Detecting Trickbot with Splunk

Logo
Presented by

Rod Soto | Principal Security Research Engineer, Splunk Teoderick Contreras | Principal Security Research Engineer, Splunk

About this talk

Who Should Attend: Splunk Administrators, Security Analysts, SOC Managers Trickbot is a very popular crimeware carrier associated with recent ransomware campaigns. It is a trojan that has gained popularity from being effective at infecting and propagating botnets – one of the main financial drivers of cyber criminal groups. The effectiveness of trickbot crimeware comes from its stealthiness and versatility in installing payloads for further lateral movement and post-exploitation profit-driven activities such as cryptocurrency, ransomware, or banking fraud. But don’t worry! The Splunk Security Research team has developed an analytic story targeting Trickbot TTPs to help you detect them in your environment and respond immediately. Tune in to learn: -How Trickbots, botnets, and webinjects work together in a malicious cyber campaign -How to utilize pre-built searches to detect Trickbots in your environment -How to utilize pre-built automated playbooks to respond to Trickbots
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (286)
Subscribers (38796)
Splunk helps make organizations more resilient. Leading organizations use our unified security and observability platform to keep their digital systems secure and reliable. Organizations trust Splunk to prevent security, infrastructure, and application issues from becoming major incidents, absorb shocks from digital disruptions and accelerate digital transformation.