2018-12-07 - NEW TRICKBOT MODULES BCCLIENTDLLTESTTEST64 AND NEWBCTESTNDLL64

ASSOCIATED FILES:

 

NOTES:

 

IMAGES:


Shown above:  Traffic from the infection filtered in Wireshark.

 


Shown above:  Traffic possibly related to socks5systemz.

 


Shown above:  More traffic possibly related socks5systemz, where it looks like my DC is being used as a proxy to browse something.

 


Shown above:  Some alerts from the EmergingThreats Pro ruleset on Security Onion using Suricata.

 


Shown above:  New modules seen on the infected DC (new to me, at least).

 

Click here to return to the main page.