Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT IDENTIFICATION: TRICKBOT
- TRICKBOT GTAG
- gtag: rob50
- SUBJECTS OBSERVED
- Here’s your invoice (76897)
- SENDERS OBSERVED
- ed2units020a@dhiservices.com
- MALDOC FILE HASHES
- inv_872895176_1700788183.xls
- 7f9db9d6085249928deb6dde9625f4bb
- TRICKBOT PAYLOAD URLS
- http://hometownchick.com/patron/ibufen.php
- TRICKBOT PAYLOAD FILE HASHES
- popmddj.dblo
- de63e7e3da96f915446dff531a4c09dc
- TRICKBOT C2
- https://36.95.27.243
- TRICKBOT ADDITIONAL DOWNLOADS
- http://91.200.101.3/images/redbutton.png
- TRICKBOT ADDITIONAL FILE HASHES
- redbutton.png
- 49d503b1e59dc38764cc747a8affd15d
- ADDITIONAL TRICKBOT MODULES
- shareDll64
- 9b75fadae3d4fc4e70e751b71616c33e
- tabDll64
- 2f0f6ffc6e71c2b132b613e3a8f6ab80
- wormDll64
- f021d817c5c6cd89d835507c4839fe6b
- networkDll64
- c9e79d2f60b6630116aaee9abb02a06f
- SUPPORTING EVIDENCE
- https://urlhaus.abuse.ch/url/1105162/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
