2018-03-28 - QUICK POST: TRICKBOT MALSPAM

ASSOCIATED FILES:

  • 2018-03-28-Trickbot-malspam-1026-UTC.eml   (110,194 bytes)
  • 2018-03-28-Trickbot-malspam-infection-traffic.pcap   (8,416,503 bytes)
  • 2018-03-28-Trickbot-binary.exe   (401,408 bytes)
  • 2018-03-28-Trickbot-group_tag.txt   (16 bytes)
  • 2018-03-28-Trickbot-infection-artifact-uujpatpowbat.txt   (349 bytes)
  • 2018-03-28-Word-doc-with-macro-for-Trickbot.doc   (63,488 bytes)
  • 2018-03-28-additional-malware-seen-during-Trickbot-infection.exe   (414,208 bytes)
  • 2018-03-28-scheduled-task-for-Trickbot.txt   (3,742 bytes)

NOTES:

 

IMAGES


Shown above:  Traffic from the infection filtered in Wireshark.

 


Shown above:  Different filtering shows other post-infection IP addresses were contacted.

 


Shown above:  Trickbot malware persistent on the infected Windows host.

 


Shown above:  Additional malware persistent on the infected Windows host.

 

FINAL NOTES

Zip archives are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

 

Click here to return to the main page.