Down the H-W0rm Hole with Houdinis RAT
概要
Commodity Remote Access Trojans (RATs) -- which are designed, productized and sold to the casual and experienced hacker alike -- put powerful remote access capabilities into the hands of criminals. RATs, such as H-W0rm, njRAT, KilerRAT, DarkComet, Netwire, XtremeRAT, JSocket/AlienSpy/Adwind and others, hold special interest for the Threat Research Team at Fidelis Cybersecurity. We're constantly following, detecting and monitoring the lifecycle of these RATs as they appear, disappear and often reappear under a new moniker.
There have been recent reports 1, 2 about a new version of one such commodity RAT, H-W0rm (Hworm), and the various campaigns it is being used in. Our telemetry shows that H-W0rm is one of the most active RATs we've seen, with infections observed across virtually all enterprise verticals and geographies in which Fidelis Cybersecurity products are deployed.
Created: 2026-02-23
Indicators
類似Pulses
このPulseに関連する脅威アクター (事実ベース)
Score: 14.97
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1140 - Deobfuscate/Decode Files or Information
- T1187 - Forced Authentication
- T1218.010 - Regsvr32
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 4.03
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 3.44
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →
Score: 9.94
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1218.010 - Regsvr32
- T1055.005 - Thread Local Storage
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 10.99
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1537 - Transfer Data to Cloud Account
- T1622 - Debugger Evasion
- T1126 - Network Share Connection Removal
MITREへのリンク →
Score: 6.51
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1543.002 - Systemd Service
MITREへのリンク →
Score: 8.96
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1218.010 - Regsvr32
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 8.56
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1071.003 - Mail Protocols
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 6.99
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 4.03
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 3.47
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 3.47
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 3.62
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 5.52
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 9.10
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1491 - Defacement
- T1126 - Network Share Connection Removal
MITREへのリンク →
Score: 9.95
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1021.006 - Windows Remote Management
- T1126 - Network Share Connection Removal
MITREへのリンク →
Score: 7.68
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1622 - Debugger Evasion
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 3.47
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 6.81
Matched TTPs:
- T1005 - Data from Local System
- T1140 - Deobfuscate/Decode Files or Information
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 3.52
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 13.39
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1491 - Defacement
- T1537 - Transfer Data to Cloud Account
- T1622 - Debugger Evasion
- T1548.006 - TCC Manipulation
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 13.97
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1218.010 - Regsvr32
- T1548.006 - TCC Manipulation
- T1546.007 - Netsh Helper DLL
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 5.46
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1622 - Debugger Evasion
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 6.96
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1187 - Forced Authentication
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 12.05
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1598 - Phishing for Information
- T1537 - Transfer Data to Cloud Account
- T1622 - Debugger Evasion
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 3.52
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 8.74
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1491 - Defacement
- T1622 - Debugger Evasion
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 3.81
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 3.12
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 5.46
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1622 - Debugger Evasion
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 3.12
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 3.52
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 5.02
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 4.61
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1218.010 - Regsvr32
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 3.12
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 13.82
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1021.006 - Windows Remote Management
- T1547.015 - Login Items
- T1218.010 - Regsvr32
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 6.95
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1218.010 - Regsvr32
- T1622 - Debugger Evasion
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 9.15
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1218.010 - Regsvr32
- T1622 - Debugger Evasion
- T1160 - Launch Daemon
MITREへのリンク →
Score: 9.00
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
- T1622 - Debugger Evasion
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 3.81
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 3.12
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 5.17
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1537 - Transfer Data to Cloud Account
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 5.34
Matched TTPs:
- T1491 - Defacement
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 7.27
Matched TTPs:
- T1491 - Defacement
- T1622 - Debugger Evasion
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 9.87
Matched TTPs:
- T1491 - Defacement
- T1622 - Debugger Evasion
- T1548.006 - TCC Manipulation
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 5.34
Matched TTPs:
- T1187 - Forced Authentication
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 4.09
Matched TTPs:
- T1218.010 - Regsvr32
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 6.14
Matched TTPs:
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 9.87
Matched TTPs:
- T1218.010 - Regsvr32
- T1055.005 - Thread Local Storage
- T1622 - Debugger Evasion
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 5.19
Matched TTPs:
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 4.09
Matched TTPs:
- T1218.010 - Regsvr32
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 3.14
Matched TTPs:
- T1218.010 - Regsvr32
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 5.19
Matched TTPs:
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 4.09
Matched TTPs:
- T1218.010 - Regsvr32
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 3.55
Matched TTPs:
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 3.55
Matched TTPs:
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 4.09
Matched TTPs:
- T1218.010 - Regsvr32
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 4.65
Matched TTPs:
- T1537 - Transfer Data to Cloud Account
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 3.99
Matched TTPs:
- T1622 - Debugger Evasion
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 3.99
Matched TTPs:
- T1622 - Debugger Evasion
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 4.54
Matched TTPs:
- T1686 - Disable or Modify System Firewall
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1566.003 - Spearphishing via Service
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.84
Matched TTPs:
- T1548.006 - TCC Manipulation
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1140 - Deobfuscate/Decode Files or Information
- T1187 - Forced Authentication
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 0.78
Matched TTPs:
- T1548.006 - TCC Manipulation
- T1566.003 - Spearphishing via Service
- T1140 - Deobfuscate/Decode Files or Information
- T1546.007 - Netsh Helper DLL
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 0.76
Matched TTPs:
- T1578.001 - Create Snapshot
- T1021.006 - Windows Remote Management
- T1547.015 - Login Items
- T1140 - Deobfuscate/Decode Files or Information
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 0.73
Matched TTPs:
- T1548.006 - TCC Manipulation
- T1578.001 - Create Snapshot
- T1491 - Defacement
- T1622 - Debugger Evasion
- T1537 - Transfer Data to Cloud Account
- T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →
Score: 0.70
Matched TTPs:
- T1548.006 - TCC Manipulation
- T1622 - Debugger Evasion
- T1537 - Transfer Data to Cloud Account
- T1140 - Deobfuscate/Decode Files or Information
- T1598 - Phishing for Information
MITREへのリンク →
Score: 0.62
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1622 - Debugger Evasion
- T1126 - Network Share Connection Removal
- T1537 - Transfer Data to Cloud Account
- T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →
Score: 0.61
Matched TTPs:
- T1126 - Network Share Connection Removal
- T1091 - Replication Through Removable Media
- T1021.006 - Windows Remote Management
MITREへのリンク →
Score: 0.59
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1218.010 - Regsvr32
- T1055.005 - Thread Local Storage
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 0.58
Matched TTPs:
- T1622 - Debugger Evasion
- T1548.006 - TCC Manipulation
- T1491 - Defacement
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 0.57
Matched TTPs:
- T1622 - Debugger Evasion
- T1218.010 - Regsvr32
- T1055.005 - Thread Local Storage
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 0.56
Matched TTPs:
- T1548.006 - TCC Manipulation
- T1622 - Debugger Evasion
- T1537 - Transfer Data to Cloud Account
- T1140 - Deobfuscate/Decode Files or Information
- T1218.010 - Regsvr32
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design