35 KiB
TrickBot - Cyber Threat Intelligence
These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as TrickBot. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.
Live data and more analysis capabilities are available at https://vuldb.com/?actor.trickbot
Campaigns
The following campaigns are known and can be associated with TrickBot:
- AnchorMail
- Bitzlato
Countries
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with TrickBot:
There are 9 more country items available. Please use our online service to access the data.
IOC - Indicator of Compromise
These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of TrickBot.
ID | IP address | Hostname | Campaign | Confidence |
---|---|---|---|---|
1 | 3.130.204.160 | ec2-3-130-204-160.us-east-2.compute.amazonaws.com | Bitzlato | Medium |
2 | 3.131.233.90 | ec2-3-131-233-90.us-east-2.compute.amazonaws.com | Bitzlato | Medium |
3 | 3.209.171.143 | ec2-3-209-171-143.compute-1.amazonaws.com | - | Medium |
4 | 3.217.175.153 | ec2-3-217-175-153.compute-1.amazonaws.com | - | Medium |
5 | 3.224.145.145 | ec2-3-224-145-145.compute-1.amazonaws.com | - | Medium |
6 | 3.231.23.10 | ec2-3-231-23-10.compute-1.amazonaws.com | - | Medium |
7 | 5.1.81.68 | mx4.tarifvergleichbhv.net | - | High |
8 | 5.2.70.145 | merlinsbeard.co.uk | - | High |
9 | 5.2.72.84 | cipixia.com | - | High |
10 | 5.2.75.93 | - | - | High |
11 | 5.2.75.167 | coms.a9v34.com.cn | - | High |
12 | 5.2.76.122 | mx3.ximple.eu | - | High |
13 | 5.2.78.118 | - | - | High |
14 | 5.34.177.50 | unallocated.layer6.net | - | High |
15 | 5.34.178.126 | yhlas111410.pserver.ru | - | High |
16 | 5.39.47.22 | mail.dmgs.site | - | High |
17 | 5.53.124.49 | dgbtechnologies.com | - | High |
18 | 5.59.205.32 | dhcp-32-205-59-5.metro86.ru | - | High |
19 | 5.79.68.107 | - | Bitzlato | High |
20 | 5.79.68.108 | - | Bitzlato | High |
21 | 5.79.68.109 | - | Bitzlato | High |
22 | 5.79.68.110 | - | Bitzlato | High |
23 | 5.133.179.108 | 5-133-179-108.freeucouponsnow.ru | - | High |
24 | 5.149.253.99 | - | - | High |
25 | 5.152.175.57 | - | - | High |
26 | 5.182.210.30 | realestatepromotion.ru | - | High |
27 | 5.182.210.109 | - | - | High |
28 | 5.182.210.132 | - | - | High |
29 | 5.182.210.178 | mail.rainingdreams.to | - | High |
30 | 5.182.210.226 | - | - | High |
31 | 5.182.210.230 | - | - | High |
32 | 5.182.210.246 | - | - | High |
33 | 5.182.210.254 | n01-nlam.kdktech.com | - | High |
34 | 5.182.211.44 | - | - | High |
35 | 5.196.247.14 | ip14.ip-5-196-247.eu | - | High |
36 | 5.199.173.152 | - | - | High |
37 | 5.230.22.40 | - | - | High |
38 | 5.255.96.217 | vps11.host1.be | - | High |
39 | 5.255.96.218 | - | - | High |
40 | 8.247.119.126 | - | - | High |
41 | 8.253.38.248 | - | - | High |
42 | 8.253.140.118 | - | - | High |
43 | 8.253.141.249 | - | - | High |
44 | 8.253.154.236 | - | - | High |
45 | 13.107.21.200 | - | - | High |
46 | 14.241.244.60 | - | - | High |
47 | 18.213.79.189 | ec2-18-213-79-189.compute-1.amazonaws.com | - | Medium |
48 | 18.213.250.117 | ec2-18-213-250-117.compute-1.amazonaws.com | Bitzlato | Medium |
49 | 18.215.128.143 | ec2-18-215-128-143.compute-1.amazonaws.com | Bitzlato | Medium |
50 | 18.233.90.151 | ec2-18-233-90-151.compute-1.amazonaws.com | - | Medium |
51 | 23.3.13.88 | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High |
52 | 23.3.13.154 | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High |
53 | 23.3.125.111 | a23-3-125-111.deploy.static.akamaitechnologies.com | - | High |
54 | 23.19.31.135 | - | - | High |
55 | 23.19.227.147 | - | - | High |
56 | 23.20.220.174 | ec2-23-20-220-174.compute-1.amazonaws.com | - | Medium |
57 | 23.20.239.12 | ec2-23-20-239-12.compute-1.amazonaws.com | Bitzlato | Medium |
58 | 23.21.27.29 | ec2-23-21-27-29.compute-1.amazonaws.com | - | Medium |
59 | 23.21.48.44 | ec2-23-21-48-44.compute-1.amazonaws.com | - | Medium |
60 | 23.21.121.219 | ec2-23-21-121-219.compute-1.amazonaws.com | - | Medium |
61 | 23.21.252.4 | ec2-23-21-252-4.compute-1.amazonaws.com | - | Medium |
62 | 23.23.83.153 | ec2-23-23-83-153.compute-1.amazonaws.com | - | Medium |
63 | 23.23.243.154 | ec2-23-23-243-154.compute-1.amazonaws.com | - | Medium |
64 | 23.46.150.43 | a23-46-150-43.deploy.static.akamaitechnologies.com | - | High |
65 | 23.46.150.58 | a23-46-150-58.deploy.static.akamaitechnologies.com | - | High |
66 | 23.46.150.81 | a23-46-150-81.deploy.static.akamaitechnologies.com | - | High |
67 | 23.62.6.161 | a23-62-6-161.deploy.static.akamaitechnologies.com | - | High |
68 | 23.62.6.170 | a23-62-6-170.deploy.static.akamaitechnologies.com | - | High |
69 | 23.94.233.210 | 23-94-233-210-host.colocrossing.com | - | High |
70 | 23.95.97.59 | 23-95-97-59-host.colocrossing.com | - | High |
71 | 23.95.231.187 | 23-95-231-187-host.colocrossing.com | - | High |
72 | 23.96.30.229 | - | - | High |
73 | 23.160.192.125 | unknown.ip-xfer.net | - | High |
74 | 23.160.193.106 | unknown.ip-xfer.net | - | High |
75 | 23.202.231.166 | a23-202-231-166.deploy.static.akamaitechnologies.com | - | High |
76 | 23.202.231.167 | a23-202-231-167.deploy.static.akamaitechnologies.com | Bitzlato | High |
77 | 23.217.138.107 | a23-217-138-107.deploy.static.akamaitechnologies.com | - | High |
78 | 23.217.138.108 | a23-217-138-108.deploy.static.akamaitechnologies.com | Bitzlato | High |
79 | 24.162.214.166 | cpe-24-162-214-166.elp.res.rr.com | - | High |
80 | 27.72.107.215 | dynamic-adsl.viettel.vn | - | High |
81 | 27.147.173.227 | 173.227.cetus.link3.net | - | High |
82 | 30.10.121.157 | - | - | High |
83 | 31.31.204.59 | cluster25.reg.ru | Bitzlato | High |
84 | 31.31.204.61 | parking.reg.ru | Bitzlato | High |
85 | 31.131.21.184 | - | - | High |
86 | 31.131.26.122 | - | - | High |
87 | 31.134.60.181 | 31-134-60-181.telico.pl | - | High |
88 | 31.134.124.90 | - | - | High |
89 | 31.172.177.90 | poczta.mp-lift.pl | - | High |
90 | 31.184.253.6 | - | - | High |
91 | 31.184.253.37 | models9.vixgrafica.de | - | High |
92 | 31.202.132.22 | - | - | High |
93 | 31.211.85.110 | - | - | High |
94 | 31.214.138.207 | f0a4213918138.rev.snt.net.pl | - | High |
95 | 31.220.16.53 | - | Bitzlato | High |
96 | 34.117.59.81 | 81.59.117.34.bc.googleusercontent.com | - | Medium |
97 | 34.160.111.145 | 145.111.160.34.bc.googleusercontent.com | - | Medium |
98 | 34.192.250.175 | ec2-34-192-250-175.compute-1.amazonaws.com | - | Medium |
99 | 34.196.181.158 | ec2-34-196-181-158.compute-1.amazonaws.com | - | Medium |
100 | 34.198.132.204 | ec2-34-198-132-204.compute-1.amazonaws.com | - | Medium |
101 | 34.233.102.38 | ec2-34-233-102-38.compute-1.amazonaws.com | - | Medium |
102 | 36.37.176.6 | - | - | High |
103 | 36.66.115.180 | - | - | High |
104 | 36.66.188.251 | - | - | High |
105 | 36.89.85.103 | - | - | High |
106 | 36.89.106.69 | - | - | High |
107 | 36.89.191.119 | - | - | High |
108 | 36.89.193.181 | - | - | High |
109 | 36.89.193.235 | - | - | High |
110 | 36.89.228.201 | - | - | High |
111 | 36.89.243.241 | - | - | High |
112 | 36.91.45.10 | - | - | High |
113 | 36.91.87.227 | - | - | High |
114 | 36.91.88.164 | - | - | High |
115 | 36.91.117.231 | - | - | High |
116 | 36.91.186.235 | - | - | High |
117 | 36.94.27.124 | - | - | High |
118 | 36.94.33.102 | - | - | High |
119 | 36.94.100.202 | - | - | High |
120 | 36.95.23.89 | - | - | High |
121 | 36.95.27.243 | - | - | High |
122 | 37.7.123.244 | apn-37-7-123-244.dynamic.gprs.plus.pl | - | High |
123 | 37.44.212.179 | - | - | High |
124 | 37.44.212.216 | - | - | High |
125 | 37.48.65.136 | - | Bitzlato | High |
126 | 37.48.65.143 | - | Bitzlato | High |
127 | 37.48.65.145 | - | Bitzlato | High |
128 | 37.48.65.148 | - | Bitzlato | High |
129 | 37.48.65.149 | - | Bitzlato | High |
130 | 37.48.65.150 | - | Bitzlato | High |
131 | 37.48.65.151 | - | Bitzlato | High |
132 | 37.48.65.152 | - | Bitzlato | High |
133 | 37.48.65.153 | - | Bitzlato | High |
134 | 37.48.65.154 | - | Bitzlato | High |
135 | 37.48.65.155 | - | Bitzlato | High |
136 | 37.59.183.142 | - | - | High |
137 | 37.228.70.134 | - | - | High |
138 | 37.228.117.146 | metobor.ru | - | High |
139 | 37.228.117.250 | janome.ru | - | High |
140 | 37.230.112.146 | audiotop.ru | - | High |
141 | 37.230.114.93 | admin1.fvds.ru | - | High |
142 | 37.230.114.248 | kosmolot.com | - | High |
143 | 37.230.115.129 | dvcarry.fvds.ru | - | High |
144 | 37.230.115.133 | wdai.io | - | High |
145 | 37.230.115.138 | i2.com | - | High |
146 | 37.230.115.171 | geobrox.com | - | High |
147 | 37.230.115.184 | 21922vdscom.com | - | High |
148 | 38.132.99.174 | - | - | High |
149 | 41.77.134.250 | cliente6386477933.clubnet.mz | - | High |
150 | 41.175.22.226 | - | - | High |
151 | 41.243.29.182 | 182-29-243-41.r.airtel.cd | - | High |
152 | 43.245.216.116 | - | - | High |
153 | 45.5.152.39 | - | - | High |
154 | 45.6.16.68 | - | - | High |
155 | 45.14.226.115 | - | - | High |
156 | 45.36.99.184 | cpe-45-36-99-184.triad.res.rr.com | - | High |
157 | 45.66.11.116 | vm1488716.2ssd.had.wf | - | High |
158 | 45.77.55.61 | 45.77.55.61.vultrusercontent.com | Bitzlato | High |
159 | 45.80.148.30 | - | - | High |
160 | 45.89.127.92 | - | - | High |
161 | 45.115.172.105 | - | - | High |
162 | 45.125.1.34 | 45.125.1.34.static.xtom.hk | - | High |
163 | 45.127.222.8 | - | - | High |
164 | 45.137.151.198 | ourdiaspora.net | - | High |
165 | 45.138.158.32 | - | - | High |
166 | 45.142.213.58 | vm372119.pq.hosting | - | High |
167 | 45.144.113.168 | - | - | High |
168 | 45.148.120.153 | - | - | High |
169 | 45.148.120.195 | pe195.peryon.web.tr | - | High |
170 | 45.155.173.242 | - | - | High |
171 | 45.160.145.11 | - | - | High |
172 | 45.160.145.179 | - | - | High |
173 | 45.160.145.216 | - | - | High |
174 | 45.167.249.126 | - | - | High |
175 | 45.178.142.14 | - | - | High |
176 | 45.201.134.202 | - | - | High |
177 | 45.224.214.34 | clientes-214-34.intercommtech.com.br | - | High |
178 | 45.229.71.211 | static-45-229-71-211.extrememt.com.br | - | High |
179 | 45.234.248.154 | 45.-234.248-154.rev.voanet.br | - | High |
180 | 46.4.167.250 | ip-subnet46-4-167.unassigned.theideahosting.net | - | High |
181 | 46.8.21.10 | 53980.web.hosting-russia.ru | - | High |
182 | 46.8.21.113 | 64403.web.hosting-russia.ru | - | High |
183 | 46.30.41.229 | vm494526.eurodir.ru | - | High |
184 | 46.30.45.208 | vm418209.eurodir.ru | - | High |
185 | 46.99.175.149 | - | - | High |
186 | 46.99.175.217 | - | - | High |
187 | 46.99.188.223 | - | - | High |
188 | 46.166.182.54 | suggest-wrong.shamrockuser.com | Bitzlato | High |
189 | 46.166.182.62 | all-multiuser.aboveoption.com | Bitzlato | High |
190 | 46.209.140.220 | - | - | High |
191 | 46.237.117.193 | - | - | High |
192 | 46.254.128.174 | 46.254.128.174.lanultra.net | - | High |
193 | 49.156.34.134 | - | - | High |
194 | 49.176.188.184 | static-n49-176-188-184.bla2.nsw.optusnet.com.au | - | High |
195 | 50.16.229.140 | ec2-50-16-229-140.compute-1.amazonaws.com | - | Medium |
196 | 50.19.247.198 | ec2-50-19-247-198.compute-1.amazonaws.com | - | Medium |
197 | 50.63.202.53 | 53.202.63.50.host.secureserver.net | Bitzlato | High |
198 | 50.63.202.64 | 64.202.63.50.host.secureserver.net | Bitzlato | High |
199 | 50.63.202.65 | 65.202.63.50.host.secureserver.net | Bitzlato | High |
200 | 50.63.202.69 | 69.202.63.50.host.secureserver.net | Bitzlato | High |
201 | 50.63.202.93 | 93.202.63.50.host.secureserver.net | Bitzlato | High |
202 | 51.38.101.194 | - | - | High |
203 | 51.68.247.62 | ip62.ip-51-68-247.eu | - | High |
204 | 51.77.92.215 | - | - | High |
205 | 51.81.112.144 | - | - | High |
206 | 51.81.113.25 | - | - | High |
207 | 51.89.73.159 | theladbible.site | - | High |
208 | 51.89.115.101 | secure-3111.buzztary.com | - | High |
209 | 51.89.115.108 | coms.jt120.com.cn | - | High |
210 | 51.89.115.110 | pocket-usage.nationfox.net | - | High |
211 | 51.89.115.112 | brides-crude.nationfox.net | - | High |
212 | 51.89.115.116 | tombe.nationfox.net | - | High |
213 | 51.89.115.121 | mail1.cmailer.online | - | High |
214 | 51.89.115.124 | mta.ga-emailcamel.com | - | High |
215 | 51.89.177.20 | ip20.ip-51-89-177.eu | - | High |
216 | 51.159.23.217 | jambold.co.uk | - | High |
217 | 51.254.25.115 | ip115.ip-51-254-25.eu | - | High |
218 | 51.254.69.244 | - | - | High |
219 | 51.254.83.17 | ip17.ip-51-254-83.eu | - | High |
220 | 51.254.164.243 | amortizserv.info | - | High |
221 | 51.254.164.244 | y9gs.gaurented.com | - | High |
222 | 51.254.164.245 | ip245.ip-51-254-164.eu | - | High |
223 | 51.254.164.249 | ip249.ip-51-254-164.eu | - | High |
224 | 52.0.197.231 | ec2-52-0-197-231.compute-1.amazonaws.com | - | Medium |
225 | 52.0.217.44 | ec2-52-0-217-44.compute-1.amazonaws.com | Bitzlato | Medium |
226 | 52.4.209.250 | ec2-52-4-209-250.compute-1.amazonaws.com | Bitzlato | Medium |
227 | 52.6.128.155 | ec2-52-6-128-155.compute-1.amazonaws.com | Bitzlato | Medium |
228 | 52.20.78.240 | ec2-52-20-78-240.compute-1.amazonaws.com | - | Medium |
229 | 52.20.197.7 | ec2-52-20-197-7.compute-1.amazonaws.com | - | Medium |
230 | 52.44.169.135 | ec2-52-44-169-135.compute-1.amazonaws.com | - | Medium |
231 | 52.54.24.134 | ec2-52-54-24-134.compute-1.amazonaws.com | Bitzlato | Medium |
232 | 52.55.255.113 | ec2-52-55-255-113.compute-1.amazonaws.com | - | Medium |
233 | 52.73.179.54 | ec2-52-73-179-54.compute-1.amazonaws.com | Bitzlato | Medium |
234 | 52.202.139.131 | ec2-52-202-139-131.compute-1.amazonaws.com | - | Medium |
235 | 52.204.109.97 | ec2-52-204-109-97.compute-1.amazonaws.com | - | Medium |
236 | 52.206.161.133 | ec2-52-206-161-133.compute-1.amazonaws.com | - | Medium |
237 | 52.206.178.1 | ec2-52-206-178-1.compute-1.amazonaws.com | - | Medium |
238 | 53.182.82.27 | - | - | High |
239 | 54.39.106.25 | ns560342.ip-54-39-106.net | - | High |
240 | 54.111.105.80 | - | - | High |
241 | 54.161.222.85 | ec2-54-161-222-85.compute-1.amazonaws.com | Bitzlato | Medium |
242 | 54.204.36.156 | ec2-54-204-36-156.compute-1.amazonaws.com | - | Medium |
243 | 54.221.253.252 | ec2-54-221-253-252.compute-1.amazonaws.com | - | Medium |
244 | 54.225.159.35 | ec2-54-225-159-35.compute-1.amazonaws.com | - | Medium |
245 | 54.235.124.112 | ec2-54-235-124-112.compute-1.amazonaws.com | - | Medium |
246 | 54.235.203.7 | ec2-54-235-203-7.compute-1.amazonaws.com | - | Medium |
247 | 54.235.220.229 | ec2-54-235-220-229.compute-1.amazonaws.com | - | Medium |
248 | 54.243.147.226 | ec2-54-243-147-226.compute-1.amazonaws.com | - | Medium |
249 | 54.243.198.12 | ec2-54-243-198-12.compute-1.amazonaws.com | - | Medium |
250 | 54.243.208.112 | ec2-54-243-208-112.compute-1.amazonaws.com | - | Medium |
251 | 58.97.72.83 | 58-97-72-83.static.asianet.co.th | - | High |
252 | 60.51.47.65 | - | - | High |
253 | 61.69.102.170 | 61-69-102-170.mel.static-ipl.aapt.com.au | - | High |
254 | 62.64.9.237 | clients-62.64.9.237.misp.ru | - | High |
255 | 62.69.241.103 | 62-69-241-103.internetia.net.pl | - | High |
256 | 62.99.76.213 | 213.62-99-76.static.clientes.euskaltel.es | - | High |
257 | 62.99.79.77 | 77.62-99-79.static.clientes.euskaltel.es | - | High |
258 | 62.109.2.172 | megamart24.ru | - | High |
259 | 62.109.6.188 | velomarket31.ru | - | High |
260 | 62.109.14.24 | btc-manager1.ru | - | High |
261 | 62.109.16.17 | jl.ru5 | - | High |
262 | 62.109.22.2 | youavto.ru | - | High |
263 | 62.109.22.172 | map4child.fvds.ru | - | High |
264 | 62.109.24.176 | api.etkrasnodar.ru | - | High |
265 | 62.109.24.242 | cadtain.ru | - | High |
266 | 62.109.25.11 | vsefilmy.xyz | - | High |
267 | 62.109.26.121 | shekaa.fvds.ru | - | High |
268 | 62.109.26.208 | botsutetiana20195.vps | - | High |
269 | 62.109.26.251 | oiltrend.ru | - | High |
270 | 62.109.27.196 | ru.gorbacheff.fvds.ru | - | High |
271 | ... | ... | ... | ... |
There are 1078 more IOC items available. Please use our online service to access the data.
TTP - Tactics, Techniques, Procedures
Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by TrickBot. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence |
---|---|---|---|---|
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High |
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High |
3 | T1055 | CWE-74 | Injection | High |
4 | T1059 | CWE-94 | Cross Site Scripting | High |
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High |
6 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High |
7 | ... | ... | ... | ... |
There are 22 more TTP items available. Please use our online service to access the data.
IOA - Indicator of Attack
These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by TrickBot. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence |
---|---|---|---|
1 | File | /?ajax-request=jnews |
High |
2 | File | /admin.php/accessory/filesdel.html |
High |
3 | File | /admin/?page=user/manage |
High |
4 | File | /admin/add-new.php |
High |
5 | File | /admin/conferences/list/ |
High |
6 | File | /admin/doctors.php |
High |
7 | File | /alphaware/summary.php |
High |
8 | File | /api/admin/system/store/order/list |
High |
9 | File | /api/audits |
Medium |
10 | File | /apply.cgi |
Medium |
11 | File | /attachments |
Medium |
12 | File | /boat/login.php |
High |
13 | File | /bsms_ci/index.php/book |
High |
14 | File | /debug/pprof |
Medium |
15 | File | /DocSystem/Repos/getReposAllUsers.do |
High |
16 | File | /DXR.axd |
Medium |
17 | File | /env |
Low |
18 | File | /etc/hosts |
Medium |
19 | File | /etc/quagga |
Medium |
20 | File | /face-recognition-php/facepay-master/camera.php |
High |
21 | File | /forum/away.php |
High |
22 | File | /FreshRSS/p/ext.php |
High |
23 | File | /goform/CertListInfo |
High |
24 | File | /goform/fast_setting_wifi_set |
High |
25 | File | /goform/L7Im |
Medium |
26 | File | /goform/NatStaticSetting |
High |
27 | File | /goform/SafeClientFilter |
High |
28 | File | /goform/SafeMacFilter |
High |
29 | File | /goform/SafeUrlFilter |
High |
30 | File | /goform/setMacFilterCfg |
High |
31 | File | /goform/SysToolReboot |
High |
32 | File | /goform/SysToolRestoreSet |
High |
33 | File | /goform/VirtualSer |
High |
34 | File | /hardware |
Medium |
35 | File | /horde/util/go.php |
High |
36 | File | /leave_system/admin/?page=maintenance/department |
High |
37 | File | /lib |
Low |
38 | ... | ... | ... |
There are 323 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
References
The following list contains external sources which discuss the actor and the associated activities:
- https://blog.morphisec.com/trickbot-emotet-delivery-through-word-macro
- https://blog.talosintelligence.com/2018/01/threat-round-up-1229-0105.html
- https://blog.talosintelligence.com/2018/07/smoking-guns-smoke-loader-learned-new.html
- https://blog.talosintelligence.com/2019/07/threat-roundup-0628-0705.html
- https://blog.talosintelligence.com/2019/07/threat-roundup-0719-0726.html
- https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
- https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
- https://blog.talosintelligence.com/2019/08/threat-roundup-0823-0830.html
- https://blog.talosintelligence.com/2019/10/threat-roundup-1004-1011.html
- https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html
- https://blog.talosintelligence.com/2019/10/threat-roundup-1018-1025.html
- https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html
- https://blog.talosintelligence.com/2019/11/threat-roundup-1115-1122.html
- https://blog.talosintelligence.com/2019/12/threat-roundup-1213-1220.html
- https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
- https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
- https://blog.talosintelligence.com/2020/01/threat-roundup-0117-0124.html
- https://blog.talosintelligence.com/2020/02/threat-roundup-0131-0207.html
- https://blog.talosintelligence.com/2020/03/threat-roundup-0228-0306.html
- https://blog.talosintelligence.com/2020/11/threat-roundup-1113-1120.html
- https://blog.talosintelligence.com/2021/02/threat-roundup-0212-0219.html
- https://blog.talosintelligence.com/2021/03/threat-roundup-0319-0326.html
- https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.html
- https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.html
- https://blog.talosintelligence.com/2021/04/threat-roundup-0416-0423.html
- https://blog.talosintelligence.com/2021/05/threat-roundup-0514-0521.html
- https://blog.talosintelligence.com/2021/07/threat-roundup-0625-0702.html
- https://blog.talosintelligence.com/2021/08/threat-roundup-0730-0806.html
- https://blog.talosintelligence.com/2021/10/threat-roundup-0924-1001.html
- https://blog.talosintelligence.com/2021/10/threat-roundup-1015-1022.html
- https://blog.talosintelligence.com/2021/11/threat-roundup-1029-1105.html
- https://blog.talosintelligence.com/2021/11/threat-roundup-1105-1112.html
- https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
- https://blog.talosintelligence.com/2022/05/threat-roundup-0520-0527.html
- https://blog.talosintelligence.com/2022/06/threat-roundup-0617-0624.html
- https://blog.talosintelligence.com/2022/08/threat-roundup-0805-0812.html
- https://blog.talosintelligence.com/2022/09/threat-roundup-0923-0930.html
- https://blog.talosintelligence.com/threat-roundup-0106-0113/
- https://blog.talosintelligence.com/threat-roundup-0127-0203/
- https://blogs.blackberry.com/en/2019/09/blackberry-cylance-vs-trickbot-infostealer-malware
- https://blogs.infoblox.com/cyber-threat-intelligence/ransomware-attacks-target-healthcare-sector/
- https://community.blueliv.com/#!/s/611a51a282df413eb235470a
- https://community.blueliv.com/#!/s/60414fc982df413eaf34607d
- https://ddanchev.blogspot.com/2023/02/exposing-trickbots-bitzlato.html
- https://feodotracker.abuse.ch/downloads/ipblocklist.csv
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-19%20Trickbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-10-20%20Trickbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-10-21%20Trickbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-11-08%20Trickbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-11-22%20Trickbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-09%20Trickbot%20IOCs
- https://isc.sans.edu/forums/diary/Emotet+epoch+1+infection+with+Trickbot+gtag+mor84/25752/
- https://isc.sans.edu/forums/diary/Emotet+malspam+is+back/25330/
- https://isc.sans.edu/forums/diary/German+language+malspam+pushes+yet+another+wave+of+Trickbot/25594/
- https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+banking+Trojan/22720/
- https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+gtag+rob13/27112/
- https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+malware+on+Friday+20180511/23653/
- https://isc.sans.edu/forums/diary/Malspam+with+passwordprotected+word+docs+still+pushing+IcedID+Bokbot+with+Trickbot/24708/
- https://isc.sans.edu/forums/diary/One+Emotet+infection+leads+to+three+followup+malware+infections/24140/
- https://isc.sans.edu/forums/diary/Trickbot+gtag+red5+distributed+as+a+DLL+file/25918/
- https://research.checkpoint.com/2021/when-old-friends-meet-again-why-emotet-chose-trickbot-for-rebirth/
- https://securelist.com/trickbot-module-descriptions/104603/
- https://securityintelligence.com/posts/new-malware-trickbot-anchordns-backdoor-upgrades-anchormail/
- https://securityintelligence.com/posts/trickbot-group-systematically-attacking-ukraine/
- https://thedfirreport.com/2020/04/30/tricky-pyxie/
- https://thedfirreport.com/2021/01/11/trickbot-still-alive-and-well/
- https://thedfirreport.com/2021/05/02/trickbot-brief-creds-and-beacons/
- https://thedfirreport.com/2021/08/01/bazarcall-to-conti-ransomware-via-trickbot-and-cobalt-strike/
- https://thedfirreport.com/2021/08/16/trickbot-leads-up-to-fake-1password-installation/
Literature
The following articles explain our unique predictive cyber threat intelligence:
- VulDB Cyber Threat Intelligence Documentation
- Cyber Threat Intelligence - Early Anticipation of Attacks
License
(c) 1997-2023 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!