Detecting Trickbot Payloads


Trickbot first originated as a banking credential theft trojan and has become a very popular crimeware carrier associated with recent ransomware campaigns. It has gained popularity with cybercriminal groups due to its ability to use webinjects to obtain credentials and browser cookies. Before any criminal actor can profit from the payloads Trickbot can deliver, you have to build a botnet – a network of compromised devices that communicate with each other over the internet.

Download your complimentary copy of Detecting Trickbots Payloads to learn:

  • the different functions and features of Trickbot malware that enables various exploitation methods
  • how Trickbot modules execute queries to collect sensitive information
  • how to use pre-built detection searches to monitor Trickbots in your environment

Splunk Solutions — Trusted Around the World

Thank you for your interest​

    I agree to receive marketing communications by email, including educational materials, product and company announcements, and community event information, from Splunk Inc. and its Subsidiaries pursuant to the terms of Splunk’s Privacy Policy. I can unsubscribe at any time.