cti-ATT-CK-v13.1/enterprise-attack/malware/malware--00806466-754d-44ea-ad6f-0caf59cb8556.json

{
    "type": "bundle",
    "id": "bundle--dbdf8fe7-ef1f-4f0a-9e22-8558a8738ff8",
    "spec_version": "2.0",
    "objects": [
        {
            "modified": "2023-02-23T19:45:50.419Z",
            "name": "TrickBot",
            "description": "[TrickBot](https://attack.mitre.org/software/S0266) is a Trojan spyware program written in C++ that first emerged in September 2016 as a possible successor to [Dyre](https://attack.mitre.org/software/S0024). [TrickBot](https://attack.mitre.org/software/S0266) was developed and initially used by [Wizard Spider](https://attack.mitre.org/groups/G0102) for targeting banking sites in North America, Australia, and throughout Europe; it has since been used against all sectors worldwide as part of \"big game hunting\" ransomware campaigns.(Citation: S2 Grupo TrickBot June 2017)(Citation: Fidelis TrickBot Oct 2016)(Citation: IBM TrickBot Nov 2016)(Citation: CrowdStrike Wizard Spider October 2020)",
            "x_mitre_platforms": [
                "Windows"
            ],
            "x_mitre_deprecated": false,
            "x_mitre_domains": [
                "enterprise-attack"
            ],
            "x_mitre_version": "2.0",
            "x_mitre_contributors": [
                "Daniyal Naeem, BT Security",
                "Cybereason Nocturnus, @nocturnus",
                "Omkar Gudhate",
                "FS-ISAC"
            ],
            "x_mitre_aliases": [
                "TrickBot",
                "Totbrick",
                "TSPY_TRICKLOAD"
            ],
            "type": "malware",
            "id": "malware--00806466-754d-44ea-ad6f-0caf59cb8556",
            "created": "2018-10-17T00:14:20.652Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "revoked": false,
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/software/S0266",
                    "external_id": "S0266"
                },
                {
                    "source_name": "TrickBot",
                    "description": "(Citation: S2 Grupo TrickBot June 2017) (Citation: Trend Micro Totbrick Oct 2016) (Citation: TrendMicro Trickbot Feb 2019)"
                },
                {
                    "source_name": "TSPY_TRICKLOAD",
                    "description": "(Citation: Trend Micro Totbrick Oct 2016)"
                },
                {
                    "source_name": "Totbrick",
                    "description": "(Citation: Trend Micro Totbrick Oct 2016) (Citation: Microsoft Totbrick Oct 2017)"
                },
                {
                    "source_name": "Trend Micro Totbrick Oct 2016",
                    "description": "Antazo, F. (2016, October 31). TSPY_TRICKLOAD.N. Retrieved September 14, 2018.",
                    "url": "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/tspy_trickload.n"
                },
                {
                    "source_name": "IBM TrickBot Nov 2016",
                    "description": "Keshet, L. (2016, November 09). Tricks of the Trade: A Deeper Look Into TrickBot\u2019s Machinations. Retrieved August 2, 2018.",
                    "url": "https://securityintelligence.com/tricks-of-the-trade-a-deeper-look-into-trickbots-machinations/"
                },
                {
                    "source_name": "TrendMicro Trickbot Feb 2019",
                    "description": "Llimos, N., Pascual, C.. (2019, February 12). Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire. Retrieved March 12, 2019.",
                    "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/trickbot-adds-remote-application-credential-grabbing-capabilities-to-its-repertoire/"
                },
                {
                    "source_name": "CrowdStrike Wizard Spider October 2020",
                    "description": "Podlosky, A., Hanel, A. et al. (2020, October 16). WIZARD SPIDER Update: Resilient, Reactive and Resolute. Retrieved June 15, 2021.",
                    "url": "https://www.crowdstrike.com/blog/wizard-spider-adversary-update/"
                },
                {
                    "source_name": "Microsoft Totbrick Oct 2017",
                    "description": "Pornasdoro, A. (2017, October 12). Trojan:Win32/Totbrick. Retrieved September 14, 2018.",
                    "url": "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Totbrick"
                },
                {
                    "source_name": "Fidelis TrickBot Oct 2016",
                    "description": "Reaves, J. (2016, October 15). TrickBot: We Missed you, Dyre. Retrieved August 2, 2018.",
                    "url": "https://www.fidelissecurity.com/threatgeek/2016/10/trickbot-we-missed-you-dyre"
                },
                {
                    "source_name": "S2 Grupo TrickBot June 2017",
                    "description": "Salinas, M., Holguin, J. (2017, June). Evolution of Trickbot. Retrieved July 31, 2018.",
                    "url": "https://www.securityartwork.es/wp-content/uploads/2017/07/Trickbot-report-S2-Grupo.pdf"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "labels": [
                "malware"
            ],
            "x_mitre_attack_spec_version": "3.1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}