Bifrost Trojan | Bifrose, 3 Minute Profile

Shrouded Crossbow employs the BIFROSE/ Bifrost trojan, KIVARS, and XBOW backdoors in their attacks. As an indicator of resources available to the group, Trend Micro notes that BIFROSE backdoor has sold for more than $10,000 on underground sites. BIFROSE has been around for about a decade and has been used in spam campaigns against NATO and United States government agencies. BIFROSE is a remote access Trojan (RAT) which establishes a persistent presence and then deploys tools to capture keystrokes, screenshots, and confidential information. Trend Micro actually believes that the group purchased the source code of bifrose, and then developed a new installer, created unique loader-backdoor pairs, and simplified the backdoor capabilities, thereby resulting in KIVARS.