 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: Trochilus RAT| Names | Trochilus RAT | |
| Category | Malware | |
| Type | Reconnaissance, Backdoor, Info stealer, Downloader | |
| Description | Despite that the RAT was designed to execute in the memory of the machine (thus evading detection by AV software), ASERT researchers obtained the RAT’s source code and connected it to a GitHub profile of a user named 5loyd. On the GitHub page, the RAT has been advertised as a fast and free Windows remote administration tool. Other details include: • Written in CC+; • Supports various communication protocols; • Has a file manager module, a remote shell, a non-UAC mode; • Able to uninstall itself; • Able to upload information from remote machines; • Able to download an execute files. Researchers believe that 5loys is not a part of Group 27. More likely, the user’s profile has been hijacked by the group and used for their own purposes. | |
| Information | <https://sensorstechforum.com/trochilus-plugx-rats-in-targeted-attacks-on-governments/> <https://github.com/5loyd/trochilus/> <https://asert.arbornetworks.com/uncovering-the-seven-pointed-dagger/> <https://github.com/m0n0ph1/malware-1/tree/master/Trochilus> <https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.trochilus_rat> | |
| AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:Trochilus> | |
Last change to this tool card: 14 May 2020
Download this tool card in JSON format
Previous: TriFive
Next: Troll Stealer
| Changed | Name | Country | Observed | ||
APT groups | |||||
| APT 31, Judgment Panda, Zirconium |  | 2016-Mar 2024 |  | ||
| Earth Berberoka | | 2022 | |||
| Nightshade Panda, APT 9, Group 27 | | 2013-Sep 2016 | |||
| Space Pirates | | 2017-Sep 2022 | |||
 | Stone Panda, APT 10, menuPass | | 2006-Feb 2022 | | |
5 groups listed (5 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |