API tools faq
paste
Advertisement
ps66uk

#trickbot #ioc 20190702

ps66uk
Jul 3rd, 2019
2,544
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.19 KB | None | 0 0
raw download clone embed print report
  1.  
  2. #trickbot IoC 20190702
  3.  
  4. 3 separate campaigns identified (URL targets)
  5. VBS hosts all 64.37.52.18
  6.  
  7. https://urlscan.io/search/#64.37.52.189
  8. https://www.virustotal.com/graph//drawer/node-summary/node/n64.37.52.189/1562158387651
  9.  
  10. -----------OBSERVED-CAMPAIGN------------------
  11.  
  12. delivery via mailchimp email
  13.  
  14. Subject: Chartered Society of Physiotherapy Statement
  15. Subject: Report MediShed
  16. From: <displaycsp@media-shed.co.uk>
  17. Date: Tue, 2 Jul 2019 10:25:31 +0000
  18. X-MC-User: c2215dfba48a9bd45650525e4
  19.  
  20. https://media-shed.us4.list-manage.com/track/click?u=c2215dfba48a9bd45650525e4&id=****&e=****
  21.  
  22. see also https://urlscan.io/search/#media-shed.us4.list-manage.com
  23.  
  24. -----------------------------
  25.  
  26. vbs download (64.37.52.189)
  27. https://app.any.run/tasks/a2b5233b-3d2e-4f68-bd8a-dffc44651735/
  28. https://john1715.com/statement_2.php
  29.  
  30.  
  31. exe download (64.37.52.189)
  32. https://holahospice.org/support_edition.php
  33.  
  34.  
  35. -----------OTHER-OBSERVED-IOC------------------
  36.  
  37. suspended (64.37.52.189)
  38. s://vistrav.com/pieces.php
  39. s://schoolquizshow.com/localsmith.php
  40.  
  41. -----------------------------
  42.  
  43. vbs download (64.37.52.189)
  44. https://app.any.run/tasks/10715be6-5915-4b12-ad92-729777c0914d
  45. https://gruporyg.com/summary.php
  46.  
  47. https://app.any.run/tasks/947afb1d-d8c7-4958-bc2d-0def50a19ccd
  48. https://nibgroup.net/nibgroup.php
  49.  
  50. https://app.any.run/tasks/bda3a966-1edf-4771-9ce3-86ba6f90aa5b
  51. https://lostinthepines.com/pen.php
  52.  
  53. https://app.any.run/tasks/422927d4-4d63-4223-a0b3-275bc110711f
  54. https://abcin.org/view.php
  55.  
  56.  
  57. exe download
  58. https://www.1.solutions//828_929_929.exe (104.24.124.104, 104.24.125.104)
  59. https://beespeedy.com/388499_9939.doc (104.18.56.232, 104.18.57.232)
  60. https://blushingsugar.com/3332332.scr (104.31.94.21, 104.31.95.21)
  61. https://yown.us/goodemail.pdf (104.27.167.128, 104.27.166.128)
  62. https://aaaofficesupplies.com/ono1_929sminfo.docx (104.31.68.202, 104.31.69.202)
  63.  
  64. -----------------------------
  65.  
  66. vbs download (64.37.52.189)
  67. https://app.any.run/tasks/075414ef-720e-43b6-95aa-9f8348e54765
  68. https://starbourne.info/adjust.php
  69.  
  70. https://app.any.run/tasks/05036cac-fc4e-41de-b2db-c55ca3f54e71
  71. https://planticacr.com/southaudi.php
  72.  
  73.  
  74. exe download (64.37.52.189)
  75. https://parkc.org/filetext.php
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!