Symantec, has gained insight into the current activities of a group they call Webworm. The group has developed customized versions of three older remote access Trojans (RATs), including Trochilus, Gh0st RAT, and 9002 RAT.
REFERENCE: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/webworm-espionage-rats
MALWARE FAMILIES: Gh0st, Trochilus, 9002 RAT
ATT&CK IDS: T1055 - Process Injection, T1105 - Ingress Tool Transfer, T1041 - Exfiltration Over C2 Channel, T1001 - Data Obfuscation, T1088 - Bypass User Account Control, T1059 - Command and Scripting Interpreter
Read More:
Comments