New TrickBot Module Bruteforces RDP Connections, Targets Select Telecommunication Services in US and Hong Kong Support How can we help? Support for Home ProductsSupport for Business Products My Account Your Account Log in to your Bitdefender account and manage security for what matters. Bitdefender CentralGravityZone CLOUD Control Center For Home For Business For Partners Company Labs Support My Account Security plans Premium Security Complete protection and unlimited VPN for 10 users. Total Security Most Popular Complete protection for 5 or 10 devices. Limited VPN. Internet Security Windows only security with limited VPN. Antivirus Plus for Windows Basic protection for Windows only. Antivirus for Mac Basic protection for Mac only. Bitdefender Premium VPN Ultra-fast VPN that keeps your online identity and activities safe from hackers, ISP's and snoops. See all security plans For existing customers Renewal & Upgrade Support Trial & free products Security plan trials Antivirus Free See all Bitdefender Premium services All Solutions PC Mac Mobile Multiplatform PRODUCTS Bitdefender BOX Internet of Things Bitdefender Premium Security Bitdefender Small Office Security Bitdefender Total Security Bitdefender Internet Security Bitdefender Antivirus Plus Bitdefender Family Pack Already a customer? Renewal & Upgrade Get Support Join the community! SERVICES Bitdefender Digital Identity Protection New Bitdefender Premium VPN Bitdefender Home Network Support Bitdefender Computer Tune-Up Bitdefender VIP Support Premium Services Live Support offered by certified experts TOOLBOX Free Tools Antivirus Free Home Scanner Compare Solutions Trial Downloads Log in to Central Free Tools PRODUCTS Bitdefender BOX Internet of Things Bitdefender Premium Security Bitdefender Small Office Security Bitdefender Total Security Bitdefender Family Pack Bitdefender Antivirus for Mac Already a customer? Renewal & Upgrade Get Support Join the community! SERVICES Bitdefender Digital Identity Protection New Bitdefender Premium VPN Premium Services Live Support offered by certified experts TOOLBOX Free Tools Virus Scanner for Mac Compare Solutions Trial Downloads Log in to Central Free Tools PRODUCTS Bitdefender BOX Internet of Things Bitdefender Premium Security Bitdefender Small Office Security Bitdefender Total Security Bitdefender Mobile Security for Android Bitdefender Mobile Security for iOS Already a customer? Renewal & Upgrade Get Support Join the community! SERVICES Bitdefender Digital Identity Protection New Bitdefender Premium VPN Premium Services Live Support offered by certified experts TOOLBOX Free Tools Antivirus Free for Android Compare Solutions Trial Downloads Log in to Central Free Tools PRODUCTS Bitdefender BOX Internet of Things Bitdefender Premium Security Bitdefender Small Office Security Bitdefender Total Security Bitdefender Family Pack Already a customer? Renewal & Upgrade Get Support Join the community! SERVICES Bitdefender Digital Identity Protection New Bitdefender Premium VPN Premium Services Live Support offered by certified experts TOOLBOX Free Tools Antivirus Free Compare Solutions Trial Downloads Log in to Central Free Tools Solutions Overview Products Solutions & Services Threat Research Why Bitdefender MID-MARKET & ENTERPRISE GravityZone Elite Prevention, Hardening, Risk, and Incident Analytics Endpoint Detection and Response Advanced attack visibility with guided investigation GravityZone Ultra Integrated Prevention, EDR and Risk Analytics Managed Detection and Response SOC-Driven, Security-Focused Outcomes SMALL BUSINESS GravityZone Advanced Business Security Next-Gen AV for All Infrastructures GravityZone Business Security Next-Gen AV for Small Businesses SPECIALTY & ADD-ON GravityZone Security for Virtualized Environments Protection for Virtual Servers and Desktops GravityZone Email Security Cloud-based Email Security GravityZone Security for Containers Purpose-built Container and Linux security MANAGED SERVICE PROVIDERS GravityZone Cloud MSP Security Advanced MSP Security Suite Security for AWS Optimized protection for AWS GRAVITYZONE PLATFORM Solutions Overview Compare Products Online deals Renew & Upgrade Try for free Switching from Symantec? ALL PRODUCTS Full list Solutions Overview Compare Products Contact Log in to GravityZone Find a Partner All Products (A-Z) SOLUTIONS Next-Gen Endpoint Security Small & Medium Businesses Secure Software-Defined Datacenter Secure Hyperconverged Infrastructure Datacenter Revolution and Security SECURITY SERVICES Managed Detection and Response Advanced Threat Intelligence SUPPORT & PROFESSIONAL SERVICES Enterprise Standard Support Enterprise Premium Support Professional Services SPECIFIC USECASES Service Providers Healthcare GDPR Compliance Solutions Overview Compare Products Contact Log in to GravityZone Find a Partner All Products (A-Z) LATEST NEWS Analysis from Bitdefender Labs New Events and Webinars Threat Map RESEARCH Threat Research Papers Annual Threat Report TOOLS Free Security Tools Solutions Overview Compare Products Contact Log in to GravityZone Find a Partner All Products (A-Z) AT A GLANCE Awards & Certifications Technology Alliances OEM Partnerships Business Insights Blog RESOURCES Webinars Case Studies White papers Resource Library INNOVATION & TECHNOLOGIES Anti-ransomware Advanced Threat Protection Hypervisor Introspection Browser Isolation Solutions Overview Compare Products Contact Log in to GravityZone Find a Partner All Products (A-Z) RESELLER PARTNERS Reselling Partner Program Overview Become a Reseller Find a Reseller Log in to PAN Portal SERVICE PROVIDERS MSP Partner Program Overview Become an MSP Partner Find an MSP Partner Log in to PAN Portal TECHNOLOGY LICENSING SOLUTIONS OEM Technology Solutions Advanced Threat Intelligence Endpoint Protection SDKs Gateway Protection SDKs LICENSING OPTIONS SDK Integration Rebranding Bundling CONNECTED HOME PARTNERS IoT Security Platform ABOUT US Overview Management Security Experts Awards & Certifications Customers Analyst Relations Careers NEWS Blogs Media Relations Latest News RESOURCES Research Industry reports White Papers Threat Map Support for Home ProductsSupport for Business Products Log in to your Bitdefender account and manage security for what matters. Bitdefender CentralGravityZone CLOUD Control Center Consumer Insights Labs Business Insights 0 Anti-Malware Research Whitepapers 1 min read New TrickBot Module Bruteforces RDP Connections, Targets Select Telecommunication Services in US and Hong Kong Liviu ARSENE March 18, 2020 Bitdefender researchers have discovered a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations on select targets. The new module was discovered on January 30 and, based on the IP addresses it targets, victims seem to be US and Hong Kong-based, predominantly in the telecom industry. While TrickBot is a Trojan that has been around since 2016, it started out as a credential-harvesting threat mostly focusing on e-banking, while its plugin-based design has made it much more than just a threat focused on financial data theft. Security companies and researchers have previously analyzed a wide range of modules, proving that the Trojan is still under active development and undergoing constant “feature upgrades”. Key Findings: rdpScanDll: •    New module that bruteforces RDP for a specific list of victims •    Still in development, as the module features a broken attack mode •    Targets mostly in telecom, education, and financial services in the United States and Hong Kong TrickBot: •    Lateral movement modules receive the most updates •    Dynamic C&C infrastructure, mostly based in Russia. •    Over 100 new C&C IPs added each month, with an average lifetime of about 16 days The flexibility allowed by this modular architecture has turned TrickBot into a very complex and sophisticated malware capable of a wide range of malicious activities, as long as there is a plugin for it. TrickBot has been mostly distributed through spam campaigns but it was also seen in cahoots with other threats. Distributed by the Emotet spam-sending botnet to deliver Ryuk ransomware, TrickBot operators have extended its capabilities into one of the most advanced malware delivery vehicles out there. Bitdefender have kept a close eye on TrickBot and on January 30, 2020, our monitoring systems reported the delivery of a new module, performing bruteforce operations on a list of targets defined and sent by the attackers. A complete analysis of the analyzed components can be found in the researcher paper available below. An up-to-date and complete list of indicators of compromise is available to Bitdefender Advanced Threat Intelligence users. Download the whitepaper tags Anti-Malware Research Whitepapers Author Liviu ARSENE Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past few years. View all posts Right now Top posts Miscellaneous A Note from the Bitdefender Labs Team on Ransomware and Decryptors May 26, 2021 2 min read Anti-Malware Research Whitepapers New Nebulae Backdoor Linked with the NAIKON Group April 28, 2021 1 min read Anti-Malware Research Free Tools Good riddance, GandCrab! We’re still fixing the mess you left behind. June 17, 2019 5 min read FOLLOW US ON SOCIAL MEDIA You might also like Anti-Malware Research LuminousMoth – PlugX, File Exfiltration and Persistence Revisited Bogdan BOTEZATUVictor VRABIE July 21, 2021 9 min read Anti-Malware Research Debugging MosaicLoader, One Step at a Time Janos Gergo SZELESBogdan BOTEZATU July 20, 2021 1 min read Anti-Malware Research Trickbot Activity Increases; new VNC Module On the Radar Bogdan BOTEZATURadu TUDORICA July 12, 2021 1 min read Bookmarks © 2021 Bitdefender. All Rights Reserved