Description

The Application and Window Manager feature in malware provides a twofold advantage for attackers. On one hand, it allows them to monitor the active applications and open windows on a compromised system, serving as a powerful surveillance tool. By keeping tabs on what websites are being browsed or what chat applications are in use, attackers can gain insights into the victim's behavior, interests, and communication patterns. This information is especially useful for more targeted attacks like spear-phishing, as it enables the attacker to customize deceptive messages based on whom the target user is talking to or what they are discussing.

On the other hand, this feature can also be used to disrupt user activities by forcibly closing applications or windows. Such disruptions can serve as a diversionary tactic, diverting attention away from other, more covert activities the malware may be conducting in the background. Whether it's used for close surveillance or disruptive actions, the Application and Window Manager feature provides attackers with a nuanced capability to both observe and influence user behavior, making it a versatile tool in a well-rounded malware arsenal.

Categories Spy / Surveillance, Disruption
Dangerousness Low

Existing Technique

Name Associated Feature(s) Has Snippet Matching Sample
Window Enumeration logoWindow Enumeration Application / Window Manager 0

Associated with Releases

Version Origins Authors Languages Release Date
CIA 1.3 logoCIA 1.3 England ๐Ÿด๓ ง๓ ข๓ ฅ๓ ฎ๓ ง๓ ฟ Alchemist Visual Basic 6 (VB6) Dec, 2004
ProRat 1.9 logoProRat 1.9 Turkey ๐Ÿ‡น๐Ÿ‡ท HighLander , ATmaCA Borland C++ Mar, 2005
DARKMOON 4.11 / 4.11 Private Edition logoDARKMOON 4.11 / 4.11 Private Edition Spain ๐Ÿ‡ช๐Ÿ‡ธ shukisnike Delphi Jun, 2005
Turkojan 3.0 logoTurkojan 3.0 Turkey ๐Ÿ‡น๐Ÿ‡ท Fungus Delphi Sep, 2006
Bifrost 1.2.1 logoBifrost 1.2.1 Sweden ๐Ÿ‡ธ๐Ÿ‡ช ksv C++ Jan, 2007
Hav-Rat 1.2 logoHav-Rat 1.2 Sweden ๐Ÿ‡ธ๐Ÿ‡ช Havalito Delphi Feb, 2007
Bandook 1.35 logoBandook 1.35 Lebanon ๐Ÿ‡ฑ๐Ÿ‡ง PrinceAli Delphi, C++ Apr, 2007
Poison Ivy 2.3.0 logoPoison Ivy 2.3.0 Sweden ๐Ÿ‡ธ๐Ÿ‡ช Shapeless Delphi, MASM Jun, 2007
sharK 2.4.0 Fwb+ logosharK 2.4.0 Fwb+ Germany ๐Ÿ‡ฉ๐Ÿ‡ช sNiper109 , rockZ Visual Basic 6 (VB6) Aug, 2007
Nuclear RAT 2.1.0 logoNuclear RAT 2.1.0 Brazil ๐Ÿ‡ง๐Ÿ‡ท Caesar2k Delphi Sep, 2007
Poison Ivy 2.3.2 logoPoison Ivy 2.3.2 Sweden ๐Ÿ‡ธ๐Ÿ‡ช Shapeless Delphi, MASM Jan, 2008
Turkojan 4 logoTurkojan 4 Turkey ๐Ÿ‡น๐Ÿ‡ท FยตNGยตยง Delphi Feb, 2008
Turkojan 4.0 logoTurkojan 4.0 Turkey ๐Ÿ‡น๐Ÿ‡ท Fungus Delphi Mar, 2008
sharK 3.1 fwb++ logosharK 3.1 fwb++ Germany ๐Ÿ‡ฉ๐Ÿ‡ช sNiper109 , rockZ Visual Basic 6 (VB6) Mar, 2008
Lost Door 3.0 Stable logoLost Door 3.0 Stable Tunisia ๐Ÿ‡น๐Ÿ‡ณ OussamiO Visual Basic 6 (VB6) Mar, 2009
PrjRAPTOR 1.8 logoPrjRAPTOR 1.8 United States ๐Ÿ‡บ๐Ÿ‡ธ Ryan.M Visual Basic 6 (VB6) Jul, 2009
Cerberus 1.0 Beta logoCerberus 1.0 Beta United States ๐Ÿ‡บ๐Ÿ‡ธ, United Kingdom ๐Ÿ‡ฌ๐Ÿ‡ง Protocol , Steve10120 , 2sly , Sam Delphi Aug, 2009
Cerberus 1.01 Beta logoCerberus 1.01 Beta United States ๐Ÿ‡บ๐Ÿ‡ธ, United Kingdom ๐Ÿ‡ฌ๐Ÿ‡ง Protocol , Steve10120 , 2sly , Sam Delphi Aug, 2009
Cerberus 1.02 Beta logoCerberus 1.02 Beta United States ๐Ÿ‡บ๐Ÿ‡ธ, United Kingdom ๐Ÿ‡ฌ๐Ÿ‡ง Protocol , Steve10120 , 2sly , Sam Delphi Aug, 2009
Apocalypse RAT 1.4 logoApocalypse RAT 1.4 Turkey ๐Ÿ‡น๐Ÿ‡ท ap0calypse Delphi Aug, 2009
Cerberus 1.03.4 logoCerberus 1.03.4 United States ๐Ÿ‡บ๐Ÿ‡ธ, United Kingdom ๐Ÿ‡ฌ๐Ÿ‡ง Protocol , Steve10120 , 2sly , Sam Delphi Sep, 2009
Spy-Net 2.6 logoSpy-Net 2.6 Brazil ๐Ÿ‡ง๐Ÿ‡ท Raphael Delphi Oct, 2009
DarkComet RAT 1.3 logoDarkComet RAT 1.3 France ๐Ÿ‡ซ๐Ÿ‡ท DarkCoderSc Nov, 2009
Cerberus 1.03.5 Beta logoCerberus 1.03.5 Beta United States ๐Ÿ‡บ๐Ÿ‡ธ, United Kingdom ๐Ÿ‡ฌ๐Ÿ‡ง Protocol , Steve10120 , 2sly , Sam Delphi Dec, 2009
DarkComet RAT 2.0 RC4 logoDarkComet RAT 2.0 RC4 France ๐Ÿ‡ซ๐Ÿ‡ท DarkCoderSc Delphi Mar, 2010
CyberGate 1.04.8 logoCyberGate 1.04.8 United States ๐Ÿ‡บ๐Ÿ‡ธ johnyk Delphi Apr, 2010
Lost Door 4.3.1 logoLost Door 4.3.1 Tunisia ๐Ÿ‡น๐Ÿ‡ณ OussamiO Visual Basic 6 (VB6) Apr, 2010
DarkComet RAT 2.0 RC7 logoDarkComet RAT 2.0 RC7 France ๐Ÿ‡ซ๐Ÿ‡ท DarkCoderSc Assembly, Delphi Jun, 2010
Schwarze Sonne 1.0 logoSchwarze Sonne 1.0 Unknown ๐Ÿดโ€โ˜ ๏ธ, Germany ๐Ÿ‡ฉ๐Ÿ‡ช, Turkey ๐Ÿ‡น๐Ÿ‡ท ap0calypse , Slayer616 , Counterstrikewi Delphi Jun, 2010
Lost Door 5.1 logoLost Door 5.1 Tunisia ๐Ÿ‡น๐Ÿ‡ณ OussamiO Visual Basic 6 (VB6) Oct, 2010
Coolvibes 1 Update 8 logoCoolvibes 1 Update 8 Spain ๐Ÿ‡ช๐Ÿ‡ธ Thor Delphi May, 2011
Xtreme RAT 2.9 logoXtreme RAT 2.9 Brazil ๐Ÿ‡ง๐Ÿ‡ท Raphael Delphi Jul, 2011
DarkComet RAT 5.3 logoDarkComet RAT 5.3 France ๐Ÿ‡ซ๐Ÿ‡ท DarkCoderSc Assembly, Delphi Jun, 2012
DarkComet RAT 5.3.1 logoDarkComet RAT 5.3.1 France ๐Ÿ‡ซ๐Ÿ‡ท DarkCoderSc Assembly, Delphi Jun, 2012
Quasar 1.0 logoQuasar 1.0 Unknown ๐Ÿดโ€โ˜ ๏ธ MaxXor C# Aug, 2015
Lost Door 9.2 Aws logoLost Door 9.2 Aws Tunisia ๐Ÿ‡น๐Ÿ‡ณ OussamiO Visual Basic 6 (VB6) Jan, 2022