VERY IMPORTANT

TrickBot has long been one of the key malware families in the wild. Despite recent disruption events, the operators continue to drive forward with the malware and have recently begun porting portions of its code to the Linux operating system. As this technical deep dives shows, the communication between the command-and-control (C2) server and the bot are extremely complex. Additionally, we have analyzed the C2 communication process of the Linux version of TrickBots' Anchor module.