Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT IDENTIFICATION: TRICKBOT
- TRICKBOT GTAG
- rob13
- SUBJECTS OBSERVED
- DocuSign: Equipment # 23345
- DocuSign: Equipment # 23858
- DocuSign: Equipment # 66844
- SENDERS OBSERVED
- crystal@buddysroofing.com
- erin.bruyere@familytreatment.ca
- MALDOC FILE HASHES
- DocuSign_1172656286_1046320036.xls
- 0005d7d793f8bdde9eb8f9cbe753929a
- DocuSign_191043083_1949587583.xls
- 963adbac37cb5704704e716f12986b7b
- DocuSign_1157143460_2013384555.xls
- c8f01b787d5aa47c0524282655e0915d
- DocuSign_695116892_1420962722.xls
- f7154025eaba7b56a412783ae980fdad
- TRICKBOT PAYLOAD FILE HASHES
- 8.xxls
- 5ed8ba344e7e14a158994bccc1d96882
- TRICKBOT PAYLOAD URLS
- https://destinostumundo.com/layout/recruter.php
- TRICKBOT C2
- http://134.119.186.201:443
- http://169.239.45.42:449
- http://195.123.241.195:443
- http://85.204.116.134:443
- http://92.242.214.203:449
- http://94.158.245.54:443
- SUPPORTING EVIDENCE
- https://urlhaus.abuse.ch/url/1016269/
- https://tria.ge/210217-5461xvx1en
- https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+gtag+rob13/27112/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement