2019-02-20 - QUICK POST: EMOTET TO ICEDID (BOKBOT) TO TRICKBOT
ASSOCIATED FILES:
- Zip archive of the infection traffic: 2019-02-20-Emotet-with-IcedID-and-Trickbot.pcap.zip 21.8 MB (21,783,224 bytes)
- Zip archive of the malware/artifacts: 2019-02-20-Emotet-IcedID-Trickbot-malware-and-artifacts.zip 35.3 MB (35,303,417 bytes)
NOTES:
- Zip archives are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
- For more info, see the Crowdstrike blog post "Sin"-ful Spiders: WIZARD SPIDER and LUNAR SPIDER Sharing the Same Web
NETWORK PARAMETERS:
- Domain: pelicanworks.info
- LAN segment: 10.2.20.0/24 (10.2.20.0 through 10.2.20.255)
- Domain Controller: PELICANWORKS-DC at 10.2.20.2
- Gateway: 10.2.20.1
- Broadcast address: 10.2.20.255
- Windows client: paulette.rhodes on RHODES-WIN-PC at 10.2.20.101
IMAGES
Shown above: Flow chart for today's events.
Click here to return to the main page.