top of page

Webworm: Espionage Attackers Testing and Using Older Modified RATs

Symantec, has gained insight into the current activities of a group they call Webworm. The group has developed customized versions of three older remote access Trojans (RATs), including Trochilus, Gh0st RAT, and 9002 RAT.

MALWARE FAMILIES: Gh0st, Trochilus, 9002 RAT

ATT&CK IDS: T1055 - Process Injection, T1105 - Ingress Tool Transfer, T1041 - Exfiltration Over C2 Channel, T1001 - Data Obfuscation, T1088 - Bypass User Account Control, T1059 - Command and Scripting Interpreter

Read More:

1 view


Commenting has been turned off.
bottom of page