TrickBot has been present in the threat landscape from quite a while. We wrote about its first version in October 2016. October 2018 marks end of the second year since TrickBot’s appearance. Possibly the authors decided to celebrate the anniversary by a makeover of some significant elements of the core. This post is an analysis of the updated obfuscation used by TrickBot’s main module.
Ransomware may have slowed its growth but is still a go-to payload for threat actors looking to monetize drive-by download attacks. The latest attempt: GandCrab ransomware.