TrickBot

GPTKB entity

Statements (61)
Predicate Object
gptkbp:instanceOf malware
gptkbp:abilities remote access
web injection
network propagation
harvesting Active Directory data
harvesting browser data
harvesting credentials
harvesting cryptocurrency wallets
harvesting email accounts
harvesting system information
spreading via RDP
spreading via SMB
spreading via brute force
gptkbp:activeIn true
gptkbp:alias gptkb:TrickLoader
gptkb:Terdot
trickster
gptkbp:area gptkb:Asia
gptkb:Europe
gptkb:Latin_America
gptkb:United_States
gptkbp:developedBy cybercrime
gptkbp:discoveredBy 2016
gptkbp:disruptionDate October 2020
https://www.w3.org/2000/01/rdf-schema#label TrickBot
gptkbp:industry gptkb:government
education
financial services
healthcare
retail
gptkbp:interruptedBy gptkb:Microsoft
gptkb:US_Cyber_Command
international law enforcement
gptkbp:modularDesign true
gptkbp:notable_campaign gptkb:Conti_ransomware
gptkb:Ryuk_ransomware
gptkbp:platform gptkb:Microsoft_Windows
gptkbp:primaryUse malware
botnet
information stealer
gptkbp:relatedTo gptkb:Ryuk
gptkb:Conti
gptkb:Emotet
gptkb:Anchor_malware
gptkb:BazarLoader
gptkbp:spreadTo gptkb:Emotet_malware
gptkb:EternalBlue_exploit
malicious email attachments
malicious links
gptkbp:type trojan
gptkbp:usedFor data exfiltration
credential theft
lateral movement
ransomware delivery
gptkbp:uses command and control servers
encrypted communication
malicious modules
gptkbp:writtenBy gptkb:C++
C
gptkbp:bfsParent gptkb:Conti
gptkbp:bfsLayer 5