New TrickBot Module Bruteforces RDP Connections, Targets Select Telecommunication Services in US and Hong Kong

Bitdefender
March 23, 2020

Whitepaper Details

Author:
Radu Tudorica – Security Researcher, Cyber Threat Intelligence Lab
Co-authors:
Alexandru Maximciuc – Team Leder, Cyber Threat Intelligence Lab
Cristina Vatamanu – Senior Team Leader, Cyber Threat Intelligence Lab

Bitdefender researchers have discovered a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations on select targets. The new module was discovered on January 30 and, based on the IP addresses it targets, victims seem to be US and Hong Kong-based, predominantly in the telecom industry.

While TrickBot is a Trojan that has been around since 2016, it started out as a credential-harvesting threat mostly focusing on e-banking, while its plugin-based design has made it much more than just a threat focused on financial data theft. Security companies and researchers have previously analyzed a wide range of modules, proving that the Trojan is still under active development and undergoing constant “feature upgrades”.

Key Findings:

rdpScanDll:

  • New module that bruteforces RDP for a specific list of victims
  • Still in development, as the module features a broken attack mode
  • Targets mostly in telecom, education, and financial services in the United States and Hong Kong

TrickBot:

  • Lateral movement modules receive the most updates
  • Dynamic C&C infrastructure, mostly based in Russia.
  • Over 100 new C&C IPs added each month, with an average lifetime of about 16 days

The flexibility allowed by this modular architecture has turned TrickBot into a very complex and sophisticated malware capable of a wide range of malicious activities, as long as there is a plugin for it.

TrickBot has been mostly distributed through spam campaigns but it was also seen in cahoots with other threats. Distributed by the Emotet spam-sending botnet to deliver Ryuk ransomware, TrickBot operators have extended its capabilities into one of the most advanced malware delivery vehicles out there.

Bitdefender have kept a close eye on TrickBot and on January 30, 2020, our monitoring systems reported the delivery of a new module, performing bruteforce operations on a list of targets defined and sent by the attackers.

Publisher's website.

DOWNLOAD

Price: FREE

DOWNLOAD COUNT: 1,230

SHARE:
Share on linkedin
Share on facebook
Share on twitter
Share on email

DOWNLOAD

Price: FREE

COVER

PROVIDER

Bitdefender
Bitdefender is a Romanian cybersecurity and anti-virus software company. Bitdefender develops and sells anti-virus software, internet security software, endpoint security software, and other cybersecurity products and services.

TOPICS

more from this PUBLISHER

More Evidence of APT Hackers-for-Hire Used for Industrial Espionage
Thu, Aug 27
Free Direct Download
More Evidence of APT Hackers-for-Hire Used for Industrial Espionage
Bitdefender
Cracking the August SmartLock: WiFi Password Eavesdropping Made Easy
Tue, Aug 11
Free Direct Download
Cracking the August SmartLock: WiFi Password Eavesdropping Made Easy
Bitdefender
StrongPity APT – Revealing Trojanized Tools, Working Hours and Infrastructure
Wed, Jul 01
Free Direct Download
StrongPity APT - Revealing Trojanized Tools, Working Hours and Infrastructure
Bitdefender
The Indelible Impact of COVID-19 on Cybersecurity
Thu, Jun 18
Free Direct Download
The Indelible Impact of COVID-19 on Cybersecurity
Bitdefender
BANNER FOR ADVERTISEMENT
BANNER FOR ADVERTISEMENT

MORE FOR YOU

Data Protection for ThinkAgile VX
Sun, Nov 15
Free Direct Download
Data Protection for ThinkAgile VX
Veeam Software
Detect & Respond to Ransomware with Veeam ONE
Sat, Nov 14
Free Direct Download
Detect & Respond to Ransomware with Veeam ONE
Veeam Software
Making an impact with Cloud Data Management
Thu, Nov 12
Free Direct Download
Making an impact with Cloud Data Management
Veeam Software
Mitigating Risk Against Ransomware in the Healthcare Sector
Tue, Nov 10
Free Direct Download
Mitigating Risk Against Ransomware in the Healthcare Sector
Veeam Software

TRENDING NOW IN THE MARKETPLACE

Data Protection for ThinkAgile VX
Sun, Nov 15
Free Direct Download
Data Protection for ThinkAgile VX
Veeam Software
Detect & Respond to Ransomware with Veeam ONE
Sat, Nov 14
Free Direct Download
Detect & Respond to Ransomware with Veeam ONE
Veeam Software
Making an impact with Cloud Data Management
Thu, Nov 12
Free Direct Download
Making an impact with Cloud Data Management
Veeam Software
Mitigating Risk Against Ransomware in the Healthcare Sector
Tue, Nov 10
Free Direct Download
Mitigating Risk Against Ransomware in the Healthcare Sector
Veeam Software
Scroll to Top