An analyst Jrme Segura captured an interesting payload in the wild. It turned out to be a new bot that, at the moment of analysis, hadnt been described yet. According to strings found inside the code, the authors named it TrickBot (or TrickLoader) Many links indicate that this bot is another product of the threat actors previously behind Dyreza, a credential-stealer. The malware drops additional modules downloaded from the C&C, which are also stored encrypted.”]
Source: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/