Posts Taggedtrickbot

Anchor Project for Trickbot Adds ICMP

The team behind Trickbot has been aggressively updating and deploying various modules including Anchor and Bazar Loader targeting high-value targets, including healthcare entities

Crimeware

Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW)

SentinelLabs profiles an affiliate involved with Maze ransomware and details the actor’s involvement with other crimeware families, including TrickBot.

Crimeware

Inside a TrickBot Cobalt Strike Attack Server

Analysis of a Cobalt Strike Server leveraged in PowerTrick breaches.

Security Research

Sarwent Malware Continues to Evolve With Updated Command Functions

Sarwent has received little attention from researchers, but this backdoor malware is still being actively developed, with new commands and a focus on RDP.

Crimeware

Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant

Continuing our earlier analysis of the TrickBot Executor Module “mexec”, we take a look at the dropper variant and reveal how it carries its payload onboard.

Crimeware

Revealing the Trick | A Deep Dive into TrickLoader Obfuscation

TrickBot’s loader has received much less attention than other components of the malware. Jason Reaves shows how to reverse engineer the TrickLoader function.

Crimeware

Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets

SentinelLabs developed mock command-and-control panels to allow the institutions to utilize them for testing detections related to “PowerTrick”

Adversary

Anchor Project | The Deadly Planeswalker: How The TrickBot Group United High-Tech Crimeware & APT

The Wind of Time Shakes the Underground | High-Tech Cybercrime & APT | Most Sophisticated & Resourceful Crimeware Group

Crimeware

How TrickBot Malware Hooking Engine Targets Windows 10 Browsers

Vitali Kremez revealing how TrickBot’s hooking engine targets Chrome, Firefox, Explorer and Edge in Windows 10

Crimeware

Trickbot Update: Brief Analysis of a Recent Trickbot Payload

In many ways, Trickbot parallels the evolution of contemporary threats (such as #Emotet) via its modular and expandable architecture. We took it for a test

At SentinelOne, we strive to make sure everyone is able to use our products and services easily and productively… https://t.co/vRLtxHtwTU51 minutes ago
RT @benjamindoane: S1 is the real deal 8 hours ago
The workplace we knew is gone. Enter @SentinelOne —the only cybersecurity platform purpose-built for the remote w… https://t.co/uhaqzUFvHm21 hours ago
#RDP? #Malvertising? #Exploit Kits? Messaging Applications? Infected Files? #Phishing? Understanding how… https://t.co/bRcOXgGiv323 hours ago

0 / 112

Posts Taggedtrickbot

Anchor Project for Trickbot Adds ICMP

Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW)

Inside a TrickBot Cobalt Strike Attack Server

Sarwent Malware Continues to Evolve With Updated Command Functions

Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant

Revealing the Trick | A Deep Dive into TrickLoader Obfuscation

Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets

Anchor Project | The Deadly Planeswalker: How The TrickBot Group United High-Tech Crimeware & APT

How TrickBot Malware Hooking Engine Targets Windows 10 Browsers

Trickbot Update: Brief Analysis of a Recent Trickbot Payload

20 Common Tools & Techniques Used by macOS Threat Actors & Malware

CVE-2021-24092: 12 Years in Hiding – A Privilege Escalation Vulnerability in Windows Defender

Zeoticus 2.0 | Ransomware With No C2 Required

FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts