• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Malspam Campaigns Spreading Dridex Banking Trojan
November 20, 2019
Rewterz Threat Advisory – Linux Webmin Servers Being Attacked by New P2P Roboto Botnet
November 21, 2019

Rewterz Threat Alert – Trickbot Info-Stealer Active Infection Campaigns – IoCs

November 20, 2019

Severity

High

Analysis Summary

TRICKBOT is an info-stealer banking trojan which has been used in multiple malspam campaigns for a while. The trojan is capable of stealing credentials, moving laterally, stealing data and providing remote access to malicious threat actors. Indicators of compromise have been retrieved from most recent campaigns dropping the Trickbot malware.

Impact

  • Information Disclosure
  • Credential Theft
  • Unauthorized Remote Access

Indicators of Compromise

MD5

  • da77fae2b9245ff7fd1ff5e097094421
  • 4c28c31537491782f4fd72c6c981b422
  • 4ca2e41f6336c9a1a91567939538ed4e
  • c7d7d5282b1f50074bd83e534115eff0
  • 290583efdf6f8ac36f56c2dfe5efc958
  • e48450e526ff57dae1c28f540352d37b
  • f892b36774517ef25355345c9a152dc9
  • c09a4bbb16553d4e0ad88315ff6a46b4
  • 296ea4976390a4469cd495b85ca9c983
  • c20b04b9ea7d91eaa1027c33d0c81a15
  • 1fd71bbb44a264412e53263ee94e60aa
  • 54ce54fca50b62ac0f7fcd84822a3923
  • 3f82a50d04cdd43eb9b9432bcd3ab8a3
  • f16242c00a9d8718170e682d0b828ca6

SHA-256

  • af72ea0349dc0e1cd9f6c6a3f3bd58fa828ec14d59d60b8713252773c5751d52
  • 5a57b2831babc7bfab809923cacbe7bd4e0d663c4015f528458dde68c5a87251
  • 102c007ae1c5d31265fcb60fd14eb1f0aebad9e3daa3ecab6761fb4d3e84d3d6
  • 98ef4070cb18c7ec28d51d4e5906b9d9ac92ffda12ba4b99c61c6eeb0b567198
  • 0bfc771e5ad57d72158965483fafea2869bd8a7f489d0fd09303290473a8eb0a
  • 6a5de7693e48934a8060ecd1f6fc94d0931a6cf51c60130a1083319b0df0f58c
  • 457f8a035d1b5af45ca04ad0d51a6083cc393ae46847675120f7daa2b35cd08c
  • dd708991d246f56ec4978a14d7a997fd32ed6b8a6f882db19e57fde0b28e56ae
  • 1d6d0b88eef7d224714ad936370173e620a12100f0a49716a2cfeb6b5da6fae0
  • 827cf33f7ef0754b6801277050df0e78b644d42a8010e7c9fcc213baa86493c6
  • 9987ce69eef1fe17de63b11e089c268f3d4b85d174f35f09294d74f76824e669
  • 4995334f4ac0ec8ec725a3b91c54662dc1c2307d5c7747b6494dec0890390026
  • 9b7277765e7fd185fb1fb1e4297bc581e298be0d6eb6d9c3cb446b7733b7a14b
  • aef76e35056eabd7a4aad30fd870fc90468e48bc53b5011fd2e8368391ae4353

SHA1

  • f9a5ddc87b0e07eba73ec6b4c8e469e0a962371d
  • 57f1db1723e6b8fa979ea04c53699b3600986783
  • 8af62136bc3929f19848d7e3af54ab149ea058f1
  • 8113be44d81cf6ecf40b8580234ea00972a01daf
  • 1f76c4fa1459a42b4b82d1ec83b3ee702ef9dafb
  • 1e8da0d7c66d3cf6c57a2d92a42045227dccadc1
  • b14357269fadb46062ed92646ab8f5cd2bd07722
  • db6324fc3926cc74c40070dafd4fb3d1d290bec0
  • 05f8915d7de5a5a61da5d9ee755c652116ac0224
  • fdb9ac2a1602a2d0d188c575b8b6ccce8603cc6d
  • 7b40375081d919d9ae78f9b3ea09d2157f42f213
  • 9848fc5c469aa15ea43b7e7d3beef9ca83cfe64e
  • a1e514792ec8e547582ed7b407ec4a0a2f10f308
  • 2348ecc16c768a1e82f29d9e1abae0dbcb57a1f1

Remediation

  • Block the threat indicators at their respective controls.
  • Do not download files/click on URLs attached in untrusted emails.
  • Do not enable macros for untrusted files.
  • Do not download files/software from random sources on the internet.
  • Keep all systems and software updated to latest patched versions.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.