Researchers believe that the Domino malware is being deployed by former Conti members and has been developed by FIN7, indicating “at least some level of collaboration between the two groups."
Researchers believe that attackers behind the Anchor malware, the Trickbot gang, have ceased Trickbot operations are instead focusing on deploying stealthier versions of other malware families.
New versions of Emotet have been dropping Cobalt Strike beacons directly, rather than relying on intermediate payloads such as Trickbot.
Researchers observed known threat groups infecting victims with TrickBot for the first time in June, suggesting that the malware operators are expanding their distribution channels.
The EtterSilent builder has been used in campaigns alongside Ryuk ransomware, the Gozi banking trojan, and BazarLoader.