mirror of
https://github.com/vuldb/cyber_threat_intelligence
synced 2024-07-03 08:58:21 +00:00
| .. | ||
| README.md | ||
TrickBot - Cyber Threat Intelligence
These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as TrickBot. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.
Live data and more analysis capabilities are available at https://vuldb.com/?actor.trickbot
Campaigns
The following campaigns are known and can be associated with TrickBot:
- AnchorMail
- Bitzlato
Countries
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with TrickBot:
There are 10 more country items available. Please use our online service to access the data.
IOC - Indicator of Compromise
These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of TrickBot.
| ID | IP address | Hostname | Campaign | Confidence |
|---|---|---|---|---|
| 1 | 3.130.204.160 | ec2-3-130-204-160.us-east-2.compute.amazonaws.com | Bitzlato | Medium |
| 2 | 3.131.233.90 | ec2-3-131-233-90.us-east-2.compute.amazonaws.com | Bitzlato | Medium |
| 3 | 3.209.171.143 | ec2-3-209-171-143.compute-1.amazonaws.com | - | Medium |
| 4 | 3.217.175.153 | ec2-3-217-175-153.compute-1.amazonaws.com | - | Medium |
| 5 | 3.224.145.145 | ec2-3-224-145-145.compute-1.amazonaws.com | - | Medium |
| 6 | 3.231.23.10 | ec2-3-231-23-10.compute-1.amazonaws.com | - | Medium |
| 7 | 5.1.81.68 | mx4.tarifvergleichbhv.net | - | High |
| 8 | 5.2.70.145 | merlinsbeard.co.uk | - | High |
| 9 | 5.2.72.84 | cipixia.com | - | High |
| 10 | 5.2.75.93 | - | - | High |
| 11 | 5.2.75.137 | - | - | High |
| 12 | 5.2.75.167 | coms.a9v34.com.cn | - | High |
| 13 | 5.2.76.122 | mx3.ximple.eu | - | High |
| 14 | 5.2.78.118 | - | - | High |
| 15 | 5.34.177.50 | unallocated.layer6.net | - | High |
| 16 | 5.34.178.126 | yhlas111410.pserver.ru | - | High |
| 17 | 5.39.47.22 | mail.dmgs.site | - | High |
| 18 | 5.53.124.49 | dgbtechnologies.com | - | High |
| 19 | 5.59.205.32 | dhcp-32-205-59-5.metro86.ru | - | High |
| 20 | 5.79.68.107 | - | Bitzlato | High |
| 21 | 5.79.68.108 | - | Bitzlato | High |
| 22 | 5.79.68.109 | - | Bitzlato | High |
| 23 | 5.79.68.110 | - | Bitzlato | High |
| 24 | 5.133.179.108 | 5-133-179-108.freeucouponsnow.ru | - | High |
| 25 | 5.149.253.99 | - | - | High |
| 26 | 5.152.175.57 | - | - | High |
| 27 | 5.182.210.30 | realestatepromotion.ru | - | High |
| 28 | 5.182.210.109 | - | - | High |
| 29 | 5.182.210.132 | - | - | High |
| 30 | 5.182.210.178 | mail.rainingdreams.to | - | High |
| 31 | 5.182.210.226 | - | - | High |
| 32 | 5.182.210.230 | - | - | High |
| 33 | 5.182.210.246 | - | - | High |
| 34 | 5.182.210.254 | n01-nlam.kdktech.com | - | High |
| 35 | 5.182.211.44 | - | - | High |
| 36 | 5.196.247.14 | ip14.ip-5-196-247.eu | - | High |
| 37 | 5.199.173.152 | - | - | High |
| 38 | 5.230.22.40 | - | - | High |
| 39 | 5.255.96.217 | vps11.host1.be | - | High |
| 40 | 5.255.96.218 | - | - | High |
| 41 | 8.247.119.126 | - | - | High |
| 42 | 8.253.38.248 | - | - | High |
| 43 | 8.253.140.118 | - | - | High |
| 44 | 8.253.141.249 | - | - | High |
| 45 | 8.253.154.236 | - | - | High |
| 46 | 13.107.21.200 | - | - | High |
| 47 | 14.241.244.60 | - | - | High |
| 48 | 18.213.79.189 | ec2-18-213-79-189.compute-1.amazonaws.com | - | Medium |
| 49 | 18.213.250.117 | ec2-18-213-250-117.compute-1.amazonaws.com | Bitzlato | Medium |
| 50 | 18.215.128.143 | ec2-18-215-128-143.compute-1.amazonaws.com | Bitzlato | Medium |
| 51 | 18.233.90.151 | ec2-18-233-90-151.compute-1.amazonaws.com | - | Medium |
| 52 | 23.3.13.88 | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High |
| 53 | 23.3.13.154 | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High |
| 54 | 23.3.125.111 | a23-3-125-111.deploy.static.akamaitechnologies.com | - | High |
| 55 | 23.19.31.135 | - | - | High |
| 56 | 23.19.227.147 | - | - | High |
| 57 | 23.20.220.174 | ec2-23-20-220-174.compute-1.amazonaws.com | - | Medium |
| 58 | 23.20.239.12 | ec2-23-20-239-12.compute-1.amazonaws.com | Bitzlato | Medium |
| 59 | 23.21.27.29 | ec2-23-21-27-29.compute-1.amazonaws.com | - | Medium |
| 60 | 23.21.48.44 | ec2-23-21-48-44.compute-1.amazonaws.com | - | Medium |
| 61 | 23.21.121.219 | ec2-23-21-121-219.compute-1.amazonaws.com | - | Medium |
| 62 | 23.21.252.4 | ec2-23-21-252-4.compute-1.amazonaws.com | - | Medium |
| 63 | 23.23.83.153 | ec2-23-23-83-153.compute-1.amazonaws.com | - | Medium |
| 64 | 23.23.243.154 | ec2-23-23-243-154.compute-1.amazonaws.com | - | Medium |
| 65 | 23.46.150.43 | a23-46-150-43.deploy.static.akamaitechnologies.com | - | High |
| 66 | 23.46.150.58 | a23-46-150-58.deploy.static.akamaitechnologies.com | - | High |
| 67 | 23.46.150.81 | a23-46-150-81.deploy.static.akamaitechnologies.com | - | High |
| 68 | 23.62.6.161 | a23-62-6-161.deploy.static.akamaitechnologies.com | - | High |
| 69 | 23.62.6.170 | a23-62-6-170.deploy.static.akamaitechnologies.com | - | High |
| 70 | 23.94.70.12 | 23-94-70-12-host.colocrossing.com | - | High |
| 71 | 23.94.233.210 | 23-94-233-210-host.colocrossing.com | - | High |
| 72 | 23.95.97.59 | 23-95-97-59-host.colocrossing.com | - | High |
| 73 | 23.95.231.187 | 23-95-231-187-host.colocrossing.com | - | High |
| 74 | 23.96.30.229 | - | - | High |
| 75 | 23.160.192.125 | unknown.ip-xfer.net | - | High |
| 76 | 23.160.193.106 | unknown.ip-xfer.net | - | High |
| 77 | 23.202.231.166 | a23-202-231-166.deploy.static.akamaitechnologies.com | - | High |
| 78 | 23.202.231.167 | a23-202-231-167.deploy.static.akamaitechnologies.com | Bitzlato | High |
| 79 | 23.217.138.107 | a23-217-138-107.deploy.static.akamaitechnologies.com | - | High |
| 80 | 23.217.138.108 | a23-217-138-108.deploy.static.akamaitechnologies.com | Bitzlato | High |
| 81 | 24.162.214.166 | cpe-24-162-214-166.elp.res.rr.com | - | High |
| 82 | 27.72.107.215 | dynamic-adsl.viettel.vn | - | High |
| 83 | 27.147.173.227 | 173.227.cetus.link3.net | - | High |
| 84 | 30.10.121.157 | - | - | High |
| 85 | 31.31.204.59 | cluster25.reg.ru | Bitzlato | High |
| 86 | 31.31.204.61 | parking.reg.ru | Bitzlato | High |
| 87 | 31.131.21.184 | - | - | High |
| 88 | 31.131.26.122 | - | - | High |
| 89 | 31.134.60.181 | 31-134-60-181.telico.pl | - | High |
| 90 | 31.134.124.90 | - | - | High |
| 91 | 31.172.177.90 | poczta.mp-lift.pl | - | High |
| 92 | 31.184.253.6 | - | - | High |
| 93 | 31.184.253.37 | models9.vixgrafica.de | - | High |
| 94 | 31.202.132.22 | - | - | High |
| 95 | 31.211.85.110 | - | - | High |
| 96 | 31.214.138.207 | f0a4213918138.rev.snt.net.pl | - | High |
| 97 | 31.220.16.53 | - | Bitzlato | High |
| 98 | 34.117.59.81 | 81.59.117.34.bc.googleusercontent.com | - | Medium |
| 99 | 34.160.111.145 | 145.111.160.34.bc.googleusercontent.com | - | Medium |
| 100 | 34.192.250.175 | ec2-34-192-250-175.compute-1.amazonaws.com | - | Medium |
| 101 | 34.196.181.158 | ec2-34-196-181-158.compute-1.amazonaws.com | - | Medium |
| 102 | 34.198.132.204 | ec2-34-198-132-204.compute-1.amazonaws.com | - | Medium |
| 103 | 34.233.102.38 | ec2-34-233-102-38.compute-1.amazonaws.com | - | Medium |
| 104 | 36.37.176.6 | - | - | High |
| 105 | 36.66.115.180 | - | - | High |
| 106 | 36.66.188.251 | - | - | High |
| 107 | 36.89.85.103 | - | - | High |
| 108 | 36.89.106.69 | - | - | High |
| 109 | 36.89.191.119 | - | - | High |
| 110 | 36.89.193.181 | - | - | High |
| 111 | 36.89.193.235 | - | - | High |
| 112 | 36.89.228.201 | - | - | High |
| 113 | 36.89.243.241 | - | - | High |
| 114 | 36.91.45.10 | - | - | High |
| 115 | 36.91.87.227 | - | - | High |
| 116 | 36.91.88.164 | - | - | High |
| 117 | 36.91.117.231 | - | - | High |
| 118 | 36.91.186.235 | - | - | High |
| 119 | 36.94.27.124 | - | - | High |
| 120 | 36.94.33.102 | - | - | High |
| 121 | 36.94.100.202 | - | - | High |
| 122 | 36.95.23.89 | - | - | High |
| 123 | 36.95.27.243 | - | - | High |
| 124 | 37.7.123.244 | apn-37-7-123-244.dynamic.gprs.plus.pl | - | High |
| 125 | 37.44.212.179 | - | - | High |
| 126 | 37.44.212.216 | - | - | High |
| 127 | 37.48.65.136 | - | Bitzlato | High |
| 128 | 37.48.65.143 | - | Bitzlato | High |
| 129 | 37.48.65.145 | - | Bitzlato | High |
| 130 | 37.48.65.148 | - | Bitzlato | High |
| 131 | 37.48.65.149 | - | Bitzlato | High |
| 132 | 37.48.65.150 | - | Bitzlato | High |
| 133 | 37.48.65.151 | - | Bitzlato | High |
| 134 | 37.48.65.152 | - | Bitzlato | High |
| 135 | 37.48.65.153 | - | Bitzlato | High |
| 136 | 37.48.65.154 | - | Bitzlato | High |
| 137 | 37.48.65.155 | - | Bitzlato | High |
| 138 | 37.59.183.142 | - | - | High |
| 139 | 37.228.70.134 | - | - | High |
| 140 | 37.228.117.146 | metobor.ru | - | High |
| 141 | 37.228.117.250 | janome.ru | - | High |
| 142 | 37.230.112.146 | audiotop.ru | - | High |
| 143 | 37.230.114.93 | admin1.fvds.ru | - | High |
| 144 | 37.230.114.248 | kosmolot.com | - | High |
| 145 | 37.230.115.129 | dvcarry.fvds.ru | - | High |
| 146 | 37.230.115.133 | wdai.io | - | High |
| 147 | 37.230.115.138 | i2.com | - | High |
| 148 | 37.230.115.171 | geobrox.com | - | High |
| 149 | 37.230.115.184 | 21922vdscom.com | - | High |
| 150 | 38.132.99.174 | - | - | High |
| 151 | 41.77.134.250 | cliente6386477933.clubnet.mz | - | High |
| 152 | 41.175.22.226 | - | - | High |
| 153 | 41.243.29.182 | 182-29-243-41.r.airtel.cd | - | High |
| 154 | 43.245.216.116 | - | - | High |
| 155 | 45.5.152.39 | - | - | High |
| 156 | 45.6.16.68 | - | - | High |
| 157 | 45.14.226.115 | - | - | High |
| 158 | 45.36.99.184 | cpe-45-36-99-184.triad.res.rr.com | - | High |
| 159 | 45.66.11.116 | vm1488716.2ssd.had.wf | - | High |
| 160 | 45.77.55.61 | 45.77.55.61.vultrusercontent.com | Bitzlato | High |
| 161 | 45.80.148.30 | - | - | High |
| 162 | 45.89.127.92 | - | - | High |
| 163 | 45.115.172.105 | - | - | High |
| 164 | 45.125.1.34 | 45.125.1.34.static.xtom.hk | - | High |
| 165 | 45.127.222.8 | - | - | High |
| 166 | 45.137.151.198 | ourdiaspora.net | - | High |
| 167 | 45.138.158.32 | - | - | High |
| 168 | 45.142.213.58 | vm372119.pq.hosting | - | High |
| 169 | 45.144.113.168 | - | - | High |
| 170 | 45.148.120.153 | - | - | High |
| 171 | 45.148.120.195 | pe195.peryon.web.tr | - | High |
| 172 | 45.155.173.242 | - | - | High |
| 173 | 45.160.145.11 | - | - | High |
| 174 | 45.160.145.179 | - | - | High |
| 175 | 45.160.145.216 | - | - | High |
| 176 | 45.167.249.126 | - | - | High |
| 177 | 45.178.142.14 | - | - | High |
| 178 | 45.201.134.202 | - | - | High |
| 179 | 45.224.214.34 | clientes-214-34.intercommtech.com.br | - | High |
| 180 | 45.229.71.211 | static-45-229-71-211.extrememt.com.br | - | High |
| 181 | 45.234.248.154 | 45.-234.248-154.rev.voanet.br | - | High |
| 182 | 46.4.167.250 | ip-subnet46-4-167.unassigned.theideahosting.net | - | High |
| 183 | 46.8.21.10 | 53980.web.hosting-russia.ru | - | High |
| 184 | 46.8.21.113 | 64403.web.hosting-russia.ru | - | High |
| 185 | 46.30.41.229 | vm494526.eurodir.ru | - | High |
| 186 | 46.30.45.208 | vm418209.eurodir.ru | - | High |
| 187 | 46.99.175.149 | - | - | High |
| 188 | 46.99.175.217 | - | - | High |
| 189 | 46.99.188.223 | - | - | High |
| 190 | 46.166.182.54 | suggest-wrong.shamrockuser.com | Bitzlato | High |
| 191 | 46.166.182.62 | all-multiuser.aboveoption.com | Bitzlato | High |
| 192 | 46.209.140.220 | - | - | High |
| 193 | 46.237.117.193 | - | - | High |
| 194 | 46.254.128.174 | 46.254.128.174.lanultra.net | - | High |
| 195 | 49.156.34.134 | - | - | High |
| 196 | 49.176.188.184 | static-n49-176-188-184.bla2.nsw.optusnet.com.au | - | High |
| 197 | 50.16.229.140 | ec2-50-16-229-140.compute-1.amazonaws.com | - | Medium |
| 198 | 50.19.247.198 | ec2-50-19-247-198.compute-1.amazonaws.com | - | Medium |
| 199 | 50.63.202.53 | 53.202.63.50.host.secureserver.net | Bitzlato | High |
| 200 | 50.63.202.64 | 64.202.63.50.host.secureserver.net | Bitzlato | High |
| 201 | 50.63.202.65 | 65.202.63.50.host.secureserver.net | Bitzlato | High |
| 202 | 50.63.202.69 | 69.202.63.50.host.secureserver.net | Bitzlato | High |
| 203 | 50.63.202.93 | 93.202.63.50.host.secureserver.net | Bitzlato | High |
| 204 | 51.38.101.194 | - | - | High |
| 205 | 51.68.247.62 | ip62.ip-51-68-247.eu | - | High |
| 206 | 51.77.92.215 | - | - | High |
| 207 | 51.81.112.144 | - | - | High |
| 208 | 51.81.113.25 | - | - | High |
| 209 | 51.89.73.159 | theladbible.site | - | High |
| 210 | 51.89.115.101 | secure-3111.buzztary.com | - | High |
| 211 | 51.89.115.108 | coms.jt120.com.cn | - | High |
| 212 | 51.89.115.110 | pocket-usage.nationfox.net | - | High |
| 213 | 51.89.115.112 | brides-crude.nationfox.net | - | High |
| 214 | 51.89.115.116 | tombe.nationfox.net | - | High |
| 215 | 51.89.115.121 | mail1.cmailer.online | - | High |
| 216 | 51.89.115.124 | mta.ga-emailcamel.com | - | High |
| 217 | 51.89.177.20 | ip20.ip-51-89-177.eu | - | High |
| 218 | 51.159.23.217 | jambold.co.uk | - | High |
| 219 | 51.254.25.115 | ip115.ip-51-254-25.eu | - | High |
| 220 | 51.254.69.244 | - | - | High |
| 221 | 51.254.83.17 | ip17.ip-51-254-83.eu | - | High |
| 222 | 51.254.164.243 | amortizserv.info | - | High |
| 223 | 51.254.164.244 | y9gs.gaurented.com | - | High |
| 224 | 51.254.164.245 | ip245.ip-51-254-164.eu | - | High |
| 225 | 51.254.164.249 | ip249.ip-51-254-164.eu | - | High |
| 226 | 52.0.197.231 | ec2-52-0-197-231.compute-1.amazonaws.com | - | Medium |
| 227 | 52.0.217.44 | ec2-52-0-217-44.compute-1.amazonaws.com | Bitzlato | Medium |
| 228 | 52.4.209.250 | ec2-52-4-209-250.compute-1.amazonaws.com | Bitzlato | Medium |
| 229 | 52.6.128.155 | ec2-52-6-128-155.compute-1.amazonaws.com | Bitzlato | Medium |
| 230 | 52.20.78.240 | ec2-52-20-78-240.compute-1.amazonaws.com | - | Medium |
| 231 | 52.20.197.7 | ec2-52-20-197-7.compute-1.amazonaws.com | - | Medium |
| 232 | 52.44.169.135 | ec2-52-44-169-135.compute-1.amazonaws.com | - | Medium |
| 233 | 52.54.24.134 | ec2-52-54-24-134.compute-1.amazonaws.com | Bitzlato | Medium |
| 234 | 52.55.255.113 | ec2-52-55-255-113.compute-1.amazonaws.com | - | Medium |
| 235 | 52.73.179.54 | ec2-52-73-179-54.compute-1.amazonaws.com | Bitzlato | Medium |
| 236 | 52.202.139.131 | ec2-52-202-139-131.compute-1.amazonaws.com | - | Medium |
| 237 | 52.204.109.97 | ec2-52-204-109-97.compute-1.amazonaws.com | - | Medium |
| 238 | 52.206.161.133 | ec2-52-206-161-133.compute-1.amazonaws.com | - | Medium |
| 239 | 52.206.178.1 | ec2-52-206-178-1.compute-1.amazonaws.com | - | Medium |
| 240 | 53.182.82.27 | - | - | High |
| 241 | 54.39.106.25 | ns560342.ip-54-39-106.net | - | High |
| 242 | 54.111.105.80 | - | - | High |
| 243 | 54.161.222.85 | ec2-54-161-222-85.compute-1.amazonaws.com | Bitzlato | Medium |
| 244 | 54.204.36.156 | ec2-54-204-36-156.compute-1.amazonaws.com | - | Medium |
| 245 | 54.221.253.252 | ec2-54-221-253-252.compute-1.amazonaws.com | - | Medium |
| 246 | 54.225.159.35 | ec2-54-225-159-35.compute-1.amazonaws.com | - | Medium |
| 247 | 54.235.124.112 | ec2-54-235-124-112.compute-1.amazonaws.com | - | Medium |
| 248 | 54.235.203.7 | ec2-54-235-203-7.compute-1.amazonaws.com | - | Medium |
| 249 | 54.235.220.229 | ec2-54-235-220-229.compute-1.amazonaws.com | - | Medium |
| 250 | 54.243.147.226 | ec2-54-243-147-226.compute-1.amazonaws.com | - | Medium |
| 251 | 54.243.198.12 | ec2-54-243-198-12.compute-1.amazonaws.com | - | Medium |
| 252 | 54.243.208.112 | ec2-54-243-208-112.compute-1.amazonaws.com | - | Medium |
| 253 | 58.97.72.83 | 58-97-72-83.static.asianet.co.th | - | High |
| 254 | 60.51.47.65 | - | - | High |
| 255 | 61.69.102.170 | 61-69-102-170.mel.static-ipl.aapt.com.au | - | High |
| 256 | 62.64.9.237 | clients-62.64.9.237.misp.ru | - | High |
| 257 | 62.69.241.103 | 62-69-241-103.internetia.net.pl | - | High |
| 258 | 62.99.76.213 | 213.62-99-76.static.clientes.euskaltel.es | - | High |
| 259 | 62.99.79.77 | 77.62-99-79.static.clientes.euskaltel.es | - | High |
| 260 | 62.109.2.172 | megamart24.ru | - | High |
| 261 | 62.109.6.188 | velomarket31.ru | - | High |
| 262 | 62.109.14.24 | btc-manager1.ru | - | High |
| 263 | 62.109.16.17 | jl.ru5 | - | High |
| 264 | 62.109.22.2 | youavto.ru | - | High |
| 265 | 62.109.22.172 | map4child.fvds.ru | - | High |
| 266 | 62.109.24.176 | api.etkrasnodar.ru | - | High |
| 267 | 62.109.24.242 | cadtain.ru | - | High |
| 268 | 62.109.25.11 | vsefilmy.xyz | - | High |
| 269 | 62.109.26.121 | shekaa.fvds.ru | - | High |
| 270 | 62.109.26.208 | botsutetiana20195.vps | - | High |
| 271 | 62.109.26.251 | oiltrend.ru | - | High |
| 272 | 62.109.27.196 | ru.gorbacheff.fvds.ru | - | High |
| 273 | ... | ... | ... | ... |
There are 1087 more IOC items available. Please use our online service to access the data.
TTP - Tactics, Techniques, Procedures
Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by TrickBot. This data is unique as it uses our predictive model for actor profiling.
| ID | Technique | Weakness | Description | Confidence |
|---|---|---|---|---|
| 1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36, CWE-425 | Pathname Traversal | High |
| 2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High |
| 3 | T1055 | CWE-74 | Injection | High |
| 4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High |
| 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High |
| 6 | ... | ... | ... | ... |
There are 21 more TTP items available. Please use our online service to access the data.
IOA - Indicator of Attack
These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by TrickBot. This data is unique as it uses our predictive model for actor profiling.
| ID | Type | Indicator | Confidence |
|---|---|---|---|
| 1 | File | /?p=products |
Medium |
| 2 | File | /admin.php/accessory/filesdel.html |
High |
| 3 | File | /admin/?page=user/manage |
High |
| 4 | File | /admin/add-new.php |
High |
| 5 | File | /admin/assign/assign.php |
High |
| 6 | File | /admin/bookings/manage_booking.php |
High |
| 7 | File | /admin/bookings/view_booking.php |
High |
| 8 | File | /admin/bookings/view_details.php |
High |
| 9 | File | /admin/budget/manage_budget.php |
High |
| 10 | File | /admin/doctors.php |
High |
| 11 | File | /admin/inquiries/view_inquiry.php |
High |
| 12 | File | /admin/login.php |
High |
| 13 | File | /admin/maintenance/manage_category.php |
High |
| 14 | File | /admin/maintenance/view_designation.php |
High |
| 15 | File | /admin/mechanics/manage_mechanic.php |
High |
| 16 | File | /admin/offenses/view_details.php |
High |
| 17 | File | /admin/orders/update_status.php |
High |
| 18 | File | /admin/products/manage_product.php |
High |
| 19 | File | /admin/products/view_product.php |
High |
| 20 | File | /admin/reminders/manage_reminder.php |
High |
| 21 | File | /admin/report/index.php |
High |
| 22 | File | /admin/reports/index.php |
High |
| 23 | File | /admin/sales/manage_sale.php |
High |
| 24 | File | /admin/services/view_service.php |
High |
| 25 | File | /admin/service_requests/manage_inventory.php |
High |
| 26 | File | /admin/suppliers/view_details.php |
High |
| 27 | File | /admin/user/manage_user.php |
High |
| 28 | File | /admin/userprofile.php |
High |
| 29 | File | /alphaware/summary.php |
High |
| 30 | File | /api/ |
Low |
| 31 | File | /api/admin/store/product/list |
High |
| 32 | File | /api/admin/system/store/order/list |
High |
| 33 | File | /api/v2/cli/commands |
High |
| 34 | File | /apply.cgi |
Medium |
| 35 | File | /billing/home.php |
High |
| 36 | File | /bin/ate |
Medium |
| 37 | File | /boat/login.php |
High |
| 38 | File | /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini |
High |
| 39 | File | /cbpos/ |
Low |
| 40 | File | /cgi-bin |
Medium |
| 41 | File | /cgi-bin/ping.cgi |
High |
| 42 | File | /cgi-bin/wlogin.cgi |
High |
| 43 | File | /classes/Login.php |
High |
| 44 | File | /classes/Master.php |
High |
| 45 | File | /classes/Master.php?f=delete_item |
High |
| 46 | File | /classes/Master.php?f=delete_service |
High |
| 47 | File | /classes/Master.php?f=save_course |
High |
| 48 | File | /classes/Users.php |
High |
| 49 | File | /classes/Users.phpp |
High |
| 50 | File | /debug/pprof |
Medium |
| 51 | ... | ... | ... |
There are 447 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
References
The following list contains external sources which discuss the actor and the associated activities:
- https://blog.morphisec.com/trickbot-emotet-delivery-through-word-macro
- https://blog.talosintelligence.com/2018/01/threat-round-up-1229-0105.html
- https://blog.talosintelligence.com/2018/07/smoking-guns-smoke-loader-learned-new.html
- https://blog.talosintelligence.com/2019/07/threat-roundup-0628-0705.html
- https://blog.talosintelligence.com/2019/07/threat-roundup-0719-0726.html
- https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
- https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
- https://blog.talosintelligence.com/2019/08/threat-roundup-0823-0830.html
- https://blog.talosintelligence.com/2019/10/threat-roundup-1004-1011.html
- https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html
- https://blog.talosintelligence.com/2019/10/threat-roundup-1018-1025.html
- https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html
- https://blog.talosintelligence.com/2019/11/threat-roundup-1115-1122.html
- https://blog.talosintelligence.com/2019/12/threat-roundup-1213-1220.html
- https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
- https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
- https://blog.talosintelligence.com/2020/01/threat-roundup-0117-0124.html
- https://blog.talosintelligence.com/2020/02/threat-roundup-0131-0207.html
- https://blog.talosintelligence.com/2020/03/threat-roundup-0228-0306.html
- https://blog.talosintelligence.com/2020/11/threat-roundup-1113-1120.html
- https://blog.talosintelligence.com/2021/02/threat-roundup-0212-0219.html
- https://blog.talosintelligence.com/2021/03/threat-roundup-0319-0326.html
- https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.html
- https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.html
- https://blog.talosintelligence.com/2021/04/threat-roundup-0416-0423.html
- https://blog.talosintelligence.com/2021/05/threat-roundup-0514-0521.html
- https://blog.talosintelligence.com/2021/07/threat-roundup-0625-0702.html
- https://blog.talosintelligence.com/2021/08/threat-roundup-0730-0806.html
- https://blog.talosintelligence.com/2021/10/threat-roundup-0924-1001.html
- https://blog.talosintelligence.com/2021/10/threat-roundup-1015-1022.html
- https://blog.talosintelligence.com/2021/11/threat-roundup-1029-1105.html
- https://blog.talosintelligence.com/2021/11/threat-roundup-1105-1112.html
- https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
- https://blog.talosintelligence.com/2022/05/threat-roundup-0520-0527.html
- https://blog.talosintelligence.com/2022/06/threat-roundup-0617-0624.html
- https://blog.talosintelligence.com/2022/08/threat-roundup-0805-0812.html
- https://blog.talosintelligence.com/2022/09/threat-roundup-0923-0930.html
- https://blog.talosintelligence.com/threat-roundup-0106-0113/
- https://blog.talosintelligence.com/threat-roundup-0127-0203/
- https://blog.talosintelligence.com/threat-roundup-0310-0317/
- https://blogs.blackberry.com/en/2019/09/blackberry-cylance-vs-trickbot-infostealer-malware
- https://blogs.infoblox.com/cyber-threat-intelligence/ransomware-attacks-target-healthcare-sector/
- https://community.blueliv.com/#!/s/611a51a282df413eb235470a
- https://community.blueliv.com/#!/s/60414fc982df413eaf34607d
- https://ddanchev.blogspot.com/2023/02/exposing-trickbots-bitzlato.html
- https://feodotracker.abuse.ch/downloads/ipblocklist.csv
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-19%20Trickbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-10-20%20Trickbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-10-21%20Trickbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-11-08%20Trickbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-11-22%20Trickbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-09%20Trickbot%20IOCs
- https://isc.sans.edu/forums/diary/Emotet+epoch+1+infection+with+Trickbot+gtag+mor84/25752/
- https://isc.sans.edu/forums/diary/Emotet+malspam+is+back/25330/
- https://isc.sans.edu/forums/diary/German+language+malspam+pushes+yet+another+wave+of+Trickbot/25594/
- https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+banking+Trojan/22720/
- https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+gtag+rob13/27112/
- https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+malware+on+Friday+20180511/23653/
- https://isc.sans.edu/forums/diary/Malspam+with+passwordprotected+word+docs+still+pushing+IcedID+Bokbot+with+Trickbot/24708/
- https://isc.sans.edu/forums/diary/One+Emotet+infection+leads+to+three+followup+malware+infections/24140/
- https://isc.sans.edu/forums/diary/Trickbot+gtag+red5+distributed+as+a+DLL+file/25918/
- https://research.checkpoint.com/2021/when-old-friends-meet-again-why-emotet-chose-trickbot-for-rebirth/
- https://securelist.com/trickbot-module-descriptions/104603/
- https://securityintelligence.com/posts/new-malware-trickbot-anchordns-backdoor-upgrades-anchormail/
- https://securityintelligence.com/posts/trickbot-group-systematically-attacking-ukraine/
- https://thedfirreport.com/2020/04/30/tricky-pyxie/
- https://thedfirreport.com/2021/01/11/trickbot-still-alive-and-well/
- https://thedfirreport.com/2021/05/02/trickbot-brief-creds-and-beacons/
- https://thedfirreport.com/2021/08/01/bazarcall-to-conti-ransomware-via-trickbot-and-cobalt-strike/
- https://thedfirreport.com/2021/08/16/trickbot-leads-up-to-fake-1password-installation/
Literature
The following articles explain our unique predictive cyber threat intelligence:
- VulDB Cyber Threat Intelligence Documentation
- Cyber Threat Intelligence - Early Anticipation of Attacks
License
(c) 1997-2023 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!