TYPEFRAME (Malware Family)
By Fraunhofer FKIE
Archived: 2026-04-05 18:30:04 UTC
TYPEFRAME is a RAT.
It supports ~25 commands that include operations on the victim’s filesystem, manipulation with its configuration,
modification of the system's firewall, the download and execution of additional tools from the attacker’s C&C and
the uninstall via a self-delete batch. The commands are indexed by 16-bit integers, starting with the value 0x8000.
The RAT uses RC4 for decryption of its binary configuration. It has a statically linked OpenSSL 0.9.8k library
used for SSL communication.
[TLP:WHITE] win_typeframe_auto (20251219 | Detects win.typeframe.)
Source: https://malpedia.caad.fkie.fraunhofer.de/details/win.typeframe
https://malpedia.caad.fkie.fraunhofer.de/details/win.typeframe
Page 1 of 1