ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > List all tools > List all groups using tool FlawedAmmyy

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: FlawedAmmyy

TypeBackdoor, Info stealer, Credential stealer, Exfiltration
Description(Proofpoint) Ammyy Admin is a popular remote access tool used by businesses and consumers to handle remote control and diagnostics on Microsoft Windows machines. However, leaked source code for Version 3 of Ammyy Admin has emerged as a Remote Access Trojan called FlawedAmmyy appearing in a variety of malicious campaigns. For infected individuals, this means that attackers potentially have complete access to their PCs, giving threat actors the ability to access a variety of services, steal files and credentials, and much more. We have seen FlawedAmmyy in both massive campaigns, potentially creating a large base of compromised computers, as well as targeted campaigns that create opportunities for actors to steal customer data, proprietary information, and more.
AlienVault OTX<>

Last change to this tool card: 13 May 2020

Download this tool card in JSON format

All groups using tool FlawedAmmyy


APT groups

 Buhtrap, Ratopak SpiderRussia2015-Jun 2019 
 Carbanak, AnunakUkraine2013-Nov 2021X
 Cobalt GroupRussia2016-Oct 2019X
 FIN6, Skeleton Spider[Unknown]2015-Oct 2021X
XFIN11[Unknown]2016-Aug 2022 HOTX
XTA505, Graceful Spider, Gold EvergreenRussia2006-Oct 2021X

6 groups listed (6 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]