Trojan Horse - SparTech Software

A Trojan horse in cybersecurity is a type of malware that disguises itself as legitimate or harmless software to deceive users into installing it on their devices. Once installed, the Trojan can execute a range of malicious activities, such as stealing sensitive data, providing remote access to attackers, monitoring user activity, or damaging files.

Key Characteristics

• Disguised as Legitimate Software: Trojans are typically embedded in what appears to be a useful or desirable program, such as games, tools, or even software updates.
• Requires User Action: Unlike viruses or worms, Trojans do not self-replicate or spread automatically. They rely on users to download and execute them, often through social engineering tactics like phishing emails or fake downloads.
• Hidden Malicious Function: While the program may perform its advertised function, it also carries out hidden, unauthorized actions that benefit the attacker.

Common network ports (port number, service name and protocol with description).
Glossary: Virus
A computer virus is a type of malicious software (malware) designed to spread from one computer to another by attaching itself to other programs or files, and then replicating itself when those programs are executed or files are opened. The main objective of a computer virus is to disrupt normal system operations, cause damage to data or software, and sometimes steal information or allow unauthorized access.

United States	~59% of ransomware attacks globally Thousands per year
Poland	1,000+ per week
Russia	Highest cybercrime threat level
China	Thousands per year
India	115% surge in attacks Q2 2024
Ukraine	Significant surge since 2022
Brazil	Among top countries for blocked attacks
Mexico	65% of businesses hit in 2024
Germany	High targeted rate (EU)
France	High targeted rate (EU)

AS Name	ASN
Bharat Sanchar Nigam Ltd	9829
No.31,Jin-rong Street	4134
CHINA UNICOM China169 Backbone	4837
DigitalOcean, LLC	14061
HUAWEI INTERNATIONAL PTE. LTD.	136907
Amazon.com, Inc.	14618
Alibaba (US) Technology Co., Ltd.	45102
Google LLC	396982
Amazon.com, Inc.	16509
3xK Tech GmbH	200373

IP Address	Notable Exploits/Context
104.238.159.149	SharePoint zero-day, broad exploitation
107.191.58.76	SharePoint zero-day, government targets
96.9.125.147	SharePoint, previously Ivanti exploits
139.162.47.194	Exploits on CitrixBleed 2
38.180.148.215	CitrixBleed 2 campaigns
185.224.128.17	High activity, Netherlands
89.248.163.200	High activity, Netherlands
15.235.218.150	Associated with APT, active C2
45.9.148.114	Associated with C2, malicious netflow
91.107.150.184	C2 infrastructure, recent IoC

Related