ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool FlawedAmmyy

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: FlawedAmmyy

NamesFlawedAmmyy
AmmyyRAT
CategoryMalware
TypeBackdoor, Info stealer, Credential stealer, Exfiltration
Description(Proofpoint) Ammyy Admin is a popular remote access tool used by businesses and consumers to handle remote control and diagnostics on Microsoft Windows machines. However, leaked source code for Version 3 of Ammyy Admin has emerged as a Remote Access Trojan called FlawedAmmyy appearing in a variety of malicious campaigns. For infected individuals, this means that attackers potentially have complete access to their PCs, giving threat actors the ability to access a variety of services, steal files and credentials, and much more. We have seen FlawedAmmyy in both massive campaigns, potentially creating a large base of compromised computers, as well as targeted campaigns that create opportunities for actors to steal customer data, proprietary information, and more.
Information<https://www.proofpoint.com/us/threat-insight/post/leaked-ammyy-admin-source-code-turned-malware>
<https://www.sans.org/reading-room/whitepapers/reverseengineeringmalware/unpacking-decrypting-flawedammyy-38930>
<https://secrary.com/ReversingMalware/AMMY_RAT_Downloader/>
<https://www.proofpoint.com/us/threat-insight/post/ta505-abusing-settingcontent-ms-within-pdf-files-distribute-flawedammyy-rat>
<https://github.com/Coldzer0/Ammyy-v3>
MITRE ATT&CK<https://attack.mitre.org/software/S0381/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.flawedammyy>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:flawedammyy>

Last change to this tool card: 13 May 2020

Download this tool card in JSON format

Previous: Flashflood
Next: FlawedGrace

All groups using tool FlawedAmmyy

ChangedNameCountryObserved

APT groups

 Buhtrap, Ratopak SpiderRussia2015-Jun 2019 
 Carbanak, AnunakUkraine2013-Aug 2021 HOTX
 Cobalt GroupRussia2016-Oct 2019X
 FIN6, Skeleton Spider[Unknown]2015-Mar 2020 
 FIN11[Unknown]2016-Jun 2021 HOTX
 TA505, Graceful Spider, Gold EvergreenRussia2006-Oct 2020X

6 groups listed (6 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key