2019-07-02 - QUICK POST: TRICKBOT INFECTION WITH COOKIESDLL64 MODULE
NOTICE:
- The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.
ASSOCIATED FILES:
- 2019-07-02-Trickbot-infection-with-CookiesDll-module.pcap.zip 15.4 MB (15,354,679 bytes)
- 2019-07-02-Trickbot-infection-with-CookiesDll-module.pcap (19,558,061 bytes)
- 2019-07-02-Trickbot-artifacts-with-CookiesDll-module.zip 12.4 MB (12,358,689 bytes)
- 2019-07-02-scheduled-task-for-Trickbot.xml.txt (3,800 bytes)
- mslibrary/GKtXp.exe (337,038 bytes)
- mslibrary/settings.ini (26,068 bytes)
- mslibrary/data/cookiesDll64 (1,076,528 bytes)
- mslibrary/data/cookiesDll64_configs/dpost (928 bytes)
- mslibrary/data/importDll64 (8,952,080 bytes)
- mslibrary/data/injectDll64 (467,392 bytes)
- mslibrary/data/injectDll64_configs/dinj (134,688 bytes)
- mslibrary/data/injectDll64_configs/dpost (928 bytes)
- mslibrary/data/injectDll64_configs/sinj (176 bytes)
- mslibrary/data/mailsearcher64 (28,336 bytes)
- mslibrary/data/mailsearcher64_configs/mailconf (224 bytes)
- mslibrary/data/networkDll64 (23,216 bytes)
- mslibrary/data/networkDll64_configs/dpost (928 bytes)
- mslibrary/data/NewBCtestnDll64 (19,120 bytes)
- mslibrary/data/NewBCtestnDll64_configs/bcconfig2 (304 bytes)
- mslibrary/data/psfin64 (22,192 bytes)
- mslibrary/data/psfin64_configs/dpost (928 bytes)
- mslibrary/data/pwgrab64 (1,304,928 bytes)
- mslibrary/data/pwgrab64_configs/dpost (928 bytes)
- mslibrary/data/systeminfo64 (21,168 bytes)
NOTES:
- The original Twitter thread is here.
Shown above: The new CookiesDll module for Trickbot seen in today's traffic.
Shown above: Traffic caused by the Trickbot's new CookiesDll module.
Click here to return to the main page.