2020-04-20 - QUICK POST: TRICKBOT GTAG ONO38 INFECTION

ASSOCIATED FILES:

  • 2020-04-17-malspam-pushing-Trickbot-gtag-ono38-1840-UTC.eml   (325,609 bytes)
  • 2020-04-20-Trickbot-gtag-ono38-infection-traffic.pcap   (13,131,659 bytes)
  • 2020-04-17-password-protected-XLS-file-with-macro-for-Trickbot.bin   (236,544 bytes)
  • 2020-04-20-scheduled-task-to-keep-Trickbot-persistent.txt   (3,180 bytes)
  • CmdValidate/MIwRHxM.exe   (459,278 bytes)
  • CmdValidate/settings.ini   (48,923 bytes)
  • CmdValidate/data/importDll64   (7,696,128 bytes)
  • CmdValidate/data/injectDll64   (410,560 bytes)
  • CmdValidate/data/injectDll64_configs/dinj   (13,936 bytes)
  • CmdValidate/data/injectDll64_configs/sinj   (1,456 bytes)
  • CmdValidate/data/injectDll64_configs/dpost   (176 bytes)
  • CmdValidate/data/networkDll64   (58,192 bytes)
  • CmdValidate/data/networkDll64_configs/dpost   (1,456 bytes)
  • CmdValidate/data/nwormDll64   (27,376 bytes)
  • CmdValidate/data/pwgrab64   (1,084,784 bytes)
  • CmdValidate/data/pwgrab64_configs/dpost   (1,456 bytes)

NOTES:

 

Click here to return to the main page.