The following graph shows the number of server entries across 54 versions using ports:
- 443 (HTTPS);
- 445 (IBM AS Server Mapper);
- 449 (Cray Network Semaphore Server); and
- 451 (SMB).
Sunday 22 October 2017
Weekly TrickBot Analysis - End of w/c 16-Oct-2017 to 1000073
Here are the results of my analysis of TrickBot Banking Trojan mcconfs shared up to the end of the week commencing 16th October 2017. The latest version shared in this time is 1000073.
The following graph shows the number of server entries across 54 versions using ports:
The following table shows the top 25 servers (of 618 unique) used within the 54 versions.
The 618 unique server IP addresses are allocated across a wide variety of countries according to their BGP prefix registrations. The top 5 countries are RU > US > PL > RO > FR.
Thanks to
@mpvillafranca94,
@VK_Intel,
@K_N1kolenko,
@hasherezade,
@ArnaudDlms,
@StackGazer,
@0bscureC0de,
@voidm4p,
@James_inthe_box,
@MakFLwana,
@spalomaresg, and @virsoz, for sharing the mcconfs.
The following graph shows the number of server entries across 54 versions using ports:
