Thus far in 2019, the Cybereason Nocturnus team has encountered several variants of the trojan Glupteba. Glupteba was first spotted in 2011 as a malicious proxy generating spam and click-fraud traffic from a compromised machine. Since then, it has been distributed through several different methods and used in multiple attacks, including Operation Windigo until 2018. The majority of Glupteba’s history has revolved around Operation Windigo, though over the years the malware has matured significantly to be part of its own botnet and distributed via Adware.