Overview

overview

10

Static

static

10

2024-01-11...ot.exe

windows7-x64

10

2024-01-11...ot.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    12/01/2024, 06:00 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe

  • Size

    666KB

  • MD5

    754b79913fde2de487e9fc2826b65d57

  • SHA1

    c8299aadf886da55cb47e5cbafe8c5a482b47fc8

  • SHA256

    0816d66320d221de576c8a9e6af1b05c7656832939876dd99bb8b40029fe694a

  • SHA512

    4a2420e2e89757cab2376932ce548f9b31b845f8c99dfd1cdd9a3b53dabed9e3cb11ecf514edeaccd932f277f65397c126ecaf42831f016554d2001034a25a1d

  • SSDEEP

    12288:b9x+Tm3J3SrhP6pRKBdxZXi0gjFBFq4wTdbU0Cp4RWeAK+1coRm:b9nJ3SrhC+BdxZXi0gjFLq4wTZU0Cp4N

Score
10/10
anchordnsbackdoor

Malware Config

Signatures

  • AnchorDNS Backdoor

    A backdoor which communicates with C2 through DNS, attributed to the creators of Trickbot and Bazar.

    backdooranchordns
  • Detected AnchorDNS Backdoor 2 IoCs

    Sample triggered yara rules associated with the AnchorDNS malware family.

    backdoor
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • NTFS ADS 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe"
    1⤵
    • NTFS ADS
    PID:1876
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {7008CDA2-FD1A-4410-8CEE-3CC18F44C61F} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2720
    • C:\Users\Admin\AppData\Local\Temp\2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
      C:\Users\Admin\AppData\Local\Temp\2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe -u
      2⤵
      • Executes dropped EXE
      • NTFS ADS
      PID:2628

Network

  • flag-us
    DNS
    westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    westurn.in
    IN A
    Response
    westurn.in
    IN A
    104.155.138.21
    westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    89FDA9E86B5F1E66FB2CEAD8F76B9351B7B9BB96D8D7DAD1D6CBE6DDD7CA96F.AD8D5D2D1CAC0D4E6EE8F888E8F898897888C8D8D898EFA8B8B888EFF8D8B8D.8D808BFA8FF8F889898FFAFA8C8E8E818B968996EED0D7DDD6CECA998E99C18.F8DEAE9889688898988968997899789978996FD89.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    89FDA9E86B5F1E66FB2CEAD8F76B9351B7B9BB96D8D7DAD1D6CBE6DDD7CA96F.AD8D5D2D1CAC0D4E6EE8F888E8F898897888C8D8D898EFA8B8B888EFF8D8B8D.8D808BFA8FF8F889898FFAFA8C8E8E818B968996EED0D7DDD6CECA998E99C18.F8DEAE9889688898988968997899789978996FD89.westurn.in
    IN A
    Response
    89FDA9E86B5F1E66FB2CEAD8F76B9351B7B9BB96D8D7DAD1D6CBE6DDD7CA96F.AD8D5D2D1CAC0D4E6EE8F888E8F898897888C8D8D898EFA8B8B888EFF8D8B8D.8D808BFA8FF8F889898FFAFA8C8E8E818B968996EED0D7DDD6CECA998E99C18.F8DEAE9889688898988968997899789978996FD89.westurn.in
    IN A
    104.155.138.21
    89FDA9E86B5F1E66FB2CEAD8F76B9351B7B9BB96D8D7DAD1D6CBE6DDD7CA96F.AD8D5D2D1CAC0D4E6EE8F888E8F898897888C8D8D898EFA8B8B888EFF8D8B8D.8D808BFA8FF8F889898FFAFA8C8E8E818B968996EED0D7DDD6CECA998E99C18.F8DEAE9889688898988968997899789978996FD89.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    88B065967D0E6CB7F0118CB6FE2E103729D493EFB9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    88B065967D0E6CB7F0118CB6FE2E103729D493EFB9.westurn.in
    IN A
    Response
    88B065967D0E6CB7F0118CB6FE2E103729D493EFB9.westurn.in
    IN A
    107.178.223.183
    88B065967D0E6CB7F0118CB6FE2E103729D493EFB9.westurn.in
    IN A
    104.155.138.21
  • flag-us
    DNS
    8B62CB5C424E6EFAF02BA1E5DF89BDEBBFD493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B62CB5C424E6EFAF02BA1E5DF89BDEBBFD493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B62CB5C424E6EFAF02BA1E5DF89BDEBBFD493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8B62CB5C424E6EFAF02BA1E5DF89BDEBBFD493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8B62CB5C424E6EFAF02BA1E5DF89BDEBBFD493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B62CB5C424E6EFAF02BA1E5DF89BDEBBFD493EFB9B9B9B9B9.westurn.in
    IN A
  • flag-us
    DNS
    8B6B0F04010D5F52F52874D6213627FD1CD493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B6B0F04010D5F52F52874D6213627FD1CD493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B6B0F04010D5F52F52874D6213627FD1CD493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8B6B0F04010D5F52F52874D6213627FD1CD493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8B6B0F04010D5F52F52874D6213627FD1CD493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B6B0F04010D5F52F52874D6213627FD1CD493EFB9B9B9B9B9.westurn.in
    IN A
  • flag-us
    DNS
    8BFB5EE2EF4A5534F7318BA27FBFB31794D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8BFB5EE2EF4A5534F7318BA27FBFB31794D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8BFB5EE2EF4A5534F7318BA27FBFB31794D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8BFB5EE2EF4A5534F7318BA27FBFB31794D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8BB8AA1FC8CF40A6FE04721EC8A612640ED493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8BB8AA1FC8CF40A6FE04721EC8A612640ED493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8BB8AA1FC8CF40A6FE04721EC8A612640ED493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
    8BB8AA1FC8CF40A6FE04721EC8A612640ED493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
  • flag-us
    DNS
    8B13D023A57B883CFB10408B08CE2A5E23D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B13D023A57B883CFB10408B08CE2A5E23D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B13D023A57B883CFB10408B08CE2A5E23D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8B13D023A57B883CFB10408B08CE2A5E23D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8B15F481AC59D767FD344C9FBF0232E6B4D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B15F481AC59D767FD344C9FBF0232E6B4D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B15F481AC59D767FD344C9FBF0232E6B4D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
    8B15F481AC59D767FD344C9FBF0232E6B4D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
  • flag-us
    DNS
    8B73A0BCF103E0DEF514FA605BC52C6103D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B73A0BCF103E0DEF514FA605BC52C6103D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B73A0BCF103E0DEF514FA605BC52C6103D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8B73A0BCF103E0DEF514FA605BC52C6103D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8B0A9B673905FBC3F91A58557F853ED35CD493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B0A9B673905FBC3F91A58557F853ED35CD493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B0A9B673905FBC3F91A58557F853ED35CD493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8B0A9B673905FBC3F91A58557F853ED35CD493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8B1004F61670E409F035BF7931D0FA16B3D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B1004F61670E409F035BF7931D0FA16B3D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B1004F61670E409F035BF7931D0FA16B3D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8B1004F61670E409F035BF7931D0FA16B3D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8B0F2CE1FF6958D2FC05465D6D155CFF22D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B0F2CE1FF6958D2FC05465D6D155CFF22D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B0F2CE1FF6958D2FC05465D6D155CFF22D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
    8B0F2CE1FF6958D2FC05465D6D155CFF22D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
  • flag-us
    DNS
    8B82CFDB56EC2312F02204D1F1A18CF28ED493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B82CFDB56EC2312F02204D1F1A18CF28ED493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B82CFDB56EC2312F02204D1F1A18CF28ED493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
    8B82CFDB56EC2312F02204D1F1A18CF28ED493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
  • flag-us
    DNS
    8B338266949220A2F411C633A446F685FAD493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B338266949220A2F411C633A446F685FAD493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B338266949220A2F411C633A446F685FAD493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
    8B338266949220A2F411C633A446F685FAD493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
  • flag-us
    DNS
    8B338266949220A2F411C633A446F685FAD493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B338266949220A2F411C633A446F685FAD493EFB9B9B9B9B9.westurn.in
    IN A
  • flag-us
    DNS
    8B45AC4ED4546B00F511D663BAC863988AD493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B45AC4ED4546B00F511D663BAC863988AD493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B45AC4ED4546B00F511D663BAC863988AD493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8B45AC4ED4546B00F511D663BAC863988AD493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8BBC4F49B7EEA9DCFF1FCE043D60C1DF53D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8BBC4F49B7EEA9DCFF1FCE043D60C1DF53D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8BBC4F49B7EEA9DCFF1FCE043D60C1DF53D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8BBC4F49B7EEA9DCFF1FCE043D60C1DF53D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8BF40541FAA1DEA7FC389DB4A46B0AD290D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8BF40541FAA1DEA7FC389DB4A46B0AD290D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8BF40541FAA1DEA7FC389DB4A46B0AD290D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8BF40541FAA1DEA7FC389DB4A46B0AD290D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8BFBA0137CEA0B27F6328B8B132A543DF2D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8BFBA0137CEA0B27F6328B8B132A543DF2D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8BFBA0137CEA0B27F6328B8B132A543DF2D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8BFBA0137CEA0B27F6328B8B132A543DF2D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8BFBA0137CEA0B27F6328B8B132A543DF2D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8BFBA0137CEA0B27F6328B8B132A543DF2D493EFB9B9B9B9B9.westurn.in
    IN A
  • flag-us
    DNS
    8B4B4A301CDE9F74F61040F211AEA42824D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B4B4A301CDE9F74F61040F211AEA42824D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B4B4A301CDE9F74F61040F211AEA42824D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
    8B4B4A301CDE9F74F61040F211AEA42824D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
  • flag-us
    DNS
    8B8041AF158B3C4AF21618C2F688166471D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B8041AF158B3C4AF21618C2F688166471D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B8041AF158B3C4AF21618C2F688166471D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
    8B8041AF158B3C4AF21618C2F688166471D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
  • flag-us
    DNS
    8B888F12582A421AF116EA659947C67CFCD493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B888F12582A421AF116EA659947C67CFCD493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B888F12582A421AF116EA659947C67CFCD493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8B888F12582A421AF116EA659947C67CFCD493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8B9BB07BC4971120F43B2194C38A632055D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B9BB07BC4971120F43B2194C38A632055D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B9BB07BC4971120F43B2194C38A632055D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
    8B9BB07BC4971120F43B2194C38A632055D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
  • flag-us
    DNS
    8B2C297FD8796BBFF915847878EF6A066DD493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B2C297FD8796BBFF915847878EF6A066DD493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B2C297FD8796BBFF915847878EF6A066DD493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8B2C297FD8796BBFF915847878EF6A066DD493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8B4B75C1941581C1F107242195F02233C7D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B4B75C1941581C1F107242195F02233C7D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B4B75C1941581C1F107242195F02233C7D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
    8B4B75C1941581C1F107242195F02233C7D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
  • flag-us
    DNS
    8BDF615B081C5E19F820B71A0A00D85763D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8BDF615B081C5E19F820B71A0A00D85763D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8BDF615B081C5E19F820B71A0A00D85763D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8BDF615B081C5E19F820B71A0A00D85763D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8B30334959921464F715699E597DA36940D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B30334959921464F715699E597DA36940D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B30334959921464F715699E597DA36940D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
    8B30334959921464F715699E597DA36940D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
  • flag-us
    DNS
    8B4C95376695F454F209AEF32B495F8C08D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B4C95376695F454F209AEF32B495F8C08D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B4C95376695F454F209AEF32B495F8C08D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
    8B4C95376695F454F209AEF32B495F8C08D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
  • flag-us
    DNS
    8BC09E5DF1839B4FF1294AD119C4AE0E0DD493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8BC09E5DF1839B4FF1294AD119C4AE0E0DD493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8BC09E5DF1839B4FF1294AD119C4AE0E0DD493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
    8BC09E5DF1839B4FF1294AD119C4AE0E0DD493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
  • flag-us
    DNS
    8B28E879C2D7E963F509BBF71F26705613D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B28E879C2D7E963F509BBF71F26705613D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B28E879C2D7E963F509BBF71F26705613D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
    8B28E879C2D7E963F509BBF71F26705613D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
  • flag-us
    DNS
    8B8713FE19EB6BBAFE188084C37B22F52CD493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B8713FE19EB6BBAFE188084C37B22F52CD493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B8713FE19EB6BBAFE188084C37B22F52CD493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8B8713FE19EB6BBAFE188084C37B22F52CD493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8B8713FE19EB6BBAFE188084C37B22F52CD493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B8713FE19EB6BBAFE188084C37B22F52CD493EFB9B9B9B9B9.westurn.in
    IN A
  • flag-us
    DNS
    8BF0A24FE3FD41F4FC3DFD9E6E8D9F68F6D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8BF0A24FE3FD41F4FC3DFD9E6E8D9F68F6D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8BF0A24FE3FD41F4FC3DFD9E6E8D9F68F6D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8BF0A24FE3FD41F4FC3DFD9E6E8D9F68F6D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8B28CA2AFD0DDBC7F11CF41346865E69FED493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B28CA2AFD0DDBC7F11CF41346865E69FED493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B28CA2AFD0DDBC7F11CF41346865E69FED493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8B28CA2AFD0DDBC7F11CF41346865E69FED493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8B28CA2AFD0DDBC7F11CF41346865E69FED493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B28CA2AFD0DDBC7F11CF41346865E69FED493EFB9B9B9B9B9.westurn.in
    IN A
  • flag-us
    DNS
    8B7EA1FB6DEF05EBFE14E959EA8CCF2382D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B7EA1FB6DEF05EBFE14E959EA8CCF2382D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B7EA1FB6DEF05EBFE14E959EA8CCF2382D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
    8B7EA1FB6DEF05EBFE14E959EA8CCF2382D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
  • flag-us
    DNS
    8B2A3E1ADFCDDA9CF527C78E1DB21EBCF2D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B2A3E1ADFCDDA9CF527C78E1DB21EBCF2D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B2A3E1ADFCDDA9CF527C78E1DB21EBCF2D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8B2A3E1ADFCDDA9CF527C78E1DB21EBCF2D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8B87DDAE9CDDCAF3FD22178F4309D370B3D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B87DDAE9CDDCAF3FD22178F4309D370B3D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B87DDAE9CDDCAF3FD22178F4309D370B3D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8B87DDAE9CDDCAF3FD22178F4309D370B3D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8B87DDAE9CDDCAF3FD22178F4309D370B3D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B87DDAE9CDDCAF3FD22178F4309D370B3D493EFB9B9B9B9B9.westurn.in
    IN A
  • flag-us
    DNS
    8B87DDAE9CDDCAF3FD22178F4309D370B3D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B87DDAE9CDDCAF3FD22178F4309D370B3D493EFB9B9B9B9B9.westurn.in
    IN A
  • flag-us
    DNS
    8B95CD84D4FBCCE0FD0D58E1F32FA27D13D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B95CD84D4FBCCE0FD0D58E1F32FA27D13D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B95CD84D4FBCCE0FD0D58E1F32FA27D13D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
    8B95CD84D4FBCCE0FD0D58E1F32FA27D13D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
  • flag-us
    DNS
    8BD136B6DB125C66F62E283239ACDF5AF0D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8BD136B6DB125C66F62E283239ACDF5AF0D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8BD136B6DB125C66F62E283239ACDF5AF0D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8BD136B6DB125C66F62E283239ACDF5AF0D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8BD136B6DB125C66F62E283239ACDF5AF0D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8BD136B6DB125C66F62E283239ACDF5AF0D493EFB9B9B9B9B9.westurn.in
    IN A
  • flag-us
    DNS
    8BD136B6DB125C66F62E283239ACDF5AF0D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8BD136B6DB125C66F62E283239ACDF5AF0D493EFB9B9B9B9B9.westurn.in
    IN A
  • flag-us
    DNS
    8B4D7F5A05ACF986FF14C0DE732C6DA0B6D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B4D7F5A05ACF986FF14C0DE732C6DA0B6D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B4D7F5A05ACF986FF14C0DE732C6DA0B6D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8B4D7F5A05ACF986FF14C0DE732C6DA0B6D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8B4D7F5A05ACF986FF14C0DE732C6DA0B6D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B4D7F5A05ACF986FF14C0DE732C6DA0B6D493EFB9B9B9B9B9.westurn.in
    IN A
  • flag-us
    DNS
    8B4D7F5A05ACF986FF14C0DE732C6DA0B6D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B4D7F5A05ACF986FF14C0DE732C6DA0B6D493EFB9B9B9B9B9.westurn.in
    IN A
  • flag-us
    DNS
    8B336E90B1E19C72F40C00F5D5E9FA1713D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B336E90B1E19C72F40C00F5D5E9FA1713D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B336E90B1E19C72F40C00F5D5E9FA1713D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8B336E90B1E19C72F40C00F5D5E9FA1713D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8B336E90B1E19C72F40C00F5D5E9FA1713D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B336E90B1E19C72F40C00F5D5E9FA1713D493EFB9B9B9B9B9.westurn.in
    IN A
  • flag-us
    DNS
    8BB94FA1D450F321FC1AEC3ECC2D81EEC8D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8BB94FA1D450F321FC1AEC3ECC2D81EEC8D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8BB94FA1D450F321FC1AEC3ECC2D81EEC8D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
    8BB94FA1D450F321FC1AEC3ECC2D81EEC8D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
  • flag-us
    DNS
    8B88E272DE12E11AF315E6140DE70BC13DD493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B88E272DE12E11AF315E6140DE70BC13DD493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B88E272DE12E11AF315E6140DE70BC13DD493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
    8B88E272DE12E11AF315E6140DE70BC13DD493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
  • flag-us
    DNS
    8B88E272DE12E11AF315E6140DE70BC13DD493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B88E272DE12E11AF315E6140DE70BC13DD493EFB9B9B9B9B9.westurn.in
    IN A
  • flag-us
    DNS
    8B5EC6B216310521F2156972482D11CA48D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B5EC6B216310521F2156972482D11CA48D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B5EC6B216310521F2156972482D11CA48D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
    8B5EC6B216310521F2156972482D11CA48D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
  • flag-us
    DNS
    8B1AD1F4F78701C7F8090B6ABFA3870895D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B1AD1F4F78701C7F8090B6ABFA3870895D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B1AD1F4F78701C7F8090B6ABFA3870895D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8B1AD1F4F78701C7F8090B6ABFA3870895D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8BF797D1E2E7354EFA3A31B769FC3D15DFD493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8BF797D1E2E7354EFA3A31B769FC3D15DFD493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8BF797D1E2E7354EFA3A31B769FC3D15DFD493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8BF797D1E2E7354EFA3A31B769FC3D15DFD493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8BF797D1E2E7354EFA3A31B769FC3D15DFD493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8BF797D1E2E7354EFA3A31B769FC3D15DFD493EFB9B9B9B9B9.westurn.in
    IN A
  • flag-us
    DNS
    8B476E7A88BAE9CFF02D523CF8D95F926FD493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B476E7A88BAE9CFF02D523CF8D95F926FD493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B476E7A88BAE9CFF02D523CF8D95F926FD493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8B476E7A88BAE9CFF02D523CF8D95F926FD493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8B476E7A88BAE9CFF02D523CF8D95F926FD493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B476E7A88BAE9CFF02D523CF8D95F926FD493EFB9B9B9B9B9.westurn.in
    IN A
  • flag-us
    DNS
    8B15E174EFA05621F2254E3217C205FB2AD493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B15E174EFA05621F2254E3217C205FB2AD493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B15E174EFA05621F2254E3217C205FB2AD493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8B15E174EFA05621F2254E3217C205FB2AD493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8B15E174EFA05621F2254E3217C205FB2AD493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B15E174EFA05621F2254E3217C205FB2AD493EFB9B9B9B9B9.westurn.in
    IN A
  • flag-us
    DNS
    8B36A5B8CA7FE0C4F72A7EB1610E402ABAD493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B36A5B8CA7FE0C4F72A7EB1610E402ABAD493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B36A5B8CA7FE0C4F72A7EB1610E402ABAD493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8B36A5B8CA7FE0C4F72A7EB1610E402ABAD493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8B36A5B8CA7FE0C4F72A7EB1610E402ABAD493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B36A5B8CA7FE0C4F72A7EB1610E402ABAD493EFB9B9B9B9B9.westurn.in
    IN A
  • flag-us
    DNS
    8B950D92E208CBE5FB1AAC58691056D505D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B950D92E208CBE5FB1AAC58691056D505D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B950D92E208CBE5FB1AAC58691056D505D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
    8B950D92E208CBE5FB1AAC58691056D505D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
  • flag-us
    DNS
    8BE8F26A1F6D4D10F502DFCF66C6148B9CD493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8BE8F26A1F6D4D10F502DFCF66C6148B9CD493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8BE8F26A1F6D4D10F502DFCF66C6148B9CD493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8BE8F26A1F6D4D10F502DFCF66C6148B9CD493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8B6B23278A37567CFA13A9C72BE8BE27CFD493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B6B23278A37567CFA13A9C72BE8BE27CFD493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B6B23278A37567CFA13A9C72BE8BE27CFD493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8B6B23278A37567CFA13A9C72BE8BE27CFD493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8B6BAA7505BD3CF8F6209A76C9ED86E091D493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B6BAA7505BD3CF8F6209A76C9ED86E091D493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B6BAA7505BD3CF8F6209A76C9ED86E091D493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8B6BAA7505BD3CF8F6209A76C9ED86E091D493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8B0E111A738A349FF03F0F6E83A39DDEFDD493EFB9B9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B0E111A738A349FF03F0F6E83A39DDEFDD493EFB9B9B9B9B9.westurn.in
    IN A
    Response
    8B0E111A738A349FF03F0F6E83A39DDEFDD493EFB9B9B9B9B9.westurn.in
    IN A
    107.178.223.183
    8B0E111A738A349FF03F0F6E83A39DDEFDD493EFB9B9B9B9B9.westurn.in
    IN A
    104.155.138.21
  • flag-us
    DNS
    89A01E56D4C21D2BFD0B9633BADFCF66DDB9BB96D8D7DAD1D6CBE6DDD7CA96F.AD8D5D2D1CAC0D4E6EE8F888E8F898897888C8D8D898EFA8B8B888EFF8D8B8D.8D808BFA8FF8F889898FFAFA8C8E8E818B968996EED0D7DDD6CECA998E99C18.F8DEAE9889688898988968997899789978996FD89.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    89A01E56D4C21D2BFD0B9633BADFCF66DDB9BB96D8D7DAD1D6CBE6DDD7CA96F.AD8D5D2D1CAC0D4E6EE8F888E8F898897888C8D8D898EFA8B8B888EFF8D8B8D.8D808BFA8FF8F889898FFAFA8C8E8E818B968996EED0D7DDD6CECA998E99C18.F8DEAE9889688898988968997899789978996FD89.westurn.in
    IN A
    Response
    89A01E56D4C21D2BFD0B9633BADFCF66DDB9BB96D8D7DAD1D6CBE6DDD7CA96F.AD8D5D2D1CAC0D4E6EE8F888E8F898897888C8D8D898EFA8B8B888EFF8D8B8D.8D808BFA8FF8F889898FFAFA8C8E8E818B968996EED0D7DDD6CECA998E99C18.F8DEAE9889688898988968997899789978996FD89.westurn.in
    IN A
    107.178.223.183
    89A01E56D4C21D2BFD0B9633BADFCF66DDB9BB96D8D7DAD1D6CBE6DDD7CA96F.AD8D5D2D1CAC0D4E6EE8F888E8F898897888C8D8D898EFA8B8B888EFF8D8B8D.8D808BFA8FF8F889898FFAFA8C8E8E818B968996EED0D7DDD6CECA998E99C18.F8DEAE9889688898988968997899789978996FD89.westurn.in
    IN A
    104.155.138.21
  • flag-us
    DNS
    880A979D040995E7FD38179496B647BA9670C766BB.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    880A979D040995E7FD38179496B647BA9670C766BB.westurn.in
    IN A
    Response
    880A979D040995E7FD38179496B647BA9670C766BB.westurn.in
    IN A
    107.178.223.183
    880A979D040995E7FD38179496B647BA9670C766BB.westurn.in
    IN A
    104.155.138.21
  • flag-us
    DNS
    8B3CBA35457D5A42F91967E07250F3EB3D70C766BBB9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B3CBA35457D5A42F91967E07250F3EB3D70C766BBB9B9B9B9.westurn.in
    IN A
    Response
    8B3CBA35457D5A42F91967E07250F3EB3D70C766BBB9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8B3CBA35457D5A42F91967E07250F3EB3D70C766BBB9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8BB693E29BA6C326FB318050AA3B44630B70C766BBB9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8BB693E29BA6C326FB318050AA3B44630B70C766BBB9B9B9B9.westurn.in
    IN A
    Response
    8BB693E29BA6C326FB318050AA3B44630B70C766BBB9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8BB693E29BA6C326FB318050AA3B44630B70C766BBB9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8BABF0755A9C380BFA07E23A6CAEBC5BEE70C766BBB9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8BABF0755A9C380BFA07E23A6CAEBC5BEE70C766BBB9B9B9B9.westurn.in
    IN A
    Response
    8BABF0755A9C380BFA07E23A6CAEBC5BEE70C766BBB9B9B9B9.westurn.in
    IN A
    107.178.223.183
    8BABF0755A9C380BFA07E23A6CAEBC5BEE70C766BBB9B9B9B9.westurn.in
    IN A
    104.155.138.21
  • flag-us
    DNS
    8B908BF3BE2CEAD8FA25C5F8C682C75AE370C766BBB9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B908BF3BE2CEAD8FA25C5F8C682C75AE370C766BBB9B9B9B9.westurn.in
    IN A
    Response
    8B908BF3BE2CEAD8FA25C5F8C682C75AE370C766BBB9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8B908BF3BE2CEAD8FA25C5F8C682C75AE370C766BBB9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8BB1EB3B0F769ADCF32F8F7D24E857A0F870C766BBB9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8BB1EB3B0F769ADCF32F8F7D24E857A0F870C766BBB9B9B9B9.westurn.in
    IN A
    Response
    8BB1EB3B0F769ADCF32F8F7D24E857A0F870C766BBB9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8BB1EB3B0F769ADCF32F8F7D24E857A0F870C766BBB9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8BB1EB3B0F769ADCF32F8F7D24E857A0F870C766BBB9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8BB1EB3B0F769ADCF32F8F7D24E857A0F870C766BBB9B9B9B9.westurn.in
    IN A
  • flag-us
    DNS
    8BB1EB3B0F769ADCF32F8F7D24E857A0F870C766BBB9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8BB1EB3B0F769ADCF32F8F7D24E857A0F870C766BBB9B9B9B9.westurn.in
    IN A
  • flag-us
    DNS
    8B31B83098634E7FF436DDE26541812E7D70C766BBB9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B31B83098634E7FF436DDE26541812E7D70C766BBB9B9B9B9.westurn.in
    IN A
    Response
    8B31B83098634E7FF436DDE26541812E7D70C766BBB9B9B9B9.westurn.in
    IN A
    107.178.223.183
    8B31B83098634E7FF436DDE26541812E7D70C766BBB9B9B9B9.westurn.in
    IN A
    104.155.138.21
  • flag-us
    DNS
    8BD2ECD33090ABA0F806625D875546D65F70C766BBB9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8BD2ECD33090ABA0F806625D875546D65F70C766BBB9B9B9B9.westurn.in
    IN A
    Response
    8BD2ECD33090ABA0F806625D875546D65F70C766BBB9B9B9B9.westurn.in
    IN A
    104.155.138.21
    8BD2ECD33090ABA0F806625D875546D65F70C766BBB9B9B9B9.westurn.in
    IN A
    107.178.223.183
  • flag-us
    DNS
    8B24ED9A9C211E05F7094B48618895788C70C766BBB9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B24ED9A9C211E05F7094B48618895788C70C766BBB9B9B9B9.westurn.in
    IN A
  • flag-us
    DNS
    8B24ED9A9C211E05F7094B48618895788C70C766BBB9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B24ED9A9C211E05F7094B48618895788C70C766BBB9B9B9B9.westurn.in
    IN A
  • flag-us
    DNS
    8B24ED9A9C211E05F7094B48618895788C70C766BBB9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B24ED9A9C211E05F7094B48618895788C70C766BBB9B9B9B9.westurn.in
    IN A
  • flag-us
    DNS
    8B24ED9A9C211E05F7094B48618895788C70C766BBB9B9B9B9.westurn.in
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Remote address:
    8.8.8.8:53
    Request
    8B24ED9A9C211E05F7094B48618895788C70C766BBB9B9B9B9.westurn.in
    IN A
No results found
  • 8.8.8.8:53
    westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    56 B
     88 B
     1
    1

    DNS Request

    westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    89FDA9E86B5F1E66FB2CEAD8F76B9351B7B9BB96D8D7DAD1D6CBE6DDD7CA96F.AD8D5D2D1CAC0D4E6EE8F888E8F898897888C8D8D898EFA8B8B888EFF8D8B8D.8D808BFA8FF8F889898FFAFA8C8E8E818B968996EED0D7DDD6CECA998E99C18.F8DEAE9889688898988968997899789978996FD89.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    290 B
     322 B
     1
    1

    DNS Request

    89FDA9E86B5F1E66FB2CEAD8F76B9351B7B9BB96D8D7DAD1D6CBE6DDD7CA96F.AD8D5D2D1CAC0D4E6EE8F888E8F898897888C8D8D898EFA8B8B888EFF8D8B8D.8D808BFA8FF8F889898FFAFA8C8E8E818B968996EED0D7DDD6CECA998E99C18.F8DEAE9889688898988968997899789978996FD89.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    88B065967D0E6CB7F0118CB6FE2E103729D493EFB9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    99 B
     131 B
     1
    1

    DNS Request

    88B065967D0E6CB7F0118CB6FE2E103729D493EFB9.westurn.in

    DNS Response

    107.178.223.183
    104.155.138.21

  • 8.8.8.8:53
    8B62CB5C424E6EFAF02BA1E5DF89BDEBBFD493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    214 B
     139 B
     2
    1

    DNS Request

    8B62CB5C424E6EFAF02BA1E5DF89BDEBBFD493EFB9B9B9B9B9.westurn.in

    DNS Request

    8B62CB5C424E6EFAF02BA1E5DF89BDEBBFD493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8B6B0F04010D5F52F52874D6213627FD1CD493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    214 B
     139 B
     2
    1

    DNS Request

    8B6B0F04010D5F52F52874D6213627FD1CD493EFB9B9B9B9B9.westurn.in

    DNS Request

    8B6B0F04010D5F52F52874D6213627FD1CD493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8BFB5EE2EF4A5534F7318BA27FBFB31794D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8BFB5EE2EF4A5534F7318BA27FBFB31794D493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8BB8AA1FC8CF40A6FE04721EC8A612640ED493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8BB8AA1FC8CF40A6FE04721EC8A612640ED493EFB9B9B9B9B9.westurn.in

    DNS Response

    107.178.223.183
    104.155.138.21

  • 8.8.8.8:53
    8B13D023A57B883CFB10408B08CE2A5E23D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B13D023A57B883CFB10408B08CE2A5E23D493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8B15F481AC59D767FD344C9FBF0232E6B4D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B15F481AC59D767FD344C9FBF0232E6B4D493EFB9B9B9B9B9.westurn.in

    DNS Response

    107.178.223.183
    104.155.138.21

  • 8.8.8.8:53
    8B73A0BCF103E0DEF514FA605BC52C6103D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B73A0BCF103E0DEF514FA605BC52C6103D493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8B0A9B673905FBC3F91A58557F853ED35CD493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B0A9B673905FBC3F91A58557F853ED35CD493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8B1004F61670E409F035BF7931D0FA16B3D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B1004F61670E409F035BF7931D0FA16B3D493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8B0F2CE1FF6958D2FC05465D6D155CFF22D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B0F2CE1FF6958D2FC05465D6D155CFF22D493EFB9B9B9B9B9.westurn.in

    DNS Response

    107.178.223.183
    104.155.138.21

  • 8.8.8.8:53
    8B82CFDB56EC2312F02204D1F1A18CF28ED493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B82CFDB56EC2312F02204D1F1A18CF28ED493EFB9B9B9B9B9.westurn.in

    DNS Response

    107.178.223.183
    104.155.138.21

  • 8.8.8.8:53
    8B338266949220A2F411C633A446F685FAD493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    214 B
     139 B
     2
    1

    DNS Request

    8B338266949220A2F411C633A446F685FAD493EFB9B9B9B9B9.westurn.in

    DNS Request

    8B338266949220A2F411C633A446F685FAD493EFB9B9B9B9B9.westurn.in

    DNS Response

    107.178.223.183
    104.155.138.21

  • 8.8.8.8:53
    8B45AC4ED4546B00F511D663BAC863988AD493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B45AC4ED4546B00F511D663BAC863988AD493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8BBC4F49B7EEA9DCFF1FCE043D60C1DF53D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8BBC4F49B7EEA9DCFF1FCE043D60C1DF53D493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8BF40541FAA1DEA7FC389DB4A46B0AD290D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8BF40541FAA1DEA7FC389DB4A46B0AD290D493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8BFBA0137CEA0B27F6328B8B132A543DF2D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    214 B
     139 B
     2
    1

    DNS Request

    8BFBA0137CEA0B27F6328B8B132A543DF2D493EFB9B9B9B9B9.westurn.in

    DNS Request

    8BFBA0137CEA0B27F6328B8B132A543DF2D493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8B4B4A301CDE9F74F61040F211AEA42824D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B4B4A301CDE9F74F61040F211AEA42824D493EFB9B9B9B9B9.westurn.in

    DNS Response

    107.178.223.183
    104.155.138.21

  • 8.8.8.8:53
    8B8041AF158B3C4AF21618C2F688166471D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B8041AF158B3C4AF21618C2F688166471D493EFB9B9B9B9B9.westurn.in

    DNS Response

    107.178.223.183
    104.155.138.21

  • 8.8.8.8:53
    8B888F12582A421AF116EA659947C67CFCD493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B888F12582A421AF116EA659947C67CFCD493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8B9BB07BC4971120F43B2194C38A632055D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B9BB07BC4971120F43B2194C38A632055D493EFB9B9B9B9B9.westurn.in

    DNS Response

    107.178.223.183
    104.155.138.21

  • 8.8.8.8:53
    8B2C297FD8796BBFF915847878EF6A066DD493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B2C297FD8796BBFF915847878EF6A066DD493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8B4B75C1941581C1F107242195F02233C7D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B4B75C1941581C1F107242195F02233C7D493EFB9B9B9B9B9.westurn.in

    DNS Response

    107.178.223.183
    104.155.138.21

  • 8.8.8.8:53
    8BDF615B081C5E19F820B71A0A00D85763D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8BDF615B081C5E19F820B71A0A00D85763D493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8B30334959921464F715699E597DA36940D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B30334959921464F715699E597DA36940D493EFB9B9B9B9B9.westurn.in

    DNS Response

    107.178.223.183
    104.155.138.21

  • 8.8.8.8:53
    8B4C95376695F454F209AEF32B495F8C08D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B4C95376695F454F209AEF32B495F8C08D493EFB9B9B9B9B9.westurn.in

    DNS Response

    107.178.223.183
    104.155.138.21

  • 8.8.8.8:53
    8BC09E5DF1839B4FF1294AD119C4AE0E0DD493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8BC09E5DF1839B4FF1294AD119C4AE0E0DD493EFB9B9B9B9B9.westurn.in

    DNS Response

    107.178.223.183
    104.155.138.21

  • 8.8.8.8:53
    8B28E879C2D7E963F509BBF71F26705613D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B28E879C2D7E963F509BBF71F26705613D493EFB9B9B9B9B9.westurn.in

    DNS Response

    107.178.223.183
    104.155.138.21

  • 8.8.8.8:53
    8B8713FE19EB6BBAFE188084C37B22F52CD493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    214 B
     139 B
     2
    1

    DNS Request

    8B8713FE19EB6BBAFE188084C37B22F52CD493EFB9B9B9B9B9.westurn.in

    DNS Request

    8B8713FE19EB6BBAFE188084C37B22F52CD493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8BF0A24FE3FD41F4FC3DFD9E6E8D9F68F6D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8BF0A24FE3FD41F4FC3DFD9E6E8D9F68F6D493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8B28CA2AFD0DDBC7F11CF41346865E69FED493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    214 B
     139 B
     2
    1

    DNS Request

    8B28CA2AFD0DDBC7F11CF41346865E69FED493EFB9B9B9B9B9.westurn.in

    DNS Request

    8B28CA2AFD0DDBC7F11CF41346865E69FED493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8B7EA1FB6DEF05EBFE14E959EA8CCF2382D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B7EA1FB6DEF05EBFE14E959EA8CCF2382D493EFB9B9B9B9B9.westurn.in

    DNS Response

    107.178.223.183
    104.155.138.21

  • 8.8.8.8:53
    8B2A3E1ADFCDDA9CF527C78E1DB21EBCF2D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B2A3E1ADFCDDA9CF527C78E1DB21EBCF2D493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8B87DDAE9CDDCAF3FD22178F4309D370B3D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    321 B
     139 B
     3
    1

    DNS Request

    8B87DDAE9CDDCAF3FD22178F4309D370B3D493EFB9B9B9B9B9.westurn.in

    DNS Request

    8B87DDAE9CDDCAF3FD22178F4309D370B3D493EFB9B9B9B9B9.westurn.in

    DNS Request

    8B87DDAE9CDDCAF3FD22178F4309D370B3D493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8B95CD84D4FBCCE0FD0D58E1F32FA27D13D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B95CD84D4FBCCE0FD0D58E1F32FA27D13D493EFB9B9B9B9B9.westurn.in

    DNS Response

    107.178.223.183
    104.155.138.21

  • 8.8.8.8:53
    8BD136B6DB125C66F62E283239ACDF5AF0D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    321 B
     139 B
     3
    1

    DNS Request

    8BD136B6DB125C66F62E283239ACDF5AF0D493EFB9B9B9B9B9.westurn.in

    DNS Request

    8BD136B6DB125C66F62E283239ACDF5AF0D493EFB9B9B9B9B9.westurn.in

    DNS Request

    8BD136B6DB125C66F62E283239ACDF5AF0D493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8B4D7F5A05ACF986FF14C0DE732C6DA0B6D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    321 B
     139 B
     3
    1

    DNS Request

    8B4D7F5A05ACF986FF14C0DE732C6DA0B6D493EFB9B9B9B9B9.westurn.in

    DNS Request

    8B4D7F5A05ACF986FF14C0DE732C6DA0B6D493EFB9B9B9B9B9.westurn.in

    DNS Request

    8B4D7F5A05ACF986FF14C0DE732C6DA0B6D493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8B336E90B1E19C72F40C00F5D5E9FA1713D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    214 B
     139 B
     2
    1

    DNS Request

    8B336E90B1E19C72F40C00F5D5E9FA1713D493EFB9B9B9B9B9.westurn.in

    DNS Request

    8B336E90B1E19C72F40C00F5D5E9FA1713D493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8BB94FA1D450F321FC1AEC3ECC2D81EEC8D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8BB94FA1D450F321FC1AEC3ECC2D81EEC8D493EFB9B9B9B9B9.westurn.in

    DNS Response

    107.178.223.183
    104.155.138.21

  • 8.8.8.8:53
    8B88E272DE12E11AF315E6140DE70BC13DD493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    214 B
     139 B
     2
    1

    DNS Request

    8B88E272DE12E11AF315E6140DE70BC13DD493EFB9B9B9B9B9.westurn.in

    DNS Request

    8B88E272DE12E11AF315E6140DE70BC13DD493EFB9B9B9B9B9.westurn.in

    DNS Response

    107.178.223.183
    104.155.138.21

  • 8.8.8.8:53
    8B5EC6B216310521F2156972482D11CA48D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B5EC6B216310521F2156972482D11CA48D493EFB9B9B9B9B9.westurn.in

    DNS Response

    107.178.223.183
    104.155.138.21

  • 8.8.8.8:53
    8B1AD1F4F78701C7F8090B6ABFA3870895D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B1AD1F4F78701C7F8090B6ABFA3870895D493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8BF797D1E2E7354EFA3A31B769FC3D15DFD493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    214 B
     139 B
     2
    1

    DNS Request

    8BF797D1E2E7354EFA3A31B769FC3D15DFD493EFB9B9B9B9B9.westurn.in

    DNS Request

    8BF797D1E2E7354EFA3A31B769FC3D15DFD493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8B476E7A88BAE9CFF02D523CF8D95F926FD493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    214 B
     139 B
     2
    1

    DNS Request

    8B476E7A88BAE9CFF02D523CF8D95F926FD493EFB9B9B9B9B9.westurn.in

    DNS Request

    8B476E7A88BAE9CFF02D523CF8D95F926FD493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8B15E174EFA05621F2254E3217C205FB2AD493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    214 B
     139 B
     2
    1

    DNS Request

    8B15E174EFA05621F2254E3217C205FB2AD493EFB9B9B9B9B9.westurn.in

    DNS Request

    8B15E174EFA05621F2254E3217C205FB2AD493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8B36A5B8CA7FE0C4F72A7EB1610E402ABAD493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    214 B
     139 B
     2
    1

    DNS Request

    8B36A5B8CA7FE0C4F72A7EB1610E402ABAD493EFB9B9B9B9B9.westurn.in

    DNS Request

    8B36A5B8CA7FE0C4F72A7EB1610E402ABAD493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8B950D92E208CBE5FB1AAC58691056D505D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B950D92E208CBE5FB1AAC58691056D505D493EFB9B9B9B9B9.westurn.in

    DNS Response

    107.178.223.183
    104.155.138.21

  • 8.8.8.8:53
    8BE8F26A1F6D4D10F502DFCF66C6148B9CD493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8BE8F26A1F6D4D10F502DFCF66C6148B9CD493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8B6B23278A37567CFA13A9C72BE8BE27CFD493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B6B23278A37567CFA13A9C72BE8BE27CFD493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8B6BAA7505BD3CF8F6209A76C9ED86E091D493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B6BAA7505BD3CF8F6209A76C9ED86E091D493EFB9B9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8B0E111A738A349FF03F0F6E83A39DDEFDD493EFB9B9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B0E111A738A349FF03F0F6E83A39DDEFDD493EFB9B9B9B9B9.westurn.in

    DNS Response

    107.178.223.183
    104.155.138.21

  • 8.8.8.8:53
    89A01E56D4C21D2BFD0B9633BADFCF66DDB9BB96D8D7DAD1D6CBE6DDD7CA96F.AD8D5D2D1CAC0D4E6EE8F888E8F898897888C8D8D898EFA8B8B888EFF8D8B8D.8D808BFA8FF8F889898FFAFA8C8E8E818B968996EED0D7DDD6CECA998E99C18.F8DEAE9889688898988968997899789978996FD89.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    290 B
     322 B
     1
    1

    DNS Request

    89A01E56D4C21D2BFD0B9633BADFCF66DDB9BB96D8D7DAD1D6CBE6DDD7CA96F.AD8D5D2D1CAC0D4E6EE8F888E8F898897888C8D8D898EFA8B8B888EFF8D8B8D.8D808BFA8FF8F889898FFAFA8C8E8E818B968996EED0D7DDD6CECA998E99C18.F8DEAE9889688898988968997899789978996FD89.westurn.in

    DNS Response

    107.178.223.183
    104.155.138.21

  • 8.8.8.8:53
    880A979D040995E7FD38179496B647BA9670C766BB.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    99 B
     131 B
     1
    1

    DNS Request

    880A979D040995E7FD38179496B647BA9670C766BB.westurn.in

    DNS Response

    107.178.223.183
    104.155.138.21

  • 8.8.8.8:53
    8B3CBA35457D5A42F91967E07250F3EB3D70C766BBB9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B3CBA35457D5A42F91967E07250F3EB3D70C766BBB9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8BB693E29BA6C326FB318050AA3B44630B70C766BBB9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8BB693E29BA6C326FB318050AA3B44630B70C766BBB9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8BABF0755A9C380BFA07E23A6CAEBC5BEE70C766BBB9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8BABF0755A9C380BFA07E23A6CAEBC5BEE70C766BBB9B9B9B9.westurn.in

    DNS Response

    107.178.223.183
    104.155.138.21

  • 8.8.8.8:53
    8B908BF3BE2CEAD8FA25C5F8C682C75AE370C766BBB9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B908BF3BE2CEAD8FA25C5F8C682C75AE370C766BBB9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8BB1EB3B0F769ADCF32F8F7D24E857A0F870C766BBB9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    321 B
     139 B
     3
    1

    DNS Request

    8BB1EB3B0F769ADCF32F8F7D24E857A0F870C766BBB9B9B9B9.westurn.in

    DNS Request

    8BB1EB3B0F769ADCF32F8F7D24E857A0F870C766BBB9B9B9B9.westurn.in

    DNS Request

    8BB1EB3B0F769ADCF32F8F7D24E857A0F870C766BBB9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8B31B83098634E7FF436DDE26541812E7D70C766BBB9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8B31B83098634E7FF436DDE26541812E7D70C766BBB9B9B9B9.westurn.in

    DNS Response

    107.178.223.183
    104.155.138.21

  • 8.8.8.8:53
    8BD2ECD33090ABA0F806625D875546D65F70C766BBB9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    107 B
     139 B
     1
    1

    DNS Request

    8BD2ECD33090ABA0F806625D875546D65F70C766BBB9B9B9B9.westurn.in

    DNS Response

    104.155.138.21
    107.178.223.183

  • 8.8.8.8:53
    8B24ED9A9C211E05F7094B48618895788C70C766BBB9B9B9B9.westurn.in
    dns
    2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    428 B
     4

    DNS Request

    8B24ED9A9C211E05F7094B48618895788C70C766BBB9B9B9B9.westurn.in

    DNS Request

    8B24ED9A9C211E05F7094B48618895788C70C766BBB9B9B9B9.westurn.in

    DNS Request

    8B24ED9A9C211E05F7094B48618895788C70C766BBB9B9B9B9.westurn.in

    DNS Request

    8B24ED9A9C211E05F7094B48618895788C70C766BBB9B9B9B9.westurn.in

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Filesize

    666KB

    MD5

    754b79913fde2de487e9fc2826b65d57

    SHA1

    c8299aadf886da55cb47e5cbafe8c5a482b47fc8

    SHA256

    0816d66320d221de576c8a9e6af1b05c7656832939876dd99bb8b40029fe694a

    SHA512

    4a2420e2e89757cab2376932ce548f9b31b845f8c99dfd1cdd9a3b53dabed9e3cb11ecf514edeaccd932f277f65397c126ecaf42831f016554d2001034a25a1d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2024-01-11_754b79913fde2de487e9fc2826b65d57_ryuk_trickbot.exe
    Filesize

    391KB

    MD5

    22c9529dca46585e218456d3c3b73849

    SHA1

    fb2b161fb762b133ac75f8223366469e877974ec

    SHA256

    252b9e29758494dc583d493b585d4cf367504410605eb3b28134c91ecde45f64

    SHA512

    11e625f057af6dff6b2007e07a2a786c870a4bb54568501f059ba59e24064e9835b2987fa7e0cd0dcf670430c2db04517e9ea50af635fc078d2d5e91dfd52ed1

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.