|
gptkbp:instanceOf
|
malware
|
|
gptkbp:abilities
|
remote access
web injection
network propagation
harvesting Active Directory data
harvesting browser data
harvesting credentials
harvesting cryptocurrency wallets
harvesting email accounts
harvesting system information
spreading via RDP
spreading via SMB
spreading via brute force
|
|
gptkbp:activeIn
|
true
|
|
gptkbp:alias
|
gptkb:TrickLoader
gptkb:Terdot
trickster
|
|
gptkbp:area
|
gptkb:Asia
gptkb:Europe
gptkb:Latin_America
gptkb:United_States
|
|
gptkbp:developedBy
|
cybercrime
|
|
gptkbp:discoveredBy
|
2016
|
|
gptkbp:disruptionDate
|
October 2020
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
TrickBot
|
|
gptkbp:industry
|
gptkb:government
education
financial services
healthcare
retail
|
|
gptkbp:interruptedBy
|
gptkb:Microsoft
gptkb:US_Cyber_Command
international law enforcement
|
|
gptkbp:modularDesign
|
true
|
|
gptkbp:notable_campaign
|
gptkb:Conti_ransomware
gptkb:Ryuk_ransomware
|
|
gptkbp:platform
|
gptkb:Microsoft_Windows
|
|
gptkbp:primaryUse
|
malware
botnet
information stealer
|
|
gptkbp:relatedTo
|
gptkb:Ryuk
gptkb:Conti
gptkb:Emotet
gptkb:Anchor_malware
gptkb:BazarLoader
|
|
gptkbp:spreadTo
|
gptkb:Emotet_malware
gptkb:EternalBlue_exploit
malicious email attachments
malicious links
|
|
gptkbp:type
|
trojan
|
|
gptkbp:usedFor
|
data exfiltration
credential theft
lateral movement
ransomware delivery
|
|
gptkbp:uses
|
command and control servers
encrypted communication
malicious modules
|
|
gptkbp:writtenBy
|
gptkb:C++
C
|
|
gptkbp:bfsParent
|
gptkb:Conti
|
|
gptkbp:bfsLayer
|
5
|