Posts Taggedtrickbot

Anchor Project for Trickbot Adds ICMP

The team behind Trickbot has been aggressively updating and deploying various modules including Anchor and Bazar Loader targeting high-value targets, including healthcare entities

Crimeware

Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW)

SentinelLabs profiles an affiliate involved with Maze ransomware and details the actor’s involvement with other crimeware families, including TrickBot.

Crimeware

Inside a TrickBot Cobalt Strike Attack Server

Analysis of a Cobalt Strike Server leveraged in PowerTrick breaches.

Security Research

Sarwent Malware Continues to Evolve With Updated Command Functions

Sarwent has received little attention from researchers, but this backdoor malware is still being actively developed, with new commands and a focus on RDP.

Crimeware

Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant

Continuing our earlier analysis of the TrickBot Executor Module “mexec”, we take a look at the dropper variant and reveal how it carries its payload onboard.

Crimeware

Revealing the Trick | A Deep Dive into TrickLoader Obfuscation

TrickBot’s loader has received much less attention than other components of the malware. Jason Reaves shows how to reverse engineer the TrickLoader function.

Crimeware

Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets

SentinelLabs developed mock command-and-control panels to allow the institutions to utilize them for testing detections related to “PowerTrick”

Adversary

Anchor Project | The Deadly Planeswalker: How The TrickBot Group United High-Tech Crimeware & APT

The Wind of Time Shakes the Underground | High-Tech Cybercrime & APT | Most Sophisticated & Resourceful Crimeware Group

Crimeware

How TrickBot Malware Hooking Engine Targets Windows 10 Browsers

Vitali Kremez revealing how TrickBot’s hooking engine targets Chrome, Firefox, Explorer and Edge in Windows 10

Crimeware

Trickbot Update: Brief Analysis of a Recent Trickbot Payload

In many ways, Trickbot parallels the evolution of contemporary threats (such as #Emotet) via its modular and expandable architecture. We took it for a test

@FeverTreeMixers’s previous #endpoint security product required painstaking configuration and upkeep. They wanted… https://t.co/rrRGJshy0510 hours ago
RT @LisaH_Jackson: .@ATT Launches new managed comprehensive endpoint security solution with @SentinelOne. Endpoint protection against #cybe…12 hours ago
RT @EFF: "At the time, [China's] was the only internet censorship in town. There was this thought—oh look, it's so quaint, a country trying…12 hours ago
#NTLM is still actively exploited. Follow each step in this #Vigilance #MDR analysis of a real-world attack and… https://t.co/S0TRyHl0OP13 hours ago

0 / 131

Posts Taggedtrickbot

Anchor Project for Trickbot Adds ICMP

Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW)

Inside a TrickBot Cobalt Strike Attack Server

Sarwent Malware Continues to Evolve With Updated Command Functions

Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant

Revealing the Trick | A Deep Dive into TrickLoader Obfuscation

Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets

Anchor Project | The Deadly Planeswalker: How The TrickBot Group United High-Tech Crimeware & APT

How TrickBot Malware Hooking Engine Targets Windows 10 Browsers

Trickbot Update: Brief Analysis of a Recent Trickbot Payload

CVE-2021-21551- Hundreds Of Millions Of Dell Computers At Risk Due to Multiple BIOS Driver Privilege Escalation Flaws

Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol

A Deep Dive into Zebrocy’s Dropper Docs

Adventures From UEFI Land: the Hunt For the S3 Boot Script