Researchers from Sentinal Labs have discovered a new PowerShell stager (PowerTrick) which is used by TrickBot as an Interactive Network Exploitation shell. Along with the ability to download the DNS-based Anchor malware, this stager typically also uses PowerView, Invoke-SessionGopher, Get-GPPPassword, and Get-VaultCredential, which can be used to perform further reconnaissance and credential theft on a victim’s network. Additionally, PowerTrick can be leveraged for lateral movement on a network.
Cyber War: Hackers’ Transformation from Cyber Criminals to Hacktivists
Binary Defense
November 30, 2022
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased
