A member of the Conti cybergang decided to go against the rest of the group by leaking all of TrickBot's IoCs , source codes, and chats.
TrickBot appears to have become a casualty of the ongoing war in the Ukraine. Yesterday, a member of the Conti cybergang decided to go against the rest of the group by leaking all of the group’s IoCs (Indicator of Compromise), source codes, and chats.
Today, the @ContiLeaks Twitter handle leaked Trickbot’s source code, taken from its servers and data collection servers, as well as chat messages between the Conti and the TrickBot groups. This leak shows a strong link between the two gangs and malware operators. These leaks will give researchers all around the globe a deep understanding of both groups’ operations, and the superpowers to end one of the most annoying botnets in the world.
In 2016, cybercriminals created the TrickBot Trojan, which is designed to steal banking credentials. Since then, TrickBot has evolved into a full, resilient, and sophisticated botnet. It is not only used to steal banking credentials and serve its victims phishing sites, but it has been turned into a botnet as a service which other cybercriminal groups can use to deliver further malware strains to victims, including ransomware. The latest version of TrickBot spreads Emotet, another well-known Trojan malware, which recently re-emerged after being taken down by authorities in January 2021.
There have been several attempts to take TrickBot's botnet down, but it always survived or re-emerged. The most impactful attempt was Microsoft’s attempt in October 2020 when 94% of TrickBot’s command and control servers had been taken down, from which it subsequently recovered.