The Trickbot botnet malware continues to be the most prevalent threat on Check Point s radar. Trickbot has been around for almost half a decade and is one of the largest botnets today that sells access to various threat actors. Its VNC module is called tvncDLL and allows the threat actor to monitor the victim and collect information that would enable pivoting to valuable systems on the network. It reaches the command and control server through one of nine proxy IP addresses that enable access to victims behind firewalls.
Source: https://www.bleepingcomputer.com/news/security/trickbot-updates-its-vnc-module-for-high-value-targets/