A cryptocurrency-mining malware that spreads to Facebook users via a malicious link in a Facebook Messenger chat.
A remote access trojan delivered via malicious Microsoft Office Word documents spread through spam. The trojan is able to detect is a Virtual Machine (VM) is running on the system using a WMI request in order to get the current temperature of the hardware.
A custom backdoor trojan used to gain remote access to compromised computers.
A remote access trojan sold as a service bundled with a VPN, C2 service, and a web-based interface.
A remote access trojan based on the leaked source code of the Ammyy Admin version 3 that provides threat actors with full control over their victims' systems.
A trojan malware that harvests and exfiltrates data from the compromised system. It is installed on a system via a first-stage malware
A trojan that creates a VBscript file that contains a path to an executable. Once a connection is made, there are three commands that the trojan can run on the infected system: Run Command, Upload a file, and Download a specified file.
A remote access trojan that persists on affected computers with full system access. It can spawn new remote desktop sessions, take screen captures and assemble them into a live stream of the affected desktop, start and kill processes on the target system, and can search, download, upload, and execute files.
A backdoor that uses raw sockets to create a reverse-shell with full network encryption and integrity checks.
The opening ceremony of the Winter Olympics held in Pyeongchang, South Korea was disrupted by a cyber-attack caused by the Olympic Destroyer trojan designed to destroy data. This trojan caused faulty Wi-Fi connections, disrupted television and internet services, and knocked the main press center offline.
A remote access trojan that uses cloud apps to deliver malicious Windows script component scriplet files that are appended with a .sct extension.
A remote access trojan that can log user keystrokes, copy the clipboard, delete files, compress files, clear event logs, shut down the machine, and more.
A Koran-language trojan used for reconnaissance and can collect detailed information about the victim's system including content on the user's hard drive.
a Korean-language trojan first observed in mid-December 2017 that gathers detailed logs about the victim's configuration, contents of the hard drive, registry, scheduled tasks, running processes, and more.
A data-gathering trojan used as a first-stage reconnaissance tool and downloader for additional malicious payloads.
A remote access trojan developed using original code and used by only one threat actor and has been used to target Ukrainian users.
A .NET framework open-source remote access trojan family used in cyber-criminal and cyber-espionage campaigns to target Windows operating system devices.
An information-stealing trojan for sale on criminal forums for 1,500 Rubles - or about $27 - and is being distributed in the wild. It can steal browser cookies, stored credentials, and monitor the Windows clipboard for certain text and, if detected, can modify that text.
A small application used to download other malware onto victim machines; it is often distributed via spam campaigns and exploit kits.
A malware variant designed to wipe data from hard drives. Used by the cyber-espionage group Sandworm team.