true
Blog OSINT Threat Report: Trickbot Continues to Deceive - Week of July 8

OSINT Threat Report: Trickbot Continues to Deceive - Week of July 8

Welcome to our OSINT Threat Report, a weekly digest of trending threats reported by TruSTAR platform users. Related posts here. 

Upgraded Trickbot Runs Its Course

If you're monitoring the wider threatscape, it won't be surprising that Trickbot is the number one malware on TruSTAR at the moment. This modular piece of malware has undergone a number of upgrades and has been added as a critical component of multiple campaigns. One of the most effective malware combinations we're seeing is Emotet > Trickbot > Ryuk, but it is also being used with IcedID and Emotet campaigns. There is also yet a new variant of Trickbot out as of this week. Perhaps in a later blog, we will post a write up of the recent evolution and surge.

NJRAT Gaining Popularity

The second most reported malware on TruSTAR is NJRAT and this one is of growing interest due to possible Iranian connections. Iranian APT33 has shifted to using more commodity malware and two weeks ago Insikt Group detailed the use of new infrastructure targeting Saudi Arabia wherein 60% of all malicious activity arising from this activity is tied to NJRat. As such, this malware warrants a closer eye when it appears within US networks. 

Smokeloader Continuing to Evolve

The third most seen malware is Smokeloader and this is another case of a tried and true piece of malware undergoing an upgrade. A new variant was discovered in the first week of July that also downloads Azorult as part of its kill chain. 

Both Trickbot and Smokeloader highlight a strong trend of linking various pieces of malware to drop other malware, enhance profits, increase persistence, or enabling lateral movement within networks. The success of these combinations will only foment more in the future. 

 

View this OSINT Threat Report on TruSTAR to correlate IOCs with your own data:

View Report on TruSTAR

 

Not on TruSTAR yet? Request a demo, and in the meantime download IOCs via .txt file: 

Download .txt File

  

OSINT Threat Report: Pony Takes the Lead - Week of July 1 Welcome to our OSINT Threat Report, a weekly digest of trending threats reported by TruSTAR platform users. Related posts here.  Read More
OSINT Threat Report: Trickbot Back with a Vengeance - Week of June 24 Welcome to our OSINT Threat Report, a weekly digest of trending threats reported by TruSTAR platform users. Related posts here.  Read More
OSINT Threat Report: GandCrab Ransomware Reemerges - Week of June 10 Welcome to our OSINT Threat Report, a weekly digest of trending threats reported by TruSTAR platform users. Related posts here.  Read More