NewCore is a remote access trojan first discovered by Fortinet researchers while conducting analysis on a China-linked APT campaign targeting Vietnamese organizations. The trojan is a DLL file, executed after a trojan downloader is installed on the targeted machine. Based on strings in the code, the trojan may be compiled from the publicly-available source code of the PcClient and PcCortr backdoor trojans.
NewCore's capabilities include:
- Shutdown the machine
- Restart the machine
- Obtain disk list
- Obtain directory list
- Obtain file information
- Obtain disk information
- Rename, copy, and delete files
- Execute files
- Search files
- Download files
- Upload files
- Monitor the screen
- Start command shell
Technical Details
- Fortinet provides technical analysis of the NewCore trojan, here.
