2020-10-22 - OMEGACAST [Emotet/Trickbot spambot] | Notion

Network

LAN segment range: 10.72.33.0/24 (10.72.33.0 through 10.72.33.255)
Domain: omegacast.net
Domain controller: 10.72.33.10 - Omegacast-DC
LAN segment gateway: 10.72.33.1
LAN segment broadcast address: 10.72.33.25

Alerts

Victim

DESKTOP-5I7XDSY
10.72.33.165
IntelCor_4b:25:a7 (0c:d2:92:4b:25:a7)
byron.ostrander

IOCs

Files

Invoice.doc

SHA256 → 2beec2edda2346042fdfa829caaa7403e7842e786b9b9e89baaf4cd5e45d189a

VirusTotal → 47/64, Trickbot/Emotet

URLhaus → Emotet