Named masrv, the component incorporates a copy of the Masscan open-source utility in order to scan local networks for other systems with open ports that can be attacked at a later stage. The idea behind masrv is to drop the component on newly infected devices, send a series of Masscan commands, let the component scan the local network, and upload the scan results to a Trickbot command and control server. If the scan finds systems with sensitive or management ports left open inside an internal network —which is very common in most companies— the Trickbot gang can then deploy other modules specialized in exploiting those loopholes and move laterally to infect new systems.