2020-06-10 - QUICK POST: TRICKBOT GTAG GI6 INFECTION IN AD ENVIRONMENT
- 2020-06-10-Trickbot-gtag-gi6-infection-traffic.pcap.zip 12.8 MB (12,840,706 bytes)
- 2020-06-10-Trickbot-gtag-gi6-malware-and-artifacts.zip 12.2 MB (12,199,053 bytes)
- This Trickbot infection happened in an Active Directory (AD) environment with a Domain Controller (DC).
- The infected Win7 client is at 10.6.10.197 (CINCINATTI-PC) and the DC is at 10.6.10.6 (2THUMBSUP-DC).
- The DC was infected through Trickbots "nworm" module.
- For some background on nworm, see: Goodbye Mworm, Hello Nworm: TrickBot Updates Propagation Module.
- Click on any of the below images for a higher-resolution view of the image.
- This was originally reported by @abuse_ch as part of a malspam campaign using Black Lives Matter-themed emails to push Trickbot (link to tweet).
- All zip archives on this site are password-protected with the standard password. If you don't know it, see the "about" page of this website.
Click here to return to the main page.