ioc[.]one - OSINT Cyber Threat Intelligence Database

Trickbot Malware-as-a-service

Tags

cmtmf-attack-pattern:	Masquerading Process Injection
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Application Layer Protocol - T1437 Botnet - T1583.005 Botnet - T1584.005 Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Email Addresses - T1589.002 Firmware - T1592.003 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Network Topology - T1590.004 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Hollowing - T1055.012 Process Injection - T1631 Remote Desktop Protocol - T1021.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Spearphishing Attachment - T1566.001 Vnc - T1021.005 Virtualization/Sandbox Evasion - T1497 Vulnerabilities - T1588.006 Virtualization/Sandbox Evasion - T1633 Standard Application Layer Protocol - T1071 Brute Force - T1110 Connection Proxy - T1090 Remote File Copy - T1105 Masquerading - T1036 Powershell - T1086 Process Hollowing - T1093 Process Injection - T1055 Remote Desktop Protocol - T1076 Rundll32 - T1085 Scripting - T1064 Standard Cryptographic Protocol - T1032 System Time Discovery - T1124 Masquerading Remote File Copy Scripting Standard Application Layer Protocol

Show in Graph

Common Information

Type	Value
UUID	57dcee9a-fd2c-46b4-a73b-beae0bd5d1cf
Fingerprint	2d150bd8a03782ef
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 22, 2020, 10:56 a.m.
Added to db	Jan. 18, 2023, 8:25 p.m.
Last updated	Nov. 17, 2024, 5:50 p.m.
Headline	Trickbot Malware-as-a-service
Title	Trickbot Malware-as-a-service
Detected Hints/Tags/Attributes	110/3/68

Source URLs

	Redirection	Url
Details	Source	https://blog.cyberint.com/trickbot-malware-as-a-service

URL Provider

Details	Provider	Source level domain
Details	cyberint.com	blog.cyberint.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	cahrhomeopathy.com
Details	Domain	1	starkdoor.com
Details	Domain	1	www.webdispo.com
Details	File	51	wermgr.exe
Details	File	1	document931215825.xls
Details	File	1	document-63665398-12152020.xls
Details	File	1	apperol.png
Details	File	1	oosnhsyysjmns.png
Details	File	1	diego.png
Details	sha256	1	3db6dab9551aafabf4724c864cda28bc061b250cce2bd834f48040574bc07cb9
Details	sha256	1	62d8cab8ec8b81bf3bd5a75ceca7b12bb2b26f4a40ded2320fdcfd33a49349d7
Details	sha256	1	829419a788104ec45e82487738be2779a83cac1b65bfc9343e351e75cfa49f5e
Details	sha256	1	f669b9a3d89a8061089d819d5e4469389656d0ae39188c147592d2e165267b41
Details	sha256	1	c91623796d2ebc3fc11faf8f9578b56fd4f61a06dec26f5648b9372ae30240da
Details	sha256	1	da1ae69acf1b97bfac587addc9266155342bf8f2a7a80e0d09df9a577c39f7f9
Details	IPv4	1	5.34.180.168
Details	IPv4	1	34.116.68.148
Details	IPv4	2	41.243.29.182
Details	IPv4	1	45.12.110.206
Details	IPv4	1	52.88.83.54
Details	IPv4	1	62.116.88.136
Details	IPv4	1	80.242.220.146
Details	IPv4	1	94.158.245.90
Details	IPv4	2	102.164.208.44
Details	IPv4	2	102.164.208.48
Details	IPv4	2	103.110.53.174
Details	IPv4	2	103.112.145.58
Details	IPv4	2	103.126.185.7
Details	IPv4	2	103.137.81.206
Details	IPv4	4	103.150.68.124
Details	IPv4	1	103.250.70.163
Details	IPv4	2	103.61.100.131
Details	IPv4	2	103.61.101.11
Details	IPv4	2	103.65.195.95
Details	IPv4	2	103.65.196.44
Details	IPv4	2	103.87.25.220
Details	IPv4	2	103.98.129.222
Details	IPv4	1	113.216.22.71
Details	IPv4	1	118.69.133.4
Details	IPv4	1	141.136.0.42
Details	IPv4	1	146.91.245.192
Details	IPv4	1	156.96.47.3
Details	IPv4	1	167.199.192.121
Details	IPv4	1	177.221.108.198
Details	IPv4	1	178.134.55.190
Details	IPv4	1	184.95.51.178
Details	IPv4	1	186.130.221.30
Details	IPv4	1	188.225.219.74
Details	IPv4	1	189.89.218.190
Details	IPv4	1	192.119.171.230
Details	IPv4	1	192.3.247.125
Details	IPv4	1	192.3.73.165
Details	IPv4	1	194.5.249.71
Details	IPv4	1	195.123.242.202
Details	IPv4	1	195.123.242.207
Details	IPv4	2	196.45.140.146
Details	IPv4	2	201.210.174.234
Details	MITRE ATT&CK Techniques	80	T1064
Details	MITRE ATT&CK Techniques	238	T1497
Details	MITRE ATT&CK Techniques	86	T1124
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	444	T1071
Details	MITRE ATT&CK Techniques	23	T1032
Details	MITRE ATT&CK Techniques	310	T1566.001
Details	MITRE ATT&CK Techniques	86	T1055.012
Details	Url	1	http://cahrhomeopathy.com/diego.png
Details	Url	1	http://starkdoor.com/apperol.png
Details	Url	1	http://www.webdispo.com/oosnhsyysjmns.png