NewCore is a remote access trojan first discovered by Fortinet researchers while conducting analysis on a China-linked APT campaign targeting Vietnamese organizations. The trojan is a DLL file, executed after a trojan downloader is installed on the targeted machine. Based on strings in the code, the trojan may be compiled from the publicly-available source code of the PcClient and PcCortr backdoor trojans.

NewCore's capabilities include:

  • Shutdown the machine
  • Restart the machine
  • Obtain disk list
  • Obtain directory list
  • Obtain file information
  • Obtain disk information
  • Rename, copy, and delete files
  • Execute files
  • Search files
  • Download files
  • Upload files
  • Monitor the screen
  • Start command shell

Technical Details

  • Fortinet provides technical analysis of the NewCore trojan, here.