Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT ATTRIBUTION: TRICKBOT
- SUBJECTS OBSERVED
- DocuSign Please.
- SENDERS OBSERVED
- xumi05701@maia.eonet.ne.jp
- MALDOC FILE HASHES
- Documents_426352811_571431978.xls
- 6099cc9b417f2902e0c01e52bd0c3a16
- TRICKBOT PAYLOAD URLS
- https://jrfastener.com/netmount.dll
- TRICKBOT PAYLOAD FILE HASHES
- isnsondlk.ksu
- 3f3cb269876273534664a5d37118de14
- TRICKBOT GTAG
- gtag: net5
- TRICKBOT MODULE FILE HASHES
- networkDll64
- c9e79d2f60b6630116aaee9abb02a06f
- shareDll64
- 75356318504e259a5930fb84105507ce
- tabDll64
- 86d2499559223eb57d1b6ec878c7c30d
- wormDll64
- 401deb42f30a0aa6d6add840f921bb29
- ADDITIONAL DOWNLOADS
- http://23.160.193.91/images/redbutton.png
- http://23.160.193.91/images/cutscroll.png
- ADDITIONAL FILE HASHES
- redbutton.png
- 53e9a0d31d13590a26485e4ed5f2774c
- cutscroll.png
- bc0fda0c6d368d4bbebee5f392b1b404
- TRICKBOT C2s
- https://154.79.251.172:443
- https://103.124.173.35:443
- https://103.66.72.217:443
- https://131.0.112.122:443
- https://117.54.250.246:443
- POST TRAFFIC
- http://36.95.27.243:443/net5/WIN7PC_W617601.65B7FDBB55EDD8897BF95BD390FB3852/90
- http://5.202.120.150:443/net5/WIN7PC_W617601.65B7FDBB55EDD8897BF95BD390FB3852/90
- http://103.102.220.50:443/net5/WIN7PC_W617601.65B7FDBB55EDD8897BF95BD390FB3852/90
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement