Odinaff is a trojan that was designed to gain a foothold on a specific target’s network in order to maintain persistence. Odinaff spreads through a variety of methods such as macro-enabled malicious documents, botnets, and password-protected RAR files. It is only used to launch the initial attack on the targeted network. It is equipped with custom tools that are installed separately by hackers to launch further attacks against the target. The attacks are physically coordinated with other hackers so that the tools can be deployed and operated strategically. Odinaff has been recently discovered to be part of a campaign that has launched attacks against SWIFT users and global financial organizations since January 2016. It has also been suspected to be linked to the Carbanak campaign/trojan.

Reporting and Technical Details

  • October 2016: The US is the most frequently targeted victim of Odinaff. (Symantec)

One example of an Odinaff macro-enabled document. Image Source: Symantec