HashDeger
SHA256a610ef0e37af408aa49c7296d238796c57ac45aa8b0809ce72bc4d75b23fdf4f
MD5a686b29f491b1779cf0e616dbee999e8
Boyut6198070 bytes

TrickBot C2

C2: exatrack.com, www.hexacorn.com, medium.com, www.cisa.gov

Tehdit

TrickBot loader: C2: exatrack.com, www.hexacorn.com, www.hexacorn.com, medium.com, www.cisa.gov, www.sentinelone.com, www.sentinelone.com, linux.die.net, web.archive.org, access.redhat.com, www.techrepublic.com, www.hybrid-analysis.com, www.hybrid-analysis.com, labs.sentinelone.com, enigma0x3.net, mydomain.com, www.expressvpn.com, www.uptycs.com, www.cyberciti.biz, en.wikipedia.org, reinforce.awsevents.com, www.blackhat.com, en.wikipedia.org, socprime.com, www.pcmag.com, www.seqrite.com, www.pretentiousname.com, pen-testing.sans.org, enigma0x3.net, enigma0x3.net, enigma0x3.net, blog.fortinet.com, enigma0x3.net, enigma0x3.net, blog.sevagas.com, www.reddit.com, cloudsek.com, blogs.blackberry.com, blogs.blackberry.com, 0x1.gitlab.io, securityintelligence.com, www.sudo.ws, blog.malwarebytes.com, www.cybereason.com, www.mandiant.com, web.archive.org, www.uefi.org, en.wikipedia.org, en.wikipedia.org, grzegorztworek.medium.com, x.com, trustedsignal.blogspot.com, www.bleepingcomputer.com, web.archive.org, cybersecurity.att.com, posts.specterops.io, reaqta.com, x.com, docs.docker.com, blogs.cisco.com, community.cisco.com, unit42.paloaltonetworks.com, cdn2.hubspot.net, blog.malwarebytes.com, researchcenter.paloaltonetworks.com, news.sophos.com, twitter.com, www.kroll.com, www.nirsoft.net, reinforce.awsevents.com, us-cert.cisa.gov, o365blog.com, sec.okta.com, www.sygnia.co, news.sophos.com, www.cyberark.com, www.cybereason.com, www.bleepingcomputer.com, community.cisco.com, tools.cisco.com, tools.cisco.com, tools.cisco.com, tools.cisco.com, tools.cisco.com, researchcenter.paloaltonetworks.com, www.eurovps.com, www.intezer.com, www.sentinelone.com, www.mandiant.com, www.kroll.com, www.hexacorn.com, owasp.org, unit42.paloaltonetworks.com, www.wietzebeukema.nl, enigma0x3.net, medium.com, download.qfxsoftware.com, redcanary.com, www.alienvault.com, eclecticlight.co, eclecticlight.co, labs.sentinelone.com, eclecticlight.co, en.wikipedia.org, sandflysecurity.com, www.hybrid-analysis.com, www.hybrid-analysis.com, www.eventtracker.com, web.archive.org, pentestlaboratories.com, www.pwc.com, www.rapid7.com, clymb3r.wordpress.com, carnal0wnage.attackresearch.com, www.virustotal.com, www.virustotal.com, www.freedesktop.org, www.osdfcon.org, sarah-edwards-xzkc.squarespace.com, blogs.cisco.com, community.cisco.com, knowledge.broadcom.com, community.sophos.com, www.us-cert.gov, community.sophos.com, www.bleepingcomputer.com, cyble.com, x.com, community.rsa.com, secureteam.co.uk, ss64.com, x.com, twitter.com, www.hexacorn.com, x.com, www.volexity.com, www.sentinelone.com, blog.malwarebytes.com, www.carbonblack.com, www.fireeye.com, thedfirreport.com, blog.netwrix.com, thedfirreport.com, x.com, twitter.com, www.volexity.com, cdn2.hubspot.net, man7.org, www.gnu.org, access.redhat.com, www.chokepoint.net, blog.3or.de, download.sysinternals.com, www.securityjoes.com, research.nccgroup.com, twitter.com, blog.securehat.co.uk, www.geoffchappell.com, www.cobaltstrike.com, www.ired.team, research.nccgroup.com, ropgadget.com, www.bleepingcomputer.com, www.amd.com, blogs.cisco.com, www.giac.org, community.cisco.com, gitlab.com, man7.org, bohops.com, dtm.uk, oddvar.moe, oddvar.moe, bohops.com, bishopfox.com, twitter.com, blogs.juniper.net, www.inversecos.com, www.inversecos.com, www.magnetforensics.com, x.com, detect.fyi, 0x00sec.org, www.sentinelone.com, www.mandiant.com, www.sentinelone.com, www.mdsec.co.uk, www.intezer.com, intezer.com, www.sans.org, isc.sans.edu, www.deepinstinct.com, man7.org, linux.die.net, www.joesecurity.org, www.joesecurity.org, www.isaca.org, news.sophos.com, www.netskope.com, x.com, msitpros.com, web.archive.org, x.com, dmcxblue.gitbook.io, www.hackingarticles.in, www.coretechnologies.com, web.archive.org, svch0st.medium.com, artofpwn.com, researchcenter.paloaltonetworks.com, tools.ietf.org, sandflysecurity.com, csrc.nist.gov, csrc.nist.gov, techdocs.broadcom.com, www.huntress.com, www.trellix.com, x.com, www.us-cert.gov, the.earth.li, the.earth.li, specterops.io, blog.xpnsec.com, o365blog.com, www.mandiant.com, www.electronjs.org, medium.com, www.mend.io, www.first.org, izyknows.medium.com, access.redhat.com, www.trustwave.com, www.dcshadow.com, adsecurity.org, adds-security.blogspot.fr, www.dcshadow.com, www.labofapenetrationtester.com, download.sysinternals.com, blog-assets.f-secure.com, web.archive.org, unit42.paloaltonetworks.com, blog.appsecco.com, docs.docker.com, kubernetes.io, www.kubeflow.org, kubernetes.io, www.cisa.gov, www.cisa.gov, arxiv.org, posts.specterops.io, unit42.paloaltonetworks.com, www.blackhat.com, redcanary.com, redcanary.com, any.run, any.run, any.run, tccontre.blogspot.com, www.bleepingcomputer.com, www.sophos.com, www.sophos.com, www.sophos.com, www.sophos.com, www.sophos.com, www.sophos.com, www.virustotal.com, www.virustotal.com, www.virustotal.com, www.virustotal.com, www.virustotal.com, www.virustotal.com, www.virustotal.com, www.virustotal.com, www.splunk.com, admx.help, redcanary.com, blog.didierstevens.com, redcanary.com, blog.didierstevens.com, app.any.run, app.any.run, app.any.run, app.any.run, app.any.run, app.any.run, www.kali.org, admx.help, admx.help, www.rapid7.com, blog.bitsadmin.com, blueteamops.medium.com, www.trustedsec.com, blog.malwarebytes.com, medium.com, asec.ahnlab.com, www.cadosecurity.com, www.virustotal.com, web.archive.org, adsecurity.org, wald0.com, blog.harmj0y.net, blog.harmj0y.net, pentera.io, www.baeldung.com, intezer.com, jon-gabilondo-angulo-7635.medium.com, www.man7.org, www.tldp.org, blog.timac.org, www.hybrid-analysis.com, www.hybrid-analysis.com, www.eventtracker.com, blog.talosintelligence.com, cyberpedia.reasonlabs.com, cyberpedia.reasonlabs.com, blog.fortinet.com, www.sudo.ws, man7.org, rhinosecuritylabs.com, rhinosecuritylabs.com, www.hunters.security, unit42.paloaltonetworks.com, www.blackhat.com, hshrzd.wordpress.com, www.mandiant.com, seclists.org, knowledge.broadcom.com, medium.com, download.sysinternals.com, www.cisa.gov, www.cisa.gov, kernal.eu, www.group-ib.com, expel.io, unit42.paloaltonetworks.com, resources.infosecinstitute.com, blog.talosintelligence.com, www.trustwave.com, www.bleepingcomputer.com, cofense.com, www.computerworld.com, www.smartmontools.org, tria.ge, cert.europa.eu, defcon.org, web.archive.org, adsecurity.org, stealthbits.com, download.sysinternals.com, vms.drweb.com, researchcenter.paloaltonetworks.com, www.freedesktop.org, www.cyberbit.com, blog.ensilo.com, www.bleepingcomputer.com, www.ired.team, docs.rs, 0x00sec.org, twitter.com, fileinfo.com, taomm.org, cyble.com, web.archive.org, outflank.nl, www.intezer.com, twitter.com, community.cisco.com, www.computerworld.com, en.wikipedia.org, docs.docker.com, bohops.com, redcanary.com, winosbite.com, www.safebreach.com, blog.checkpoint.com, nsfocusglobal.com, powershellmagazine.com, www.mandiant.com, www.praetorian.com, www.mandiant.com, the.earth.li, unit42.paloaltonetworks.com, s7d2.scene7.com, www.redcanary.com, www.fireeye.com, airbus-cyber-security.com, www.fireeye.com, en.wikipedia.org, www.fireeye.com, www.trellix.com, www.cyberscoop.com, blog.cobaltstrike.com, blog.fox-it.com, www.giac.org, unprotect.it, www.uperesia.com, cdn2.hubspot.net, www.fireeye.com, ubuntuhandbook.org, www.us-cert.gov, thedfirreport.com, community.sophos.com, community.sophos.com, securitydatasets.com, securitydatasets.com, www.huntress.com, www.youtube.com, www.fireeye.com, unit42.paloaltonetworks.com, www.sans.org, blog.xpnsec.com, www.countercept.com, www.securityinbits.com, blog.didierstevens.com, blog.christophetd.fr, web.archive.org, lwn.net, www.gnu.org, access.redhat.com, web.archive.org, web.archive.org, www.chokepoint.net, modexp.wordpress.com, blog.malwarebytes.com, blogs.cisco.com, community.cisco.com, oddvar.moe, www.ptsecurity.com, threatpost.com, threatpost.com, www.fortinet.com, www.mandiant.com, blogs.blackberry.com, outflank.nl, www.mandiant.com, thehackernews.com, www.mdsec.co.uk, cdn.logic-control.com, download.sysinternals.com, download.sysinternals.com, www.mdsec.co.uk, unit42.paloaltonetworks.com, unit42.paloaltonetworks.com, www.nirsoft.net, medium.com, www.nirsoft.net, www.bleepingcomputer.com, thedfirreport.com, securitynews.sonicwall.com, mostafayahiax.medium.com, tools.cisco.com, tools.cisco.com, www.volexity.com, www.cisa.gov, blog.nviso.eu, new.dc414.org, www.mandiant.com, blogs.vmware.com, flylib.com, eclecticlight.co, www.sentinelone.com, tenon.com, www.volexity.com, web.archive.org, www.blackhat.com, www.carbonblack.com, researchcenter.paloaltonetworks.com, media.defense.gov, redcanary.com, www.cisa.gov, www.mandiant.com, threatexpress.com, vninja.net, www.mci.gov.sg, cybercx.com.au, embracethered.com, medium.com, news.sophos.com, threatpost.com, www.virtualbox.org, news.sophos.com, download.virtualbox.org, embracethered.com, www.blackberry.com, www.sentinelone.com, medium.com, www.linkedin.com, adsecurity.org, posts.specterops.io, specterops.io, blogs.vmware.com, speakerdeck.com, objective-see.com, www.fireeye.com, www.carbonblack.com, x.com, www.f-secure.com, www.huntress.com, research.splunk.com, thedfirreport.com, www.sentinelone.com, www.absolomb.com, securityboulevard.com, isc.sans.edu, en.wikipedia.org, unit42.paloaltonetworks.com, ubuntu.com, www.youtube.com, posts.specterops.io, objective-see.com, www.tripwire.com, en.wikipedia.org, posts.specterops.io, www.clearskysec.com, www.attackiq.com, www.fireeye.com, outflank.nl, medium.com, www.secureworks.com, researchcenter.paloaltonetworks.com, arstechnica.com, labs.sentinelone.com, expel.io, www.darkreading.com, cantoriscomputing.wordpress.com, securityintelligence.com, blog.malwarebytes.com, mockbin.org, cert.gov.ua, mockbin.org, posts.specterops.io, www.netspi.com, i.blackhat.com, i.blackhat.com, www.proofpoint.com, thedfirreport.com, jumpcloud.com, support.okta.com, www.mandiant.com, hick.org, blog.gdssecurity.com, man7.org, drwho.virtadpt.net, www.usenix.org, 2015.zeronights.org, www.recurity-labs.com, www.blackhat.com, tools.cisco.com, tools.cisco.com, s7d2.scene7.com, blog.talosintelligence.com, research.nccgroup.com, www.invictus-ir.com, www.huntress.com, www.secureworks.com, outflank.nl, www.menlosecurity.com, www.nccgroup.com, outflank.nl, adsecurity.org, blog.teusink.net, blog.teusink.net, x.com, web.archive.org, bromiley.medium.com, bashfuscator.readthedocs.io, redcanary.com, twitter.com, thedfirreport.com, www.sans.org, blog.redxorblue.com, blog.malwarebytes.com, www.proofpoint.com, ciberseguridad.blog, forum.anomali.com, blog.talosintelligence.com, www.blackhat.com, pentestlab.blog, www.fireeye.com, dmarc.org, www.ic3.gov, www.proofpoint.com, www.proofpoint.com, www.fireeye.com, www.apriorit.com, research.checkpoint.com, www.cadosecurity.com, objective-see.com, global.ptsecurity.com, arstechnica.com, stealthbits.com, www.trellix.com, x.com, www.hackingarticles.in, interpressecurity.com, www.sentinelone.com, man7.org, medium.com, www.gnu.org, access.redhat.com, www.chokepoint.net, www.huntress.com, www.blackhat.com, www.ired.team, www.hexacorn.com, modexp.wordpress.com, us-cert.cisa.gov, adsecurity.org, sec.okta.com, wald0.com, blog.harmj0y.net, www.sygnia.co, reaqta.com, x.com, pentestlab.blog, medium.com, web.archive.org, web.archive.org, web.archive.org, web.archive.org, researchcenter.paloaltonetworks.com, blog.malwarebytes.com, www.paloaltonetworks.com, www.sophos.com, www.mandiant.com, auth0.com, developer.okta.com, rhinosecuritylabs.com, posts.specterops.io, www.proofpoint.com, www.schneier.com, pdfs.semanticscholar.org, web.archive.org, blog.malwarebytes.com, posts.specterops.io, journeyintoir.blogspot.com, oddvar.moe, oddvar.moe, oddvar.moe, blog.f-secure.com, www.ired.team, clymb3r.wordpress.com, xorrior.com, www.secureworks.com, adsecurity.org, tools.cisco.com, tools.cisco.com, perception-point.io, insight-jp.nttsecurity.com, thehackernews.com, www.trustwave.com, malwareunicorn.org, www.virusbulletin.com, www.blackhat.com, objective-see.com, taomm.org, blogs.cisco.com, download.sysinternals.com, www.bleepingcomputer.com, securitylabs.datadoghq.com, www.bleepingcomputer.com, web.archive.org, enigma0x3.net, enigma0x3.net, www.phpied.com, www.phpied.com, bohops.com, research.checkpoint.com, www.ghacks.net, www.virustotal.com, blog.xpnsec.com, blog.cobaltstrike.com, blog.cobaltstrike.com, blog.nviso.eu, www.fireeye.com, www.mandiant.com, redcanary.com, redcanary.com, offsec.almond.consulting, web.archive.org, redcanary.com, redcanary.com, redcanary.com, www.proofpoint.com, blog.qualys.com, x.com, stackoverflow.com, thedfirreport.com, medium.com, download.sysinternals.com, www.anomali.com, www.mandiant.com, www.expressvpn.com, www.uptycs.com, www.cyberciti.biz, witsendandshady.blogspot.com, www.malwarearchaeology.com, papers.put.as, www.virusbulletin.com, www.blackhat.com, kubernetes.io, kubernetes.io, www.pretentiousname.com, pen-testing.sans.org, enigma0x3.net, enigma0x3.net, enigma0x3.net, blog.fortinet.com, enigma0x3.net, enigma0x3.net, blog.sevagas.com, www.reddit.com, cloudsek.com, blogs.blackberry.com, blogs.blackberry.com, 0x1.gitlab.io, securityintelligence.com, www.sudo.ws, blog.malwarebytes.com, www.cybereason.com, x.com, trustedsignal.blogspot.com, www.bleepingcomputer.com, web.archive.org, www.tldp.org, digital-forensics.sans.org, web.archive.org, helgeklein.com, unit42.paloaltonetworks.com, citizenlab.ca, helgeklein.com, reinforce.awsevents.com, us-cert.cisa.gov, o365blog.com, sec.okta.com, www.sygnia.co, www.sans.org, www.sans.org, www.wired.com, unit42.paloaltonetworks.com, blog.talosintelligence.com, blog.fox-it.com, www.cloudsek.com, labs.sentinelone.com, expel.com, www.invictus-ir.com, support.office.com, rhinosecuritylabs.com, stmxcsr.com, stmxcsr.com, www.kroll.com, www.hexacorn.com, owasp.org, unit42.paloaltonetworks.com, www.wietzebeukema.nl, enigma0x3.net, medium.com, download.qfxsoftware.com, pentestlaboratories.com, www.pwc.com, www.rapid7.com, kubernetes.io, kubernetes.io, www.proofpoint.com, www.man7.org, rootdse.org, files.brucon.org, www.blackhat.com, www.fireeye.com, www.fireeye.com, www.defcon.org, taomm.org, www.sentinelone.com, www.gnu.org, access.redhat.com, www.chokepoint.net, blog.3or.de, download.sysinternals.com, www.securityjoes.com, research.nccgroup.com, twitter.com, blog.securehat.co.uk, www.geoffchappell.com, www.cobaltstrike.com, www.ired.team, research.nccgroup.com, ropgadget.com, 0xn3va.gitbook.io, unit42.paloaltonetworks.com, docs.docker.com, docs.docker.com, www.intezer.com, www.antitree.com, www.youtube.com, docplayer.net, pentestlab.blog, bradleyjkemp.dev, www.paloaltonetworks.com, www.real-world-systems.com, www.virusbulletin.com, papers.put.as, www.sentinelone.com, blog.malwarebytes.com, web.archive.org, adsecurity.org, wald0.com, blog.harmj0y.net, blog.harmj0y.net, pentera.io, ss64.com, bash.cyberciti.biz, www.baeldung.com, intezer.com, jon-gabilondo-angulo-7635.medium.com, www.man7.org, www.tldp.org, blog.timac.org, blog.fortinet.com, www.sudo.ws, man7.org, web.archive.org, www.venafi.com, knowledge.broadcom.com, about.gitlab.com, www.cisco.com, www.cybereason.com, www.ssh.com, www.f-secure.com, oddvar.moe, web.archive.org, rhinosecuritylabs.com, rhinosecuritylabs.com, www.hunters.security, unit42.paloaltonetworks.com, www.blackhat.com, hshrzd.wordpress.com, seclists.org, giuliocomi.blogspot.com, web.archive.org, www.slideshare.net, web.archive.org, www.cyberbit.com, blog.ensilo.com, www.bleepingcomputer.com, www.ired.team, docs.rs, 0x00sec.org, twitter.com, web.archive.org, skanthak.homepage.t-online.de, www.cisa.gov, www.mandiant.com, o365blog.com, o365blog.com, o365blog.com, www.darkreading.com, web.archive.org, eclecticlight.co, eclecticlight.co, blog.checkpoint.com, objective-see.com, objective-see.com, objective-see.com, www.sentinelone.com, web.archive.org, twitter.com, blog.cobaltstrike.com, blog.fox-it.com, expel.io, posts.specterops.io, nedinthecloud.com, www.lacework.com, permiso.io, www.youtube.com, speakerdeck.com, expel.io, rhinosecuritylabs.com, www.fireeye.com, www.secureworks.com, web.archive.org, medium.com, web.archive.org, pentestlab.blog, thedfirreport.com, blog.xpnsec.com, www.countercept.com, www.securityinbits.com, blog.didierstevens.com, blog.christophetd.fr, web.archive.org, lwn.net, www.gnu.org, access.redhat.com, web.archive.org, web.archive.org, www.chokepoint.net, www.magnusviri.com, www.xorrior.com, www.sentinelone.com, blog.malwarebytes.com, oddvar.moe, medium.com, blueteamops.medium.com, www.hexacorn.com, www.fireeye.com, blog.stealthbits.com, volatility-labs.blogspot.com, www.megasecurity.org, tldp.org, pikeralpha.wordpress.com, tldp.org, www.tldp.org, richard-purves.com, www.virusbulletin.com, objective-see.org, en.wikipedia.org, media.defense.gov, modexp.wordpress.com, blog.malwarebytes.com, www.tecmint.com, wiki.archlinux.org, www.bleepingcomputer.com, lists.archlinux.org, www.hybrid-analysis.com, man7.org, blog.appsecco.com, docs.docker.com, kubernetes.io, kubernetes.io, www.redhat.com, www.volexity.com, www.cisa.gov, blog.nviso.eu, new.dc414.org, www.mandiant.com, unit42.paloaltonetworks.com, www.fireeye.com, researchcenter.paloaltonetworks.com, medium.com, www.varonis.com, www.virusbulletin.com, www.mdsec.co.uk, www.anomali.com, www.anomali.com, wiki.archlinux.org, scriptingosx.com, web.archive.org, cedowens.medium.com, blog.sucuri.net, unit42.paloaltonetworks.com, posts.specterops.io, objective-see.com, www.intezer.com, adsecurity.org, blogs.vmware.com, speakerdeck.com, objective-see.com, docplayer.net, pentestlab.blog, blog.gdatasoftware.com, bohops.com, pentestlab.blog, www.hexacorn.com, youtu.be, www.absolomb.com, securityboulevard.com, isc.sans.edu, www.virusbulletin.com, ubuntu.com, www.petri.com, en.wikipedia.org, researchcenter.paloaltonetworks.com, www.alienvault.com, www.virusbulletin.com, papers.put.as, blog.malwarebytes.com, blog.malwarebytes.com, hick.org, blog.gdssecurity.com, man7.org, redcanary.com, www.debian.org, objective-see.com, cpb-us-e1.wpmucdn.com, blogs.juniper.net, manpages.ubuntu.com, www.virusbulletin.com, www.intezer.com, www.intezer.com, www.blackhat.com, pentestlab.blog, www.ouah.org, www.anomali.com, www.freedesktop.org, man7.org, www.rapid7.com, redcanary.com, specifications.freedesktop.org, specifications.freedesktop.org, redcanary.com, www.fireeye.com, www.virusbulletin.com, taomm.org, www.slideshare.net, googleblog.blogspot.com, static.carahsoft.com, www.mandiant.com, interpressecurity.com, www.sentinelone.com, man7.org, medium.com, www.gnu.org, access.redhat.com, www.chokepoint.net, www.hexacorn.com, www.hexacorn.com, modexp.wordpress.com, us-cert.cisa.gov, adsecurity.org, sec.okta.com, wald0.com, blog.harmj0y.net, www.sygnia.co, blog.xpnsec.com, posts.specterops.io, www.linkedin.com, man7.org, x.com, www.cybereason.com, blog.f-secure.com, www.ired.team, www.aon.com, malwareunicorn.org, www.virusbulletin.com, www.blackhat.com, objective-see.com, taomm.org, download.sysinternals.com, redcanary.com, redcanary.com, offsec.almond.consulting, web.archive.org, redcanary.com, redcanary.com, redcanary.com, www.proofpoint.com, blog.qualys.com, x.com, stackoverflow.com, thedfirreport.com, medium.com, download.sysinternals.com, www.fireeye.com, www.mandiant.com, www.cybereason.com, www.tightvnc.com, blog.netlab.360.com, unit42.paloaltonetworks.com, tldp.org, www.mandiant.com, the.earth.li, the.earth.li, www.mdsec.co.uk, nodejs.org, www.sentinelone.com, posts.specterops.io, redcanary.com, kubernetes.io, kubernetes.io, owasp.org, blog.securelayer7.net, www.bleepingcomputer.com, sensepost.com, www.fireeye.com, www.contextis.com, posts.specterops.io, blog.nviso.be, sensepost.com, sensepost.com, www.bleepingcomputer.com, www.computerweekly.com, live.sysinternals.com, amtso.eicar.org, twitter.com, blog.morphisec.com, www.netskope.com, www.cloudsek.com, labs.sentinelone.com, www.fireeye.com, googleprojectzero.blogspot.com, enigma0x3.net, enigma0x3.net, techdocs.broadcom.com, techdocs.broadcom.com, www.proofpoint.com, www.sentinelone.com, www.sentinelone.com, outflank.nl, redops.at, www.gnu.org, www.cyberbit.com, www.gnu.org, man7.org, www.kernel.org, www.mdsec.co.uk, undocumented.ntinternals.net, www.autohotkey.com, www.autoitscript.com, www.splunk.com, www.autohotkey.com, www.redhat.com, blog.appsecco.com, docs.docker.com, kubernetes.io, www.kubeflow.org, kubernetes.io, www.bleepingcomputer.com, www.bleepingcomputer.com, www.thepythoncode.com, tools.cisco.com, www.autoitscript.com, docs.docker.com, docs.docker.com, docs.docker.com, kubernetes.io, kubernetes.io, kubernetes.io, researchcenter.paloaltonetworks.com, labs.sentinelone.com, ss64.com, tools.cisco.com, blogs.cisco.com, wojciechregula.blog, krebsonsecurity.com, www.reliaquest.com, www.proofpoint.com, blog.talosintelligence.com, www.proofpoint.com, www.mandiant.com, posts.specterops.io, www.mitiga.io, www.radmin.com, download.pdq.com, chocolatey.org, web.archive.org, www.fireeye.com, powershellmagazine.com, www.malwarearchaeology.com, web.archive.org, enigma0x3.net, twitter.com, www.tecmint.com, wiki.archlinux.org, www.bleepingcomputer.com, lists.archlinux.org, www.hybrid-analysis.com, man7.org, linux.die.net, www.fireeye.com, www.geeksforgeeks.org, www.lua.org, pgl.yoyo.org, web.archive.org, blog.talosintelligence.com, www.proofpoint.com, summitroute.com, www.zscaler.com, redcanary.com, redcanary.com, developer.broadcom.com, en.wikipedia.org, www.reliaquest.com, blog.sekoia.io, www.cloudsek.com, www.proofpoint.com, medium.com, www.varonis.com, cloud.hacktricks.xyz, www.own.security, www.cadosecurity.com, rhinosecuritylabs.com, rhinosecuritylabs.com, www.varonis.com, www.cybereason.com, download.sysinternals.com, download.sysinternals.com, media.defense.gov, download.sysinternals.com, www.linkedin.com, man7.org, x.com, www.cybereason.com, www.proofpoint.com, blog.qualys.com, x.com, stackoverflow.com, thedfirreport.com, medium.com, download.sysinternals.com, exatrack.com, www.anomali.com, www.mandiant.com, linux.die.net, web.archive.org, access.redhat.com, www.expressvpn.com, www.uptycs.com, www.cyberciti.biz, witsendandshady.blogspot.com, www.malwarearchaeology.com, papers.put.as, www.volexity.com, unit42.paloaltonetworks.com, www.virusbulletin.com, www.blackhat.com, kubernetes.io, kubernetes.io, web.archive.org, www.uefi.org, en.wikipedia.org, en.wikipedia.org, grzegorztworek.medium.com, x.com, trustedsignal.blogspot.com, www.bleepingcomputer.com, web.archive.org, web.archive.org, www.tldp.org, digital-forensics.sans.org, web.archive.org, helgeklein.com, unit42.paloaltonetworks.com, citizenlab.ca, helgeklein.com, www.ghacks.net, www.xorrior.com, developer.chrome.com, www.icebrg.io, static.googleusercontent.com, web.archive.org, isc.sans.edu, isc.sans.edu, www.proofpoint.com, en.wikipedia.org, community.cisco.com, tools.cisco.com, tools.cisco.com, tools.cisco.com, tools.cisco.com, tools.cisco.com, www.sans.org, www.sans.org, www.wired.com, unit42.paloaltonetworks.com, blog.talosintelligence.com, blog.fox-it.com, www.cloudsek.com, labs.sentinelone.com, malware.news, medium.com, www.mdsec.co.uk, expel.com, www.invictus-ir.com, support.office.com, rhinosecuritylabs.com, stmxcsr.com, stmxcsr.com, www.kroll.com, www.hexacorn.com, owasp.org, unit42.paloaltonetworks.com, www.wietzebeukema.nl, enigma0x3.net, medium.com, download.qfxsoftware.com, web.archive.org, web.archive.org, support.office.com, www.221bluestreet.com, pentestlaboratories.com, www.pwc.com, www.rapid7.com, kubernetes.io, kubernetes.io, www.proofpoint.com, clymb3r.wordpress.com, carnal0wnage.attackresearch.com, www.virustotal.com, www.virustotal.com, x.com, woshub.com, blog.checkpoint.com, www.xorrior.com, web.archive.org, securityintelligence.com, commondatastorage.googleapis.com, blog.compass-security.com, silentbreaksecurity.com, www.man7.org, rootdse.org, files.brucon.org, www.blackhat.com, www.fireeye.com, www.fireeye.com, www.defcon.org, taomm.org, www.sentinelone.com, www.bleepingcomputer.com, www.amd.com, blogs.cisco.com, www.giac.org, community.cisco.com, gitlab.com, www.youtube.com, rhinosecuritylabs.com, docplayer.net, pentestlab.blog, blog.xpnsec.com, o365blog.com, www.mandiant.com, www.cisa.gov, www.cisa.gov, arxiv.org, posts.specterops.io, unit42.paloaltonetworks.com, www.blackhat.com, redcanary.com, redcanary.com, any.run, any.run, any.run, tccontre.blogspot.com, www.bleepingcomputer.com, www.sophos.com, www.sophos.com, www.sophos.com, www.sophos.com, www.sophos.com, www.sophos.com, www.virustotal.com, www.virustotal.com, www.virustotal.com, www.virustotal.com, www.virustotal.com, www.virustotal.com, www.virustotal.com, www.virustotal.com, www.splunk.com, admx.help, redcanary.com, blog.didierstevens.com, redcanary.com, blog.didierstevens.com, app.any.run, app.any.run, app.any.run, app.any.run, app.any.run, app.any.run, www.kali.org, admx.help, admx.help, www.rapid7.com, blog.bitsadmin.com, blueteamops.medium.com, www.trustedsec.com, bradleyjkemp.dev, www.paloaltonetworks.com, www.real-world-systems.com, www.virusbulletin.com, papers.put.as, www.sentinelone.com, blog.malwarebytes.com, www.volexity.com, www.fireeye.com, www.us-cert.gov, pentera.io, ss64.com, bash.cyberciti.biz, www.baeldung.com, intezer.com, jon-gabilondo-angulo-7635.medium.com, www.man7.org, www.tldp.org, blog.timac.org, www.cisco.com, kubernetes.io, blog.checkpoint.com, thehackernews.com, www.mnemonic.io, blog.extensiontotal.com, web.archive.org, www.venafi.com, knowledge.broadcom.com, about.gitlab.com, www.cisco.com, www.cybereason.com, www.ssh.com, www.f-secure.com, oddvar.moe, web.archive.org, seclists.org, giuliocomi.blogspot.com, web.archive.org, www.slideshare.net, web.archive.org, web.archive.org, www.computerworld.com, www.smartmontools.org, www.hexacorn.com, support.office.com, enigma0x3.net, malware.news, www.221bluestreet.com, medium.com, web.archive.org, skanthak.homepage.t-online.de, www.cisa.gov, www.mandiant.com, o365blog.com, o365blog.com, o365blog.com, www.darkreading.com, www.computerworld.com, en.wikipedia.org, web.archive.org, eclecticlight.co, eclecticlight.co, blog.checkpoint.com, objective-see.com, objective-see.com, objective-see.com, www.sentinelone.com, web.archive.org, twitter.com, www.giac.org, expel.io, posts.specterops.io, nedinthecloud.com, www.lacework.com, permiso.io, www.youtube.com, speakerdeck.com, expel.io, rhinosecuritylabs.com, www.huntress.com, www.youtube.com, www.fireeye.com, www.secureworks.com, web.archive.org, medium.com, web.archive.org, pentestlab.blog, thedfirreport.com, unit42.paloaltonetworks.com, web-assets.esetstatic.com, www.magnusviri.com, www.xorrior.com, www.sentinelone.com, blog.malwarebytes.com, oddvar.moe, medium.com, blueteamops.medium.com, www.hexacorn.com, support.office.com, www.fireeye.com, blog.stealthbits.com, volatility-labs.blogspot.com, www.megasecurity.org, tldp.org, pikeralpha.wordpress.com, tldp.org, www.tldp.org, richard-purves.com, www.virusbulletin.com, objective-see.org, en.wikipedia.org, media.defense.gov, modexp.wordpress.com, blog.malwarebytes.com, www.tecmint.com, wiki.archlinux.org, www.bleepingcomputer.com, lists.archlinux.org, www.hybrid-analysis.com, man7.org, blogs.cisco.com, community.cisco.com, sensepost.com, blog.appsecco.com, docs.docker.com, kubernetes.io, kubernetes.io, www.redhat.com, www.volexity.com, www.cisa.gov, www.cisa.gov, www.mandiant.com, web.archive.org, www.trustwave.com, www.secureworks.com, web.archive.org, i.blackhat.com, researchcenter.paloaltonetworks.com, www.mdsec.co.uk, www.mdsec.co.uk, www.fireeye.com, researchcenter.paloaltonetworks.com, medium.com, www.varonis.com, www.virusbulletin.com, www.mdsec.co.uk, www.anomali.com, www.anomali.com, wiki.archlinux.org, scriptingosx.com, web.archive.org, cedowens.medium.com, blog.sucuri.net, unit42.paloaltonetworks.com, posts.specterops.io, objective-see.com, www.intezer.com, docplayer.net, pentestlab.blog, blog.gdatasoftware.com, bohops.com, pentestlab.blog, www.hexacorn.com, youtu.be, sensepost.com, www.absolomb.com, securityboulevard.com, isc.sans.edu, www.virusbulletin.com, www.wiz.io, pushsecurity.com, pushsecurity.com, www.huntress.com, cybercorner.tech, ubuntu.com, www.petri.com, www.secureworks.com, researchcenter.paloaltonetworks.com, arstechnica.com, labs.sentinelone.com, en.wikipedia.org, jumpcloud.com, support.okta.com, researchcenter.paloaltonetworks.com, www.alienvault.com, www.virusbulletin.com, papers.put.as, blog.malwarebytes.com, blog.malwarebytes.com, www.volexity.com, www.us-cert.gov, www.secureworks.com, adsecurity.org, blog.teusink.net, blog.teusink.net, redcanary.com, www.debian.org, objective-see.com, cpb-us-e1.wpmucdn.com, blogs.juniper.net, manpages.ubuntu.com, www.virusbulletin.com, www.intezer.com, www.intezer.com, www.ouah.org, www.anomali.com, www.freedesktop.org, man7.org, www.rapid7.com, redcanary.com, www.cert.at, www.f-secure.com, news.sophos.com, specifications.freedesktop.org, specifications.freedesktop.org, redcanary.com, www.virusbulletin.com, taomm.org, www.slideshare.net, googleblog.blogspot.com, static.carahsoft.com, www.mandiant.com, www.avg.com, www.avira.com, blogs.vmware.com, securityintelligence.com, www.fortinet.com, man7.org, www.hexacorn.com, researchcenter.paloaltonetworks.com, www.hexacorn.com, blog.xpnsec.com, posts.specterops.io, www.linkedin.com, man7.org, x.com, www.cybereason.com, clymb3r.wordpress.com, xorrior.com, www.secureworks.com, adsecurity.org, www.aon.com, blogs.vmware.com, www.netspi.com, www.netspi.com, tools.cisco.com, tools.cisco.com, malwareunicorn.org, www.virusbulletin.com, www.blackhat.com, objective-see.com, taomm.org, download.sysinternals.com, redcanary.com, redcanary.com, offsec.almond.consulting, web.archive.org, redcanary.com, redcanary.com, redcanary.com, exatrack.com, arxiv.org, en.wikipedia.org, en.wikipedia.org, arxiv.org, blog.talosintelligence.com, csis.pace.edu, www.fireeye.com, datadrivensecurity.info, medium.com, umbrella.cisco.com, go.cybereason.com, unit42.paloaltonetworks.com, medium.com, arxiv.org, www.paloaltonetworks.com, securityintelligence.com, www.mandiant.com, arxiv.org, resources.infosecinstitute.com, resources.infosecinstitute.com, arxiv.org, www.mandiant.com, blog.crysys.hu, www.huntress.com, download.teamviewer.com, download.anydesk.com, secure.logmein.com, launch.getgo.com, d1kuyuqowve5id.cloudfront.net, web.archive.org, static.remotepc.com, nsproducts.azureedge.net, www.ultraviewer.net, www.uvnc.eu, download.splashtop.com, download.splashtop.com, www.eff.org, www.bleepingcomputer.com, www.amd.com, blogs.cisco.com, www.giac.org, community.cisco.com, gitlab.com, www.sygnia.co, arxiv.org, www.bleepingcomputer.com, www.ssh.com, bin.equinox.io, web.archive.org, arxiv.org, arxiv.org, arxiv.org, www.sentinelone.com, unit42.paloaltonetworks.com, medium.com, blog.talosintelligence.com, www.fireeye.com, datadrivensecurity.info, www.broadcom.com, arxiv.org, www.fireeye.com, blog.rapid7.com, www.giac.org, arxiv.org, www.us-cert.gov, arxiv.org, unit42.paloaltonetworks.com, en.wikipedia.org, psiphon.ca, unit42.paloaltonetworks.com, arxiv.org, www.bitdefender.com, arxiv.org, x.com, www.fortinet.com, www.sans.org, insights.sei.cmu.edu, arxiv.org, medium.com, arxiv.org, www.sans.org, insights.sei.cmu.edu, arxiv.org, arxiv.org, blogs.cisco.com, community.cisco.com, en.wikipedia.org, www.blackhillsinfosec.com, nmap.org, unit42.paloaltonetworks.com, arxiv.org, www.icir.org, arxiv.org, en.wikipedia.org, en.wikipedia.org, blog.crysys.hu, www.huntress.com, en.wikipedia.org, en.wikipedia.org, arxiv.org, cdn0.vox-cdn.com, arxiv.org, securityintelligence.com, curl.se, www.trellix.com, www.technologyreview.com, arxiv.org, www.ptsecurity.com, www.exploit-db.com, www.bleepingcomputer.com, curl.se, curl.se, twitter.com, www.fireeye.com, example.com, nim-lang.org, x.com, example.com, getsamplefiles.com, the.earth.li, www.proofpoint.com, www.proofpoint.com, bluescreenofjeff.com, www.proofpoint.com, cofense.com, www.mandiant.com, www.orangecyberdefense.com, arxiv.org, arxiv.org, arxiv.org, arxiv.org, www.fireeye.com, arxiv.org, www.rarlab.com, www.winzip.com, www.7-zip.org, en.wikipedia.org, www.win-rar.com, www.win-rar.com, download.winzip.com, www.7-zip.org, the.earth.li, unit42.paloaltonetworks.com, blog.malwarebytes.com, www.volexity.com, arxiv.org, www.praetorian.com, www.rapid7.com, blog.netlab.360.com, blog.talosintelligence.com, community.cisco.com, opensecuritytraining.info, tools.cisco.com, us-cert.cisa.gov, www.us-cert.gov, support.office.com, svch0st.medium.com, www.cisa.gov, trustedsec.com, web.archive.org, practical365.com, support.office.com, www.mandiant.com, www.cisa.gov, blog.reversinglabs.com, medium.com, www.wired.com, www.hipaajournal.com, redcanary.com, www.mandiant.com, www.cisco.com, www.mandiant.com, www.us-cert.gov, libzip.org, pypi.org, en.wikipedia.org, kavigihan.medium.com, posts.specterops.io, www.bleepingcomputer.com, us-cert.cisa.gov, community.cisco.com, www.us-cert.gov, cdn.cnn.com, en.wikipedia.org, en.wikipedia.org, www.cobaltstrike.com, www.icebrg.io, web.archive.org, datatracker.ietf.org, isc.sans.edu, datatracker.ietf.org, web.archive.org, web.archive.org, www.rapid7.com, blog.secureideas.com, www.sternsecurity.com, en.wikipedia.org, www.volexity.com, objective-see.com, svch0st.medium.com, confluence.atlassian.com, blog.compass-security.com, www.us-cert.gov, www.mandiant.com, web.archive.org, logrhythm.com, embracethered.com, enigma0x3.net, baesystemsai.blogspot.com, twitter.com, twitter.com, opensecuritytraining.info, www.bleepingcomputer.com, www.bleepingcomputer.com, www.bleepingcomputer.com, web.archive.org, tools.ietf.org, pen-testing.sans.org, www.wired.com, krebsonsecurity.com, www.mitiga.io, confluence.atlassian.com, support.office.com, cybernews.com, www.sans.org, www.us-cert.gov, community.cisco.com, tools.cisco.com, eyeofrablog.wordpress.com, zairon.wordpress.com, www.gmer.net, www.mwrinfosecurity.com, intezer.com, www.scribd.com, security.stackexchange.com, www.adlice.com, volatility-labs.blogspot.com, www.example.com, www.sentinelone.com, permiso.io, www.scmagazine.com, www.theguardian.com, pentestlab.blog, lists.openstack.org, www.tenable.com, www.offensive-security.com, gitlab.gnome.org, gitlab.gnome.org, sarah-edwards-xzkc.squarespace.com, www.bleepingcomputer.com, datatracker.ietf.org, help.realvnc.com, int0x33.medium.com, rewtin.blogspot.ch, www.sygnia.co, sarah-edwards-xzkc.squarespace.com, www.sygnia.co, the.earth.li, www.computerworld.com, techcrunch.com, citeseerx.ist.psu.edu, permiso.io, www.mandiant.com, www.blackhat.com, web.archive.org, www.slideshare.net, matrix.org, medium.com, en.wikipedia.org, download.sysinternals.com, csrc.nist.gov, csrc.nist.gov, lockboxx.blogspot.com, www.fireeye.com, sarah-edwards-xzkc.squarespace.com, www.ssh.com, medium.com, matrix.org, medium.com, www.slideshare.net, www.fireeye.com, enigma0x3.net, enigma0x3.net, enigma0x3.net, enigma0x3.net, www.cybereason.com, blog.cobaltstrike.com, posts.specterops.io, cert.europa.eu, defcon.org, web.archive.org, adsecurity.org, stealthbits.com, download.sysinternals.com, www.mandiant.com, posts.specterops.io, www.mitiga.io, www.radmin.com, download.pdq.com, chocolatey.org, www.cisecurity.org, arstechnica.com, nvd.nist.gov, nvd.nist.gov, nvd.nist.gov, www.technologyreview.com, unit42.paloaltonetworks.com, unit42.paloaltonetworks.com, medium.com, www.korznikov.com, medium.com, stealthbits.com, web.archive.org, auth0.com, developer.okta.com, rhinosecuritylabs.com, www.volexity.com, arxiv.org, www.praetorian.com, www.rapid7.com, blog.netlab.360.com, linux.die.net, web.archive.org, access.redhat.com, blog.talosintelligence.com, community.cisco.com, opensecuritytraining.info, web.archive.org, www.us-cert.gov, news.sophos.com, the.earth.li, medium.com, adsecurity.org, wiki.samba.org, www.harmj0y.net, labs.portcullis.co.uk, web.archive.org, www.n00py.io, twitter.com, twitter.com, twitter.com, twitter.com, krebsonsecurity.com, unit42.paloaltonetworks.com, blog.talosintelligence.com, www.malwarebytes.com, www.sqlite.org, www.malwarebytes.com, www.sqlite.org, embracethered.com, www.python.org, redlock.io, krebsonsecurity.com, www.slideshare.net, web.archive.org, www.us-cert.gov, en.wikipedia.org, www.7-zip.org, hashcat.net, www.slideshare.net, www.netmeister.org, support.passware.com, www.first.org, ired.team, www.passcape.com, pentestlab.blog, download.sysinternals.com, www.cyberark.com, www.sygnia.co, www.baeldung.com, book.hacktricks.xyz, www.picussecurity.com, www.cybereason.com, www.fox-it.com, www.ise.io, nvd.nist.gov, www.cisco.com, posts.specterops.io, rhinosecuritylabs.com, www.us-cert.gov, 1.eu.dl.wireshark.org, nmap.org, pentestlab.blog, clymb3r.wordpress.com, carnal0wnage.attackresearch.com, www.virustotal.com, www.virustotal.com, www.binarydefense.com, adepts.of0x.cc, posts.specterops.io, labs.portcullis.co.uk, www.fireeye.com, blog.harmj0y.net, blog.stealthbits.com, redsiege.com, adsecurity.org, cert.europa.eu, medium.com, blog.stealthbits.com, adsecurity.org, adsecurity.org, adsecurity.org, www.f-secure.com, labs.portcullis.co.uk, kavigihan.medium.com, posts.specterops.io, www.bleepingcomputer.com, blog.xpnsec.com, o365blog.com, www.mandiant.com, blog.talosintelligence.com, www.proofpoint.com, www.fireeye.com, get.geo.opera.com, www.forensicfocus.com, aka.ms, www.python.org, actzero.ai, datatracker.ietf.org, isc.sans.edu, datatracker.ietf.org, web.archive.org, web.archive.org, researchcenter.paloaltonetworks.com, www.cisco.com, aadinternals.com, web.archive.org, en.wikipedia.org, o365blog.com, o365blog.com, posts.specterops.io, www.splunk.com, www.rapid7.com, blog.secureideas.com, www.sternsecurity.com, en.wikipedia.org, medium.com, www.deepinstinct.com, docplayer.net, www.volexity.com, download.sysinternals.com, outflank.nl, www.python.org, download.sysinternals.com, twitter.com, www.trimarcsecurity.com, www.blackhillsinfosec.com, www.us-cert.gov, medium.com, www.volexity.com, passlib.readthedocs.io, ired.team, labs.portcullis.co.uk, www.peew.pw, adsecurity.org, cert.europa.eu, adsecurity.org, adsecurity.org, blog.stealthbits.com, www.sevecek.com, posts.specterops.io, web.archive.org, o365blog.com, www.mandiant.com, www.slideshare.net, carnal0wnage.attackresearch.com, unit42.paloaltonetworks.com, unit42.paloaltonetworks.com, posts.specterops.io, blogs.technet.com, www.volexity.com, unit42.paloaltonetworks.com, www.amnesty.org, posts.specterops.io, auth0.com, auth0.com, web.archive.org, kubernetes.io, obscuresecurity.blogspot.co.uk, adsecurity.org, www.huntress.com, www.youtube.com, unit42.paloaltonetworks.com, wiki.zimbra.com, therecord.media, portswigger.net, www.mandiant.com, www.obsidiansecurity.com, www.nightfall.ai, www.bugcrowd.com, www.comparitech.com, adsecurity.org, x.com, logrhythm.com, embracethered.com, enigma0x3.net, baesystemsai.blogspot.com, www.dragos.com, www.us-cert.gov, www.cisa.gov, www.mandiant.com, www.cylance.com, web.archive.org, osandamalith.com, blog.didierstevens.com, www.us-cert.gov, en.wikipedia.org, twitter.com, opensecuritytraining.info, web.archive.org, tools.ietf.org, pen-testing.sans.org, jumpcloud.com, support.okta.com, permiso.io, arcticwolf.com, www.tldp.org, www.cyberciti.biz, adsecurity.org, adsecurity.org, medium.com, www.sevecek.com, blog.malwarebytes.com, www.passcape.com, blog.malwarebytes.com, medium.com, www.secureworks.com, adsecurity.org, blog.teusink.net, blog.teusink.net, www.route-fifty.com, dl.mandiant.com, sec.okta.com, adsecurity.org, en.wikipedia.org, redsiege.com, adsecurity.org, blog.harmj0y.net, www.harmj0y.net, powersploit.readthedocs.io, adsecurity.org, adsecurity.org, wiki.samba.org, www.harmj0y.net, blog.harmj0y.net, blog.stealthbits.com, adsecurity.org, www.dsinternals.com, clymb3r.wordpress.com, xorrior.com, www.secureworks.com, adsecurity.org, eyeofrablog.wordpress.com, zairon.wordpress.com, www.gmer.net, www.mwrinfosecurity.com, intezer.com, www.scribd.com, security.stackexchange.com, www.adlice.com, volatility-labs.blogspot.com, www.example.com, unit42.paloaltonetworks.com, docs.docker.com, kubernetes.io, tools.cisco.com, tools.cisco.com, www.cisco.com, us-cert.cisa.gov, redcanary.com, docs.docker.com, kubernetes.io, kubernetes.io, unit42.paloaltonetworks.com, www.blackhillsinfosec.com, cloudidentity.googleapis.com, adsecurity.org, unit42.paloaltonetworks.com, man7.org, www.tldp.org, linux.die.net, www.joeware.net, www.joeware.net, stealthbits.com, www.joeware.net, www.fireeye.com, www.joeware.net, www.fireeye.com, shenaniganslabs.io, medium.com, medium.com, www.reliaquest.com, linux.die.net, linux.die.net, www.fireeye.com, the.earth.li, researchcenter.paloaltonetworks.com, www.joeware.net, www.fireeye.com, media.defense.gov, www.cisco.com, posts.specterops.io, rhinosecuritylabs.com, www.us-cert.gov, 1.eu.dl.wireshark.org, nmap.org, en.wikipedia.org, www.cisa.gov, unit42.paloaltonetworks.com, linuxhint.com, ss64.com, www.varonis.com, labs.sentinelone.com, www.sentinelone.com, www.us-cert.gov, malpedia.caad.fkie.fraunhofer.de, malpedia.caad.fkie.fraunhofer.de, nwgat.ninja, blog.sekoia.io, blog.cyble.com, www.verboon.info, tria.ge, tria.ge, evasions.checkpoint.com, the.earth.li, the.earth.li, petri.com, www.binarydefense.com, research.checkpoint.com, www.geeksforgeeks.org, www.malwarebytes.com, mackeeper.com, www.bleepingcomputer.com, web.archive.org, www.blackhillsinfosec.com, www.joesecurity.org, www.joesecurity.org, www.isaca.org, news.sophos.com, www.netskope.com, expel.io, www.mandiant.com, blog.malwarebytes.com, www.mandiant.com, www.trellix.com, www.us-cert.gov, www.sneakymonkey.net, www.blackhillsinfosec.com, www.joeware.net, www.fireeye.com, adsecurity.org, posts.specterops.io, www.joeware.net, www.fireeye.com, www.joeware.net, www.fireeye.com, blogs.jpcert.or.jp, www.us-cert.gov, www.mandiant.com, news.sophos.com, the.earth.li, www.us-cert.gov, www.sygnia.co, unit42.paloaltonetworks.com, permiso.io, www.mandiant.com, labs.withsecure.com, thedfirreport.com, www.blackhillsinfosec.com, www.cisco.com, www.us-cert.gov, www.sygnia.co, www.snapfiles.com, www.fireeye.com, unit42.paloaltonetworks.com, www.sans.org, www.jamf.com, superuser.com, www.us-cert.gov, blueteamops.medium.com, www.cybereason.com, en.wikipedia.org, blog.cylance.com, blog.cylance.com, www.handgrep.se, www.offensive-security.com, www.mandiant.com, blog.talosintelligence.com, www.bleepingcomputer.com, s3.documentcloud.org, news.sophos.com, news.sophos.com, curl.se, us-cert.cisa.gov, www.us-cert.gov, www.python.org, www.joeware.net, www.fireeye.com, www.joeware.net, www.fireeye.com, www.mandiant.com, www.softperfect.com, us-cert.cisa.gov, themittenmac.com, nmap.org, www.python.org, www.apriorit.com, research.checkpoint.com, www.cadosecurity.com, objective-see.com, global.ptsecurity.com, wiki.archlinux.org, research.checkpoint.com, www.cisco.com, www.macinstruct.com, any.run, www.rsaconference.com, www.picussecurity.com, www.picussecurity.com, research.splunk.com, blogs.blackberry.com, thedfirreport.com, www.amnesty.org, www.mandiant.com, www.ic3.gov, unit42.paloaltonetworks.com, michaelkoczwara.medium.com, threatconnect.com, blog.xpnsec.com, awakesecurity.com, www.bleepingcomputer.com, www.bleepingcomputer.com, www.wsj.com, www.ic3.gov, openai.com, www.wired.com, www.mandiant.com, www.justice.gov, www.bbc.com, www.ic3.gov, www.sentinelone.com, www.spamhaus.com, labs.guard.io, threatpost.com, www.recordedfuture.com, www.splunk.com, unit42.paloaltonetworks.com, www.splunk.com, arstechnica.com, www.fireeye.com, therecord.media, arstechnica.com, www.securityweek.com, media.blackhat.com, nvd.nist.gov, krebsonsecurity.com, krebsonsecurity.com, krebsonsecurity.com, www.imperva.com, cybersecurity.att.com, arstechnica.com, web.archive.org, en.wikipedia.org, michaelkoczwara.medium.com, media.defense.gov, threatconnect.com, unit42.paloaltonetworks.com, awakesecurity.com, www.netcraft.com, arstechnica.com, www.volexity.com, blog.talosintelligence.com, media.defense.gov, www.zdnet.com, us-cert.cisa.gov, us-cert.cisa.gov, www.blackhillsinfosec.com, web.archive.org, www.invictus-ir.com, krebsonsecurity.com, blog.talosintelligence.com, blog.talosintelligence.com, www.fireeye.com, www.mdsec.co.uk, www.techtarget.com, www.cobaltstrike.com, www.blackhat.com, docs.ostorlab.co, web.archive.org, web.archive.org, threatconnect.com, www.secureworks.com, www.malwarebytes.com, www.dragos.com, www.intezer.com, unit42.paloaltonetworks.com, michaelkoczwara.medium.com, threatconnect.com, www.nytimes.com, unit42.paloaltonetworks.com, www.fireeye.com, www.mandiant.com, michaelkoczwara.medium.com, threatconnect.com, www.amnesty.org, www.fireeye.com, www.icann.org, michaelkoczwara.medium.com, www.volexity.com, www.fireeye.com, blog.talosintelligence.com, media.defense.gov, threatconnect.com, web.archive.org, arstechnica.com, www.secureworks.com, www.imperva.com, www.volexity.com, www.netskope.com, www.netskope.com, cybersecurity.att.com, arstechnica.com, www.malwarebytes.com, www.dragos.com, web.archive.org, blog.malwarebytes.com, www.proofpoint.com, www.netskope.com, www.netskope.com, media.defense.gov, blog.talosintelligence.com, blog.malwarebytes.com, www.techtarget.com, www.blackhat.com, docs.ostorlab.co, www.intezer.com, www.proofpoint.com, cofense.com, www.mandiant.com, thehackernews.com, threatconnect.com, awakesecurity.com, www.randhome.io, www.recordedfuture.com, www.recordedfuture.com, threatconnect.com, www.securityweek.com, media.blackhat.com, www.irongeek.com, www.nytimes.com, www.splunk.com, www.fireeye.com, blog.talosintelligence.com, blogs.cisco.com, www.proofpoint.com, unit42.paloaltonetworks.com, www.securityweek.com, www.fireeye.com, media.blackhat.com, citizenlab.ca, www.mandiant.com, threatpost.com, www.recordedfuture.com, www.splunk.com, www.randhome.io, www.nytimes.com, krebsonsecurity.com, www.cisa.gov, blog.xpnsec.com, awakesecurity.com, www.bleepingcomputer.com, www.bleepingcomputer.com, michaelkoczwara.medium.com, threatconnect.com, www.malwarebytes.com, atlas-cybersecurity.com, news.sophos.com, thedfirreport.com, www.zscaler.com, zero.checkmarx.com, checkmarx.com, en.wikipedia.org, www.splunk.com, www.fireeye.com, blog.talosintelligence.com, www.bitdefender.com, citizenlab.ca, www.nytimes.com, www.exploit-db.com, www.wired.co.uk, www.vice.com, krebsonsecurity.com, www.icann.org, unit42.paloaltonetworks.com, cybersecurity.att.com, www.trellix.com, threatconnect.com, medium.com, www.sslshopper.com, www.zdnet.com, www.circl.lu, dnsdumpster.com, who.is, www.circl.lu, www.cisa.gov, dnsdumpster.com, en.internetwache.org, x.com, web.archive.org, who.is, medium.com, www.comparitech.com, www.theregister.com, www.circl.lu, dnsdumpster.com, threatpost.com, cybersecurity.att.com, threatconnect.com, www.mandiant.com, web.archive.org, iapp.org, therecord.media, www.pcmag.com, mrd0x.com, www.mandiant.com, csrc.nist.gov, www.proofpoint.com, en.ryte.com, www.proofpoint.com, www.zscaler.com, dnsdumpster.com, www.slideshare.net, d3security.com, web.archive.org, labs.detectify.com, grimhacker.com, www.theregister.com, www.cnet.com, www.obsidiansecurity.com, www.forbes.com, www.theregister.com, owasp.org, www.circl.lu, dnsdumpster.com, medium.com, who.is, shodan.io, www.sslshopper.com, www.digitalshadows.com, www.caida.org, wiki.owasp.org, o365blog.com, grimhacker.com, www.hackers-arise.com, www.cnet.com, www.avertium.com, business.bofa.com, nmap.org, www.recordedfuture.com, www.exploit-db.com, threatpost.com, www.forbes.com, web.archive.org, cybersecurity.att.com, threatconnect.com, web.archive.org, nakedsecurity.sophos.com, www.huntress.com, www.digitalshadows.com, threatpost.com, www.sec.gov, www.circl.lu, dnsdumpster.com, who.is, www.recordedfuture.com, cyware.com, www.exploit-db.com, www.zdnet.com, arstechnica.com, cybersecurity.att.com, threatconnect.com, cyware.com, www.bleepingcomputer.com, cybersecurity.att.com, labs.detectify.com, www.bleepingcomputer.com, www.theregister.com, www.cnet.com, sec.okta.com, www.forbes.com, www.secureworks.com, www.theregister.com, www.clearskysec.com, rhinosecuritylabs.com, threatpost.com, web.archive.org, www.avertium.com, nakedsecurity.sophos.com, blog.cyberproof.com, www.pcmag.com, threatpost.com, www.proofpoint.com, unit42.paloaltonetworks.com, www.caida.org, www.circl.lu, o365blog.com, dnsdumpster.com, who.is, shodan.io, threatpost.com, www.sec.gov, threatpost.com, www.cisco.com, unit42.paloaltonetworks.com, researchcenter.paloaltonetworks.com, web.archive.org, www.cisco.com, www.justice.gov, torrentfreak.com, web.archive.org, www.intelligence.senate.gov, www.cisco.com, web.archive.org, pages.arbornetworks.com, www.halcyon.ai, www.paloaltonetworks.com, stratus-red-team.cloud, reinforce.awsevents.com, www.twilio.com, www.twilio.com, www.cisco.com, pages.arbornetworks.com, www.cisco.com, web.archive.org, www.justice.gov, www.mandiant.com, www.secureworks.com, blog.talosintelligence.com, web.archive.org, blog.sucuri.net, www.justice.gov, www.mandiant.com, www.cisco.com, pages.arbornetworks.com, www.netscout.com, www.cisco.com, pages.arbornetworks.com, unit42.paloaltonetworks.com, www.mandiant.com, www.justice.gov, www.fbi.gov, www.cisa.gov, apnews.com, www.ic3.gov, www.bbc.com, www.wired.com, www.nytimes.com, www.varonis.com, web.archive.org, web.archive.org, redcanary.com, redcanary.com, cyware.com, www.cybereason.com, community.fortinet.com, blog.cyble.com, www.bleepingcomputer.com, the.earth.li, www.sentinelone.com, www.invictus-ir.com, www.lacework.com, permiso.io, unit42.paloaltonetworks.com, medium.com, f.hubspotusercontent30.net, www.carbonblack.com, unit42.paloaltonetworks.com, www.carbonblack.com, www.fireeye.com, rhinosecuritylabs.com, www.halcyon.ai, www.varonis.com, digital.nhs.uk, www.us-cert.gov, www.us-cert.gov, www.us-cert.gov, www.bleepingcomputer.com, www.gpg4win.org, files.gpg4win.org, thedfirreport.com, akira.onion, akira.onion, krebsonsecurity.com, news.sophos.com, www.rapid7.com, www.hhs.gov, www.cisco.com, www.ic3.gov, arstechnica.com, web.archive.org, www.justice.gov, www.justice.gov, www.mandiant.com, www.justice.gov, unit42.paloaltonetworks.com, researchcenter.paloaltonetworks.com, web.archive.org, blog.talosintelligence.com, threatpost.com, download.sysinternals.com, www.cybereason.com, the.earth.li, www.cisco.com, www.ic3.gov, web.archive.org, www.cisa.gov, cyber.dhs.gov, web.archive.org, www.darkreading.com, www.fireeye.com, www.cybereason.com, blog.talosintelligence.com, www.zscaler.com, rhinosecuritylabs.com, www.zdnet.com, x.com, www.virustotal.com, www.justice.gov, web.archive.org, web.archive.org, blog.talosintelligence.com, www.cisa.gov, blog.talosintelligence.com, www.mandiant.com, the.earth.li, blogs.vmware.com, the.earth.li, the.earth.li, www.volexity.com, unit42.paloaltonetworks.com, web.archive.org, us-cert.cisa.gov, www.netskope.com, www.mandiant.com, www.optiv.com, www.secureworks.com, medium.com, www.proofpoint.com, web.archive.org, researchcenter.paloaltonetworks.com, www.computerworld.com, techcrunch.com, citeseerx.ist.psu.edu, web.archive.org, www-01.ibm.com, web.archive.org, www.se.com, www.dfir.it, www.cisecurity.org, arstechnica.com, www.recordedfuture.com, www.wired.com, www.mandiant.com, nvd.nist.gov, nvd.nist.gov, community.cisco.com, www.owasp.org, us-cert.cisa.gov, www.eff.org, pentera.io, us-cert.cisa.gov, web.archive.org, krebsonsecurity.com, www.cisa.gov, blog.cyberproof.com, unit42.paloaltonetworks.com, blog.sygnia.co, www.proofpoint.com, unit42.paloaltonetworks.com, www.volexity.com, www.cisa.gov, www.cisa.gov, unit42.paloaltonetworks.com, blog.sygnia.co, www.proofpoint.com, web.archive.org, ubuntu.com, ossmann.blogspot.com, www.youtube.com, arstechnica.com, www.youtube.com, blog.shadowserver.org, viruspositive.com, www.malwarebytes.com, posts.specterops.io, info.lookout.com, download.sysinternals.com, www.volexity.com, www.justice.gov, medium.com, www.cyberark.com, support.discord.com, blog.talosintelligence.com, blog.talosintelligence.com, www.redhat.com, sftpcloud.io, arxiv.org, www.cisco.com, www.juniper.net, community.cisco.com, www.us-cert.gov, arxiv.org, curl.se, file.io, arxiv.org, arxiv.org, researchcenter.paloaltonetworks.com, labs.sentinelone.com, web.archive.org, web.archive.org, pastebin.com, thedfirreport.com, downloads.rclone.org, arxiv.org, example.com, tldrsec.com, cdn.cnn.com, www.cisco.com, arxiv.org, www.mandiant.com, thedfirreport.com, downloads.rclone.org. KEYDAL kSentinel.

TrickBot — Malware Profile

TrickBot modular banking trojan. DGA filename. WTSSetUserConfigW RDP targeting. RegUnLoadKeyA registry hive dump.

Malware Type
Botnet
Programming Language
C++
C2 Protocol
HTTPS
Target Systems
Windows
Also Known As (AKA)
TrickLoader

Technical Details

TrickBot is a modular banking trojan and loader developed by WIZARD SPIDER since 2016. Evolved from Dyre banking trojan with modular architecture allowing plugin-based functionality. Modules: pwgrab (credential theft), networkdll (network reconnaissance), shareDll (SMB spread), tabDll (browser form grabbing), vncDll (remote access), mworm/nworm (propagation). Used extensively to deliver Ryuk and Conti ransomware. C2 communication: HTTPS with custom User-Agent strings. Infrastructure disrupted by Microsoft/ESET/Symantec/CISA in October 2020. Key operators arrested/sanctioned; infrastructure rebuilt multiple times. Shifted focus from banking to enterprise ransomware delivery (2019-2022).

Attribution / Threat Actor

WIZARD SPIDER, Dyre successor

Capabilities & Behavior

DDoS Saldırısı
Botnet Genişletme
Brute Force Taran
Payload Dağıtımı
Uzaktan Komut
Ağ Tarama
Kimlik Bilgisi Çalma
IoT Cihaz Kontrolü

IOC List (2 indicators)

IOC — TrickBot
# SHA256 a610ef0e37af408aa49c7296d238796c57ac45aa8b0809ce72bc4d75b23fdf4f # MD5 a686b29f491b1779cf0e616dbee999e8
TypeValueNote
sha256 a610ef0e37af408aa49c7296d238796c57ac45aa8b0809ce72bc4d75b23fdf4f TrickBot
md5 a686b29f491b1779cf0e616dbee999e8 TrickBot

C2 Servers (7 recorded servers for this family)

Address Type Port Protocol Status Country
176.111.174.70 ip 443 HTTPS inactive RU
45.156.25.1 ip 443 HTTPS sinkholed RU
185.234.218.151 ip 443 HTTPS sinkholed RU
82.117.252.143 ip 449 HTTPS sinkholed DE
45.147.231.250 ip 443 HTTPS sinkholed NL
31.214.157.14 ip 443 HTTPS sinkholed UA
185.234.219.77 ip 449 HTTPS sinkholed RU

C2 addresses are provided only from malware samples manually verified by the KEYDAL team. Commercial use is prohibited.

Tags
trickbotloaderanalizstatik