EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
|Threat Level:||80 % (High)|
|First Seen:||January 13, 2016|
|Last Seen:||March 28, 2020|
The Trochilus RAT is a threatening RAT (Remote Access Trojan) that may evade many anti-virus programs. The Trochilus RAT is currently being used as part of an extended threat campaign in South East Asia. The first appearance of the Trochilus RAT in this campaign, which has been active since August of 2015, was first detected in the summer of 2015. The Trochilus RAT is currently being used against civil society organizations and government computers in the South East Asia region, particularly in attacks directed towards the government of Myanmar.
The Trochilus RAT is being Used in a Campaign Against the Myanmar Government
Multiple unwanted components are being used as part of an extended campaign against the Myanmar government that has been going on since at least August of 2015. The group responsible for these attacks is identified as 'Group 27.' This group has been using tactics that involve using official Myanmar government Web pages to infect computer users that pass through these websites with PlugX, a threatening infection classified as a RAT. These attacks take advantage of the increased number of visitors they are getting because there will be elections in this nation soon. Computer users looking for information about the elections on these websites may be infected with the PlugX RAT, as well as with the Trochilus RAT, and other threats that have been linked to these attacks. Although this threat campaign was made public, it has continued, uninterrupted since its beginning in summer of 2015.
The Trochilus RAT and Its Involvement in These Attacks
After taking a deeper look at the group responsible for these attacks, PC security researchers have received reports of a new RAT, identified as the Trochilus RAT. The Trochilus RAT infection is unique because it had been undetected by anti-virus programs previously. The Trochilus RAT is part of the threats used by Group 27, which include, at least, six other types of threats. These threats are delivered together, in different combinations, depending on the intended target and the data that was meant to be collected.
The Trochilus RAT and the 'Seven Pointed Dagger'
The collection of threats used by Group 27 has been nicknamed the 'Seven Pointed Dagger' by PC security researchers. This collection of threats includes two versions of PlugX, two versions of the Trochilus RAT, the 3012 variant of the 9002 RAT, one version of the EvilGrab RAT, and one additional threat that has currently not been identified. Essentially, the purpose of this collection of threats is to obtain information from the affected computer and to control it remotely. The Trochilus RAT was first discovered between October and November and has been in use since then. The main infection vector that has been linked to these threats is the website of the Myanmar Union Election Commission or UEC. Computer users are advised to avoid this Web page until the Trochilus RAT, and other threats have been eradicated.
Con Artists can Acquire the Trochilus RAT Easily
The code of the Trochilus RAT is publicly available. The Trochilus RAT has reverse shell features. The Trochilus RAT is executed in memory, rather than creating a file on the victims' computer. This is essentially what makes it difficult to be detected by most anti-virus programs. Remote Administration Tools such as the Trochilus RAT do have some legitimate uses, but when installed by con artists also may be used for more nefarious purposes. A look into the Trochilus RAT's code reveals a Remote Administration Tool that is efficient and easy to use, designed to infect computers on the Windows operating system specifically.