Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT IDENTIFICATION: TRICKBOT
- TRICKBOT GTAG
- gtag: rob16
- SUBJECTS OBSERVED
- Important Notification: Precept # 6423
- Important Notification: Precept # 8251
- SENDERS OBSERVED
- kevin.blough@pwstores.com
- MALDOC FILE NAMES
- Attach_2024121422_59606374.xls
- ef149fa0e847a59880b1fc0b6b1977f1
- Attach_452701361_1806650968.xls
- 21c92b5f324f5c301e8911c39c24d0e5
- MALDOC FILE HASHES
- ef149fa0e847a59880b1fc0b6b1977f1
- 21c92b5f324f5c301e8911c39c24d0e5
- TRICKBOT PAYLOAD URLS
- http://bearcatpumps.com.cn/css/tolkio.php
- TRICKBOT PAYLOAD FILE HASHES
- 10.point
- 884dab96c679194fc5140322d5ce9e9d
- TRICKBOT C2
- https://102.164.211.138:449
- https://103.119.117.42:443
- https://103.146.2.152:449
- https://103.73.101.98:449
- https://103.76.20.226:443
- https://103.84.164.87:443
- https://103.91.244.102:449
- https://108.170.20.72:443
- https://111.235.66.83:443
- https://117.212.193.62:449
- https://118.67.216.238:449
- https://154.79.252.132:449
- https://167.179.194.205:443
- https://168.232.188.88:449
- https://173.81.4.147:449
- https://177.47.88.62:443
- https://178.54.230.164:443
- https://179.191.108.58:449
- https://179.60.243.52:443
- https://182.48.66.106:443
- https://185.234.72.84:443
- https://186.195.199.238:449
- https://187.19.200.154:449
- https://187.190.116.59:443
- https://190.119.167.154:447
- https://190.152.71.230:443
- https://200.6.169.124:443
- https://201.184.190.59:449
- https://202.142.151.190:449
- https://221.176.88.201:449
- https://36.92.93.5:449
- https://36.94.202.131:443
- https://37.235.230.123:449
- https://45.234.248.66:449
- https://79.122.166.236:449
- https://80.78.75.246:443
- https://80.78.77.116:449
- https://85.159.214.61:443
- TRICKBOT ADDITIONAL DOWNLOAD FILE HASH
- pwgrab64
- f653abaab18c36ad20bfc369f2a87fd3
- shareDll64
- 7e40b08dc13256e67b4d94080f4d9a24
- networkDll64
- c9e79d2f60b6630116aaee9abb02a06f
- TRICKBOT CONFIG FILE
- serviceworker.txt
- e8e485ac450f7daac1dc7e245b52b8f9
- FIDDLER TRAFFIC CAPTURE
- http://bearcatpumps.com.cn/css/tolkio.php
- http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?0a882b783b913a3b
- http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?184cc342f3942d16
- http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?06cb81692939b5c4
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/5/kps/
- https://api.ipify.org/?format=text
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/0/Windows 7 x64 SP1/1103/104.140.52.99/B7E4CBA0AC3BFD329AB910D91B19E896CD3FC46BD43AB29ED7A447624A92BB20/RHEoK375rj75w4i8c4jzFbP/
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/14/user/analyst/0/
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/14/path/C:\Users\analyst\AppData\Roaming\InternetFreeDownloadManager2420202460\kiTDCSqy.dwn/0/
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/23/2000026/
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/14/DNSBL/not listed/0/
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/14/NAT status/client is behind NAT/0/
- https://190.119.167.154:447/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/5/pwgrab64/
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/5/dpost/
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/10/62/BRHJHVXVPLJHF/1/
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/64/pwgrab/VERS//
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/1/0CEi2SaSK2UUawMI/
- https://190.119.167.154:447/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/5/networkDll64/
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/64/pwgrab/DEBG//
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/64/networkDll/NETWORKDLL//
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/64/pwgrab/DPST//
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/10/62/498676/1/
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/63/networkDll/start///
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/1/ZfpWRo3y9CYJUP5mhsYzAPlSNc/
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/10/62/498678/1/
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/14/pwgrab/sTart pwgrab working/0/
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/1/37XXLjnvjJBF7hpdV5D1t/
- https://190.119.167.154:447/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/5/shareDll64/
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/10/62/498680/1/
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/63/shareDll/infect///
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/1/X3aZmjqEHORjwzwKXUXz25CQdah58FIa/
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/1/N6eGDam7vAIJRAxltgLTjXr/
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/1/fzvdjpP39DrVddHv15lLRV9n/
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/1/3LhVndDNXJ97PFt3Lzlv5rh/
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/1/Llnjh1nd9vB53JdvRlXNtfvln3NfBVD7/
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/1/BFrLVJ75FTHFTH53dRFDRBPNbPDB/
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/1/y0ckaASyoggo64u2UIaGKWowYM2Am/
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/1/LPt7fzRz9nJT1LnLZpft3hDNvFhFPjZ/
- https://186.195.199.238:449/rob16/WIN7PC_W617601.51CB3CF6B57C9F7F6675DC98BB8EBDFA/1/AAy1wBMETeZlwr6E9O/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement