Like Emotet, TrickBot arrives on affected systems in the form of either embedded URLs or infected attachments in malicious spam (malspam) campaigns.
Once executed, TrickBot then spreads laterally within the network by exploiting the SMB vulnerability using either of the three widely known NSA exploits: EternalBlue, EternalRomance, or EternalChampion.
Emotet can also drop TrickBot as part of a secondary infection.
Once executed, TrickBot then spreads laterally within the network by exploiting the SMB vulnerability using either of the three widely known NSA exploits: EternalBlue, EternalRomance, or EternalChampion.
Emotet can also drop TrickBot as part of a secondary infection.
