Little Trickbot Growing Up: New Campaign
ATT&CK techniques detected
T1559Inter-Process Communication
66%
"into its memory by the main trickbot module in svchost. exe. figure 7 : trickbot ’ s module in firefox ’ s address space figure 7 : trickbot ’ s module in firefox ’ s address space the browser module waits for incoming pipe connections. the main module connects to the browser mod…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1572Protocol Tunneling
39%
"page that looks exactly like the bank ’ s original page. figure 4 : trickbot ' s new configuration figure 4 : trickbot ' s new configuration inside the browser function hook, the request page is forwarded to the fake domain containing bot id inside the “ clientinfo ” header. figu…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Recently there have been several reports of a financial malware named TrickBot; this malware's code looks similar to Dyre.