Travle aka PYLOT backdoor hits Russian-speaking targets
released on 2017-12-20 @ 03:29:26 PM
The Travel sample found during our investigation was a DLL with a single exported function (MSOProtect). The malware name Travle was chosen given a string found in early samples of this family: “Travle Path Failed!”. This typo was replaced with correct word “Travel” in newer releases. We believe that Travle could be a successor to the NetTraveler family.