test_scratch
/
cti-ATT-CK-v13.1
/enterprise-attack
/malware
/malware--00806466-754d-44ea-ad6f-0caf59cb8556.json
{ | |
"type": "bundle", | |
"id": "bundle--dbdf8fe7-ef1f-4f0a-9e22-8558a8738ff8", | |
"spec_version": "2.0", | |
"objects": [ | |
{ | |
"modified": "2023-02-23T19:45:50.419Z", | |
"name": "TrickBot", | |
"description": "[TrickBot](https://attack.mitre.org/software/S0266) is a Trojan spyware program written in C++ that first emerged in September 2016 as a possible successor to [Dyre](https://attack.mitre.org/software/S0024). [TrickBot](https://attack.mitre.org/software/S0266) was developed and initially used by [Wizard Spider](https://attack.mitre.org/groups/G0102) for targeting banking sites in North America, Australia, and throughout Europe; it has since been used against all sectors worldwide as part of \"big game hunting\" ransomware campaigns.(Citation: S2 Grupo TrickBot June 2017)(Citation: Fidelis TrickBot Oct 2016)(Citation: IBM TrickBot Nov 2016)(Citation: CrowdStrike Wizard Spider October 2020)", | |
"x_mitre_platforms": [ | |
"Windows" | |
], | |
"x_mitre_deprecated": false, | |
"x_mitre_domains": [ | |
"enterprise-attack" | |
], | |
"x_mitre_version": "2.0", | |
"x_mitre_contributors": [ | |
"Daniyal Naeem, BT Security", | |
"Cybereason Nocturnus, @nocturnus", | |
"Omkar Gudhate", | |
"FS-ISAC" | |
], | |
"x_mitre_aliases": [ | |
"TrickBot", | |
"Totbrick", | |
"TSPY_TRICKLOAD" | |
], | |
"type": "malware", | |
"id": "malware--00806466-754d-44ea-ad6f-0caf59cb8556", | |
"created": "2018-10-17T00:14:20.652Z", | |
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", | |
"revoked": false, | |
"external_references": [ | |
{ | |
"source_name": "mitre-attack", | |
"url": "https://attack.mitre.org/software/S0266", | |
"external_id": "S0266" | |
}, | |
{ | |
"source_name": "TrickBot", | |
"description": "(Citation: S2 Grupo TrickBot June 2017) (Citation: Trend Micro Totbrick Oct 2016) (Citation: TrendMicro Trickbot Feb 2019)" | |
}, | |
{ | |
"source_name": "TSPY_TRICKLOAD", | |
"description": "(Citation: Trend Micro Totbrick Oct 2016)" | |
}, | |
{ | |
"source_name": "Totbrick", | |
"description": "(Citation: Trend Micro Totbrick Oct 2016) (Citation: Microsoft Totbrick Oct 2017)" | |
}, | |
{ | |
"source_name": "Trend Micro Totbrick Oct 2016", | |
"description": "Antazo, F. (2016, October 31). TSPY_TRICKLOAD.N. Retrieved September 14, 2018.", | |
"url": "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/tspy_trickload.n" | |
}, | |
{ | |
"source_name": "IBM TrickBot Nov 2016", | |
"description": "Keshet, L. (2016, November 09). Tricks of the Trade: A Deeper Look Into TrickBot\u2019s Machinations. Retrieved August 2, 2018.", | |
"url": "https://securityintelligence.com/tricks-of-the-trade-a-deeper-look-into-trickbots-machinations/" | |
}, | |
{ | |
"source_name": "TrendMicro Trickbot Feb 2019", | |
"description": "Llimos, N., Pascual, C.. (2019, February 12). Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire. Retrieved March 12, 2019.", | |
"url": "https://blog.trendmicro.com/trendlabs-security-intelligence/trickbot-adds-remote-application-credential-grabbing-capabilities-to-its-repertoire/" | |
}, | |
{ | |
"source_name": "CrowdStrike Wizard Spider October 2020", | |
"description": "Podlosky, A., Hanel, A. et al. (2020, October 16). WIZARD SPIDER Update: Resilient, Reactive and Resolute. Retrieved June 15, 2021.", | |
"url": "https://www.crowdstrike.com/blog/wizard-spider-adversary-update/" | |
}, | |
{ | |
"source_name": "Microsoft Totbrick Oct 2017", | |
"description": "Pornasdoro, A. (2017, October 12). Trojan:Win32/Totbrick. Retrieved September 14, 2018.", | |
"url": "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Totbrick" | |
}, | |
{ | |
"source_name": "Fidelis TrickBot Oct 2016", | |
"description": "Reaves, J. (2016, October 15). TrickBot: We Missed you, Dyre. Retrieved August 2, 2018.", | |
"url": "https://www.fidelissecurity.com/threatgeek/2016/10/trickbot-we-missed-you-dyre" | |
}, | |
{ | |
"source_name": "S2 Grupo TrickBot June 2017", | |
"description": "Salinas, M., Holguin, J. (2017, June). Evolution of Trickbot. Retrieved July 31, 2018.", | |
"url": "https://www.securityartwork.es/wp-content/uploads/2017/07/Trickbot-report-S2-Grupo.pdf" | |
} | |
], | |
"object_marking_refs": [ | |
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" | |
], | |
"labels": [ | |
"malware" | |
], | |
"x_mitre_attack_spec_version": "3.1.0", | |
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" | |
} | |
] | |
} |