Results for TrickBot

Threat Research

TrickBot or Treat – Knocking on the Door and Trying to Enter

Learn about a recent Trickbot attack discovered by the FortiGuard SE Team in Virus Total.

By FortiGuard SE TeamSeptember 25, 2019

Threat Research

Quick Analysis of New Method for Spreading TrickBot

Recently, FortiGuard Labs captured a suspicious email. After an analysis, we discovered that it was spreading the malware TrickBot. Read to learn more.

By Xiaopeng ZhangApril 29, 2019

Threat Research

Deep Analysis of TrickBot New Module pwgrab

FortiGuard Labs found a new TrickBot variant, with a new module pwgrab, which attempts to steal credentials, autofill data, history and so on. We did a deep analysis on this pwgrab module to explain how it works on a victim’s system.

By Xiaopeng ZhangNovember 08, 2018

Threat Research

IcedID & Trickbot: A Give-and-Take Relationship

FortiGuard Labs recently caught one of Trickbot’s C2 (Command and Control) servers sending commands to its victims that instructed its bots to download what turned out to be an updated variant of the IcedID banking Trojan.

By Floser Bacurio Jr.July 25, 2018

Threat Research

New Trickbot Plugin Harvests Email Addresses from SQL Servers, ScreenLocker Module Not for Ransom

Just a week after publishing our discovery of Trickbot’s networkDLL, the FortiGuard Labs monitoring system has found a new module called squlDll that is being actively distributed to the banking trojan’s victims.

Threat Research

Trickbot’s New Reconnaissance Plugin

Fortinet FortiGuard Labs has found a new plugin named networkDLL that is being distributed to the victims of the Trickbot Trojan. This new plugin is similar to the old DomainGrabber plugin discovered late last year in that they both try to collect information about the victim’s network. In fact, we have observed the same functions being used by both plugins.

Threat Research

Deep Analysis of the Online Banking Botnet TrickBot

  One month ago we captured a Word document infected with malicious VBA code, which was detected as WM/Agent!tr by the Fortinet AntiVirus service. Its file name is InternalFax.doc, and its MD5 is 4F2139E3961202B1DFEAE288AED5CB8F.  By our analysis, the Word document was used to download and spread the botnet TrickBot. TrickBot aims at stealing online banking information from browsers when victims are visiting online banks. The targeted banks are from Australia, New Zealand, Germany, United Kingdom, Canada, United States, Israel, and...

By Xiaopeng ZhangDecember 06, 2016