An upgraded version of TrickBot’s AnchorDNS backdoor has received a facelift of its own. The group behind TrickBot, ITG23 aka Wizard Spider, is also known for its development of the Anchor malware framework. The new, upgraded variant AnchorMail “uses an email-based [command-and-control] server which it communicates with using SMTP and IMAP protocols over TLS” The group has also benefited from a symbiotic relationship with the Conti ransomware cartel, with the latter leveraging TrickBot and Bazar loader payloads to gain a foothold for deploying the file-encrypting malware.”]
Source: https://thehackernews.com/2022/03/trickbot-malware-gang-upgrades-its.html