2018-06-26 - QUICK POST: TRICKBOT INFECTION TRAFFIC
ASSOCIATED FILES:
- 2018-06-26-Trickbot-malspam-example-1035-UTC.txt.zip 43.3 kB (43,315 bytes)
- 2018-06-26-Trickbot-infection-traffic.pcap.zip 18.2 MB (18,214,389 bytes)
- 2018-06-26-Trickbot-infection-malware-and-artifacts.zip 302 kB (302,668 bytes)
NOTES:
- All zip archives on this site are password-protected with a standard password. If you don't know it, see the "about" page of this website.
- This infection was generated in an Active Directory environment. The network parameters are:
- LAN segment: 172.16.9.0/24
- Gateway: 172.16.9.1
- Broadcast address: 172.16.9.255
- Domain controller IP address: 172.16.9.4
- Domain controller host name: BRISKETHOUSE-DC
- Domain name: briskethouse.net
- Windows client IP address: 172.16.5.217
- Windows client host name: Scarlet-Win-PC
- Windows client user account name: alonso.beckwith
Shown above: Email headers from an example of Trickbot malspam.
Shown above: Traffic from an infection filtered in Wireshark.
Shown above: Malware and artifacts located on an infected Windows host.
Shown above: Example of login credentials from the browser cache sent out by an infected Windows host.
Shown above: Example of URL history from the browser cache sent out by an infected Windows host.
Click here to return to the main page.