The TrickBot malware has added a module called rdpScanDll, built for brute-forcing remote desktop protocol (RDP) accounts. The module has been used in campaigns against telecom, education and financial services industry targets in the U.S. and Hong Kong. RDP is Microsoft s protocol for gaining remote access to another computer or server, often used by tech support for troubleshooting or by telecommuting workers. In all, these updates contained more than 6,000 IP addresses.
Source: https://threatpost.com/trickbot-trojan-rdp-brute-forcing/153915/