Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to malware
Malware

Trojan.AutoIt.289

Trojan.AutoIt.289 is a trojan identified by Doctor Web as malware launched by Trojan.Starter-family components. The provided content states that Trojan.Starter variants launch Trojan.AutoIt.289 and its components, and that Trojan.AutoIt.289 performs various malicious actions intended to make detection of the main payload more difficult. Doctor Web also describes Trojan.AutoIt.1413 as a packed version of Trojan.AutoIt.289. The malware was reported as being distributed as part of a broader malware set that included a miner, a backdoor, and a self-propagating module. High-confidence details in the provided content are limited; no specific infection vector beyond launch by Trojan.Starter malware, no named threat actor attribution, no specific targeted industries or platforms, and no concrete indicators of compromise are provided.

Share:
For your environment

Hunt this family in your stack

Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.

Start free trial
ACTIVITY FEED

Recent activity

3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

3 SOURCESView more in app
news drweb comNews
Jan 15, 2026
Dr.Web - Doctor Web’s virus activity review for 2025

AutoIt-based trojan used as part of a multi-malware bundle; performs actions intended to hinder detection of the main payload; also seen in packed form as Trojan.AutoIt.1413 and launched by malicious XML scripts (Trojan.Starter family).

Read more
news drweb comNews
Jan 15, 2026
Dr.Web - Doctor Web’s virus activity review for 2025

AutoIt-based trojan used as part of a multi-malware bundle (including miner, backdoor, and self-propagation module); performs actions intended to hinder detection of the main payload; also referenced as a packed variant (Trojan.AutoIt.1413).

Read more
news drweb comNews
Jan 12, 2026
Doctor Web’s Q4 2025 virus activity review

AutoIt-based trojan (also seen as a packed variant detected as Trojan.AutoIt.1413) distributed alongside other components (miner, backdoor, self-propagating module); performs actions intended to hinder detection of the primary payload.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets match these IOCs, which detections are missing, which campaigns to expect next, and what to do in the next 30 minutes.
Start free trial
IOC matching

Match every observed IP, domain, and hash against your live telemetry.

Threat actor attribution

Named campaigns wielding this family, with evidence pinned to each claim.

Exploited vulnerabilities

CVEs this family uses for access and lateral movement.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

MITRE ATT&CK mapping

Every documented technique, ranked by evidence weight.

Researcher chatter

Reddit, Mastodon, and CTI community discussion around this family.