2018-05-25 - QUICK POST: TRICKBOT

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2018-05-25-Trickbot-malspam-1143-UTC.eml.zip   30 kB (29,933 bytes)
• 2018-05-25-Trickbot-infection-traffic.pcap.zip   5.4 MB (5,406,888 bytes)
• 2018-05-25-malware-and-artifacts-from-Trickbot-infection.zip   459 kB (458,685 bytes)

NOTES:

• Not much different than yesterday.
• Today I just did a regular infection run on a single Windows host (no Active Directory environment).
• My Online Security first blogged about today's Trickbot malspam here.

 

Shown above:  Infection traffic filtered in Wireshark.

 

Click here to return to the main page.