TrickBot Crews new CobaltStrike loader
Tags
attack-pattern: Data Domains - T1583.001 Domains - T1584.001 Connection Proxy - T1090
Show in Graph
Common Information
Type Value
UUID 5ae05242-1b29-4fab-8e28-577ccfa7347b
Fingerprint 3cf619b0a8a78566
Analysis status DONE
Considered CTI value 2
Text language
Published April 5, 2021, 4:42 p.m.
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 20, 2024, 12:34 p.m.
Headline TrickBot Crews New CobaltStrike Loader
Title TrickBot Crews new CobaltStrike loader
Detected Hints/Tags/Attributes 21/1/22
Source URLs
Redirection Url
Details Source https://medium.com/walmartglobaltech/trickbot-crews-new-cobaltstrike-loader-32c72b78e81c
URL Provider
Details Provider Source level domain
Details medium.com medium.com
Attributes
Details Type #Events CTI Value
Details Domain 291 
raw.githubusercontent.com
Details Domain 1 
subs.rainbowmango.info
Details Domain 1 
food.rainbowmango.info
Details File 3 
profile.jpg
Details File 147 
wininet.dll
Details File 36 
c:\windows\system32\ntdll.dll
Details File 45 
logo.png
Details File 23 
c:\windows\system32\kernel32.dll
Details File 752 
kernel32.dll
Details File 535 
ntdll.dll
Details File 1 
safety.png
Details File 1 
gifs20210122.dat
Details File 1 
rainbowmango.inf
Details File 2 
nntdll.dll
Details File 2 
rkernel32.dll
Details File 4 
%windir%\\sysnative\\gpupdate.exe
Details File 4 
%windir%\\syswow64\\gpupdate.exe
Details Github username 1 
asderfolkij092
Details md5 1 
5b203929f9e42c6d14b7153c5f11d387
Details md5 1 
0ce2f55444e4793516b5afe967be9255
Details sha1 1 
4e6a42b0da1185a4331e085ee68b64f61e1d9e83
Details sha256 1 
0234f80c6fd3768f9619d6fcd50d775ec686719fcc665007bfd1606bbe787744