| Alias Description | Votes |
|---|---|
| IcedID is a possible alias for TrickBot. IcedID is a malicious software (malware) that has been implicated in numerous cybercrime campaigns. It has been associated with other notable malware such as Qakbot, BazarLoader, CobaltStrike, Conti, Gozi, Trickbot, Quantum, Emotet, Pikabot, and SystemBC. Its distribution often involves the use of d | 8 |
| Wizard Spider is a possible alias for TrickBot. Wizard Spider, also known as ITG23, DEV-0193, Trickbot Group, Fin12, and Grimspider, is a prominent cybercrime group. As per IBM Security X-Force's research, this threat actor is responsible for developing several crypters and has been expanding the number and variety of channels it uses to distribu | 5 |
| Dyreza is a possible alias for TrickBot. Dyreza, also known as Dyre, is a sophisticated banking trojan malware that has garnered significant attention over the past several years. This malicious software is designed to exploit and damage computer systems, often infecting them through suspicious downloads, emails, or websites without user k | 3 |
| GOLD BLACKBURN is a possible alias for TrickBot. GOLD BLACKBURN is a threat actor known for its malicious cyber activities, including the operation of the TrickBot malware. This group has been observed in numerous ransomware incidents, highlighting their significant and ongoing threat to cybersecurity. The methods they employ are sophisticated and | 2 |
| Bentley is a possible alias for TrickBot. Bentley is a notorious malware that has caused significant harm in the digital world. It's a malicious software designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites without the user's knowledge. Once installed, Bentley can steal person | 2 |
| Alias Description | Association Type | Votes |
|---|---|---|
| The Emotet Malware is associated with TrickBot. Emotet is a notorious malware, short for malicious software, that is designed to exploit and damage computers or devices. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user, with the potential to steal personal information, disrupt operations, | Unspecified | 13 |
| The Conti Malware is associated with TrickBot. Conti is a type of malware, specifically ransomware, which is designed to infiltrate and damage computer systems. This malicious software can enter systems through various methods such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal persona | Unspecified | 12 |
| The Ryuk Malware is associated with TrickBot. Ryuk is a type of malware known as ransomware, which has been utilized by the threat group ITG23 for several years. This group has been notorious for crypting their malware, with crypters seen in use with other malware such as Trickbot, Emotet, Cobalt Strike, and Ryuk. In 2019, most ransomware inves | Unspecified | 11 |
| The Dyre Malware is associated with TrickBot. Dyre, also known as Dyreza or Dyzap, is a banking Trojan that was initially designed to monitor online banking transactions with the aim of stealing passwords, money, or both. It first emerged in 2009 and 2010, targeting victim bank accounts held at various U.S.-based financial institutions. These i | Unspecified | 7 |
| The QakBot Malware is associated with TrickBot. Qakbot is a type of malware, or malicious software, that infiltrates computer systems to exploit and damage them. This harmful program can infect devices through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt ope | Unspecified | 6 |
| The Bazarloader Malware is associated with TrickBot. BazarLoader is a type of malware developed by the TrickBot group, primarily used to gain initial access to a victim's infrastructure in ransomware attacks. This malware has been associated with various threat groups, including ITG23, which has used BazarLoader alongside other malware like Trickbot a | Unspecified | 6 |
| The Bumblebee Malware is associated with TrickBot. Bumblebee is a type of malware that has been linked to ITG23, a cyber threat group. Over the past year, it has been used in conjunction with other initial access malwares such as Emotet, IcedID, Qakbot, and Gozi during ITG23 attacks. The same values for self-signed certificates seen in Bumblebee hav | Unspecified | 5 |
| The malware Emotet, Trickbot is associated with TrickBot. | Unspecified | 4 |
| The Dridex Malware is associated with TrickBot. Dridex is a notorious malware, specifically a banking Trojan, designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. This malicious software was primarily used by the Russian cybercriminal group, Evil Corp, founded in 2014. The group ta | Unspecified | 3 |
| The Bazarbackdoor Malware is associated with TrickBot. BazarBackdoor is a type of malware developed by ITG23, first identified in April 2020. It is commonly distributed via contact forms on corporate websites, bypassing regular phishing emails, which makes it harder to detect. The malware is often associated with BazarLoader, both of which were used ext | Unspecified | 3 |
| The Hive Malware is associated with TrickBot. Hive is a form of malware, specifically ransomware, designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Hive can steal personal information, disrupt operations, or hold data hostag | Unspecified | 3 |
| The Smokeloader Malware is associated with TrickBot. SmokeLoader is a malicious software (malware) that acts as a loader for other malware, injecting malicious code into the currently running explorer process and downloading additional payloads to the system. It has been used in conjunction with Phobos ransomware by threat actors who exploit its funct | Unspecified | 3 |
| The Lockbit Malware is associated with TrickBot. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers or | Unspecified | 2 |
| The Royal Ransomware Malware is associated with TrickBot. Royal Ransomware is a form of malware that was active from September 2022 through June 2023. This malicious software, designed to exploit and damage computers or devices, would infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it could stea | Unspecified | 2 |
| The Netwalker Malware is associated with TrickBot. NetWalker is a highly profitable ransomware kit, known for its ability to disable antivirus software on Windows 10 systems and encrypt files, adding a random extension to the encrypted ones. Once executed, it disrupts operations and can even hold data hostage for ransom. It has been observed that Ne | Unspecified | 2 |
| The Akira Malware is associated with TrickBot. Akira is a potent ransomware that has been active since 2023, known for its aggressive encryption tactics and swift deployment. This malware, which brings a unique '80s aesthetic to the dark web, has quickly risen in prominence within the cybercrime landscape. It has targeted hundreds of victims glo | Unspecified | 2 |
| The Anchor Malware is associated with TrickBot. Anchor is a type of malware, a harmful software designed to exploit and damage computers or devices. It can infiltrate systems through various means such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operatio | Unspecified | 2 |
| The Cobaltstrike Malware is associated with TrickBot. CobaltStrike is a type of malware, or malicious software, that infiltrates systems to exploit and damage them. It can gain access via suspicious downloads, emails, or websites and then steal personal information, disrupt operations, or hold data for ransom. CobaltStrike has been observed in conjunct | Unspecified | 2 |
| The malware Trickbot’s is associated with TrickBot. | Unspecified | 2 |
| Alias Description | Association Type | Votes |
|---|---|---|
| The Trickbot Group Threat Actor is associated with TrickBot. The Trickbot Group, also known as ITG23, Wizard Spider, or DEV-0193, is a cybercriminal entity notorious for its malicious activities. This threat actor group has been linked to Russian intelligence services and primarily targets non-Russian entities, including financial institutions and hospitals, | Unspecified | 10 |
| The ITG23 Threat Actor is associated with TrickBot. ITG23, also known as the Trickbot/Conti syndicate, is a significant threat actor that has been active since 2016 in the East European cybercrime arena. This group is renowned for its use of Reflective DLL Injection code in many of its crypters, with the presence of these crypters on a file sample be | Unspecified | 2 |
| The Conti Ransomware Gang Threat Actor is associated with TrickBot. The Conti ransomware gang, a notorious threat actor in the cybersecurity landscape, has been responsible for extorting at least $180 million globally. The gang is infamous for the HSE cyberattack in 2021 and has been sanctioned by the National Crime Agency (NCA). In late 2021, experts suggested that | Unspecified | 2 |
| The Hive0106 Threat Actor is associated with TrickBot. Hive0106, also known as TA551, is a notable threat actor recognized for its association with ITG23, another prominent entity in the cybercrime landscape. This partnership has been observed since mid-2021 by X-Force, a cybersecurity firm. Hive0106's primary role is as a distribution affiliate, delive | Unspecified | 2 |
| The Hive Ransomware Threat Actor is associated with TrickBot. Hive ransomware, a prominent threat actor active in 2022, was known for its widespread malicious activities in numerous countries, including the US. The group's modus operandi involved the use of SharpRhino, which upon execution, established persistence and provided remote access to the attackers, e | Unspecified | 2 |
| The FIN7 Threat Actor is associated with TrickBot. FIN7, also known as Carbanak, Carbon Spider, Cobalt Group, and Navigator Group, is a notorious cybercrime group that has been active since 2012. The group is recognized for its advanced combination of malware and social engineering tactics, having executed numerous successful attacks against global | Unspecified | 2 |
| The Conti Team Threat Actor is associated with TrickBot. The Conti team, a threat actor group known for its malicious activities in the cyber realm, has seen significant developments and transformations over recent years. In September 2022, a splinter group from Conti Team One resurfaced under the name Royal Ransomware, conducting callback phishing attack | Unspecified | 2 |
| The Zeon Threat Actor is associated with TrickBot. Zeon, a known threat actor in the cybersecurity landscape, has been linked to several high-profile ransomware attacks. It was instrumental in crypting SVCReady and CargoBay loaders, observed in Quantum and Royal ransomware attacks respectively. Zeon has also employed third-party ransomware such as B | Unspecified | 2 |
| Alias Description | Association Type | Votes |
|---|---|---|
| The vulnerability CVE-2021-40444 is associated with TrickBot. | Unspecified | 2 |
| Preview | Source Link | CreatedAt | Title |
|---|---|---|---|
| InfoSecurity-magazine | a month ago | ||
| Securityaffairs | a month ago | ||
| Securityaffairs | 4 months ago | ||
| Securityaffairs | 4 months ago | ||
| Krebs on Security | 4 months ago | ||
| Securityaffairs | 4 months ago | ||
| Securityaffairs | 4 months ago | ||
| Securityaffairs | 5 months ago | ||
| Securityaffairs | 5 months ago | ||
| Securityaffairs | 5 months ago | ||
| Securityaffairs | 5 months ago | ||
| BankInfoSecurity | 5 months ago | ||
| Securityaffairs | 5 months ago | ||
| Securityaffairs | 6 months ago | ||
| InfoSecurity-magazine | 6 months ago | ||
| RIA - Information System Authority | 6 months ago | ||
| DARKReading | 6 months ago | ||
| DARKReading | 6 months ago | ||
| Krebs on Security | 6 months ago | ||
| BankInfoSecurity | 6 months ago |