ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool FlawedAmmyy

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: FlawedAmmyy

NamesFlawedAmmyy
AmmyyRAT
CategoryMalware
TypeBackdoor, Info stealer, Credential stealer, Exfiltration
Description(Proofpoint) Ammyy Admin is a popular remote access tool used by businesses and consumers to handle remote control and diagnostics on Microsoft Windows machines. However, leaked source code for Version 3 of Ammyy Admin has emerged as a Remote Access Trojan called FlawedAmmyy appearing in a variety of malicious campaigns. For infected individuals, this means that attackers potentially have complete access to their PCs, giving threat actors the ability to access a variety of services, steal files and credentials, and much more. We have seen FlawedAmmyy in both massive campaigns, potentially creating a large base of compromised computers, as well as targeted campaigns that create opportunities for actors to steal customer data, proprietary information, and more.
Information<https://www.proofpoint.com/us/threat-insight/post/leaked-ammyy-admin-source-code-turned-malware>
<https://www.sans.org/reading-room/whitepapers/reverseengineeringmalware/unpacking-decrypting-flawedammyy-38930>
<https://secrary.com/ReversingMalware/AMMY_RAT_Downloader/>
<https://www.proofpoint.com/us/threat-insight/post/ta505-abusing-settingcontent-ms-within-pdf-files-distribute-flawedammyy-rat>
<https://github.com/Coldzer0/Ammyy-v3>
MITRE ATT&CK<https://attack.mitre.org/software/S0381/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.flawedammyy>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:flawedammyy>

Last change to this tool card: 13 May 2020

Download this tool card in JSON format

All groups using tool FlawedAmmyy

ChangedNameCountryObserved

APT groups

 Buhtrap, Ratopak SpiderRussia2015-Jun 2019 
 Carbanak, AnunakUkraine2013-Apr 2023X
XCobalt GroupRussia2016-Oct 2019X
 FIN6, Skeleton Spider[Unknown]2015-Oct 2021X
 FIN11[Unknown]2016-Nov 2023X
 TA505, Graceful Spider, Gold EvergreenRussia2006-Nov 2022X

6 groups listed (6 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]