S0458Windows

S0458Ramsay

Platforms
1
ATT&CK
14.1
References
3

Description

[Ramsay](https://attack.mitre.org/software/S0458) is an information stealing malware framework designed to collect and exfiltrate sensitive documents, including from air-gapped systems. Researchers have identified overlaps between [Ramsay](https://attack.mitre.org/software/S0458) and the [Darkhotel](https://attack.mitre.org/groups/G0012)-associated Retro malware.(Citation: Eset Ramsay May 2020)(Citation: Antiy CERT Ramsay April 2020)

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupDarkhotelg0012100%live

References

  1. https://attack.mitre.org/software/S0458
  2. https://www.welivesecurity.com/2020/05/13/ramsay-cyberespionage-toolkit-airgapped-networks/
  3. https://www.programmersought.com/article/62493896999/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
Ramsey
Software
Ryuk
Software
Ragnar Locker
Software
Carberp
Software
RGDoor
Software
Egregor
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.