trickbot Archives - SentinelLabs

Anchor Project for Trickbot Adds ICMP

The team behind Trickbot has been aggressively updating and deploying various modules including Anchor and Bazar Loader targeting high-value targets, including healthcare entities

Crimeware

Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW)

SentinelLabs profiles an affiliate involved with Maze ransomware and details the actor’s involvement with other crimeware families, including TrickBot.

Crimeware

Inside a TrickBot Cobalt Strike Attack Server

Analysis of a Cobalt Strike Server leveraged in PowerTrick breaches.

Security Research

Sarwent Malware Continues to Evolve With Updated Command Functions

Sarwent has received little attention from researchers, but this backdoor malware is still being actively developed, with new commands and a focus on RDP.

Crimeware

Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant

Continuing our earlier analysis of the TrickBot Executor Module “mexec”, we take a look at the dropper variant and reveal how it carries its payload onboard.

Crimeware

Revealing the Trick | A Deep Dive into TrickLoader Obfuscation

TrickBot’s loader has received much less attention than other components of the malware. Jason Reaves shows how to reverse engineer the TrickLoader function.

Crimeware

Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets

SentinelLabs developed mock command-and-control panels to allow the institutions to utilize them for testing detections related to “PowerTrick”

Adversary

Anchor Project | The Deadly Planeswalker: How The TrickBot Group United High-Tech Crimeware & APT

The Wind of Time Shakes the Underground | High-Tech Cybercrime & APT | Most Sophisticated & Resourceful Crimeware Group

Crimeware

How TrickBot Malware Hooking Engine Targets Windows 10 Browsers

Vitali Kremez revealing how TrickBot’s hooking engine targets Chrome, Firefox, Explorer and Edge in Windows 10

Crimeware

Trickbot Update: Brief Analysis of a Recent Trickbot Payload

In many ways, Trickbot parallels the evolution of contemporary threats (such as #Emotet) via its modular and expandable architecture. We took it for a test

Posts Taggedtrickbot

Anchor Project for Trickbot Adds ICMP

Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW)

Inside a TrickBot Cobalt Strike Attack Server

Sarwent Malware Continues to Evolve With Updated Command Functions

Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant

Revealing the Trick | A Deep Dive into TrickLoader Obfuscation

Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets

Anchor Project | The Deadly Planeswalker: How The TrickBot Group United High-Tech Crimeware & APT

How TrickBot Malware Hooking Engine Targets Windows 10 Browsers

Trickbot Update: Brief Analysis of a Recent Trickbot Payload

Hotcobalt – New Cobalt Strike DoS Vulnerability That Lets You Halt Operations

MeteorExpress | Mysterious Wiper Paralyzes Iranian Trains with Epic Troll

CVE-2021-3438: 16 Years In Hiding – Millions of Printers Worldwide Vulnerable

Conti Unpacked | Understanding Ransomware Development As a Response to Detection