RMOT (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

ps1.rmot (Back to overview)

RMOT

Actor(s): DarkHotel

According to Trellix, this is a first-stage, powershell-based malware dropped via Excel/VBS. It is able to establish a foothold and exfiltrate data. Targets identified include hotels in Macao.

References

2022-03-17 ⋅ Trellix ⋅ John Fokker, Thibault Seret
Suspected DarkHotel APT activity update
RMOT

There is no Yara-Signature yet.

RMOT Propose Change

References

RMOT