2018-09-06 - DATA DUMP (EMOTET, HANCITOR, AND TRICKBOT)

EMOTET MALSPAM CAMPAIGN:

HANCITOR MALSPAM CAMPAIGN:

TRICKBOT MALSPAM CAMPAIGN - SPREAD FROM CLIENT TO DC - GTAG SER0906US (CLIENT) AND GTAG LIB305 (DC):

NOTES:

 

IMAGES:


Shown above:  Traffic from the Emotet infection filtered in Wireshark.

 


Shown above:  Traffic from the Hancitor infection filtered in Wireshark.

 


Shown above:  Traffic from the Trickbot infection filtered in Wireshark (spread from client to DC).

 


Shown above:  Using Wireshark to export Trickbot malware found in the SMB traffic.

 

Click here to return to the main page.