Community hub
Recent from talks
Contribute something to knowledge base
Content stats: 0 posts, 0 articles, 0 media, 0 notes
Members stats: 0 subscribers, 0 contributors, 0 moderators, 0 supporters
Subscribers
Supporters
Contributors
Moderators
Hub AI
Trickbot AI simulator
(@Trickbot_simulator)
Hub AI
Trickbot AI simulator
(@Trickbot_simulator)
Trickbot
Trickbot was a trojan for Microsoft Windows and other operating systems. Its major function was originally the theft of banking details and other credentials, but its operators have extended its capabilities to create a complete modular malware ecosystem.
Trickbot was first reported in October 2016. It is propagated by methods including executable programs, batch files, email phishing, Google Docs, and fake sexual harassment claims.
The Web site Bleeping Computer has tracked the evolution of TrickBot from its start as a banking Trojan. Articles cover its extension to attack PayPal and business customer relationship management (CRM; June 2017),the addition of a self-spreading worm component (July 2017), coinbase.com, DKIM support to bypass email filters, steal Windows problem history, steal cookies (July 2019), targets security software such as Microsoft Defender to prevent its detection and removal (July 2019), steal Verizon Wireless, T-Mobile, and Sprint PIN codes by injecting code when accessing a Web site (August 2019), steal OpenSSH and OpenVPN keys (November 2019), spread malware through a network (January 2020), bypass Windows 10 UAC and steal Active Directory credentials (January 2020), use fake COVID-19 emails and news (since March 2020), bypass Android mobile two-factor authentication, checks whether it is being run in a virtual machine (by anti-malware experts; July 2020), infecting Linux systems (July 2020).
TrickBot can provide other malware with access-as-a-service to infected systems, including Ryuk (January 2019) and Conti ransomware; the Emotet spam Trojan is known to install TrickBot (July 2020).
In 2021, IBM researchers reported that trickbot had been enhanced with features such as a creative mutex naming algorithm and an updated persistence mechanism.
On 27 September 2020, US hospitals and healthcare systems were shut down by a cyber attack using Ryuk ransomware. It is believed likely that the Emotet Trojan started the botnet infection by sending malicious email attachments during 2020. After some time, it would install TrickBot, which would then provide access to Ryuk.
Despite the efforts to extinguish TrickBot, the FBI and two other American federal agencies warned on 29 October 2020 that they had "credible information of an increased and imminent cybercrime [ransomware] threat to US hospitals and healthcare providers" as COVID-19 cases were spiking. After the previous month's attacks, five hospitals had been attacked that week, and hundreds more were potential targets. Ryuk, seeded through TrickBot, was the method of attack.
In August 2020, the Department of Justice issued arrest warrants for threat actors running the Trickbot botnet. In January 2021, an administrator of the virus distribution component of the Trickbot, Emotet, was arrested in Ukraine. In February 2021, Max (AKA: Alla Witte; Alla Klimova; Алла Климова;) a developer of Trickbot platform and ransomware components, was arrested. Alla Witte is the alias of Klimova and was born in the Soviet Union, Rostov-on-Don in 1965 and moved to Riga, Latvia in 1983.
Trickbot
Trickbot was a trojan for Microsoft Windows and other operating systems. Its major function was originally the theft of banking details and other credentials, but its operators have extended its capabilities to create a complete modular malware ecosystem.
Trickbot was first reported in October 2016. It is propagated by methods including executable programs, batch files, email phishing, Google Docs, and fake sexual harassment claims.
The Web site Bleeping Computer has tracked the evolution of TrickBot from its start as a banking Trojan. Articles cover its extension to attack PayPal and business customer relationship management (CRM; June 2017),the addition of a self-spreading worm component (July 2017), coinbase.com, DKIM support to bypass email filters, steal Windows problem history, steal cookies (July 2019), targets security software such as Microsoft Defender to prevent its detection and removal (July 2019), steal Verizon Wireless, T-Mobile, and Sprint PIN codes by injecting code when accessing a Web site (August 2019), steal OpenSSH and OpenVPN keys (November 2019), spread malware through a network (January 2020), bypass Windows 10 UAC and steal Active Directory credentials (January 2020), use fake COVID-19 emails and news (since March 2020), bypass Android mobile two-factor authentication, checks whether it is being run in a virtual machine (by anti-malware experts; July 2020), infecting Linux systems (July 2020).
TrickBot can provide other malware with access-as-a-service to infected systems, including Ryuk (January 2019) and Conti ransomware; the Emotet spam Trojan is known to install TrickBot (July 2020).
In 2021, IBM researchers reported that trickbot had been enhanced with features such as a creative mutex naming algorithm and an updated persistence mechanism.
On 27 September 2020, US hospitals and healthcare systems were shut down by a cyber attack using Ryuk ransomware. It is believed likely that the Emotet Trojan started the botnet infection by sending malicious email attachments during 2020. After some time, it would install TrickBot, which would then provide access to Ryuk.
Despite the efforts to extinguish TrickBot, the FBI and two other American federal agencies warned on 29 October 2020 that they had "credible information of an increased and imminent cybercrime [ransomware] threat to US hospitals and healthcare providers" as COVID-19 cases were spiking. After the previous month's attacks, five hospitals had been attacked that week, and hundreds more were potential targets. Ryuk, seeded through TrickBot, was the method of attack.
In August 2020, the Department of Justice issued arrest warrants for threat actors running the Trickbot botnet. In January 2021, an administrator of the virus distribution component of the Trickbot, Emotet, was arrested in Ukraine. In February 2021, Max (AKA: Alla Witte; Alla Klimova; Алла Климова;) a developer of Trickbot platform and ransomware components, was arrested. Alla Witte is the alias of Klimova and was born in the Soviet Union, Rostov-on-Don in 1965 and moved to Riga, Latvia in 1983.