S0662Windows

S0662RCSession

Platforms
1
ATT&CK
14.1
References
4

Description

[RCSession](https://attack.mitre.org/software/S0662) is a backdoor written in C++ that has been in use since at least 2018 by [Mustang Panda](https://attack.mitre.org/groups/G0129) and by [Threat Group-3390](https://attack.mitre.org/groups/G0027) (Type II Backdoor).(Citation: Secureworks BRONZE PRESIDENT December 2019)(Citation: Trend Micro Iron Tiger April 2021)(Citation: Trend Micro DRBControl February 2020)

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupMustang Pandag012995%live

References

  1. https://attack.mitre.org/software/S0662
  2. https://www.secureworks.com/research/bronze-president-targets-ngos
  3. https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html
  4. https://documents.trendmicro.com/assets/white_papers/wp-uncovering-DRBcontrol.pdf

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
SysUpdate
Software
Clambling
Software
Pandora
Software
RGDoor
Software
ThreatNeedle
Software
MarkiRAT
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.