Prominent organizations like Symnatec, Microsoft Defender Team, NTT, ESET, FS-ISAC, and Lumen’s Black Lotus Labs coordinated for the takedown of TrickBot malware botnet. Before the takedown, all the participants conducted investigations regarding the backend infrastructure of malware modules and servers relevant to TrickBot.
The companies collated over 125,000 TrickBot malware samples. The content was thoroughly analyzed, and data extracted to map out the malware’s internal working. Such data included the servers utilized by the botnet to manipulate compromised devices and serve extra modules. Microsoft then used this data as the basis for requesting control of the TrickBot servers in court.