Home > List all groups > List all tools > List all groups using tool Trochilus RAT

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Trochilus RAT

NamesTrochilus RAT
TypeReconnaissance, Backdoor, Info stealer, Downloader
DescriptionDespite that the RAT was designed to execute in the memory of the machine (thus evading detection by AV software), ASERT researchers obtained the RAT’s source code and connected it to a GitHub profile of a user named 5loyd.

On the GitHub page, the RAT has been advertised as a fast and free Windows remote administration tool. Other details include:
• Written in CC+;
• Supports various communication protocols;
• Has a file manager module, a remote shell, a non-UAC mode;
• Able to uninstall itself;
• Able to upload information from remote machines;
• Able to download an execute files.

Researchers believe that 5loys is not a part of Group 27. More likely, the user’s profile has been hijacked by the group and used for their own purposes.
AlienVault OTX<>

Last change to this tool card: 13 May 2020

Download this tool card in JSON format

All groups using tool Trochilus RAT


APT groups

 APT 31, Judgment Panda, ZirconiumChina2016-Jul 2021 HOT 
 Nightshade Panda, APT 9, Group 27China2013-Sep 2016 
 Stone Panda, APT 10, menuPassChina2006-Feb 2021X

3 groups listed (3 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
PGP Download PGP key