{"id":38183,"date":"2020-11-12T13:20:00","date_gmt":"2020-11-12T13:20:00","guid":{"rendered":"https:\/\/www.darkreading.com\/threat-intelligence\/like-the-energizer-bunny-trickbot-goes-on-and-on-\/d\/d-id\/1339432"},"modified":"2020-11-12T13:20:00","modified_gmt":"2020-11-12T13:20:00","slug":"like-the-energizer-bunny-trickbot-goes-on-and-on","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/like-the-energizer-bunny-trickbot-goes-on-and-on\/","title":{"rendered":"Like the Energizer Bunny, Trickbot Goes On and On"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<header><\/header>\n<p><span class=\"strong black\">Recent efforts to take down the virulent botnet have been largely &#8212; but not entirely &#8212; successful.<\/span><\/p>\n<p class>Operators of the Trickbot botnet that has infected more than 1 million systems worldwide with ransomware and other malware are providing a textbook example of just how difficult it can be to truly take out international cybercrime operations.<\/p>\n<p>Weeks after US Cyber Command, Microsoft, and several others took coordinated action to extensively disrupt Trickbot activity, there are signs the&nbsp;botnet operators have still not fully given up yet.<\/p>\n<p>Threat intelligence firm Intel 471 this week reported it had observed signs that a new version of Trickbot is being distributed via spam even as the operators of the malware have begun using a different tool known as BazarLoader to distribute Ryuk ransomware.<\/p>\n<p>According to Intel 471, BazarLoader appears to have been developed by the same group behind Trickbot, sharing some of the same code and infrastructure as the latter. It&#8217;s presently unclear whether Trickbot operators have switched completely to BazarLoader or if they would return to using the Trickbot botnet at a later date, the threat intelligence firm said in a <a href=\"https:\/\/public.intel471.com\/blog\/trickbot-update-november-2020-bazar-loader-microsoft\/\" target=\"_blank\" rel=\"noopener noreferrer\">report<\/a> this week.<\/p>\n<p>The Ryuk ransomware version that&#8217;s being distributed in growing numbers has also been associated with Trickbot, Intel 471 said. Together, the data indicates that the group behind Trickbot is still successfully launching targeted ransomware attacks, though their original infrastructure appears to have been all but wiped out, Intel 471 said.<\/p>\n<p>Kacey Clark, threat researcher&nbsp;at&nbsp;Digital Shadows, says Ryuk and Conti ransomware delivery has increased in recent weeks, as has threat groups who are purchasing access to Trickbot-infected machines to leverage in their own attacks.&nbsp;<\/p>\n<p>&#8220;Throughout the takedown efforts carried out by security practitioners, Trickbot operators have continuously attempted to spin up new [command-and-control] instances,&#8221; Clark says. &#8220;[As a result], Trickbot operators still maintain access to non-US-based infrastructure, allowing them to continue their attacks.&#8221;&nbsp;&nbsp;<\/p>\n<p>Trickbot and the group behind it have presented a persistent problem for defenders for several years. The malware first surfaced in 2016 as a banking Trojan and over the years has morphed into a sophisticated tool for delivering ransomware, cryptominers, and other banking Trojans. The operators of the malware itself have established what is believed to be a lucrative crimeware-as-a-service operation that, among other things, sells access to thousands of networks they have previously breached.<\/p>\n<p>The group has been associated with a particularly sophisticated malware toolset called Anchor, which is designed for use against high-value targets. Last year, Trickbot operators are believed to have provided North Korea&#8217;s Lazarus Group with <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/trickbot-operators-now-selling-attack-tools-to-apt-actors\/d\/d-id\/1336590\" target=\"_blank\" rel=\"noopener noreferrer\">access to Anchor<\/a> in a first-of-its-kind collaboration between a cybercrime group and an advanced persistent threat actor. Earlier this year there were concerns about the group <a href=\"https:\/\/www.darkreading.com\/vulnerabilities---threats\/trickbot-phishing-ransomware-and-elections\/a\/d-id\/1339190\" target=\"_blank\" rel=\"noopener noreferrer\">potentially targeting<\/a> election infrastructure as well.<\/p>\n<p><strong>Coordinated Takedown Attempts<br \/><\/strong>Between September and early November, US Cyber Command, Microsoft, and several others including the Financial Services Information Sharing and Analysis Committee (FS-ISAC) took a <a href=\"https:\/\/www.darkreading.com\/vulnerabilities---threats\/advanced-threats\/security-firms-and-financial-group-team-up-to-take-down-trickbot\/d\/d-id\/1339155\" target=\"_blank\" rel=\"noopener noreferrer\">series of steps<\/a> to disrupt and break Trickbot activities. The efforts included disrupting the group&#8217;s back-end servers and seizing numerous IP addresses associated with Trickbot command-and-control (C2) servers.<\/p>\n<p>Mark Arena, CEO of Intel 471, says US Cyber Command, among other actions, likely breached the back end of Trickbot&#8217;s infrastructure and used that to modify the configuration files that were sent to Trickbot infected systems.<\/p>\n<p>&#8220;The tactics used by US Cyber Command appeared to be orientated toward cutting off the actors behind Trickbot from the systems they had infected,&#8221; Arena says. It&#8217;s likely that the action caused Trickbot operators to lose access to a &#8220;decent amount&#8221; of infected systems, he says.<\/p>\n<p>Microsoft&#8217;s focus, meanwhile, was on taking down Trickbot&#8217;s control servers by contacting the respective hosting companies and ISPs using court orders.<\/p>\n<p>The actions have considerably disrupted Trickbot operations but have not erased them completely. With each infrastructure hit, the group has kept devising ways to regain control of it. For instance, when Cyber Command initially succeeded in poisoning Trickbot configuration files, the group was able to restore working files on their C2 servers in 24 hours Intel 471 said. Similarly, when Microsoft began its takedown operations, Trickbot kept setting up new infrastructure in response.<\/p>\n<p>For the moment, the substantial efforts to squelch Trickbot activity appear to have largely worked. At the very least, the actions have forced the threat actors to spend time devising new ways to respond.<\/p>\n<p>&#8220;It&#8217;s expected that they will invest greater efforts in redundancy, including globally distributed command-and-control servers and backup command-and-control methods that are resistant to takedowns,&#8221; Arena says. &#8220;The only real long-term blow that we expect to be effective at halting Trickbot permanently would be arrests of the criminals behind Trickbot.&#8221;&nbsp;&nbsp;<\/p>\n<p>Clark says the continued Trickbot activity shows how resilient and quick on their feet malware operators can be when pressured.<\/p>\n<p>&#8220;As the takedown efforts forced a significant amount of Trickbot infrastructure offline, operators identified new C2 servers and leveraged out-of-band infrastructure to continue their campaign,&#8221; she says. &#8220;Unfortunately, operations of this caliber are resilient and complex, making it very challenging to rid the malware from existence entirely.&#8221;<\/p>\n<p><span class=\"italic\">Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year &#8230; <a href=\"https:\/\/www.darkreading.com\/author-bio.asp?author_id=1912\">View Full Bio<\/a><\/span><\/p>\n<p><strong>Recommended Reading:<\/strong><\/p>\n<p><span class=\"smaller strong red allcaps\">More Insights<\/span><\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/like-the-energizer-bunny-trickbot-goes-on-and-on-\/d\/d-id\/1339432?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recent efforts to take down the virulent botnet have been largely &#8212; but not entirely &#8212; successful. Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/like-the-energizer-bunny-trickbot-goes-on-and-on-\/d\/d-id\/1339432?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-38183","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Like the Energizer Bunny, Trickbot Goes On and On 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/like-the-energizer-bunny-trickbot-goes-on-and-on\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Like the Energizer Bunny, Trickbot Goes On and On 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/like-the-energizer-bunny-trickbot-goes-on-and-on\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-11-12T13:20:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/like-the-energizer-bunny-trickbot-goes-on-and-on\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/like-the-energizer-bunny-trickbot-goes-on-and-on\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Like the Energizer Bunny, Trickbot Goes On and On\",\"datePublished\":\"2020-11-12T13:20:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/like-the-energizer-bunny-trickbot-goes-on-and-on\\\/\"},\"wordCount\":907,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/like-the-energizer-bunny-trickbot-goes-on-and-on\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/like-the-energizer-bunny-trickbot-goes-on-and-on\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/like-the-energizer-bunny-trickbot-goes-on-and-on\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/like-the-energizer-bunny-trickbot-goes-on-and-on\\\/\",\"name\":\"Like the Energizer Bunny, Trickbot Goes On and On 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/like-the-energizer-bunny-trickbot-goes-on-and-on\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/like-the-energizer-bunny-trickbot-goes-on-and-on\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\",\"datePublished\":\"2020-11-12T13:20:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/like-the-energizer-bunny-trickbot-goes-on-and-on\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/like-the-energizer-bunny-trickbot-goes-on-and-on\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/like-the-energizer-bunny-trickbot-goes-on-and-on\\\/#primaryimage\",\"url\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\",\"contentUrl\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/like-the-energizer-bunny-trickbot-goes-on-and-on\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Like the Energizer Bunny, Trickbot Goes On and On\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Like the Energizer Bunny, Trickbot Goes On and On 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/like-the-energizer-bunny-trickbot-goes-on-and-on\/","og_locale":"en_US","og_type":"article","og_title":"Like the Energizer Bunny, Trickbot Goes On and On 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/like-the-energizer-bunny-trickbot-goes-on-and-on\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-11-12T13:20:00+00:00","og_image":[{"url":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/like-the-energizer-bunny-trickbot-goes-on-and-on\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/like-the-energizer-bunny-trickbot-goes-on-and-on\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Like the Energizer Bunny, Trickbot Goes On and On","datePublished":"2020-11-12T13:20:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/like-the-energizer-bunny-trickbot-goes-on-and-on\/"},"wordCount":907,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/like-the-energizer-bunny-trickbot-goes-on-and-on\/#primaryimage"},"thumbnailUrl":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/like-the-energizer-bunny-trickbot-goes-on-and-on\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/like-the-energizer-bunny-trickbot-goes-on-and-on\/","url":"https:\/\/www.threatshub.org\/blog\/like-the-energizer-bunny-trickbot-goes-on-and-on\/","name":"Like the Energizer Bunny, Trickbot Goes On and On 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/like-the-energizer-bunny-trickbot-goes-on-and-on\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/like-the-energizer-bunny-trickbot-goes-on-and-on\/#primaryimage"},"thumbnailUrl":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","datePublished":"2020-11-12T13:20:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/like-the-energizer-bunny-trickbot-goes-on-and-on\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/like-the-energizer-bunny-trickbot-goes-on-and-on\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/like-the-energizer-bunny-trickbot-goes-on-and-on\/#primaryimage","url":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","contentUrl":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/like-the-energizer-bunny-trickbot-goes-on-and-on\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Like the Energizer Bunny, Trickbot Goes On and On"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/38183","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=38183"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/38183\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=38183"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=38183"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=38183"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}