SYMBOLCOMMON_NAMEaka. SYNONYMS
ps1.rmot (Back to overview)

RMOT

Actor(s): DarkHotel

According to Trellix, this is a first-stage, powershell-based malware dropped via Excel/VBS. It is able to establish a foothold and exfiltrate data. Targets identified include hotels in Macao.

References
2022-03-17TrellixJohn Fokker, Thibault Seret
Suspected DarkHotel APT activity update
RMOT

There is no Yara-Signature yet.