Posts in Trojan Variants

Qulab was recently discovered utilizing YouTube videos to promote a bitcoin generator tool that promises to generate free bitcoins for its users. This scam is pushing Qulab information-stealing and clipboard hijacking. As users and videos are reported, they are taken down; however, threat actors create new users and videos.

Read More

HiddenWasp is considered a highly sophisticated malware targeting Linux systems. What makes this threat so nefarious is that it is virtually undetectable, as it can bypass all major anti-virus systems, at the time of writing.

Read More

Cannon is a trojan used by the advanced persistent threat (APT) group APT28, also known as Fancy Bear, Tsar Team, Group 74, Sednit, and Sofacy, a cyber-espionage group likely associated with the Russian military agency, GRU.

Read More
Trojan VariantsNJCCICCannon
Agent Tesla

Agent Tesla is a modular, monitoring software written in .Net, currently being sold online as a legal keylogger product for personal use. It first appeared on a Turkish-language Wordpress site back in 2014, and has since seen a recent surge of activity through its current domain, agenttesla-dot-com.

Read More

A banking trojan targeting victims in Brazil that uses a remote Microsoft SQL database as their C2 server to avoid detection by making connections to it seem like legitimate and innocuous Microsoft SQL traffic.

Read More

A remote access trojan delivered via malicious Microsoft Office Word documents spread through spam. The trojan is able to detect is a Virtual Machine (VM) is running on the system using a WMI request in order to get the current temperature of the hardware.

Read More

A trojan that creates a VBscript file that contains a path to an executable. Once a connection is made, there are three commands that the trojan can run on the infected system: Run Command, Upload a file, and Download a specified file.

Read More
Trojan VariantsNJCCICoopsie
Coldroot RAT

A remote access trojan that persists on affected computers with full system access. It can spawn new remote desktop sessions, take screen captures and assemble them into a live stream of the affected desktop, start and kill processes on the target system, and can search, download, upload, and execute files.

Read More
Olympic Destroyer

The opening ceremony of the Winter Olympics held in Pyeongchang, South Korea was disrupted by a cyber-attack caused by the Olympic Destroyer trojan designed to destroy data. This trojan caused faulty Wi-Fi connections, disrupted television and internet services, and knocked the main press center offline.

Read More