2017-09-18 - TRICKBOT INFECTION

NOTICE:

ASSOCIATED FILES:

  • 2017-09-18-Trickbot-infection-traffic.pcap   (2,012,719 bytes)
  • 2017-09-18-Trickbot-malspam-1307-UTC.eml   (125,866 bytes)
  • natwest12053922350652_21256.doc   (91,136 bytes)
  • ovlvfsdboimz.bat.txt   (340 bytes)
  • udyk.exe   (528,384 bytes)

 

ASSOCIATED BLOG POST:

 

EMAIL


Shown above:  Screenshot from an email seen on 2017-09-18.

 

EMAIL HEADER INFORMATION:

 


Shown above:  Malicious Word document attached to the email.

 

TRAFFIC


Shown above:  Traffic from the infection filtered in Wireshark.

 

URLS FROM THE WORD DOCUMENT TO DOWNLOAD TRICKBOT:

TRICKBOT POST-INFECTION TRAFFIC:

 

MALWARE

WORD DOCUMENT ATTACHED TO THE EMAIL:

FOLLOW-UP MALWARE (TRICKBOT):

 

Click here to return to the main page.