Down the H-W0rm Hole with Houdinis RAT
概要
Commodity Remote Access Trojans (RATs) -- which are designed, productized and sold to the casual and experienced hacker alike -- put powerful remote access capabilities into the hands of criminals. RATs, such as H-W0rm, njRAT, KilerRAT, DarkComet, Netwire, XtremeRAT, JSocket/AlienSpy/Adwind and others, hold special interest for the Threat Research Team at Fidelis Cybersecurity. We're constantly following, detecting and monitoring the lifecycle of these RATs as they appear, disappear and often reappear under a new moniker.
There have been recent reports 1, 2 about a new version of one such commodity RAT, H-W0rm (Hworm), and the various campaigns it is being used in. Our telemetry shows that H-W0rm is one of the most active RATs we've seen, with infections observed across virtually all enterprise verticals and geographies in which Fidelis Cybersecurity products are deployed.
Created: 2026-02-23
Indicators
類似Pulses
このPulseに関連する脅威アクター (事実ベース)
Score: 14.97
Matched TTPs:
- T1608.001 - Upload Malware
- T1195 - Supply Chain Compromise
- T1190 - Exploit Public-Facing Application
- T1592.002 - Software
- T1203 - Exploitation for Client Execution
- T1003.003 - NTDS
MITREへのリンク →
Score: 4.03
Matched TTPs:
- T1608.001 - Upload Malware
- T1027.002 - Software Packing
MITREへのリンク →
Score: 3.44
Matched TTPs:
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
MITREへのリンク →
Score: 9.94
Matched TTPs:
- T1608.001 - Upload Malware
- T1203 - Exploitation for Client Execution
- T1027.007 - Dynamic API Resolution
- T1003.003 - NTDS
MITREへのリンク →
Score: 10.99
Matched TTPs:
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1027.002 - Software Packing
- T1021.001 - Remote Desktop Protocol
- T1587 - Develop Capabilities
MITREへのリンク →
Score: 6.51
Matched TTPs:
- T1608.001 - Upload Malware
- T1608.006 - SEO Poisoning
MITREへのリンク →
Score: 8.96
Matched TTPs:
- T1608.001 - Upload Malware
- T1195 - Supply Chain Compromise
- T1203 - Exploitation for Client Execution
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 8.56
Matched TTPs:
- T1608.001 - Upload Malware
- T1610 - Deploy Container
- T1027.002 - Software Packing
MITREへのリンク →
Score: 6.99
Matched TTPs:
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1203 - Exploitation for Client Execution
- T1027.002 - Software Packing
MITREへのリンク →
Score: 4.03
Matched TTPs:
- T1608.001 - Upload Malware
- T1027.002 - Software Packing
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 3.47
Matched TTPs:
- T1608.001 - Upload Malware
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 3.47
Matched TTPs:
- T1608.001 - Upload Malware
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 3.62
Matched TTPs:
- T1608.001 - Upload Malware
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 5.52
Matched TTPs:
- T1608.001 - Upload Malware
- T1203 - Exploitation for Client Execution
- T1027.002 - Software Packing
MITREへのリンク →
Score: 9.10
Matched TTPs:
- T1608.001 - Upload Malware
- T1217 - Browser Information Discovery
- T1587 - Develop Capabilities
MITREへのリンク →
Score: 9.95
Matched TTPs:
- T1608.001 - Upload Malware
- T1681 - Search Threat Vendor Data
- T1587 - Develop Capabilities
MITREへのリンク →
Score: 7.68
Matched TTPs:
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1021.001 - Remote Desktop Protocol
- T1124 - System Time Discovery
MITREへのリンク →
Score: 3.47
Matched TTPs:
- T1608.001 - Upload Malware
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 6.81
Matched TTPs:
- T1195 - Supply Chain Compromise
- T1190 - Exploit Public-Facing Application
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 3.52
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1027.002 - Software Packing
MITREへのリンク →
Score: 13.39
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1217 - Browser Information Discovery
- T1027.002 - Software Packing
- T1021.001 - Remote Desktop Protocol
- T1003.003 - NTDS
- T1124 - System Time Discovery
MITREへのリンク →
Score: 13.97
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1203 - Exploitation for Client Execution
- T1003.003 - NTDS
- T1669 - Wi-Fi Networks
- T1211 - Exploitation for Defense Evasion
MITREへのリンク →
Score: 5.46
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1021.001 - Remote Desktop Protocol
- T1003.003 - NTDS
MITREへのリンク →
Score: 6.96
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1592.002 - Software
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 12.05
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1650 - Acquire Access
- T1027.002 - Software Packing
- T1021.001 - Remote Desktop Protocol
- T1003.003 - NTDS
MITREへのリンク →
Score: 3.52
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1027.002 - Software Packing
MITREへのリンク →
Score: 8.74
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1217 - Browser Information Discovery
- T1021.001 - Remote Desktop Protocol
- T1003.003 - NTDS
MITREへのリンク →
Score: 3.81
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1003.003 - NTDS
MITREへのリンク →
Score: 3.12
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 5.46
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1021.001 - Remote Desktop Protocol
- T1003.003 - NTDS
MITREへのリンク →
Score: 3.12
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 3.52
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1027.002 - Software Packing
MITREへのリンク →
Score: 5.02
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1203 - Exploitation for Client Execution
- T1027.002 - Software Packing
MITREへのリンク →
Score: 4.61
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1203 - Exploitation for Client Execution
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 3.12
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 13.82
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1681 - Search Threat Vendor Data
- T1205.001 - Port Knocking
- T1203 - Exploitation for Client Execution
- T1124 - System Time Discovery
MITREへのリンク →
Score: 6.95
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1203 - Exploitation for Client Execution
- T1021.001 - Remote Desktop Protocol
- T1003.003 - NTDS
MITREへのリンク →
Score: 9.15
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1203 - Exploitation for Client Execution
- T1021.001 - Remote Desktop Protocol
- T1001.002 - Steganography
MITREへのリンク →
Score: 9.00
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1203 - Exploitation for Client Execution
- T1027.002 - Software Packing
- T1021.001 - Remote Desktop Protocol
- T1003.003 - NTDS
MITREへのリンク →
Score: 3.81
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1003.003 - NTDS
MITREへのリンク →
Score: 3.12
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 5.17
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1027.002 - Software Packing
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 5.34
Matched TTPs:
- T1217 - Browser Information Discovery
- T1027.002 - Software Packing
MITREへのリンク →
Score: 7.27
Matched TTPs:
- T1217 - Browser Information Discovery
- T1021.001 - Remote Desktop Protocol
- T1003.003 - NTDS
MITREへのリンク →
Score: 9.87
Matched TTPs:
- T1217 - Browser Information Discovery
- T1021.001 - Remote Desktop Protocol
- T1003.003 - NTDS
- T1124 - System Time Discovery
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1205.001 - Port Knocking
MITREへのリンク →
Score: 5.34
Matched TTPs:
- T1592.002 - Software
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 4.09
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1124 - System Time Discovery
MITREへのリンク →
Score: 6.14
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1027.002 - Software Packing
- T1124 - System Time Discovery
MITREへのリンク →
Score: 9.87
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1027.007 - Dynamic API Resolution
- T1021.001 - Remote Desktop Protocol
- T1124 - System Time Discovery
MITREへのリンク →
Score: 5.19
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1027.002 - Software Packing
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 4.09
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1124 - System Time Discovery
MITREへのリンク →
Score: 3.14
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 5.19
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1027.002 - Software Packing
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 4.09
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1124 - System Time Discovery
MITREへのリンク →
Score: 3.55
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1027.002 - Software Packing
MITREへのリンク →
Score: 3.55
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1027.002 - Software Packing
MITREへのリンク →
Score: 4.09
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1124 - System Time Discovery
MITREへのリンク →
Score: 4.65
Matched TTPs:
- T1027.002 - Software Packing
- T1124 - System Time Discovery
MITREへのリンク →
Score: 3.99
Matched TTPs:
- T1021.001 - Remote Desktop Protocol
- T1003.003 - NTDS
MITREへのリンク →
Score: 3.99
Matched TTPs:
- T1021.001 - Remote Desktop Protocol
- T1003.003 - NTDS
MITREへのリンク →
Score: 4.54
Matched TTPs:
- T1056.004 - Credential API Hooking
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1211 - Exploitation for Defense Evasion
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.84
Matched TTPs:
- T1195 - Supply Chain Compromise
- T1203 - Exploitation for Client Execution
- T1608.001 - Upload Malware
- T1592.002 - Software
- T1190 - Exploit Public-Facing Application
- T1003.003 - NTDS
MITREへのリンク →
Score: 0.78
Matched TTPs:
- T1211 - Exploitation for Defense Evasion
- T1669 - Wi-Fi Networks
- T1203 - Exploitation for Client Execution
- T1190 - Exploit Public-Facing Application
- T1003.003 - NTDS
MITREへのリンク →
Score: 0.76
Matched TTPs:
- T1681 - Search Threat Vendor Data
- T1124 - System Time Discovery
- T1203 - Exploitation for Client Execution
- T1190 - Exploit Public-Facing Application
- T1205.001 - Port Knocking
MITREへのリンク →
Score: 0.73
Matched TTPs:
- T1124 - System Time Discovery
- T1217 - Browser Information Discovery
- T1190 - Exploit Public-Facing Application
- T1021.001 - Remote Desktop Protocol
- T1027.002 - Software Packing
- T1003.003 - NTDS
MITREへのリンク →
Score: 0.70
Matched TTPs:
- T1650 - Acquire Access
- T1190 - Exploit Public-Facing Application
- T1021.001 - Remote Desktop Protocol
- T1027.002 - Software Packing
- T1003.003 - NTDS
MITREへのリンク →
Score: 0.62
Matched TTPs:
- T1587 - Develop Capabilities
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1021.001 - Remote Desktop Protocol
- T1027.002 - Software Packing
MITREへのリンク →
Score: 0.61
Matched TTPs:
- T1608.001 - Upload Malware
- T1587 - Develop Capabilities
- T1681 - Search Threat Vendor Data
MITREへのリンク →
Score: 0.59
Matched TTPs:
- T1608.001 - Upload Malware
- T1203 - Exploitation for Client Execution
- T1003.003 - NTDS
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 0.58
Matched TTPs:
- T1021.001 - Remote Desktop Protocol
- T1217 - Browser Information Discovery
- T1124 - System Time Discovery
- T1003.003 - NTDS
MITREへのリンク →
Score: 0.57
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1021.001 - Remote Desktop Protocol
- T1124 - System Time Discovery
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 0.56
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1190 - Exploit Public-Facing Application
- T1021.001 - Remote Desktop Protocol
- T1027.002 - Software Packing
- T1003.003 - NTDS
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design