Instead of relying on premade and well-known toolkits, the threat actors behind the TrickBot trojan decided to develop a private post-exploitation toolkit called PowerTrick to spread malware laterally throughout a network.
When an attacker gains access to a victim's network, they will attempt to quietly gain access to user and administrator credentials and then laterally spread to the other devices on the network.
This type of lateral movement is typically done through post-exploitation toolkits or frameworks, such as PowerShell Empire, that makes it easier to harvest credentials, execute commands on computers, and deploy malware.
