Skip to content

Instantly share code, notes, and snippets.

@nocommentlab
nocommentlab / f2780392682.doc.ioc
Created March 19, 2020 15:23
f2780392682.doc/Trickbot downloader[ e1ce23d0db69805e576fb00c0a75f6f591820298b6cf130b342b93364440dc0f]
| Filename | SHA256 |
|:--:|:--:|
| presskey.cmd | efe3bb5a0b69ad0d1864ecf93a25ab6eaaa5e59d0a89e60556653ee953d58b2a|
| presskey.jse | f494689529254eda41903657d1ed48a8715d568fd7cf9469c48ef2f79aa5630d|
| IP | Reverse Host |
|:--:|:--:|
| 95.181.152.55 | 54527.msk.host |
@nocommentlab
nocommentlab / CoronaVirusSafetyMeasures_pdf.zip.yaml
Created March 11, 2020 11:28
IoCScanner - CoronaVirusSafetyMeasures_pdf.zip/Trickbot downloader[A7B4D205DC9A4F6E93885EA8C9D7D30124C4A1C776D6BCC27B784B0FB2EEC687]
---
info:
author: Antonio Blescia
date: 11/03/2020
description: >
CoronaVirusSafetyMeasures_pdf.zip/Trickbot downloader
IoCs:
registry:
- type: exists
base_key: HKEY_USERS