mirror of
https://github.com/vuldb/cyber_threat_intelligence
synced 2024-07-09 03:41:50 +00:00
317 lines
24 KiB
Markdown
317 lines
24 KiB
Markdown
# TrickBot - Cyber Threat Intelligence
|
|
|
|
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [TrickBot](https://vuldb.com/?actor.trickbot). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
|
|
|
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.trickbot](https://vuldb.com/?actor.trickbot)
|
|
|
|
## Campaigns
|
|
|
|
The following _campaigns_ are known and can be associated with TrickBot:
|
|
|
|
* AnchorMail
|
|
|
|
## Countries
|
|
|
|
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with TrickBot:
|
|
|
|
* [VN](https://vuldb.com/?country.vn)
|
|
* [US](https://vuldb.com/?country.us)
|
|
* [ES](https://vuldb.com/?country.es)
|
|
* ...
|
|
|
|
There are 5 more country items available. Please use our online service to access the data.
|
|
|
|
## IOC - Indicator of Compromise
|
|
|
|
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of TrickBot.
|
|
|
|
ID | IP address | Hostname | Campaign | Confidence
|
|
-- | ---------- | -------- | -------- | ----------
|
|
1 | [3.224.145.145](https://vuldb.com/?ip.3.224.145.145) | ec2-3-224-145-145.compute-1.amazonaws.com | - | Medium
|
|
2 | [5.1.81.68](https://vuldb.com/?ip.5.1.81.68) | mx4.tarifvergleichbhv.net | - | High
|
|
3 | [5.2.70.145](https://vuldb.com/?ip.5.2.70.145) | merlinsbeard.co.uk | - | High
|
|
4 | [5.2.72.84](https://vuldb.com/?ip.5.2.72.84) | cipixia.com | - | High
|
|
5 | [5.2.75.93](https://vuldb.com/?ip.5.2.75.93) | - | - | High
|
|
6 | [5.2.75.167](https://vuldb.com/?ip.5.2.75.167) | coms.a9v34.com.cn | - | High
|
|
7 | [5.2.76.122](https://vuldb.com/?ip.5.2.76.122) | mx3.ximple.eu | - | High
|
|
8 | [5.34.177.50](https://vuldb.com/?ip.5.34.177.50) | unallocated.layer6.net | - | High
|
|
9 | [5.34.178.126](https://vuldb.com/?ip.5.34.178.126) | yhlas111410.pserver.ru | - | High
|
|
10 | [5.39.47.22](https://vuldb.com/?ip.5.39.47.22) | mail.dmgs.site | - | High
|
|
11 | [5.53.124.49](https://vuldb.com/?ip.5.53.124.49) | dgbtechnologies.com | - | High
|
|
12 | [5.59.205.32](https://vuldb.com/?ip.5.59.205.32) | dhcp-32-205-59-5.metro86.ru | - | High
|
|
13 | [5.133.179.108](https://vuldb.com/?ip.5.133.179.108) | 5-133-179-108.freeucouponsnow.ru | - | High
|
|
14 | [5.149.253.99](https://vuldb.com/?ip.5.149.253.99) | - | - | High
|
|
15 | [5.182.210.30](https://vuldb.com/?ip.5.182.210.30) | realestatepromotion.ru | - | High
|
|
16 | [5.182.210.109](https://vuldb.com/?ip.5.182.210.109) | - | - | High
|
|
17 | [5.182.210.132](https://vuldb.com/?ip.5.182.210.132) | - | - | High
|
|
18 | [5.182.210.178](https://vuldb.com/?ip.5.182.210.178) | mail.rainingdreams.to | - | High
|
|
19 | [5.182.210.226](https://vuldb.com/?ip.5.182.210.226) | - | - | High
|
|
20 | [5.182.210.230](https://vuldb.com/?ip.5.182.210.230) | - | - | High
|
|
21 | [5.182.210.246](https://vuldb.com/?ip.5.182.210.246) | - | - | High
|
|
22 | [5.182.210.254](https://vuldb.com/?ip.5.182.210.254) | n01-nlam.kdktech.com | - | High
|
|
23 | [5.182.211.44](https://vuldb.com/?ip.5.182.211.44) | - | - | High
|
|
24 | [5.196.247.14](https://vuldb.com/?ip.5.196.247.14) | ip14.ip-5-196-247.eu | - | High
|
|
25 | [5.230.22.40](https://vuldb.com/?ip.5.230.22.40) | - | - | High
|
|
26 | [5.255.96.217](https://vuldb.com/?ip.5.255.96.217) | vps11.host1.be | - | High
|
|
27 | [5.255.96.218](https://vuldb.com/?ip.5.255.96.218) | - | - | High
|
|
28 | [14.241.244.60](https://vuldb.com/?ip.14.241.244.60) | - | - | High
|
|
29 | [18.213.79.189](https://vuldb.com/?ip.18.213.79.189) | ec2-18-213-79-189.compute-1.amazonaws.com | - | Medium
|
|
30 | [18.233.90.151](https://vuldb.com/?ip.18.233.90.151) | ec2-18-233-90-151.compute-1.amazonaws.com | - | Medium
|
|
31 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
|
|
32 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
|
|
33 | [23.3.125.111](https://vuldb.com/?ip.23.3.125.111) | a23-3-125-111.deploy.static.akamaitechnologies.com | - | High
|
|
34 | [23.20.220.174](https://vuldb.com/?ip.23.20.220.174) | ec2-23-20-220-174.compute-1.amazonaws.com | - | Medium
|
|
35 | [23.21.27.29](https://vuldb.com/?ip.23.21.27.29) | ec2-23-21-27-29.compute-1.amazonaws.com | - | Medium
|
|
36 | [23.21.48.44](https://vuldb.com/?ip.23.21.48.44) | ec2-23-21-48-44.compute-1.amazonaws.com | - | Medium
|
|
37 | [23.21.121.219](https://vuldb.com/?ip.23.21.121.219) | ec2-23-21-121-219.compute-1.amazonaws.com | - | Medium
|
|
38 | [23.21.252.4](https://vuldb.com/?ip.23.21.252.4) | ec2-23-21-252-4.compute-1.amazonaws.com | - | Medium
|
|
39 | [23.23.83.153](https://vuldb.com/?ip.23.23.83.153) | ec2-23-23-83-153.compute-1.amazonaws.com | - | Medium
|
|
40 | [23.23.243.154](https://vuldb.com/?ip.23.23.243.154) | ec2-23-23-243-154.compute-1.amazonaws.com | - | Medium
|
|
41 | [23.62.6.161](https://vuldb.com/?ip.23.62.6.161) | a23-62-6-161.deploy.static.akamaitechnologies.com | - | High
|
|
42 | [23.62.6.170](https://vuldb.com/?ip.23.62.6.170) | a23-62-6-170.deploy.static.akamaitechnologies.com | - | High
|
|
43 | [23.94.233.210](https://vuldb.com/?ip.23.94.233.210) | 23-94-233-210-host.colocrossing.com | - | High
|
|
44 | [23.95.231.187](https://vuldb.com/?ip.23.95.231.187) | 23-95-231-187-host.colocrossing.com | - | High
|
|
45 | [23.96.30.229](https://vuldb.com/?ip.23.96.30.229) | - | - | High
|
|
46 | [23.160.192.125](https://vuldb.com/?ip.23.160.192.125) | unknown.ip-xfer.net | - | High
|
|
47 | [23.160.193.106](https://vuldb.com/?ip.23.160.193.106) | unknown.ip-xfer.net | - | High
|
|
48 | [23.202.231.166](https://vuldb.com/?ip.23.202.231.166) | a23-202-231-166.deploy.static.akamaitechnologies.com | - | High
|
|
49 | [23.217.138.107](https://vuldb.com/?ip.23.217.138.107) | a23-217-138-107.deploy.static.akamaitechnologies.com | - | High
|
|
50 | [24.162.214.166](https://vuldb.com/?ip.24.162.214.166) | cpe-24-162-214-166.elp.res.rr.com | - | High
|
|
51 | [27.72.107.215](https://vuldb.com/?ip.27.72.107.215) | dynamic-adsl.viettel.vn | - | High
|
|
52 | [27.147.173.227](https://vuldb.com/?ip.27.147.173.227) | 173.227.cetus.link3.net | - | High
|
|
53 | [31.131.26.122](https://vuldb.com/?ip.31.131.26.122) | - | - | High
|
|
54 | [31.134.60.181](https://vuldb.com/?ip.31.134.60.181) | 31-134-60-181.telico.pl | - | High
|
|
55 | [31.134.124.90](https://vuldb.com/?ip.31.134.124.90) | - | - | High
|
|
56 | [31.172.177.90](https://vuldb.com/?ip.31.172.177.90) | poczta.mp-lift.pl | - | High
|
|
57 | [31.184.253.6](https://vuldb.com/?ip.31.184.253.6) | - | - | High
|
|
58 | [31.184.253.37](https://vuldb.com/?ip.31.184.253.37) | models9.vixgrafica.de | - | High
|
|
59 | [31.202.132.22](https://vuldb.com/?ip.31.202.132.22) | - | - | High
|
|
60 | [31.211.85.110](https://vuldb.com/?ip.31.211.85.110) | - | - | High
|
|
61 | [31.214.138.207](https://vuldb.com/?ip.31.214.138.207) | f0a4213918138.rev.snt.net.pl | - | High
|
|
62 | [34.117.59.81](https://vuldb.com/?ip.34.117.59.81) | 81.59.117.34.bc.googleusercontent.com | - | Medium
|
|
63 | [34.192.250.175](https://vuldb.com/?ip.34.192.250.175) | ec2-34-192-250-175.compute-1.amazonaws.com | - | Medium
|
|
64 | [34.196.181.158](https://vuldb.com/?ip.34.196.181.158) | ec2-34-196-181-158.compute-1.amazonaws.com | - | Medium
|
|
65 | [34.198.132.204](https://vuldb.com/?ip.34.198.132.204) | ec2-34-198-132-204.compute-1.amazonaws.com | - | Medium
|
|
66 | [34.233.102.38](https://vuldb.com/?ip.34.233.102.38) | ec2-34-233-102-38.compute-1.amazonaws.com | - | Medium
|
|
67 | [36.37.176.6](https://vuldb.com/?ip.36.37.176.6) | - | - | High
|
|
68 | [36.66.115.180](https://vuldb.com/?ip.36.66.115.180) | - | - | High
|
|
69 | [36.89.85.103](https://vuldb.com/?ip.36.89.85.103) | - | - | High
|
|
70 | [36.89.191.119](https://vuldb.com/?ip.36.89.191.119) | - | - | High
|
|
71 | [36.89.193.181](https://vuldb.com/?ip.36.89.193.181) | - | - | High
|
|
72 | [36.89.193.235](https://vuldb.com/?ip.36.89.193.235) | - | - | High
|
|
73 | [36.89.228.201](https://vuldb.com/?ip.36.89.228.201) | - | - | High
|
|
74 | [36.91.45.10](https://vuldb.com/?ip.36.91.45.10) | - | - | High
|
|
75 | [36.91.88.164](https://vuldb.com/?ip.36.91.88.164) | - | - | High
|
|
76 | [36.91.117.231](https://vuldb.com/?ip.36.91.117.231) | - | - | High
|
|
77 | [36.91.186.235](https://vuldb.com/?ip.36.91.186.235) | - | - | High
|
|
78 | [36.94.27.124](https://vuldb.com/?ip.36.94.27.124) | - | - | High
|
|
79 | [36.94.33.102](https://vuldb.com/?ip.36.94.33.102) | - | - | High
|
|
80 | [36.94.100.202](https://vuldb.com/?ip.36.94.100.202) | - | - | High
|
|
81 | [36.95.23.89](https://vuldb.com/?ip.36.95.23.89) | - | - | High
|
|
82 | [36.95.27.243](https://vuldb.com/?ip.36.95.27.243) | - | - | High
|
|
83 | [37.44.212.179](https://vuldb.com/?ip.37.44.212.179) | - | - | High
|
|
84 | [37.44.212.216](https://vuldb.com/?ip.37.44.212.216) | - | - | High
|
|
85 | [37.59.183.142](https://vuldb.com/?ip.37.59.183.142) | - | - | High
|
|
86 | [37.228.70.134](https://vuldb.com/?ip.37.228.70.134) | - | - | High
|
|
87 | [37.228.117.146](https://vuldb.com/?ip.37.228.117.146) | metobor.ru | - | High
|
|
88 | [37.228.117.250](https://vuldb.com/?ip.37.228.117.250) | janome.ru | - | High
|
|
89 | [37.230.112.146](https://vuldb.com/?ip.37.230.112.146) | audiotop.ru | - | High
|
|
90 | [37.230.114.93](https://vuldb.com/?ip.37.230.114.93) | admin1.fvds.ru | - | High
|
|
91 | [37.230.114.248](https://vuldb.com/?ip.37.230.114.248) | kosmolot.com | - | High
|
|
92 | [37.230.115.129](https://vuldb.com/?ip.37.230.115.129) | dvcarry.fvds.ru | - | High
|
|
93 | [37.230.115.133](https://vuldb.com/?ip.37.230.115.133) | wdai.io | - | High
|
|
94 | [37.230.115.138](https://vuldb.com/?ip.37.230.115.138) | i2.com | - | High
|
|
95 | [37.230.115.171](https://vuldb.com/?ip.37.230.115.171) | geobrox.com | - | High
|
|
96 | [37.230.115.184](https://vuldb.com/?ip.37.230.115.184) | 21922vdscom.com | - | High
|
|
97 | [38.132.99.174](https://vuldb.com/?ip.38.132.99.174) | - | - | High
|
|
98 | [41.77.134.250](https://vuldb.com/?ip.41.77.134.250) | cliente6386477933.clubnet.mz | - | High
|
|
99 | [41.243.29.182](https://vuldb.com/?ip.41.243.29.182) | 182-29-243-41.r.airtel.cd | - | High
|
|
100 | [43.245.216.116](https://vuldb.com/?ip.43.245.216.116) | - | - | High
|
|
101 | [45.5.152.39](https://vuldb.com/?ip.45.5.152.39) | - | - | High
|
|
102 | [45.6.16.68](https://vuldb.com/?ip.45.6.16.68) | - | - | High
|
|
103 | [45.14.226.115](https://vuldb.com/?ip.45.14.226.115) | - | - | High
|
|
104 | [45.36.99.184](https://vuldb.com/?ip.45.36.99.184) | cpe-45-36-99-184.triad.res.rr.com | - | High
|
|
105 | [45.66.11.116](https://vuldb.com/?ip.45.66.11.116) | vm1488716.2ssd.had.wf | - | High
|
|
106 | [45.80.148.30](https://vuldb.com/?ip.45.80.148.30) | - | - | High
|
|
107 | [45.115.172.105](https://vuldb.com/?ip.45.115.172.105) | - | - | High
|
|
108 | [45.125.1.34](https://vuldb.com/?ip.45.125.1.34) | 45.125.1.34.static.xtom.hk | - | High
|
|
109 | [45.127.222.8](https://vuldb.com/?ip.45.127.222.8) | - | - | High
|
|
110 | [45.137.151.198](https://vuldb.com/?ip.45.137.151.198) | ourdiaspora.net | - | High
|
|
111 | [45.138.158.32](https://vuldb.com/?ip.45.138.158.32) | - | - | High
|
|
112 | [45.142.213.58](https://vuldb.com/?ip.45.142.213.58) | vm372119.pq.hosting | - | High
|
|
113 | [45.148.120.153](https://vuldb.com/?ip.45.148.120.153) | - | - | High
|
|
114 | [45.148.120.195](https://vuldb.com/?ip.45.148.120.195) | pe195.peryon.web.tr | - | High
|
|
115 | [45.155.173.242](https://vuldb.com/?ip.45.155.173.242) | - | - | High
|
|
116 | [45.160.145.11](https://vuldb.com/?ip.45.160.145.11) | - | - | High
|
|
117 | [45.160.145.179](https://vuldb.com/?ip.45.160.145.179) | - | - | High
|
|
118 | [45.160.145.216](https://vuldb.com/?ip.45.160.145.216) | - | - | High
|
|
119 | [45.167.249.126](https://vuldb.com/?ip.45.167.249.126) | - | - | High
|
|
120 | [45.178.142.14](https://vuldb.com/?ip.45.178.142.14) | - | - | High
|
|
121 | [45.201.134.202](https://vuldb.com/?ip.45.201.134.202) | - | - | High
|
|
122 | [45.224.214.34](https://vuldb.com/?ip.45.224.214.34) | clientes-214-34.intercommtech.com.br | - | High
|
|
123 | [45.229.71.211](https://vuldb.com/?ip.45.229.71.211) | static-45-229-71-211.extrememt.com.br | - | High
|
|
124 | [45.234.248.154](https://vuldb.com/?ip.45.234.248.154) | 45.-234.248-154.rev.voanet.br | - | High
|
|
125 | [46.4.167.250](https://vuldb.com/?ip.46.4.167.250) | ip-subnet46-4-167.unassigned.theideahosting.net | - | High
|
|
126 | [46.8.21.10](https://vuldb.com/?ip.46.8.21.10) | 53980.web.hosting-russia.ru | - | High
|
|
127 | [46.8.21.113](https://vuldb.com/?ip.46.8.21.113) | 64403.web.hosting-russia.ru | - | High
|
|
128 | [46.30.41.229](https://vuldb.com/?ip.46.30.41.229) | vm494526.eurodir.ru | - | High
|
|
129 | [46.30.45.208](https://vuldb.com/?ip.46.30.45.208) | vm418209.eurodir.ru | - | High
|
|
130 | [46.99.175.217](https://vuldb.com/?ip.46.99.175.217) | - | - | High
|
|
131 | [46.209.140.220](https://vuldb.com/?ip.46.209.140.220) | - | - | High
|
|
132 | [46.254.128.174](https://vuldb.com/?ip.46.254.128.174) | 46.254.128.174.lanultra.net | - | High
|
|
133 | [49.156.34.134](https://vuldb.com/?ip.49.156.34.134) | - | - | High
|
|
134 | [50.16.229.140](https://vuldb.com/?ip.50.16.229.140) | ec2-50-16-229-140.compute-1.amazonaws.com | - | Medium
|
|
135 | [50.19.247.198](https://vuldb.com/?ip.50.19.247.198) | ec2-50-19-247-198.compute-1.amazonaws.com | - | Medium
|
|
136 | [51.38.101.194](https://vuldb.com/?ip.51.38.101.194) | - | - | High
|
|
137 | [51.68.247.62](https://vuldb.com/?ip.51.68.247.62) | ip62.ip-51-68-247.eu | - | High
|
|
138 | [51.77.92.215](https://vuldb.com/?ip.51.77.92.215) | - | - | High
|
|
139 | [51.81.112.144](https://vuldb.com/?ip.51.81.112.144) | - | - | High
|
|
140 | [51.89.73.159](https://vuldb.com/?ip.51.89.73.159) | theladbible.site | - | High
|
|
141 | [51.89.115.101](https://vuldb.com/?ip.51.89.115.101) | secure-3111.buzztary.com | - | High
|
|
142 | [51.89.115.108](https://vuldb.com/?ip.51.89.115.108) | coms.jt120.com.cn | - | High
|
|
143 | [51.89.115.110](https://vuldb.com/?ip.51.89.115.110) | pocket-usage.nationfox.net | - | High
|
|
144 | [51.89.115.112](https://vuldb.com/?ip.51.89.115.112) | brides-crude.nationfox.net | - | High
|
|
145 | [51.89.115.116](https://vuldb.com/?ip.51.89.115.116) | tombe.nationfox.net | - | High
|
|
146 | [51.89.115.121](https://vuldb.com/?ip.51.89.115.121) | mail1.cmailer.online | - | High
|
|
147 | [51.89.115.124](https://vuldb.com/?ip.51.89.115.124) | mta.ga-emailcamel.com | - | High
|
|
148 | [51.89.177.20](https://vuldb.com/?ip.51.89.177.20) | ip20.ip-51-89-177.eu | - | High
|
|
149 | [51.159.23.217](https://vuldb.com/?ip.51.159.23.217) | jambold.co.uk | - | High
|
|
150 | [51.254.69.244](https://vuldb.com/?ip.51.254.69.244) | - | - | High
|
|
151 | [51.254.83.17](https://vuldb.com/?ip.51.254.83.17) | ip17.ip-51-254-83.eu | - | High
|
|
152 | [51.254.164.243](https://vuldb.com/?ip.51.254.164.243) | amortizserv.info | - | High
|
|
153 | [51.254.164.244](https://vuldb.com/?ip.51.254.164.244) | y9gs.gaurented.com | - | High
|
|
154 | [51.254.164.245](https://vuldb.com/?ip.51.254.164.245) | ip245.ip-51-254-164.eu | - | High
|
|
155 | [51.254.164.249](https://vuldb.com/?ip.51.254.164.249) | ip249.ip-51-254-164.eu | - | High
|
|
156 | [52.0.197.231](https://vuldb.com/?ip.52.0.197.231) | ec2-52-0-197-231.compute-1.amazonaws.com | - | Medium
|
|
157 | [52.20.197.7](https://vuldb.com/?ip.52.20.197.7) | ec2-52-20-197-7.compute-1.amazonaws.com | - | Medium
|
|
158 | [52.44.169.135](https://vuldb.com/?ip.52.44.169.135) | ec2-52-44-169-135.compute-1.amazonaws.com | - | Medium
|
|
159 | [52.55.255.113](https://vuldb.com/?ip.52.55.255.113) | ec2-52-55-255-113.compute-1.amazonaws.com | - | Medium
|
|
160 | [52.202.139.131](https://vuldb.com/?ip.52.202.139.131) | ec2-52-202-139-131.compute-1.amazonaws.com | - | Medium
|
|
161 | [52.204.109.97](https://vuldb.com/?ip.52.204.109.97) | ec2-52-204-109-97.compute-1.amazonaws.com | - | Medium
|
|
162 | [52.206.161.133](https://vuldb.com/?ip.52.206.161.133) | ec2-52-206-161-133.compute-1.amazonaws.com | - | Medium
|
|
163 | [52.206.178.1](https://vuldb.com/?ip.52.206.178.1) | ec2-52-206-178-1.compute-1.amazonaws.com | - | Medium
|
|
164 | [54.39.106.25](https://vuldb.com/?ip.54.39.106.25) | ns560342.ip-54-39-106.net | - | High
|
|
165 | [54.204.36.156](https://vuldb.com/?ip.54.204.36.156) | ec2-54-204-36-156.compute-1.amazonaws.com | - | Medium
|
|
166 | [54.221.253.252](https://vuldb.com/?ip.54.221.253.252) | ec2-54-221-253-252.compute-1.amazonaws.com | - | Medium
|
|
167 | ... | ... | ... | ...
|
|
|
|
There are 664 more IOC items available. Please use our online service to access the data.
|
|
|
|
## TTP - Tactics, Techniques, Procedures
|
|
|
|
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _TrickBot_. This data is unique as it uses our predictive model for actor profiling.
|
|
|
|
ID | Technique | Weakness | Description | Confidence
|
|
-- | --------- | -------- | ----------- | ----------
|
|
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
|
2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
|
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
|
4 | ... | ... | ... | ...
|
|
|
|
There are 6 more TTP items available. Please use our online service to access the data.
|
|
|
|
## IOA - Indicator of Attack
|
|
|
|
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by TrickBot. This data is unique as it uses our predictive model for actor profiling.
|
|
|
|
ID | Type | Indicator | Confidence
|
|
-- | ---- | --------- | ----------
|
|
1 | File | `/acms/admin/?page=transactions/manage_transaction` | High
|
|
2 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
|
|
3 | File | `/acms/admin/cargo_types/view_cargo_type.php` | High
|
|
4 | File | `/acms/classes/Master.php?f=delete_cargo` | High
|
|
5 | File | `/acms/classes/Master.php?f=delete_cargo_type` | High
|
|
6 | File | `/acms/classes/Master.php?f=delete_img` | High
|
|
7 | File | `/admin.php?id=siteoptions&social=display&value=0&sid=2` | High
|
|
8 | File | `/admin.php?id=siteoptions&social=edit&sid=2` | High
|
|
9 | File | `/admin/inbox.php&action=delete` | High
|
|
10 | File | `/admin/inbox.php&action=read` | High
|
|
11 | File | `/admin/new-content` | High
|
|
12 | File | `/admin/pagerole.php&action=display&value=1` | High
|
|
13 | File | `/admin/pagerole.php&action=edit` | High
|
|
14 | File | `/admin/posts.php` | High
|
|
15 | File | `/admin/posts.php&action=delete` | High
|
|
16 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
|
|
17 | File | `/admin/siteoptions.php&social=remove&sid=2` | High
|
|
18 | File | `/admin/uesrs.php&&action=delete&userid=4` | High
|
|
19 | File | `/admin/uesrs.php&action=display&value=Hide` | High
|
|
20 | File | `/admin/uesrs.php&action=display&value=Show` | High
|
|
21 | File | `/admin/uesrs.php&action=type&userrole=Admin&userid=3` | High
|
|
22 | File | `/admin/uesrs.php&action=type&userrole=User` | High
|
|
23 | File | `/api/students/me/messages/` | High
|
|
24 | File | `/cgi-bin/login.cgi` | High
|
|
25 | File | `/cgi-bin/luci/api/auth` | High
|
|
26 | File | `/cgi-bin/luci/api/diagnose` | High
|
|
27 | File | `/cgi-bin/luci/api/switch` | High
|
|
28 | ... | ... | ...
|
|
|
|
There are 236 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
|
|
|
## References
|
|
|
|
The following list contains _external sources_ which discuss the actor and the associated activities:
|
|
|
|
* https://blog.morphisec.com/trickbot-emotet-delivery-through-word-macro
|
|
* https://blog.talosintelligence.com/2018/01/threat-round-up-1229-0105.html
|
|
* https://blog.talosintelligence.com/2018/07/smoking-guns-smoke-loader-learned-new.html
|
|
* https://blog.talosintelligence.com/2019/07/threat-roundup-0628-0705.html
|
|
* https://blog.talosintelligence.com/2019/07/threat-roundup-0719-0726.html
|
|
* https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
|
|
* https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
|
|
* https://blog.talosintelligence.com/2019/08/threat-roundup-0823-0830.html
|
|
* https://blog.talosintelligence.com/2019/10/threat-roundup-1004-1011.html
|
|
* https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html
|
|
* https://blog.talosintelligence.com/2019/10/threat-roundup-1018-1025.html
|
|
* https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html
|
|
* https://blog.talosintelligence.com/2019/11/threat-roundup-1115-1122.html
|
|
* https://blog.talosintelligence.com/2019/12/threat-roundup-1213-1220.html
|
|
* https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
|
|
* https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
|
|
* https://blog.talosintelligence.com/2020/01/threat-roundup-0117-0124.html
|
|
* https://blog.talosintelligence.com/2020/02/threat-roundup-0131-0207.html
|
|
* https://blog.talosintelligence.com/2020/03/threat-roundup-0228-0306.html
|
|
* https://blog.talosintelligence.com/2020/11/threat-roundup-1113-1120.html
|
|
* https://blog.talosintelligence.com/2021/02/threat-roundup-0212-0219.html
|
|
* https://blog.talosintelligence.com/2021/03/threat-roundup-0319-0326.html
|
|
* https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.html
|
|
* https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.html
|
|
* https://blog.talosintelligence.com/2021/04/threat-roundup-0416-0423.html
|
|
* https://blog.talosintelligence.com/2021/05/threat-roundup-0514-0521.html
|
|
* https://blog.talosintelligence.com/2021/07/threat-roundup-0625-0702.html
|
|
* https://blog.talosintelligence.com/2021/08/threat-roundup-0730-0806.html
|
|
* https://blog.talosintelligence.com/2021/10/threat-roundup-0924-1001.html
|
|
* https://blog.talosintelligence.com/2021/10/threat-roundup-1015-1022.html
|
|
* https://blog.talosintelligence.com/2021/11/threat-roundup-1029-1105.html
|
|
* https://blog.talosintelligence.com/2021/11/threat-roundup-1105-1112.html
|
|
* https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
|
|
* https://blogs.blackberry.com/en/2019/09/blackberry-cylance-vs-trickbot-infostealer-malware
|
|
* https://feodotracker.abuse.ch/downloads/ipblocklist.csv
|
|
* https://isc.sans.edu/forums/diary/Emotet+epoch+1+infection+with+Trickbot+gtag+mor84/25752/
|
|
* https://isc.sans.edu/forums/diary/Emotet+malspam+is+back/25330/
|
|
* https://isc.sans.edu/forums/diary/German+language+malspam+pushes+yet+another+wave+of+Trickbot/25594/
|
|
* https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+banking+Trojan/22720/
|
|
* https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+gtag+rob13/27112/
|
|
* https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+malware+on+Friday+20180511/23653/
|
|
* https://isc.sans.edu/forums/diary/Malspam+with+passwordprotected+word+docs+still+pushing+IcedID+Bokbot+with+Trickbot/24708/
|
|
* https://isc.sans.edu/forums/diary/One+Emotet+infection+leads+to+three+followup+malware+infections/24140/
|
|
* https://isc.sans.edu/forums/diary/Trickbot+gtag+red5+distributed+as+a+DLL+file/25918/
|
|
* https://research.checkpoint.com/2021/when-old-friends-meet-again-why-emotet-chose-trickbot-for-rebirth/
|
|
* https://securelist.com/trickbot-module-descriptions/104603/
|
|
* https://securityintelligence.com/posts/new-malware-trickbot-anchordns-backdoor-upgrades-anchormail/
|
|
* https://thedfirreport.com/2020/04/30/tricky-pyxie/
|
|
* https://thedfirreport.com/2021/01/11/trickbot-still-alive-and-well/
|
|
* https://thedfirreport.com/2021/05/02/trickbot-brief-creds-and-beacons/
|
|
* https://thedfirreport.com/2021/08/01/bazarcall-to-conti-ransomware-via-trickbot-and-cobalt-strike/
|
|
* https://thedfirreport.com/2021/08/16/trickbot-leads-up-to-fake-1password-installation/
|
|
|
|
## Literature
|
|
|
|
The following _articles_ explain our unique predictive cyber threat intelligence:
|
|
|
|
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
|
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
|
|
|
## License
|
|
|
|
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|