ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool FakeM

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: FakeM

NamesFakeM
FakeM RAT
Terminator RAT
CategoryMalware
TypeBackdoor
Description(Trend Micro) We found a family of RATs that we call “FAKEM” that make their network traffic look like various protocols. Some variants attempt to disguise network traffic to look like Windows® Messenger and Yahoo!® Messenger traffic. Another variant tries to make the content of its traffic look like HTML. While the disguises the RATs use are simple and distinguishable from legitimate traffic, they may be just good enough to avoid further scrutiny.
Information<https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-fakem-rat.pdf>
<https://www.welivesecurity.com/wp-content/uploads/2014/01/Advanced-Persistent-Threats.pdf>
MITRE ATT&CK<https://attack.mitre.org/software/S0076/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.terminator_rat>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:FakeM>

Last change to this tool card: 13 May 2020

Download this tool card in JSON format

All groups using tool FakeM

ChangedNameCountryObserved

APT groups

 Scarlet MimicChina2015 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key