Sunday 3 December 2017

TrickBot Data Request

If you've looked at any of the other posts on this blog, or seen my tweets (@EscInSecurity), you'll know that I currently analyse shared mcconf data for the TrickBot Banking Trojan (aka, The Trick).

I'm very grateful to all those that share configs extracted from their honeypot logs and other malware analysis activities. As per below, I always thank these people for their sharing - and while you can't see it, in my raw data I track every config's original source.

I'm currently missing some TrickBot versions, and I'd be very grateful if any analysts have mcconfs that they are willing to share. Specifically, I'm currently missing:
  • 1000001
  • 1000005
  • 1000006
  • 1000008
  • 1000009
  • 1000011
  • 1000014
  • 1000021
  • 1000022
  • 1000023
  • 1000091
Equally, if you think I'm missing particular campaigns in my gtag tables (see last week's post for the latest) then please share those too.

Once again, thanks to @mpvillafranca94, @JR0driguezB, @VK_Intel, @K_N1kolenko, @hasherezade, @botNET___, @ArnaudDlms, @StackGazer, @0bscureC0de, @voidm4p, @James_inthe_box, @MakFLwana, @_ddoxer, @spalomaresg, @virsoz, @moutonplacide, @JasonMilletary, @Ring0x0, @precisionsec, and @Techhelplistcom for sharing the mcconfs via Twitter.