5p99RrlBTPn91Rll3Tnn51/
  103.  
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!