Trickbot campaign targets Coronavirus fears in Italy
Tags
country: Italy
maec-delivery-vectors: Watering Hole
attack-pattern: Data Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Visual Basic - T1059.005 Tool - T1588.002
Show in Graph
Common Information
Type Value
UUID a5a97c6f-3cbd-47c7-a2fb-b4b8ab75de75
Fingerprint 64c6b11b2ea7c743
Analysis status DONE
Considered CTI value 2
Text language
Published March 4, 2020, 5:11 p.m.
Added to db Jan. 18, 2023, 10:04 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Trickbot campaign targets Coronavirus fears in Italy
Title Trickbot campaign targets Coronavirus fears in Italy
Detected Hints/Tags/Attributes 39/3/13
Source URLs
Redirection Url
Details Source https://news.sophos.com/en-us/2020/03/04/trickbot-campaign-targets-coronavirus-fears-in-italy/
URL Provider
Details Provider Source level domain
Details sophos.com news.sophos.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
320455ed.pro
Details File 29 
vbaproject.bin
Details File 2 
wx9u79.php
Details File 155 
cscript.exe
Details File 376 
wscript.exe
Details File 1 
ranlsojf.js
Details File 1 
errorfix.bat
Details sha256 1 
dd7023dd82b641c9307566b87acf0951f16b27c34094a341fa1fe7671d269bf4
Details sha256 1 
58e918466a61740abe42a2d1ca29bd8d56daf53912e6d65879cbe944466fb80c
Details sha256 1 
8e3240a2a6b07ae8a6fde884c0e18e476ca3e92438022fe1a1ad4b2ba2334737
Details IPv4 2 
185.234.73.125
Details IPv4 2 
23.19.227.235
Details Url 2 
https://185.234.73.125/wmb03o/wx9u79.php