2018-07-16 - QUICK POST: EMOTET INFECTION WITH TRICKBOT (GTAG: MON1)

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2018-07-16-Emotet-infection-with-Trickbot.pcap.zip   15.5 MB (15,540,622 bytes)
• 2018-07-16-malware-from-Emotet-infection-with-Trickbot.zip   525 kB (524,761 bytes)

 

IMAGES

Shown above:  Word doc downloaded from link in Emotet malspam.

 

Shown above:  Infection traffic filtered in Wirehshark.

 

Shown above:  Registry values to keep both Emotet and Trickbot persistent on the infected Windows host.

 

Shown above:  Some of the Trickbot artifacts from today's infection.

 

Click here to return to the main page.