Trickbot Activity Increases; new VNC Module On the Radar Support How can we help? Support for Home ProductsSupport for Business Products My Account Your Account Log in to your Bitdefender account and manage security for what matters. Bitdefender CentralGravityZone CLOUD Control Center For Home For Business For Partners Company Labs Support My Account Security plans Premium Security Complete protection and unlimited VPN for 10 users. Total Security Most Popular Complete protection for 5 or 10 devices. Limited VPN. Internet Security Windows only security with limited VPN. Antivirus Plus for Windows Basic protection for Windows only. Antivirus for Mac Basic protection for Mac only. Bitdefender Premium VPN Ultra-fast VPN that keeps your online identity and activities safe from hackers, ISP's and snoops. See all security plans For existing customers Renewal & Upgrade Support Trial & free products Security plan trials Antivirus Free See all Bitdefender Premium services All Solutions PC Mac Mobile Multiplatform PRODUCTS Bitdefender BOX Internet of Things Bitdefender Premium Security Bitdefender Small Office Security Bitdefender Total Security Bitdefender Internet Security Bitdefender Antivirus Plus Bitdefender Family Pack Already a customer? Renewal & Upgrade Get Support Join the community! SERVICES Bitdefender Digital Identity Protection New Bitdefender Premium VPN Bitdefender Home Network Support Bitdefender Computer Tune-Up Bitdefender VIP Support Premium Services Live Support offered by certified experts TOOLBOX Free Tools Antivirus Free Home Scanner Compare Solutions Trial Downloads Log in to Central Free Tools PRODUCTS Bitdefender BOX Internet of Things Bitdefender Premium Security Bitdefender Small Office Security Bitdefender Total Security Bitdefender Family Pack Bitdefender Antivirus for Mac Already a customer? Renewal & Upgrade Get Support Join the community! SERVICES Bitdefender Digital Identity Protection New Bitdefender Premium VPN Premium Services Live Support offered by certified experts TOOLBOX Free Tools Virus Scanner for Mac Compare Solutions Trial Downloads Log in to Central Free Tools PRODUCTS Bitdefender BOX Internet of Things Bitdefender Premium Security Bitdefender Small Office Security Bitdefender Total Security Bitdefender Mobile Security for Android Bitdefender Mobile Security for iOS Already a customer? Renewal & Upgrade Get Support Join the community! SERVICES Bitdefender Digital Identity Protection New Bitdefender Premium VPN Premium Services Live Support offered by certified experts TOOLBOX Free Tools Antivirus Free for Android Compare Solutions Trial Downloads Log in to Central Free Tools PRODUCTS Bitdefender BOX Internet of Things Bitdefender Premium Security Bitdefender Small Office Security Bitdefender Total Security Bitdefender Family Pack Already a customer? Renewal & Upgrade Get Support Join the community! SERVICES Bitdefender Digital Identity Protection New Bitdefender Premium VPN Premium Services Live Support offered by certified experts TOOLBOX Free Tools Antivirus Free Compare Solutions Trial Downloads Log in to Central Free Tools Solutions Overview Products Solutions & Services Threat Research Why Bitdefender MID-MARKET & ENTERPRISE GravityZone Elite Prevention, Hardening, Risk, and Incident Analytics Endpoint Detection and Response Advanced attack visibility with guided investigation GravityZone Ultra Integrated Prevention, EDR and Risk Analytics Managed Detection and Response SOC-Driven, Security-Focused Outcomes SMALL BUSINESS GravityZone Advanced Business Security Next-Gen AV for All Infrastructures GravityZone Business Security Next-Gen AV for Small Businesses SPECIALTY & ADD-ON GravityZone Security for Virtualized Environments Protection for Virtual Servers and Desktops GravityZone Email Security Cloud-based Email Security GravityZone Security for Containers Purpose-built Container and Linux security MANAGED SERVICE PROVIDERS GravityZone Cloud MSP Security Advanced MSP Security Suite Security for AWS Optimized protection for AWS GRAVITYZONE PLATFORM Solutions Overview Compare Products Online deals Renew & Upgrade Try for free Switching from Symantec? ALL PRODUCTS Full list Solutions Overview Compare Products Contact Log in to GravityZone Find a Partner All Products (A-Z) SOLUTIONS Next-Gen Endpoint Security Small & Medium Businesses Secure Software-Defined Datacenter Secure Hyperconverged Infrastructure Datacenter Revolution and Security SECURITY SERVICES Managed Detection and Response Advanced Threat Intelligence SUPPORT & PROFESSIONAL SERVICES Enterprise Standard Support Enterprise Premium Support Professional Services SPECIFIC USECASES Service Providers Healthcare GDPR Compliance Solutions Overview Compare Products Contact Log in to GravityZone Find a Partner All Products (A-Z) LATEST NEWS Analysis from Bitdefender Labs New Events and Webinars Threat Map RESEARCH Threat Research Papers Annual Threat Report TOOLS Free Security Tools Solutions Overview Compare Products Contact Log in to GravityZone Find a Partner All Products (A-Z) AT A GLANCE Awards & Certifications Technology Alliances OEM Partnerships Business Insights Blog RESOURCES Webinars Case Studies White papers Resource Library INNOVATION & TECHNOLOGIES Anti-ransomware Advanced Threat Protection Hypervisor Introspection Browser Isolation Solutions Overview Compare Products Contact Log in to GravityZone Find a Partner All Products (A-Z) RESELLER PARTNERS Reselling Partner Program Overview Become a Reseller Find a Reseller Log in to PAN Portal SERVICE PROVIDERS MSP Partner Program Overview Become an MSP Partner Find an MSP Partner Log in to PAN Portal TECHNOLOGY LICENSING SOLUTIONS OEM Technology Solutions Advanced Threat Intelligence Endpoint Protection SDKs Gateway Protection SDKs LICENSING OPTIONS SDK Integration Rebranding Bundling CONNECTED HOME PARTNERS IoT Security Platform ABOUT US Overview Management Security Experts Awards & Certifications Customers Analyst Relations Careers NEWS Blogs Media Relations Latest News RESOURCES Research Industry reports White Papers Threat Map Support for Home ProductsSupport for Business Products Log in to your Bitdefender account and manage security for what matters. Bitdefender CentralGravityZone CLOUD Control Center Consumer Insights Labs Business Insights 0 Anti-Malware Research 1 min read Trickbot Activity Increases; new VNC Module On the Radar Bogdan BOTEZATURadu TUDORICA July 12, 2021 Trickbot has been around since late 2016, when it appeared in the form of a banker and credential-stealing application. Drawing inspiration from Dyre (or Dyreza), Trickbot consists of an ecosystem of plugin modules and helper components. The Trickbot group, which has infected millions of computers worldwide, has recently played an active role in disseminating ransomware. We have been reporting on notable developments in Trickbot’s lifecycle, with highlights including the analysis in 2020 of one of its modules used to bruteforce RDP connections and an analysis of its new C2 infrastructure in the wake of the massive crackdown in October 2020. Despite the takedown attempt, Trickbot is more active than ever. In May 2021, our systems started to pick up an updated version of the vncDll module that Trickbot uses against select high-profile targets. This module, known as tvncDll, is used for monitoring and intelligence gathering. It seems to be still under development, since the group has a frequent update schedule, regularly adding new functionalities and bug fixes. In addition to upgraded modules, Bitdefender has noted a significant increase in command-and-control centers deployed around the world. This new research focuses on an updated VNC module, which includes new functionalities for monitoring and intelligence gathering. Additionally, Bitdefender researchers have identified the software application that the attackers use to interact with the victims through the C2 servers. This tool is described in a dedicated chapter. A complete analysis of the new component can be found in the researcher paper available below. An up-to-date and complete list of indicators of compromise is available to Bitdefender Advanced Threat Intelligence users. Download the whitepaper tags Anti-Malware Research Author Bogdan BOTEZATU Information security professional. Living my second childhood at @Bitdefender as director of threat research. View all posts Radu TUDORICA I'm a security researcher at Bitdefender. Passionate about malware research, APTs, and cybercrime investigations, I love reverse engineering and taking hardware apart and putting it back together. View all posts Right now Top posts Miscellaneous A Note from the Bitdefender Labs Team on Ransomware and Decryptors May 26, 2021 2 min read Anti-Malware Research Whitepapers New Nebulae Backdoor Linked with the NAIKON Group April 28, 2021 1 min read Anti-Malware Research Free Tools Good riddance, GandCrab! We’re still fixing the mess you left behind. June 17, 2019 5 min read FOLLOW US ON SOCIAL MEDIA You might also like Anti-Malware Research LuminousMoth – PlugX, File Exfiltration and Persistence Revisited Bogdan BOTEZATUVictor VRABIE July 21, 2021 9 min read Anti-Malware Research Debugging MosaicLoader, One Step at a Time Janos Gergo SZELESBogdan BOTEZATU July 20, 2021 1 min read Anti-Malware Research Trickbot Activity Increases; new VNC Module On the Radar Bogdan BOTEZATURadu TUDORICA July 12, 2021 1 min read Bookmarks © 2021 Bitdefender. All Rights Reserved