Clankerusecase
Threat-actor profile
 ← Back to main site
Home/ Threat Actors/ RTM

🌐RTM

🌐 RTM is a tracked threat actor in the Clankerusecase corpus. ??-aligned. Primary motivation: Unknown. We map 14 detection use cases to this actor across 7 MITRE ATT&CK techniques, with 0 threat-intel articles citing them.

View full actor card → All threat actors MITRE ATT&CK group spec (G0048) ↗
14Use cases
0Articles
7Techniques
0IOCs

About this actor (MITRE)

[RTM](https://attack.mitre.org/groups/G0048) is a cybercriminal group that has been active since at least 2015 and is primarily interested in users of remote banking systems in Russia and neighboring countries. The group uses a Trojan by the same name ([RTM](https://attack.mitre.org/software/S0148)). (Citation: ESET RTM Feb 2017)

Known aliases

RTM

Top techniques

T1102.001 · Dead Drop ResolverT1189 · Drive-by CompromiseT1204.002 · Malicious File

All other tracked techniques

T1219.002 · Remote Desktop SoftwareT1547.001 · Registry Run Keys / Startup FolderT1566.001 · Spearphishing AttachmentT1574.001 · DLL

Detection use cases (14)

RTM .bit / Namecoin dead-drop resolver C2 from non-browser process AI · profile SΣ RTM LiteManager covert RAT install + Run-key persistence on banking-software host AI · profile S Brand-Impersonation Domain Fetch Followed by User-Context Loader Within 10 Minutes MITRE match Developer package install spawning script-host with non-registry C2 within 5 minutes MITRE match Package Manager / Dev-Tool Auto-Execution Triggers Non-Registry Egress or Credential-Store Access MITRE match Package Manager Install Spawning Outbound Egress to Non-Registry Infrastructure Within 5 Minutes MITRE match Package manager lifecycle hook spawns network-fetching shell or runtime MITRE match Abnormal Security: malicious email opened MITRE match Email attachment opened from external sender MITRE match Detect hosts connecting to dynamic domain providers MITRE match Email Attachments With Lots Of Spaces MITRE match GSuite Email Suspicious Attachment MITRE match Gsuite Email Suspicious Subject With Attachment MITRE match MSI Module Loaded by Non-System Binary MITRE match