A trojan used by a select group of threat actors to conduct online banking fraud attacks targeting consumer and business bank accounts. These actors infiltrate the accounts, steal credentials, and manipulate banking sessions to eventually take over the bank accounts and transfer cash from the victim account to one under their control.
A remote access trojan (RAT) available for sale on the internet for $25. It is a modular trojan that can be modified to include additional plugins expanding its functionality and performance based on the user's needs.
A trojan used in fileless attacks by threat actors to target victims, convincing them to click a LNK file in a phishing email. A set of espionage tools - used to exfiltrate data - are then deployed through the Typhoon downloader and Lionrock backdoors.
A remote access trojan spread via malicious email attachments that allows threat actors to steal files, log keystrokes, take screenshots, and execute arbitrary code on the victim's machine and is typically used to target entities linked to North Korea.
A banking trojan spread via exploit kits, malicious websites, and malicious advertisements and used to steal user credentials from South Korean banking institutions.
A trojan malware used by a Chinese cyber-espionage group since at least mid-2016, targeting military and aerospace sectors in Russia and Belarus. The group uses ZeroT to download PlugX on victim devices.
A trojan loader with a file size is over 100MB. It is overlaid with junk data in an effort to complicate sample exchanges, stay below the radar of commonly-used YARA rules, and evade antivirus programs.
A remote access trojan (RAT) with the ability to bypass security measures like sandboxes and virtual machines, control the victim machine locally without an internet connection, gain system privileges, and prevent meaningful post-infection forensic analysis.
A remote access trojan (RAT) that first surfaced in 2012 and is used against high profile targets. This RAT is used by Chinese advanced persistent threat (APT) groups Deep Panda and Aurora Panda to target victims in the aerospace, government, healthcare, and technology sectors.
A remote access trojan (RAT) discovered by Palo Alto Networks in 2017 and has been active for over two years. It is delivered via a downloader, known as Carp, and uses malicious macros in Microsoft Excel documents to compile embedded C# programming language source code into an executable that runs and deploys the Cardinal RAT.
An open-source multi-platform remote access trojan (RAT) used by advanced persistent threat (APT) groups. It was used in an early 2017 campaign, dubbed "Magic Hound," that targeted Saudi Arabian organizations associated with the financial, oil, and technology sectors.
A banking trojan that has been targeting European banks since 2014. It can bypass two-factor authentication and detect the presence of virtual machines.
A remote access trojan (RAT) that leverages a malicious Hangual Word Processor (HWP) document sent in spearphishing emails to infect hosts. This trojan can be used to execute commands, move a file, remove a file, kill a process, download and execute a file, upload documents, capture screenshots, and log keystrokes.
A remote access trojan (RAT) that uses the Telegram protocol to support encrypted communication between the victim's machine and the attacker. When a system is infected with RATAttack, it connects to the attacker’s bot’s Telegram channel.
A remote access trojan (RAT) first identified in 2012 that targeted government institutions. It is similar to the Poison Ivy malware, allowing remote users to perform data theft or take control of the affected systems without permission or authorization.
A remote access trojan (RAT) that was first identified back in 2005 and has continued to make headlines throughout the years. The RAT has spying capabilities and is often spread through malicious Word or PDF attachments in spearphishing emails.
A trojan first identified in a campaign against Thai organizations from mid-to-late 2016. It collects victims' hostname, username, Windows version, IP address, current time, RAM amount, number of total drives, number of removable drives, and unique victim identifier and can execute arbitrary code, kill processes, gather basic system information, log keystrokes, and install additional malware.
A remote access trojan (RAT) first identified in October 2015 when attackers used it to infect visitors of a Myanmar website. It was then used in 2016 in a cyber-espionage campaign, dubbed "the Seven Pointed Dagger." It operates in memory only and does not write to the disk, helping it evade detection.
A backdoor trojan first identified in June 2016 that primarily spreads by masquerading as pirated content via torrent files on compromised websites. In April 2017, it began spreading via torrents and formed a botnet designed to brute-force weak WordPress administrator accounts.
Winnti is a trojan typically used by a Chinese advanced persistent threat (APT) group of the same name. It has been used to targeted many nations, with a focus on Southeast Asian organizations in the video gaming sector; however, more recently, the trojan has been used in attacks targeting organizations in other sectors.