 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: H-Worm| Names | H-Worm H-Worm RAT Houdini RAT Houdini Hworm Njw0rm Iniduoh Jenxcus Kognito WSHRAT dinihou dunihi | |
| Category | Malware | |
| Type | Backdoor, Info stealer | |
| Description | (FireEye) H-worm is a VBS (Visual Basic Script) based RAT written by an individual going by the name Houdini. We believe the author is based in Algeria and has connections to njq8, the author of njw0rm and njRAT/LV through means of a shared or common code base. We have seen the H-worm RAT being employed in targeted attacks against the international energy industry; however, we also see it being employed in a wider context as run of the mill attacks through spammed email attachments and malicious links. | |
| Information | <https://www.fireeye.com/blog/threat-research/2013/09/now-you-see-me-h-worm-by-houdini.html> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.houdini> | |
| AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:h-worm> | |
Last change to this tool card: 29 December 2022
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
APT groups | |||||
| Molerats, Extreme Jackal, Gaza Cybergang | [Gaza] | 2012-Jul 2023 | |||
| ↳ Subgroup: Pat Bear, APT-C-37 |  | 2015 | |||
| TA2541 | [Unknown] | 2017 | |||
| WIRTE Group | [Middle East] | 2018 | |||
4 groups listed (4 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |