Finally got some time to look a little deeper at the TrickBot worm module, there’s already been a number of posts out there in regards to this malware developing plugins related to network propagation[1] with it’s worm module. As was shared by Brad (@malware_traffic)[3] in a PCAP this malware has been seen propagating over SMB, it was believed they were testing an SMB exploit but most of the PCAPs I’ve gone through show the worming happening over SMB with EternalBlue. Most of the shellc...
