Update: I just spoke with Mike Wood, VP of Research at Lavasoft— this is not the same variant of the trojan as we found (they have also updated their database to the one we have been discussing). However, they have some really interesting data so we are hoping to collaborate.
Very interesting, a comfirmation (finally) of the kind of stuff we found. Lavasoft just posted a research note on a trojan and a server which look very similar to the one we found. Good stuff and well done to these guys. We’re pinging Lavasoft (currently closed as they are in Sweden) to find out more. Different variant or the same one? We should hopefully know more soon.