top of page
Search

Webworm: Espionage Attackers Testing and Using Older Modified RATs

Writer's picture: StormsecStormsec

Symantec, has gained insight into the current activities of a group they call Webworm. The group has developed customized versions of three older remote access Trojans (RATs), including Trochilus, Gh0st RAT, and 9002 RAT.




MALWARE FAMILIES: Gh0st, Trochilus, 9002 RAT


ATT&CK IDS: T1055 - Process Injection, T1105 - Ingress Tool Transfer, T1041 - Exfiltration Over C2 Channel, T1001 - Data Obfuscation, T1088 - Bypass User Account Control, T1059 - Command and Scripting Interpreter


Read More:


6 views

Comments


Commenting has been turned off.
bottom of page