ESET cyber security experts: It’s GSM plugin uses AT command protocol and has Tor for network communications. It targets Russia and diplomatic missions-governments in Eastern Europe.
Yoroi-Cybaze ZLab cyber security experts: The malware works as an encryptor and a decryptor. It abuses Clearnet-to-Tor proxy services to connect to its C2, hidden behind onion sites.