Sign In with your
Trend Micro Account
需要協助?
需要協助?

若您需要技術支援,請 按此建立案件。

TRICKBOT’s newly released modules makes it even trickier

    • 更新於:
    • 1 Apr 2019
    • 產品/版本:
    • Deep Security 10.0
    • Deep Security 10.1
    • Deep Security 10.2
    • Deep Security 10.3
    • Deep Security 11.0
    • Deep Security 11.1
    • Deep Security 11.2
    • Deep Security 11.3
    • Email Encryption Gateway 5.5
    • OfficeScan 11.0
    • OfficeScan XG.All
    • Worry-Free Business Security Standard/Advanced 10.0
    • Worry-Free Business Security Standard/Advanced 8.0
    • Worry-Free Business Security Standard/Advanced 9.0
    • Worry-Free Business Security Standard/Advanced 9.5
    • 作業系統:
    • N/A N/A
概要

Trickbot is a banking Trojan which is used in cyber attacks against small and medium-sized businesses. It is designed to access online accounts, especially bank accounts to obtain Personally Identifiable Information (PII) to be used in identity fraud.

Some of Trickbot’s new modules steal credentials for remote computer access with a newer version targeting passwords for Virtual Networking Computing (VCN), PuTTY and Remote Desktop Protocol (RDP). The other modules perform tasks for stealing bank information, system/network reconnaissance, credential harvesting, and network propagation.

Infection Details

trickbot

Capabilities

  • Information Theft
  • Rootkit Capability
  • Propagation
  • Download Routine
詳情
Public

Available Solution (GMT +8)

VSAPI/SMART

PatternDetection/Policy/RulesPattern branch/versionRelease date/time
TrendXTroj.Win32.TRX.XXPE50F13006
TROJ.Win32.TRX.XXPE50FFF028
TSPY.Win32.TRX.XXPE50FFF029
N/AMarch 1, 2019
VSAPITrojanSpy.Win32.TRICKBOT.THCBOAI
TrojanSpy.Win32.TRICKBOT.TIGOCAY
TrojanSpy.Win32.TRICKBOT.TIGOCAS
Trojan.W97M.TRICKBOT.A
TrojanSpy.Win32.TRICKBOT.TIGOCBO
TrojanSpy.Win32.TRICKBOT.SMTH
TrojanSpy.Win32.TRICKBOT.TIGOCAW
TrojanSpy.Win32.TRICKBOT.TIGOCBJ
TrojanSpy.Win32.TRICKBOT.TIGOCBC
TrojanSpy.Win32.TRICKBOT.SMXF
TrojanSpy.Win32.TRICKBOT.THCBBAI
TrojanSpy.Win32.TRICKBOT.THCAIAI
TrojanSpy.Win32.TRICKBOT.TIGOCBH
Ent OPR 14.885.01March 20, 2019

Behavioral Monitoring

PatternDetection/Policy/RulesPattern branch/versionRelease date
AEGIS4955TTMTD OPR 1761March 12, 2018
AEGIS2953TTMTD OPR 1699September 8, 2017

Email Protection

SubjectMD5Pattern branch/versionRelease date
Applicationc9395d54c9b07a12694af8f4222d4eb4AS 4510.006March 25, 2019
Jobdb6f35c2efc17683b311d471a92c1d35AS 4510.006March 25, 2019
Hiringdf773a135afad6cea47a44370f88ff28AS 4510.006March 25, 2019
Jobc48f032acc660ea9b50e10903e0e904eAS 4510.006March 25, 2019
Applicationead1f7c3f9d3fa14595db86dc711b610AS 4510.006March 25, 2019
RE: Tax verification documentsdae7fe538dd4ae8d6e75abc0123ca68eAS 4510.006March 25, 2019
Jobe05d3bfc1cad299c1f12986cbddac003AS 4510.006March 25, 2019
Regarding position9a9d03263faac91f9bf82495998fc44cAS 4510.006March 25, 2019
Job73fde1abda7401b239eed596a29ab663AS 4510.006March 25, 2019
RE: Tax verification documents64b773fe12c2d9455f2b14d61a3a6c42AS 4510.006March 25, 2019

URL Protection

URLCategoryBlocking Date
hxxp://91.200.100.233/radiance.pngMalware AccompliceMarch 12, 2019
hxxp://91.200.100.233/table.pngMalware AccompliceMarch 12, 2019
hxxp://5.2.76.181/sin.pngMalware AccompliceMarch 12, 2019
hxxp://handbuiltapps.com/logHbst.phpMalware AccompliceMarch 6, 2019
hxxp://94.250.253.158/sin.pngMalware AccompliceMarch 5, 2019
hxxp://213.226.68.223/radiance.pngMalware AccompliceMarch 5, 2019
hxxp://tdsecuremail.com/Secure.MailMalware AccompliceFebruary 27, 2019
hxxp://168.235.103.35/table.pngMalware AccompliceMarch 6, 2019
hxxp://interiorswelove.co.uk/Day9HnXqSD.exeMalware AccompliceFebruary 28, 2019
hxxp://92.38.163.60/tin.pngMalware AccompliceMarch 9, 2019
hxxp://92.38.163.60/sin.pngMalware AccompliceMarch 9, 2019
hxxp://92.38.163.60/win.pngMalware AccompliceMarch 9, 2019
 
Make sure to always use the latest pattern available to detect the old and new variants of Trickbot.

Recommendation

Please refer to the KB article on How to best protect your network using Trend Micro products.
You may also check the atricle on Submitting suspicious or undetected virus for file analysis to Technical Support.
For support assistance, please contact Trend Micro Technical Support.

Premium
Internal
評價:
分類:
Remove a Malware / Virus
解決方案ID:
1122411
評定這個解決方案
本文是否幫助解決您的問題?

感謝您的意見!

請留下您的Email方便進一步的聯繫,協助我們改進文章內容:
我們不會透過以上Email寄送任何可能騷擾您的垃圾信.

本意見調查系統為自動運作,將不會回覆如銷售、技術、產品等一般問題.

若您需要協助,請聯繫對應的技術支援窗口. 聯絡我們


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.