Trickbot configuration repository

Samples gathered by mailboxes around the world (Europe, North America and Australia mainly).

All credits to unnamed antispam solution, which gives insights for a variety of threats.

Shoutout to all sharers of Trickbot config/tricks, especially @EscInSecurity (for his long-term analysis on Trickbot and encouraging me to share configs).

Configuration files follow this naming convention:

<version>_<campaign_id>_<date>.xml

Publications (most recent first)

Trickbot

• VB2017: Turning Trickbot: decoding an encrypted command-and-control channel
• Uperesia: How Trickbot tricks its victims
• Flashpoint: With a boost from Necurs, Trickbot expands its targeting to numerous U.S. financial institutions
• MalwareBytes: Trick Bot – Dyreza’s successor

Dyre(za)

• VB2015: Speaking Dyreza protocol. Advantages of 'learning' a new language
• Blueliv: Chasing cybercrime: network insights of Dyre and Dridex Trojan bankers