{"id":824,"date":"2019-01-11T19:39:46","date_gmt":"2019-01-11T17:39:46","guid":{"rendered":"https:\/\/fortgale.com\/news\/?p=824"},"modified":"2019-01-11T19:39:46","modified_gmt":"2019-01-11T17:39:46","slug":"trickbot-infection-january","status":"publish","type":"post","link":"https:\/\/fortgale.com\/blog\/cyber-security-news\/trickbot-infection-january\/","title":{"rendered":"TrickBot infection of January 2019"},"content":{"rendered":"\n<p>TrickBot is a banking-trojan malware that steals the login credentials of targeted banking sites using <em>webinjects<\/em>.<\/p>\n\n\n\n<p>Since June 2018 TrickBot features lateral movement capabilities in order to propagate itself from an infected client to a vulnerable domain controller.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">TrickBot Screenshots<\/h2>\n\n\n\n<ul class=\"wp-block-gallery columns-2 is-cropped wp-block-gallery-1 is-layout-flex wp-block-gallery-is-layout-flex\"><li class=\"blocks-gallery-item\"><figure><a href=\"https:\/\/i0.wp.com\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2019\/01\/excel.png?fit=750%2C527&amp;ssl=1\"><img decoding=\"async\" src=\"https:\/\/i0.wp.com\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2019\/01\/excel.png?fit=750%2C527&amp;ssl=1\" alt=\"\" data-id=\"844\" data-link=\"https:\/\/fortgale.com\/news\/?attachment_id=844\" class=\"wp-image-844\" loading=\"lazy\" \/><\/a><\/figure><\/li><li class=\"blocks-gallery-item\"><figure><a href=\"https:\/\/i1.wp.com\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2019\/01\/macro.png?fit=750%2C522&amp;ssl=1\"><img decoding=\"async\" src=\"https:\/\/i1.wp.com\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2019\/01\/macro.png?fit=750%2C522&amp;ssl=1\" alt=\"\" data-id=\"845\" data-link=\"https:\/\/fortgale.com\/news\/?attachment_id=845\" class=\"wp-image-845\" loading=\"lazy\" \/><\/a><\/figure><\/li><li class=\"blocks-gallery-item\"><figure><a href=\"https:\/\/i0.wp.com\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2019\/01\/macro_code-1.png?fit=750%2C524&amp;ssl=1\"><img decoding=\"async\" src=\"https:\/\/i0.wp.com\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2019\/01\/macro_code-1.png?fit=750%2C524&amp;ssl=1\" alt=\"\" data-id=\"848\" data-link=\"https:\/\/fortgale.com\/news\/?attachment_id=848\" class=\"wp-image-848\" loading=\"lazy\" \/><\/a><\/figure><\/li><li class=\"blocks-gallery-item\"><figure><a href=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2019\/01\/downloader_website-1.png\"><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2019\/01\/downloader_website-1.png\" alt=\"\" data-id=\"849\" data-link=\"https:\/\/fortgale.com\/news\/?attachment_id=849\" class=\"wp-image-849\" loading=\"lazy\" \/><\/a><\/figure><\/li><li class=\"blocks-gallery-item\"><figure><a href=\"https:\/\/i0.wp.com\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2019\/01\/virustotal_results-1.png?fit=750%2C382&amp;ssl=1\"><img decoding=\"async\" src=\"https:\/\/i0.wp.com\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2019\/01\/virustotal_results-1.png?fit=750%2C382&amp;ssl=1\" alt=\"\" data-id=\"850\" data-link=\"https:\/\/fortgale.com\/news\/?attachment_id=850\" class=\"wp-image-850\" loading=\"lazy\" \/><\/a><\/figure><\/li><li class=\"blocks-gallery-item\"><figure><a href=\"https:\/\/i1.wp.com\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2019\/01\/c2c_communications-1.png?fit=750%2C421&amp;ssl=1\"><img decoding=\"async\" src=\"https:\/\/i1.wp.com\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2019\/01\/c2c_communications-1.png?fit=750%2C421&amp;ssl=1\" alt=\"\" data-id=\"851\" data-link=\"https:\/\/fortgale.com\/news\/?attachment_id=851\" class=\"wp-image-851\" loading=\"lazy\" \/><\/a><\/figure><\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">TrickBot Indicators Of Compromise (IOCs)<\/h2>\n\n\n\n<pre class=\"lang:default decode:true \" title=\"Indicator Of Compromise (IOC)\">===========TRICKBOT DOWNLOADER===========\n\nDownloader - \"Transaction_Details_15503.xls\"\n\tsha256\tf1e068ac6c1ad490087c21c5affbcd475d107552c395a2d759337ddf68e6ded7\t\n\tsha1\te831e18e96168b2af61cdcbf6d6d70fa31a6242e\t\n\tmd5\tbaccc45867ffe993cff15bfc7505ddda\n\t\nDropped executable file\n\tsha256\tC:\\Users\\admin\\AppData\\Local\\Temp\\tmp0251.exe\td4c8edb3049197948a03382135b29beb2f99a85e77330c8ccfc090c52d4ea3ac\n\t\nConnections\n\tip\t198.46.190.41\t\n\nHTTP\/HTTPS requests\n\turl\thttp:\/\/198.46.190.41\/knot1.php\t\n\turl\thttp:\/\/198.46.190.41\/largo.vin\n\n\n===========TRICKBOT EXE===========\n\nMain object- \"largo.vin\"\n\tsha256 d4c8edb3049197948a03382135b29beb2f99a85e77330c8ccfc090c52d4ea3ac \n\tsha1 03b3f0b942bdf17c5da6b475c9a16fd7ebde3c86 \n\tmd5 36098457b9433efe25f066cc9d0f1886 \nConnections\n\tip 201.251.18.28\n=================================\n\n<\/pre>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>TrickBot is a banking-trojan malware that steals the login credentials of targeted banking sites using webinjects. Since June 2018 TrickBot features lateral movement capabilities in order to propagate itself from an infected client to a vulnerable domain controller. TrickBot Screenshots TrickBot Indicators Of Compromise (IOCs)<\/p>\n","protected":false},"author":1,"featured_media":845,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[49,361,362],"class_list":["post-824","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security-news","tag-banking","tag-trickbot","tag-trojan"],"_links":{"self":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/824","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/comments?post=824"}],"version-history":[{"count":0,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/824\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/media?parent=824"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/categories?post=824"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/tags?post=824"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}