[HDoor] is malware that has been customized and used by the [Naikon]( group. (Citation: Baumgartner Naikon 2015)


[TrickBot] is a Trojan spyware program that has mainly been used for targeting banking sites in United States, Canada, UK, Germany, Australia, Austria, Ireland, London, Switzerland, and Scotland. TrickBot first emerged in the wild in September 2016 and appears to be a successor to [Dyre]( [TrickBot] is developed in the C++ programming language. (Citation: S


[PowerDuke] is a backdoor that was used by [APT29]( in 2016. It has primarily been delivered through Microsoft Word or Excel attachments containing malicious macros. (Citation: Volexity PowerDuke November 2016)


[BLINDINGCAN] is a remote access Trojan that has been used by the North Korean government since at least early 2020 in cyber operations against defense, engineering, and government organizations in Western Europe and the US.(Citation: US-CERT BLINDINGCAN Aug 2020)(Citation: NHS UK BLINDINGCAN Aug 2020)


[Wiarp] is a trojan used by [Elderwood]( to open a backdoor on compromised hosts. (Citation: Symantec Elderwood Sept 2012) (Citation: Symantec Wiarp May 2012)


[Spark] s a Windows backdoor and has been in use since as early as 2017.(Citation: Unit42 Molerat Mar 2020)


[SynAck] is variant of Trojan ransomware targeting mainly English-speaking users since at least fall 2017. (Citation: SecureList SynAck Doppelgänging May 2018) (Citation: Kaspersky Lab SynAck May 2018)


[MURKYTOP] is a reconnaissance tool used by [Leviathan]( (Citation: FireEye Periscope March 2018)


[GRIFFON] is a JavaScript backdoor used by [FIN7]( (Citation: SecureList Griffon May 2019)

Exaramel for Windows

[Exaramel for Windows] is a backdoor used for targeting Windows systems. The Linux version is tracked separately under [Exaramel for Linux]( ESET TeleBots Oct 2018)