API tools faq
paste
Advertisement
ExecuteMalware

2021-02-19 Trickbot IOCs

ExecuteMalware
Feb 19th, 2021
4,522
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.03 KB | None | 0 0
raw download clone embed print report
  1. THREAT IDENTIFICATION: TRICKBOT
  2.  
  3. TRICKBOT GTAG
  4. gtag: rob60
  5.  
  6.  
  7. SUBJECTS OBSERVED
  8. DocuSign: Contract # 15857
  9. DocuSign: Contract # 1635
  10. DocuSign: Contract # 23927
  11. DocuSign: Contract # 3349
  12. Request: DocuSign # 62694
  13. Request: DocuSign # 71527
  14. Request: DocuSign # 86656
  15. Request: DocuSign # 91551
  16.  
  17. SENDERS OBSERVED
  18. ashwariya@ancortransport.com
  19. dhipps@philwrightautoplex.com
  20. tcr@netvalue.eu
  21. wwileman@bigrivergrp.com
  22.  
  23. MALDOC FILE NAMES
  24. Sign-777989348_690562785.xls
  25. 0416d69ff8f4be772867357dd1115a12
  26.  
  27. Sign-1164698353_995554445.xls
  28. 4111bf4a088edc1caeeb60d7b809f5d7
  29.  
  30. Sign-722622391_2109099014.xls
  31. 41731607dd571b658f0a1a4ab67a7a23
  32.  
  33. Sign-392849493_2120691334.xls
  34. 4dae73b1365a37f7c8a34b5b11579dff
  35.  
  36. Sign-948540970_2090324338.xls
  37. 77ac79ee534e358c7f1ae039f6996d4f
  38.  
  39. Sign-143552984_750391982.xls
  40. 8daf50667544d9f76c0ba495698727bb
  41.  
  42. Sign-667647526_1098738197.xls
  43. cc11f8c2e555d3e4ff6277c53658db9f
  44.  
  45. Sign-15182856_2144370817.xls
  46. fd54778c030770d8a8734660c993ceba
  47.  
  48. MALDOC FILE HASHES
  49. 0416d69ff8f4be772867357dd1115a12
  50. 4111bf4a088edc1caeeb60d7b809f5d7
  51. 41731607dd571b658f0a1a4ab67a7a23
  52. 4dae73b1365a37f7c8a34b5b11579dff
  53. 77ac79ee534e358c7f1ae039f6996d4f
  54. 8daf50667544d9f76c0ba495698727bb
  55. cc11f8c2e555d3e4ff6277c53658db9f
  56. fd54778c030770d8a8734660c993ceba
  57.  
  58. TRICKBOT PAYLOAD URLS
  59. http://www.chipmania.it/mails/open.php
  60.  
  61. TRICKBOT PAYLOAD FILE HASHES
  62. 8.jjkes
  63. 25056df6d3546de971eafe5da5f9ae44
  64.  
  65. This file was renamed and moved to the \Documents folder
  66. BASE.BABAA
  67. 25056df6d3546de971eafe5da5f9ae44
  68.  
  69. TRICKBOT C2
  70. http://216.239.32.21:80
  71. https://134.119.186.202:443
  72. https://142.202.191.164:443
  73. https://142.202.191.164:443
  74. https://182.253.107.34:443
  75. https://185.163.45.138:443
  76. https://193.8.194.96:443
  77. https://200.52.147.93:443
  78. https://212.126.125.10:447
  79. https://222.124.7.150:447
  80. https://23.160.192.125:447
  81. https://36.94.167.167:447
  82. https://36.94.62.207:443
  83. https://45.155.173.242:443
  84.  
  85. TRICKBOT ADDITIONAL DOWNLOAD FILE HASH
  86. pwgrab64
  87. 783802a08864d86405a99adc3ca0179e
  88.  
  89. TRICKBOT CONFIG FILE
  90. configmgr.ini
  91. a81fd06c1ac80050c4210c7c6e869078
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!