{"id":6482,"date":"2022-02-25T19:31:41","date_gmt":"2022-02-25T10:31:41","guid":{"rendered":"https:\/\/cyberenso.jp\/?p=6482"},"modified":"2022-03-30T19:34:14","modified_gmt":"2022-03-30T10:34:14","slug":"trickbot-developers-move-to-stealthier-malware-after-trickbot-malware-operation-shuts-down","status":"publish","type":"post","link":"https:\/\/cyberenso.jp\/en\/trickbot-developers-move-to-stealthier-malware-after-trickbot-malware-operation-shuts-down\/","title":{"rendered":"TrickBot developers move to stealthier malware after TrickBot malware operation shuts down"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"6482\" class=\"elementor elementor-6482\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-7d0fa89 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"7d0fa89\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-8c32a42\" data-id=\"8c32a42\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-eb49b23 elementor-widget elementor-widget-text-editor\" data-id=\"eb49b23\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>On Thursday 24<sup>th<\/sup> of February 2022, the TrickBot malware operation is believed to have shut down after it was reported that their core developers have move to the Conti ransomware gang to focus development on the other malware families which Conti has in their operations. TrickBot has been a key Windows malware which has been part of the threat landscape since 2016. The malware is commonly installed via malicious phishing emails or other malware like trojan and has been observed running quietly on a victim&#8217;s computer while it downloads modules to perform different tasks.<\/p><p>Trickbot has had a long connection to ransomware groups as it has been linked to many groups. The first observed relationship was with the Ryuk ransomware operation in 2019 who used the malware to gain initial access to networks. And they were later seen partnering with the Conti ransomware group in 2020. Although in 2021, it was observed that they attempted to lunach their own ransomware operation known as Diavol but due to law enforcement efforts including the arrest of one of their key developers, the operation never launched off the ground. \u00a0<\/p><p>Based on research done by cyber security organisations, it is believed the development of the TrickBot malware has been taken over the Conti ransomware group for their own needs while the developers have been moved onto the development of more stealthy malware families like BazarBackdoor.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>On Thursday 24th of February 2022, the TrickBot malware operation is believed to have shut down after it was reported that their core developers have move to the Conti ransomware gang to focus development on the other malware families which Conti has in their operations. TrickBot has been a key Windows malware which has been part of the threat landscape<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":6487,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,10,12,2,1],"tags":[],"class_list":["post-6482","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-latest_news","category-latest_vulnerabilities","category-read_article","category-ce_news","category-uncategorized"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2022\/03\/Picture1-16.jpg?fit=1379%2C919&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/6482"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=6482"}],"version-history":[{"count":6,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/6482\/revisions"}],"predecessor-version":[{"id":6490,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/6482\/revisions\/6490"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/6487"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=6482"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=6482"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=6482"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}