Kaspersky Lab has released new information on the threat group referred to as “Crouching Yeti” that it initially wrote about in July 2014.

As of March 4, “we successfully monitored 69 C2 server (unique domains), receiving hits from 3699 victims (unique IDs of the Trojan/backdoor) connecting from 57796 different IP addresses,” according to a Tuesday post. “We gathered four additional C2s since the publication of the first report (65 in the last report).”

The most widely used trojan is Havex with 3,375 unique victims, followed by Sysmain with 314 unique victims and ClientX with 10 unique victims. Previously, the majority of victims were in the U.S., but now Spain, Poland and Greece top the country distribution list.

Havex victims are primarily using Windows XP, and a smaller number are using Windows 7, according to the post.