ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > List all tools > List all groups using tool Trochilus RAT

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Trochilus RAT

NamesTrochilus RAT
TypeReconnaissance, Backdoor, Info stealer, Downloader
DescriptionDespite that the RAT was designed to execute in the memory of the machine (thus evading detection by AV software), ASERT researchers obtained the RAT’s source code and connected it to a GitHub profile of a user named 5loyd.

On the GitHub page, the RAT has been advertised as a fast and free Windows remote administration tool. Other details include:
• Written in CC+;
• Supports various communication protocols;
• Has a file manager module, a remote shell, a non-UAC mode;
• Able to uninstall itself;
• Able to upload information from remote machines;
• Able to download an execute files.

Researchers believe that 5loys is not a part of Group 27. More likely, the user’s profile has been hijacked by the group and used for their own purposes.
AlienVault OTX<>

Last change to this tool card: 14 May 2020

Download this tool card in JSON format

All groups using tool Trochilus RAT


APT groups

XAPT 31, Judgment Panda, ZirconiumChina2016-Feb 2022 
 Earth BerberokaChina2022 
 Nightshade Panda, APT 9, Group 27China2013-Sep 2016 
XStone Panda, APT 10, menuPassChina2006-Feb 2022X

4 groups listed (4 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]