2018-07-16 - QUICK POST: EMOTET INFECTION WITH TRICKBOT (GTAG: MON1)

ASSOCIATED FILES:

 

IMAGES


Shown above:  Word doc downloaded from link in Emotet malspam.

 


Shown above:  Infection traffic filtered in Wirehshark.

 


Shown above:  Registry values to keep both Emotet and Trickbot persistent on the infected Windows host.

 


Shown above:  Some of the Trickbot artifacts from today's infection.

 

FINAL NOTES

Once again, here are the associated files:

Zip archives are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.