Group: RTM

From enterprise
Jump to: navigation, search
RTM
Group
ID G0048
Aliases RTM

RTM is a cybercriminal group that has been active since at least 2015 and is primarily interested in users of remote banking systems in Russia and neighboring countries. The group uses a Trojan by the same name (RTM).1

Techniques Used

  • Web Service - RTM has used an RSS feed on Livejournal to update a list of encrypted C2 server names.1

Software