Continuing with the recent changes to the Trickbot delivery system and possibly the payloads and configs today. This example is today’s latest spoof or imitation of a well-known company, bank or public authority delivering Trickbot banking Trojan. The email with the subject of ” FW: Company Complaint #DNBC920201TF” pretends to come from Dun & Bradstreet but actually comes from “service@dnbcomplaint.com” which is a look-a-like, typo-squatted or other domain that can easily be misidentified, mistaken or confused with the genuine site. These have a malicious office file attachment. Today they are using macro enabled word docs that fire off on both … Continue reading →