SHOW:
|
|
- or go back to the newest paste.
| 1 | THREAT IDENTIFICATION: TRICKBOT | |
| 2 | ||
| 3 | TRICKBOT GTAG | |
| 4 | gtag: rob50 | |
| 5 | ||
| 6 | SUBJECTS OBSERVED | |
| 7 | Here’s your invoice (76897) | |
| 8 | ||
| 9 | SENDERS OBSERVED | |
| 10 | ed2units020a@dhiservices.com | |
| 11 | ||
| 12 | MALDOC FILE HASHES | |
| 13 | inv_872895176_1700788183.xls | |
| 14 | 7f9db9d6085249928deb6dde9625f4bb | |
| 15 | ||
| 16 | TRICKBOT PAYLOAD URLS | |
| 17 | http://hometownchick.com/patron/ibufen.php | |
| 18 | ||
| 19 | TRICKBOT PAYLOAD FILE HASHES | |
| 20 | popmddj.dblo | |
| 21 | de63e7e3da96f915446dff531a4c09dc | |
| 22 | ||
| 23 | TRICKBOT C2 | |
| 24 | https://36.95.27.243 | |
| 25 | ||
| 26 | TRICKBOT ADDITIONAL DOWNLOADS | |
| 27 | http://91.200.101.3/images/redbutton.png | |
| 28 | ||
| 29 | TRICKBOT ADDITIONAL FILE HASHES | |
| 30 | redbutton.png | |
| 31 | 49d503b1e59dc38764cc747a8affd15d | |
| 32 | ||
| 33 | ADDITIONAL TRICKBOT MODULES | |
| 34 | shareDll64 | |
| 35 | 9b75fadae3d4fc4e70e751b71616c33e | |
| 36 | ||
| 37 | tabDll64 | |
| 38 | 2f0f6ffc6e71c2b132b613e3a8f6ab80 | |
| 39 | ||
| 40 | wormDll64 | |
| 41 | f021d817c5c6cd89d835507c4839fe6b | |
| 42 | ||
| 43 | networkDll64 | |
| 44 | c9e79d2f60b6630116aaee9abb02a06f | |
| 45 | ||
| 46 | SUPPORTING EVIDENCE | |
| 47 | https://urlhaus.abuse.ch/url/1105162/ |
