Posts Taggedtrickbot

Anchor Project for Trickbot Adds ICMP

The team behind Trickbot has been aggressively updating and deploying various modules including Anchor and Bazar Loader targeting high-value targets, including healthcare entities

Crimeware

Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW)

SentinelLabs profiles an affiliate involved with Maze ransomware and details the actor’s involvement with other crimeware families, including TrickBot.

Crimeware

Inside a TrickBot Cobalt Strike Attack Server

Analysis of a Cobalt Strike Server leveraged in PowerTrick breaches.

Security Research

Sarwent Malware Continues to Evolve With Updated Command Functions

Sarwent has received little attention from researchers, but this backdoor malware is still being actively developed, with new commands and a focus on RDP.

Crimeware

Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant

Continuing our earlier analysis of the TrickBot Executor Module “mexec”, we take a look at the dropper variant and reveal how it carries its payload onboard.

Crimeware

Revealing the Trick | A Deep Dive into TrickLoader Obfuscation

TrickBot’s loader has received much less attention than other components of the malware. Jason Reaves shows how to reverse engineer the TrickLoader function.

Crimeware

Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets

SentinelLabs developed mock command-and-control panels to allow the institutions to utilize them for testing detections related to “PowerTrick”

Adversary

Anchor Project | The Deadly Planeswalker: How The TrickBot Group United High-Tech Crimeware & APT

The Wind of Time Shakes the Underground | High-Tech Cybercrime & APT | Most Sophisticated & Resourceful Crimeware Group

Crimeware

How TrickBot Malware Hooking Engine Targets Windows 10 Browsers

Vitali Kremez revealing how TrickBot’s hooking engine targets Chrome, Firefox, Explorer and Edge in Windows 10

Crimeware

Trickbot Update: Brief Analysis of a Recent Trickbot Payload

In many ways, Trickbot parallels the evolution of contemporary threats (such as #Emotet) via its modular and expandable architecture. We took it for a test

✨ It's SentinelOne Global Virtual Wellness Week for all of our employees! With hundreds of open positions globally,… https://t.co/QXYs5NJPcg5 hours ago
SentinelOne's Brian Hussey in CyberScoop: #Trickbot. Not gone. Continual and steady usage. It's business as usual… https://t.co/k1KmTv6CwH5 hours ago
✨ It's SentinelOne Global Virtual Wellness Week for all of our employees! With hundreds of open positions globally,… https://t.co/eYHcg6ZCti5 hours ago
RT @NoHackn: Here at @AttivoNetworks we're excited to release our integration with @SentinelOne and help defenders succeed in countering fr…6 hours ago

0 / 84

Posts Taggedtrickbot

Anchor Project for Trickbot Adds ICMP

Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW)

Inside a TrickBot Cobalt Strike Attack Server

Sarwent Malware Continues to Evolve With Updated Command Functions

Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant

Revealing the Trick | A Deep Dive into TrickLoader Obfuscation

Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets

Anchor Project | The Deadly Planeswalker: How The TrickBot Group United High-Tech Crimeware & APT

How TrickBot Malware Hooking Engine Targets Windows 10 Browsers

Trickbot Update: Brief Analysis of a Recent Trickbot Payload

Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone

Ranzy Ransomware | Better Encryption Among New Features of ThunderX Derivative

Resourceful macOS Malware Hides in Named Fork

Moving From Dynamic Emulation of UEFI Modules To Coverage-Guided Fuzzing of UEFI Firmware