Topinambour

Description

(Kaspersky) The purpose of all this infrastructure and modules in JavaScript, .NET and PowerShell is to build a “fileless” module chain on the victim’s computer consisting of an initial small runner and several Windows system registry values containing the encrypted remote administration tool. The tool does all that a typical Trojan needs to accomplish: upload, download and execute files, fingerprint target systems. The PowerShell version of the Trojan also has the ability to get screenshots.

Names

Name
Topinambour

Category

Malware

Type

• Reconnaissance
• Backdoor
• Info stealer
• Exfiltration

Information

• https://securelist.com/turla-renews-its-arsenal-with-topinambour/91687/

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.topinambour

Other Information

Uuid

4efb3718-b7b7-44d1-926a-4d85b9270260

Last Card Change

2023-06-22