2020-06-16 - TRICKBOT GTAG ONO47 INFECTION
- 2020-06-16-IOCs-for-Trickbot-gtag-ono47.txt.zip 1.3 kB (1,332 bytes)
- 2020-06-16-Trickbot-gtag-ono47-infection-traffic.pcap.zip 3.7 MB (3,668,025 bytes)
- 2020-06-16-malware-and-artifacts-for-Trickbot-gtag-ono47-infection.zip 4.3 MB (4,315,910 bytes)
- All zip archives on this site are password-protected with the standard password. If you don't know it, see the "about" page of this website.
Shown above: Screenshot from one of the spreadsheets with macros for Trickbot.
Shown above: HTTPS traffic used to retrieve a Windows EXE for Trickbot.
Shown above: Initial location of Trickbot EXE on the infected Windows host.
Shown above: Final location of Trickbot EXE on the infected Windows host.
Shown above: Scheduled task to keep Trickbot persistent.
Shown above: Traffic from an infection filtered in Wireshark.
Click here to return to the main page.