2021-01-04 (MONDAY) - EMOTET EPOCH 2 INFECTION WITH TRICKBOT GTAG MOR9

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES

• 2021-01-04-IOCs-with-Emotet-with-Trickbot.txt.zip   1.6 kB   (1,609 bytes)

• 2021-01-04-IOCs-with-Emotet-with-Trickbot.txt   (3,014 bytes)

• 2021-01-04-Emotet-infection-with-Trickbot-traffic.pcap.zip   4.4 MB   (4,447,996 bytes)

• 2021-01-04-Emotet-infection-with-Trickbot-traffic.pcap   (5,413,308 bytes)

• 2021-01-04-malware-and-artifacts-from-Emotet-infection-with-Trickbot.zip   800 kB   (800,080 bytes)

• 2021-01-04-Emotet-DLL-file.bin   (436,224 bytes)
• 2021-01-04-Word-doc-with-macros-for-Emotet.bin   (165,719 bytes)
• 2021-01-04-registry-update-for-Emotet.txt   (744 bytes)
• 2021-01-04-scheduled-task-for-Trickbot.txt   (3,386 bytes)
• fullcombo1541455676\SecurityPreloadState.txt   (14,504 bytes)
• fullcombo1541455676\launcher.bat   (1,493 bytes)
• fullcombo1541455676\zvnxrohlqhnp.exe   (684,117 bytes)

 

IMAGES

Shown above:  Traffic from the infection filtered in Wireshark.  Click on the above for a higher-resolution image.

 

Click here to return to the main page.