TrickBot Droppers and Downloaders: Detecting a Stealthy COVID-19-themed Campaign using Toolmarks
released on 2020-10-22 @ 06:24:33 PM
Starting on 16 September 2020, Bromium detected a high-volume TrickBot spam campaign that used the gtag "ono76", where the Trojan was embedded in hundreds of encrypted DOCM attachments masquerading as COVID-19 alerts and invoices. Bromium found over 400 documents that were identical except for two bytes that had been modified.