2019-02-20 - QUICK POST: EMOTET TO ICEDID (BOKBOT) TO TRICKBOT

ASSOCIATED FILES:

• Zip archive of the infection traffic:  2019-02-20-Emotet-with-IcedID-and-Trickbot.pcap.zip   21.8 MB (21,783,224 bytes)
• Zip archive of the malware/artifacts:  2019-02-20-Emotet-IcedID-Trickbot-malware-and-artifacts.zip   35.3 MB (35,303,417 bytes)

NOTES:

• Zip archives are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.
• For more info, see the Crowdstrike blog post "Sin"-ful Spiders: WIZARD SPIDER and LUNAR SPIDER Sharing the Same Web

NETWORK PARAMETERS:

• Domain:  pelicanworks.info
• LAN segment:  10.2.20.0/24 (10.2.20.0 through 10.2.20.255)
• Domain Controller:  PELICANWORKS-DC at 10.2.20.2
• Gateway:  10.2.20.1
• Broadcast address:  10.2.20.255
• Windows client:  paulette.rhodes on RHODES-WIN-PC at 10.2.20.101

 

IMAGES

Shown above:  Flow chart for today's events.

 

Click here to return to the main page.