2019-01-22 - QUICK POST: EMOTET + TRICKBOT, ICEDID (BOKBOT), OR GOOTKIT

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2019-01-22-Emotet-malspam-5-email-examples.zip   141 kB (141,150 bytes)

• 2019-01-22-1st-run-Emotet-infection-with-Trickbot.pcap.zip   4.5 MB (4,523,187 bytes)
• 2019-01-22-1st-run-Emotet-and-Trickbot-malware.zip   566 kB (566,224 bytes)

• 2019-01-22-2nd-run-Emotet-infection-with-IcedID.pcap.zip   2.2 MB (2,173,278 bytes)
• 2019-01-22-2nd-run-Emotet-and-IceID-malware.zip   493 kB (493,349 bytes)

• 2019-01-22-3rd-run-Emotet-infection-with-Gootkit.pcap.zip   5.4 MB (5,447,373 bytes)
• 2019-01-22-3rd-run-Emotet-and-Gootkit-malware.zip   589 kB (589,131 bytes)

 

Shown above:  Flow chart for today's Emotet infections.

 

Shown above:  Traffic from the first infection filtered in Wireshark.

 

Shown above:  Traffic from the second infection filtered in Wireshark.

 

Shown above:  Traffic from the third infection filtered in Wireshark.

 

Click here to return to the main page.