Names | FakeM FakeM RAT Terminator RAT | |
Category | Malware | |
Type | Backdoor | |
Description | (Trend Micro) We found a family of RATs that we call “FAKEM” that make their network traffic look like various protocols. Some variants attempt to disguise network traffic to look like Windows® Messenger and Yahoo!® Messenger traffic. Another variant tries to make the content of its traffic look like HTML. While the disguises the RATs use are simple and distinguishable from legitimate traffic, they may be just good enough to avoid further scrutiny. | |
Information | <https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-fakem-rat.pdf> <https://www.welivesecurity.com/wp-content/uploads/2014/01/Advanced-Persistent-Threats.pdf> | |
MITRE ATT&CK | <https://attack.mitre.org/software/S0076/> | |
Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.terminator_rat> | |
AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:FakeM> |
Last change to this tool card: 14 May 2020
Download this tool card in JSON format
Changed | Name | Country | Observed | ||
APT groups | |||||
Scarlet Mimic | 2015-Aug 2022 |
1 group listed (1 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |