2021-05-05 Trickbot IOCs

1. THREAT IDENTIFICATION: TRICKBOT
2.  
3. TRICKBOT GTAG
4. gtag: rob72
5.  
6. SUBJECTS OBSERVED
7. [#TN#9217724#GEN
8.  
9. SENDERS OBSERVED
10. [email protected]
11.  
12. MALDOC FILE HASHES
13. 3128117926_1127128272.xlsm
14. 031bb042ecdda96d89ea759c79f45261
15.  
16. TRICKBOT PAYLOAD FILE HASHES
17. Nioka.meposv
18. af770c0cf74689a62e0339e59ade60fd
19.  
20. image2.bmp
21. 98e7b944113b0a9d26ed50909e4d30bc
22.  
23. TRICKBOT MODULE FILE HASHES
24. tabDll64
25. 98173c732d2dbe14a1327a652046738c
26.  
27. wormDll64
28. 65157248a7e65d45067cb495870d032b
29.  
30. networkDll64
31. c9e79d2f60b6630116aaee9abb02a06f
32.  
33. shareDll64
34. e126d5fc4a4d20925ebd7e5bcdc0d16a
35.  
36. ADDITIONAL DOWNLOADS
37. http://192.119.171.206/images/redbutton.png
38. http://192.119.171.206/images/cutscroll.png
39. http://192.119.171.206/ico/viodifot
40.  
41. ADDITIONAL FILE HASHES
42. cutscroll.png
43. f22cedaec475d7a55b5464cb2858fa56
44.  
45. redbutton.png
46. 0eb145602076b0b5bc1d5f319f847ecd
47.  
48. viodifot
49. 88263ba0eb7638901f5668f3625c60de
50.  
51. TRICKBOT C2s
52. http://103.102.220.50:443
53. http://5.202.120.150:443
54. http://36.95.27.243:443
55.