top of page
Trickbot banking Trojan modules overview | Securelist
C45-2021-10-19-3
Indicators of Compromise (IOC) List
Indicator of Compromise (IOC) | Date Published | IOC Type |
|---|---|---|
97.83.40.67 | 19/10/2021 | IPv4 |
36.91.186.235 | 19/10/2021 | IPv4 |
202.65.119.162 | 19/10/2021 | IPv4 |
ed1f9e435dc885292eab65620c51f3fb | 19/10/2021 | MD5 |
128.201.76.252 | 19/10/2021 | IPv4 |
36.95.23.89 | 19/10/2021 | IPv4 |
103.123.86.104 | 19/10/2021 | IPv4 |
HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\SQL to obtain SQL server instances. It also makes a broadcast UDP request on ports 1433 and 1434 to obtain SQL server instances from the SQL Server Browser service that usually runs on these ports. After gathering SQL server instances | 19/10/2021 | Win_Registry |
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 19/10/2021 | Win_Registry |
136.228.128.21 | 19/10/2021 | IPv4 |
36.91.88.164 | 19/10/2021 | IPv4 |
103.146.232.154 | 19/10/2021 | IPv4 |
103.75.32.173 | 19/10/2021 | IPv4 |
139.255.65.170 | 19/10/2021 | IPv4 |
116.206.153.212 | 19/10/2021 | IPv4 |
194.190.18.122 | 19/10/2021 | IPv4 |
185.234.72.84 | 19/10/2021 | IPv4 |
45.36.99.184 | 19/10/2021 | IPv4 |
HKLM\SECURITY | 19/10/2021 | Win_Registry |
186.4.193.75 | 19/10/2021 | IPv4 |
62.99.76.213 | 19/10/2021 | IPv4 |
184.74.99.214 | 19/10/2021 | IPv4 |
139.255.6.2 | 19/10/2021 | IPv4 |
172.245.6.107 | 19/10/2021 | IPv4 |
HKLM\SYSTEM | 19/10/2021 | Win_Registry |
185.142.99.26 | 19/10/2021 | IPv4 |
202.9.121.143 | 19/10/2021 | IPv4 |
181.129.167.82 | 19/10/2021 | IPv4 |
45.115.172.105 | 19/10/2021 | IPv4 |
51.89.115.121 | 19/10/2021 | IPv4 |
45.155.173.242 | 19/10/2021 | IPv4 |
103.194.88.4 | 19/10/2021 | IPv4 |
103.47.170.131 | 19/10/2021 | IPv4 |
58.97.72.83 | 19/10/2021 | IPv4 |
87.97.178.92 | 19/10/2021 | IPv4 |
24.162.214.166 | 19/10/2021 | IPv4 |
103.47.170.130 | 19/10/2021 | IPv4 |
HKLM\SAM | 19/10/2021 | Win_Registry |
103.9.188.78 | 19/10/2021 | IPv4 |
118.91.190.42 | 19/10/2021 | IPv4 |
210.2.149.202 | 19/10/2021 | IPv4 |
122.117.90.133 | 19/10/2021 | IPv4 |
HKLM\SYSTEM\CurrentControlSet\Services registry keys.
vpnDll32
This module uses an RAS | 19/10/2021 | Win_Registry |
117.222.61.115 | 19/10/2021 | IPv4 |
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest registry key. This modification is forced to save credentials in lsass.exe memory | 19/10/2021 | Win_Registry |
36.91.117.231 | 19/10/2021 | IPv4 |
117.222.57.92 | 19/10/2021 | IPv4 |
36.89.228.201 | 19/10/2021 | IPv4 |
46.99.175.217 | 19/10/2021 | IPv4 |
179.189.229.254 | 19/10/2021 | IPv4 |
185.56.175.122 | 19/10/2021 | IPv4 |
bottom of page