The StoneDrill Trojan, a wiper malware similar to the Shamoon malware and reuses code from the “NewsBeef” espionage campaign, was first reported in March 2017 by Kaspersky. Its features include advanced evasion techniques, including injecting wiping modules into the computer’s memory associated with the user’s preferred browser, and a backdoor capability used for espionage purposes. 


The Hancitor Trojan, also known as Chanitor, is a downloader first observed in 2014. It distributes its payload via a Word document email attachment with embedded malicious macros. The most recent version of Hancitor contains the encoded shellcode within the macro and uses native API calls within Visual Basic (VB) code to pass execution, and carves out and decrypts the embedded malware in the attachment. 


NJRat is a remote access Trojan (RAT), first spotted in June 2013 with samples dating back to November 2012. It was developed and is supported by Arabic speakers and mainly used by cybercrime groups against targets in the Middle East. In addition to targeting some governments in the region, the Trojan is used to control botnets and conduct other typical cybercrime activity.