2018-03-28 - QUICK POST: TRICKBOT

ASSOCIATED FILES:

• 2018-03-28-Trickbot-malspam-1026-UTC.eml.zip   36 kB (35,967 bytes)

• 2018-03-28-Trickbot-malspam-1026-UTC.eml   (110,194 bytes)

• 2018-03-28-Trickbot-infection-traffic.pcap.zip   7.2 MB (7,206,491 bytes)

• 2018-03-28-Trickbot-infection-traffic.pcap   (8,416,503 bytes)

• 2018-03-28-malware-from-Trickbot-infection.zip   393 kB (394,036 bytes)

• 2018-03-28-Trickbot-binary.exe   (401,408 bytes)
• 2018-03-28-Trickbot-group_tag.txt   (16 bytes)
• 2018-03-28-Trickbot-infection-artifact-uujpatpowbat.txt   (349 bytes)
• 2018-03-28-Word-doc-with-macro-for-Trickbot.doc   (63,488 bytes)
• 2018-03-28-additional-malware-seen-during-Trickbot-infection.exe   (414,208 bytes)
• 2018-03-28-scheduled-task-for-Trickbot.txt   (3,742 bytes)

 

IMAGES

Shown above:  Traffic from the infection filtered in Wireshark.

 

Shown above:  Different filtering shows other post-infection IP addresses were contacted.

 

Shown above:  Trickbot malware persistent on the infected Windows host.

 

Shown above:  Additional malware persistent on the infected Windows host.

 

Click here to return to the main page.