Detecting Trickbot with Splunk

Presented by

Rod Soto | Principal Security Research Engineer, Splunk Teoderick Contreras | Principal Security Research Engineer, Splunk

About this talk

Who Should Attend: Splunk Administrators, Security Analysts, SOC Managers Trickbot is a very popular crimeware carrier associated with recent ransomware campaigns. It is a trojan that has gained popularity from being effective at infecting and propagating botnets – one of the main financial drivers of cyber criminal groups. The effectiveness of trickbot crimeware comes from its stealthiness and versatility in installing payloads for further lateral movement and post-exploitation profit-driven activities such as cryptocurrency, ransomware, or banking fraud. But don’t worry! The Splunk Security Research team has developed an analytic story targeting Trickbot TTPs to help you detect them in your environment and respond immediately. Tune in to learn: -How Trickbots, botnets, and webinjects work together in a malicious cyber campaign -How to utilize pre-built searches to detect Trickbots in your environment -How to utilize pre-built automated playbooks to respond to Trickbots

Related topics:

More from this channel

Upcoming talks (15)
On-demand talks (263)
Subscribers (33144)
Splunk is the world’s first Data-to-Everything Platform. Now organizations no longer need to worry about where their data is coming from, and they are free to focus on the business outcomes that data can deliver. Innovators in IT, Security, IoT and business operations can now get a complete view of their business in real time, turn data into business outcomes, and embrace technologies that prepare them for a data-driven future.