TrickBot gang

GPTKB entity

Statements (52)
Predicate Object
gptkbp:instanceOf cybercrime
gptkbp:activePeriod 2016-2022
gptkbp:alsoKnownAs gptkb:Wizard_Spider
gptkbp:associatedWith gptkb:Emotet
gptkb:TA505
gptkb:FIN6
gptkbp:countryOfOrigin gptkb:Russia
gptkbp:disbanded 2022
https://www.w3.org/2000/01/rdf-schema#label TrickBot gang
gptkbp:interruptedBy gptkb:Microsoft
gptkb:Europol
gptkb:FBI
gptkb:US_Cyber_Command
gptkbp:mainLanguage gptkb:Russian
gptkbp:notableBattle gptkb:Universal_Health_Services_ransomware_attack_(2020)
attacks on critical infrastructure
attacks on educational institutions
attack on hospitals during COVID-19 pandemic
attacks on US municipalities
gptkbp:notableFor gptkb:Conti_ransomware
gptkb:TrickBot_malware
gptkb:Ryuk_ransomware
data exfiltration
modular malware architecture
phishing campaigns
credential theft
malware-as-a-service
network propagation
ransomware deployment
banking trojans
botnet operations
collaboration with other cybercriminal groups
use of Cobalt Strike
use of EternalBlue exploit
use of Mimikatz
use of PowerShell scripts
use of malicious attachments
use of malicious links
use of spear phishing emails
use of web injects
gptkbp:successor gptkb:Conti_ransomware_group
gptkb:Black_Basta_ransomware_group
gptkbp:target gptkb:government_agency
healthcare organizations
financial institutions
gptkbp:usesMalware gptkb:Ryuk
gptkb:Conti
gptkb:Anchor
gptkb:BazarLoader
gptkb:TrickBot
gptkbp:bfsParent gptkb:Wizard_Spider_group
gptkbp:bfsLayer 6