Posts in Trojan Variants

A trojan that creates a VBscript file that contains a path to an executable. Once a connection is made, there are three commands that the trojan can run on the infected system: Run Command, Upload a file, and Download a specified file.

Read More
Trojan VariantsNJCCICoopsie
Coldroot RAT

A remote access trojan that persists on affected computers with full system access. It can spawn new remote desktop sessions, take screen captures and assemble them into a live stream of the affected desktop, start and kill processes on the target system, and can search, download, upload, and execute files.

Read More
Olympic Destroyer

The opening ceremony of the Winter Olympics held in Pyeongchang, South Korea was disrupted by a cyber-attack caused by the Olympic Destroyer trojan designed to destroy data. This trojan caused faulty Wi-Fi connections, disrupted television and internet services, and knocked the main press center offline.

Read More

A remote access trojan (RAT) and infostealer created using the open-source software LaZagne that follows mouse movements and clicks, logs keystrokes, records the output of the webcam and screen, and obtains credentials stored inside the system. It is available for purchase on a Tor network site.

Read More

A remote access trojan (RAT) that targets personnel and organizations related to South Korea or the video games industry, distributes malware through Google Drive, obtains its C2 address from GitHub, and uses Microsoft Windows Background Intelligence Transfer Service (BITS) to maintain persistence.

Read More

A trojan malware family whose activity dates back to at least 2013. A version discovered in November 2017 incorporates steganography techniques and can collect C2 information via GitHub, obscuring its C2 infrastructure and evading detection.

Read More

Terdot is a banking trojan that can also be used to steal information or as a backdoor. It is based on the Zeus banking trojan, can operate a local Man-in-the-Middle proxy server to steal credentials and uses a Domain Generation Algorithm  (DGA) to generate domains for its C2 server making it more difficult to track, block, and infiltrate.

Read More
Trojan VariantsNJCCICterdot, zeus