This Trojan was first seen in targeted attacks against financial institutions in 2017. The primary victims are Russian banks, but victims have also been registered in Malaysia and Armenia. The initial infection with a spear-phishing email allows the attackers to gain persistent access to the internal banking network. The attackers then monitor the bank’s day-to-day activity in order to steal as much as possible when ready.