SYMBOL | COMMON_NAME | aka. SYNONYMS |
Arbor’s ASERT team is now reporting that, after looking deeper at that particular campaign, and by exposing a new trail in the group’s activities, they managed to identify a new RAT that was undetectable at that time by most antivirus vendors. Named Trochilus, this new RAT was part of Group 27’s malware portfolio that included six other malware strains, all served together or in different combinations, based on the data that needed to be stolen from each victim. This collection of malware, dubbed the Seven Pointed Dagger by ASERT experts, included two different PlugX versions, two different Trochilus RAT versions, one version of the 3012 variant of the 9002 RAT, one EvilGrab RAT version, and one unknown piece of malware, which the team has not entirely decloaked just yet.
2020 ⋅ Secureworks ⋅ BRONZE UNION 9002 RAT CHINACHOPPER Enfal Ghost RAT HttpBrowser HyperBro owaauth PlugX Poison Ivy ZXShell EMISSARY PANDA |
2020 ⋅ Secureworks ⋅ BRONZE FIRESTONE 9002 RAT Derusbi Empire Downloader PlugX Poison Ivy Shell Crew |
2020 ⋅ Secureworks ⋅ BRONZE EXPRESS 9002 RAT CHINACHOPPER IsSpace NewCT PlugX smac APT 26 |
2020 ⋅ Secureworks ⋅ BRONZE KEYSTONE 9002 RAT BLACKCOFFEE DeputyDog Derusbi HiKit PlugX Poison Ivy ZXShell Aurora Panda |
2018-08-21 ⋅ Trend Micro ⋅ Supply Chain Attack Operation Red Signature Targets South Korean Organizations 9002 RAT |
2018-03 ⋅ CrySyS Lab ⋅ Territorial Dispute – NSA’s perspective on APT landscape 9002 RAT Agent.BTZ DuQu EYService Flame FlowerShop Stuxnet Uroburos |
2017-08-25 ⋅ Proofpoint ⋅ Operation RAT Cook: Chinese APT actors use fake Game of Thrones leaks as lures 9002 RAT |
2017-03-30 ⋅ Palo Alto Networks Unit 42 ⋅ Trochilus and New MoonWind RATs Used In Attack Against Thai Organizations Group 27 |
2016-01-12 ⋅ Softpedia News ⋅ Trochilus RAT Evades Antivirus Detection, Used for Cyber-Espionage in South-East Asia Group 27 |
2015-09-23 ⋅ Palo Alto Networks Unit 42 ⋅ Chinese Actors Use ‘3102’ Malware in Attacks on US Government and EU Media 9002 RAT |
2015-08 ⋅ Arbor Networks ⋅ Uncovering the Seven Pointed Dagger 9002 RAT EvilGrab PlugX Trochilus RAT Group 27 |
2013-11-10 ⋅ FireEye ⋅ Operation Ephemeral Hydra: IE Zero-Day Linked to DeputyDog Uses Diskless Method 9002 RAT |
2013-09-17 ⋅ Symantec ⋅ Hidden Lynx – Professional Hackers for Hire 9002 RAT HiKit Aurora Panda |
2013-05-20 ⋅ FireEye ⋅ Ready for Summer: The Sunshop Campaign 9002 RAT |
2013-02-07 ⋅ FireEye ⋅ LadyBoyle Comes to Town with a New Exploit 9002 RAT |
2012-09-07 ⋅ Symantec ⋅ The Elderwood Project 9002 RAT Beijing Group |