win.zyklon (Back to overview)


According to FireEye, Zyklon or Zyklon HTTP is a publicly available, full-featured backdoor capable of keylogging, password harvesting, downloading and executing additional plugins, conducting distributed denial-of-service (DDoS) attacks, and self-updating and self-removal. The malware may communicate with its command and control (C2) server over The Onion Router (Tor) network if configured to do so. The malware can download several plugins, some of which include features such as cryptocurrency mining and password recovery, from browsers and email software. Zyklon also provides a very efficient mechanism to monitor the spread and impact.

2018-01-17FireEyeSwapnil Patil, Yogesh Londhe
Microsoft Office Vulnerabilities Used to Distribute Zyklon Malware in Recent Campaign
2017-05-23CiscoVanja Svajcer
Modified Zyklon and plugins from India

There is no Yara-Signature yet.