We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:Win64/SamScissors
Aliases: No associated aliases
Summary
This trojan is a detection associated with command-and-control (C2) communications involving 3CXDesktopApp, a softphone application from 3CX.
This threat has been observed in activities by the group Citrine Sleet (DEV-1039), a threat actor based in North Korea that performs financially motivated attacks.
3CX users should install updates on self-hosted and on-premise servers and uninstall affected desktop clients to mitigate the threat. Users can also consider using the web client version (PWA).
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.