Trickbot Mystery

Industry: N/A | Level: Strategic | Source: Intel471

Corresponding with AdvIntel's reports of fading Trickbot activity, Intel471 also reports the noticeably dormant activity from the notorious malware, as no new Trickbot campaigns have been observed in the 2022 year. Tracking of Trickbot campaigns has only identified three during the month of December 2021 with the latest campaign occurring on December 28th, 2021. The activity from December is lower than the eight identified in November 2021. In addition, Intel471 observes a lack of updates to "onboard malware configuration files (mcconf), which contain a list of controller addresses the bot can connect to." The drop in Trickbot activity is theorized to be due to a shift in operations in favor of Emotet. The lack of Trickbot activity is not a sign the malware operations are dead as its command and control infrastructure remains active. Associated malware to Trickbot such as Emotet, Bazar and Bokbot should be closely monitored especially as they are closely tied to ransomware deployments such as Conti.