TrickBot and Zeus – Through our monitoring, we were able to obtain a debug version of the module, which contained new features being tested. In this evolution of their webinject capabilities, TrickBot has added support for Zeus-style webinject configs.

July 16, 2021

Updated: July 18, 2021

Overview

TrickBot is an established and widespread multi-purpose trojan. Active since 2016 and modular in nature, it can accomplish a variety of goals ranging from credential theft to lateral movement. Many of the malware’s capabilities come as self-contained modules, which the malware is instructed to download from the C2. Initially, TrickBot’s main focus was bank fraud, but this later shifted toward corporate targetted ransomware attacks, eventually resulting in the discontinuation of their f…

TrickBot and Zeus – Through our monitoring, we were able to obtain a debug version of the module, which contained new features being tested. In this evolution of their webinject capabilities, TrickBot has added support for Zeus-style webinject configs.

Explosive New MirrorBlast Campaign Targets Financial Companies

Sysmon for Linux

Threat Thursday: STRRat Malware

Analyzing SquirrelWaffle’s Network Traffic

Editor Picks

Hunting for FIN6 Behavior with Sysmon

Hunting for Lateral Movement: Local Accounts

Azure Sentinel To-Go! A Linux 🐧 Lab with AUOMS Set Up to Learn About the OMI Vulnerability 💥

Must read

Sysmon for Linux

Threat Thursday: STRRat Malware

Analyzing SquirrelWaffle’s Network Traffic

Popular categories