{"id":22855,"date":"2013-03-14T23:34:04","date_gmt":"2013-03-15T06:34:04","guid":{"rendered":"http:\/\/blogs.mcafee.com\/?p=22855"},"modified":"2025-06-06T02:13:50","modified_gmt":"2025-06-06T09:13:50","slug":"travnet-trojan-could-be-part-of-apt-campaign","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-trojan-could-be-part-of-apt-campaign\/","title":{"rendered":"Travnet Trojan Could Be Part of APT Campaign"},"content":{"rendered":"<p style=\"text-align: justify;\"><em>This blog post was written by Vikas Taneja.<\/em><\/p>\n<p style=\"text-align: justify;\">Attackers use all kinds of attack vectors to steal sensitive information from their targets. Their efforts are not limited to only zero-day vulnerabilities. Malware authors often exploit old vulnerabilities because a large number of organizations still use old vulnerable software. The Trojan Travnet, which steals information, is a classic example of malware that takes advantage of unpatched software. We have recently observed malicious Travnet RTF and Excel documents that exploit old vulnerabilities, such as CVE-2010-3333, in Microsoft Office. During our investigation we identified some samples associated with this campaign that have been active since 2009.<\/p>\n<p style=\"text-align: justify;\">Once Travnet infects a machine, it searches for all document files, such as PDF, PPT, and DOC, and uploads this data to remote servers. To evade detection from network-monitoring appliances such as intrusion detection and prevention systems, the malware sends the stolen data in encrypted format. To reduce the data size, it first uses a compression algorithm and then a Base64 algorithm.<\/p>\n<h2 style=\"text-align: justify;\">We have observed the following files actively used in this campaign:<\/h2>\n<ul>\n<li>\u041f\u043b\u0430\u043d \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0443\u0447\u0435\u043d\u0438\u044f \u0412\u041c\u0421 \u043d\u0430 2013 \u0433\u043e\u0434\u0430.xls (\u201cPlan for teaching the Navy in 2013 goda.xls\u201d)<\/li>\n<li>22.01.2013.doc<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">These files exploit old vulnerabilities in Office and drop executable files that are embedded in the original malicious files.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/03\/v1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-22856\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/03\/v1.png\" alt=\"v1\" width=\"650\" height=\"173\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/03\/v1.png 650w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/03\/v1-300x79.png 300w\" sizes=\"auto, (max-width: 650px) 100vw, 650px\" \/><\/a><\/p>\n<p>We found that IP address 110.34.193.13 hosted many domains that are part of this campaign.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/03\/v2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-22857\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/03\/v2.png\" alt=\"v2\" width=\"541\" height=\"779\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/03\/v2.png 541w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/03\/v2-208x300.png 208w\" sizes=\"auto, (max-width: 541px) 100vw, 541px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>During our investigation we found that these servers are now hosted at different IPs. The next list shows recent domains associated with this campaign.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/03\/v14.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-22871\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/03\/v14.jpg\" alt=\"v14\" width=\"769\" height=\"339\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/03\/v14.jpg 769w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/03\/v14-300x132.jpg 300w\" sizes=\"auto, (max-width: 769px) 100vw, 769px\" \/><\/a><\/p>\n<p>Most of the domains are registered with the following Registrar and Name Server:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/03\/v3.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-22858\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/03\/v3.png\" alt=\"v3\" width=\"401\" height=\"258\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/03\/v3.png 401w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/03\/v3-300x193.png 300w\" sizes=\"auto, (max-width: 401px) 100vw, 401px\" \/><\/a><\/p>\n<p>Some sites are registered to Li Ming and Zhang Lan, which could be fake names. However, their email IDs are also associated with lots of similar websites that are part of this campaign.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/06\/v16.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-22909\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/06\/v16.jpg\" alt=\"v16\" width=\"814\" height=\"216\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/06\/v16.jpg 814w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/06\/v16-300x79.jpg 300w\" sizes=\"auto, (max-width: 814px) 100vw, 814px\" \/><\/a><\/p>\n<p>The stolen data is being hosted at the following servers:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/03\/v8.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-22863\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/03\/v8.png\" alt=\"v8\" width=\"656\" height=\"368\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/03\/v8.png 656w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/03\/v8-300x168.png 300w\" sizes=\"auto, (max-width: 656px) 100vw, 656px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/03\/v9.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-22864\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/03\/v9.png\" alt=\"v9\" width=\"748\" height=\"337\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/03\/v9.png 748w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/03\/v9-300x135.png 300w\" sizes=\"auto, (max-width: 748px) 100vw, 748px\" \/><\/a><\/p>\n<p>We found on one server other malicious files using different domains:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/03\/v10.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-22865\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/03\/v10.png\" alt=\"v10\" width=\"814\" height=\"282\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/03\/v10.png 814w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/03\/v10-300x103.png 300w\" sizes=\"auto, (max-width: 814px) 100vw, 814px\" \/><\/a><\/p>\n<p>The malware injects a DLL into the Internet Explorer process \u201cIEXPLORE.EXE\u201d and starts collecting information and sending to the remote server:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/03\/v11.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-22866\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/03\/v11.png\" alt=\"v11\" width=\"342\" height=\"679\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/03\/v11.png 342w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/03\/v11-151x300.png 151w\" sizes=\"auto, (max-width: 342px) 100vw, 342px\" \/><\/a><\/p>\n<p>The following image shows how the infected machine sends data to the server:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/03\/v12.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-22867\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/03\/v12.png\" alt=\"v12\" width=\"733\" height=\"136\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/03\/v12.png 733w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/03\/v12-300x55.png 300w\" sizes=\"auto, (max-width: 733px) 100vw, 733px\" \/><\/a><\/p>\n<p>The stolen data is parsed by nettraveler.asp. Here is a snippet of that file:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/03\/v13.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-22868\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/03\/v13.png\" alt=\"v13\" width=\"579\" height=\"556\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/03\/v13.png 579w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/03\/v13-300x288.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/03\/v13-32x32.png 32w\" sizes=\"auto, (max-width: 579px) 100vw, 579px\" \/><\/a><\/p>\n<p style=\"text-align: justify;\">As we write this blog, we continue to analyze the samples to ascertain the nature of the data being collected on the remote servers, the potential victims, and the attacker(s). We are also investigating whether this attack is an advanced persistent threat.<\/p>\n<p>McAfee protects against this threat through on-demand User Defined Signatures. Coverage will be included in the Network Security Platform&#8217;s next signature release.<\/p>\n<p style=\"text-align: justify;\">Thanks to fellow researchers Anil Aphale, Amit Malik, Arunpreet Singh, and Umesh Wanve for their analysis.<\/p>\n<p style=\"text-align: justify;\">And thanks to Ravi Balupari and Benjamin Cruz for their valuable input.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This blog post was written by Vikas Taneja. Attackers use all kinds of attack vectors to steal sensitive information from&#8230;<\/p>\n","protected":false},"author":674,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[1411,49,338,180],"coauthors":[3973],"class_list":["post-22855","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-advanced-persistent-threats","tag-botnet","tag-endpoint-protection","tag-malware"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Travnet Trojan Could Be Part of APT Campaign | McAfee Blog<\/title>\n<meta name=\"description\" content=\"This blog post was written by Vikas Taneja. Attackers use all kinds of attack vectors to steal sensitive information from their targets. Their efforts are\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Travnet Trojan Could Be Part of APT Campaign | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"This blog post was written by Vikas Taneja. Attackers use all kinds of attack vectors to steal sensitive information from their targets. Their efforts are\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-trojan-could-be-part-of-apt-campaign\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2013-03-15T06:34:04+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-06T09:13:50+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/03\/v1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"650\" \/>\n\t<meta property=\"og:image:height\" content=\"173\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"McAfee\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"McAfee\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-trojan-could-be-part-of-apt-campaign\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-trojan-could-be-part-of-apt-campaign\/\"},\"author\":{\"name\":\"McAfee\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa\"},\"headline\":\"Travnet Trojan Could Be Part of APT Campaign\",\"datePublished\":\"2013-03-15T06:34:04+00:00\",\"dateModified\":\"2025-06-06T09:13:50+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-trojan-could-be-part-of-apt-campaign\/\"},\"wordCount\":470,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-trojan-could-be-part-of-apt-campaign\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/03\/v1.png\",\"keywords\":[\"advanced persistent threats\",\"botnet\",\"endpoint protection\",\"malware\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-trojan-could-be-part-of-apt-campaign\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-trojan-could-be-part-of-apt-campaign\/\",\"name\":\"Travnet Trojan Could Be Part of APT Campaign | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-trojan-could-be-part-of-apt-campaign\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-trojan-could-be-part-of-apt-campaign\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/03\/v1.png\",\"datePublished\":\"2013-03-15T06:34:04+00:00\",\"dateModified\":\"2025-06-06T09:13:50+00:00\",\"description\":\"This blog post was written by Vikas Taneja. Attackers use all kinds of attack vectors to steal sensitive information from their targets. Their efforts are\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-trojan-could-be-part-of-apt-campaign\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-trojan-could-be-part-of-apt-campaign\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-trojan-could-be-part-of-apt-campaign\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/03\/v1.png\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/03\/v1.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-trojan-could-be-part-of-apt-campaign\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Travnet Trojan Could Be Part of APT Campaign\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa\",\"name\":\"McAfee\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/1ffadfeeda1f4f9e7891a81f27a9ecf4\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png\",\"caption\":\"McAfee\"},\"description\":\"We're here to make life online safe and enjoyable for everyone.\",\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/x.com\/McAfee\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/mcafee\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Travnet Trojan Could Be Part of APT Campaign | McAfee Blog","description":"This blog post was written by Vikas Taneja. Attackers use all kinds of attack vectors to steal sensitive information from their targets. Their efforts are","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Travnet Trojan Could Be Part of APT Campaign | McAfee Blog","og_description":"This blog post was written by Vikas Taneja. Attackers use all kinds of attack vectors to steal sensitive information from their targets. Their efforts are","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-trojan-could-be-part-of-apt-campaign\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_author":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2013-03-15T06:34:04+00:00","article_modified_time":"2025-06-06T09:13:50+00:00","og_image":[{"width":650,"height":173,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/03\/v1.png","type":"image\/png"}],"author":"McAfee","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"McAfee","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-trojan-could-be-part-of-apt-campaign\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-trojan-could-be-part-of-apt-campaign\/"},"author":{"name":"McAfee","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa"},"headline":"Travnet Trojan Could Be Part of APT Campaign","datePublished":"2013-03-15T06:34:04+00:00","dateModified":"2025-06-06T09:13:50+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-trojan-could-be-part-of-apt-campaign\/"},"wordCount":470,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-trojan-could-be-part-of-apt-campaign\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/03\/v1.png","keywords":["advanced persistent threats","botnet","endpoint protection","malware"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-trojan-could-be-part-of-apt-campaign\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-trojan-could-be-part-of-apt-campaign\/","name":"Travnet Trojan Could Be Part of APT Campaign | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-trojan-could-be-part-of-apt-campaign\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-trojan-could-be-part-of-apt-campaign\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/03\/v1.png","datePublished":"2013-03-15T06:34:04+00:00","dateModified":"2025-06-06T09:13:50+00:00","description":"This blog post was written by Vikas Taneja. Attackers use all kinds of attack vectors to steal sensitive information from their targets. Their efforts are","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-trojan-could-be-part-of-apt-campaign\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-trojan-could-be-part-of-apt-campaign\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-trojan-could-be-part-of-apt-campaign\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/03\/v1.png","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/03\/v1.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-trojan-could-be-part-of-apt-campaign\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Travnet Trojan Could Be Part of APT Campaign"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa","name":"McAfee","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/1ffadfeeda1f4f9e7891a81f27a9ecf4","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png","caption":"McAfee"},"description":"We're here to make life online safe and enjoyable for everyone.","sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/x.com\/McAfee"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/mcafee\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/22855","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/674"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=22855"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/22855\/revisions"}],"predecessor-version":[{"id":215198,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/22855\/revisions\/215198"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=22855"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=22855"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=22855"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=22855"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}