 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: RCSession| Names | RCSession | |
| Category | Malware | |
| Type | Backdoor | |
| Description | (SecureWorks) This basic RAT is installed via DLL side-loading, and CTU researchers observed BRONZE PRESIDENT installing it on multiple hosts during intrusions. RCSession was extracted from a file called English.rtf and launched via a hollowed svchost.exe process. RCSession connects to its C2 server via a custom protocol, can remotely execute commands, and can launch additional tools. CTU researchers have no evidence of other threat actors using RCSession or of wide proliferation of the tool, suggesting it may be exclusively used by BRONZE PRESIDENT. | |
| Information | <https://www.secureworks.com/research/bronze-president-targets-ngos> | |
| MITRE ATT&CK | <https://attack.mitre.org/software/S0662/> | |
Last change to this tool card: 30 December 2022
Download this tool card in JSON format
Previous: RCLONE
Next: RCS Galileo
| Changed | Name | Country | Observed | ||
APT groups | |||||
 | Mustang Panda, Bronze President |  | 2012-Mar 2024 | ||
1 group listed (1 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |