2018-04-16 - QUICK POST: TRICKBOT MALSPAM AND TRAFFIC

Zip archives are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

NOTES:

 

IMAGES


Shown above:  Screenshot of the email.

 


Shown above:  Opening the attached file on a vulnerable Windows host.

 


Shown above:  Traffic from an infection filtered in Wireshark.

 


Shown above:  Artifacts found on the infected Windows host (1 of 2).

 


Shown above:  Artifacts found on the infected Windows host (2 of 2).

 


Shown above:  Scheduled task to ensure persistence on the infected Windows host.

 

Click here to return to the main page.