Down the H-W0rm Hole with Houdinis RAT
概要
Commodity Remote Access Trojans (RATs) -- which are designed, productized and sold to the casual and experienced hacker alike -- put powerful remote access capabilities into the hands of criminals. RATs, such as H-W0rm, njRAT, KilerRAT, DarkComet, Netwire, XtremeRAT, JSocket/AlienSpy/Adwind and others, hold special interest for the Threat Research Team at Fidelis Cybersecurity. We're constantly following, detecting and monitoring the lifecycle of these RATs as they appear, disappear and often reappear under a new moniker.
There have been recent reports 1, 2 about a new version of one such commodity RAT, H-W0rm (Hworm), and the various campaigns it is being used in. Our telemetry shows that H-W0rm is one of the most active RATs we've seen, with infections observed across virtually all enterprise verticals and geographies in which Fidelis Cybersecurity products are deployed.
Created: 2026-02-23
Indicators
類似Pulses
このPulseに関連する脅威アクター (事実ベース)
Score: 14.97
Matched TTPs:
- T1608.001 - Upload Malware
- T1195 - Supply Chain Compromise
- T1190 - Exploit Public-Facing Application
- T1592.002 - Software
- T1203 - Exploitation for Client Execution
- T1003.003 - NTDS
MITREへのリンク →
Score: 4.03
Matched TTPs:
- T1608.001 - Upload Malware
- T1027.002 - Software Packing
MITREへのリンク →
Score: 3.44
Matched TTPs:
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
MITREへのリンク →
Score: 9.94
Matched TTPs:
- T1608.001 - Upload Malware
- T1203 - Exploitation for Client Execution
- T1027.007 - Dynamic API Resolution
- T1003.003 - NTDS
MITREへのリンク →
Score: 10.99
Matched TTPs:
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1027.002 - Software Packing
- T1021.001 - Remote Desktop Protocol
- T1587 - Develop Capabilities
MITREへのリンク →
Score: 6.51
Matched TTPs:
- T1608.001 - Upload Malware
- T1608.006 - SEO Poisoning
MITREへのリンク →
Score: 8.96
Matched TTPs:
- T1608.001 - Upload Malware
- T1195 - Supply Chain Compromise
- T1203 - Exploitation for Client Execution
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 8.56
Matched TTPs:
- T1608.001 - Upload Malware
- T1610 - Deploy Container
- T1027.002 - Software Packing
MITREへのリンク →
Score: 6.99
Matched TTPs:
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1203 - Exploitation for Client Execution
- T1027.002 - Software Packing
MITREへのリンク →
Score: 4.03
Matched TTPs:
- T1608.001 - Upload Malware
- T1027.002 - Software Packing
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 3.47
Matched TTPs:
- T1608.001 - Upload Malware
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 3.47
Matched TTPs:
- T1608.001 - Upload Malware
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 3.62
Matched TTPs:
- T1608.001 - Upload Malware
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 5.52
Matched TTPs:
- T1608.001 - Upload Malware
- T1203 - Exploitation for Client Execution
- T1027.002 - Software Packing
MITREへのリンク →
Score: 9.10
Matched TTPs:
- T1608.001 - Upload Malware
- T1217 - Browser Information Discovery
- T1587 - Develop Capabilities
MITREへのリンク →
Score: 9.95
Matched TTPs:
- T1608.001 - Upload Malware
- T1681 - Search Threat Vendor Data
- T1587 - Develop Capabilities
MITREへのリンク →
Score: 7.68
Matched TTPs:
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1021.001 - Remote Desktop Protocol
- T1124 - System Time Discovery
MITREへのリンク →
Score: 3.47
Matched TTPs:
- T1608.001 - Upload Malware
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 6.81
Matched TTPs:
- T1195 - Supply Chain Compromise
- T1190 - Exploit Public-Facing Application
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 3.52
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1027.002 - Software Packing
MITREへのリンク →
Score: 13.39
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1217 - Browser Information Discovery
- T1027.002 - Software Packing
- T1021.001 - Remote Desktop Protocol
- T1003.003 - NTDS
- T1124 - System Time Discovery
MITREへのリンク →
Score: 13.97
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1203 - Exploitation for Client Execution
- T1003.003 - NTDS
- T1669 - Wi-Fi Networks
- T1211 - Exploitation for Defense Evasion
MITREへのリンク →
Score: 5.46
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1021.001 - Remote Desktop Protocol
- T1003.003 - NTDS
MITREへのリンク →
Score: 6.96
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1592.002 - Software
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 12.05
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1650 - Acquire Access
- T1027.002 - Software Packing
- T1021.001 - Remote Desktop Protocol
- T1003.003 - NTDS
MITREへのリンク →
Score: 3.52
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1027.002 - Software Packing
MITREへのリンク →
Score: 8.74
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1217 - Browser Information Discovery
- T1021.001 - Remote Desktop Protocol
- T1003.003 - NTDS
MITREへのリンク →
Score: 3.81
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1003.003 - NTDS
MITREへのリンク →
Score: 3.12
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 5.46
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1021.001 - Remote Desktop Protocol
- T1003.003 - NTDS
MITREへのリンク →
Score: 3.12
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 3.52
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1027.002 - Software Packing
MITREへのリンク →
Score: 5.02
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1203 - Exploitation for Client Execution
- T1027.002 - Software Packing
MITREへのリンク →
Score: 4.61
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1203 - Exploitation for Client Execution
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 3.12
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 13.82
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1681 - Search Threat Vendor Data
- T1205.001 - Port Knocking
- T1203 - Exploitation for Client Execution
- T1124 - System Time Discovery
MITREへのリンク →
Score: 6.95
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1203 - Exploitation for Client Execution
- T1021.001 - Remote Desktop Protocol
- T1003.003 - NTDS
MITREへのリンク →
Score: 9.15
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1203 - Exploitation for Client Execution
- T1021.001 - Remote Desktop Protocol
- T1001.002 - Steganography
MITREへのリンク →
Score: 9.00
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1203 - Exploitation for Client Execution
- T1027.002 - Software Packing
- T1021.001 - Remote Desktop Protocol
- T1003.003 - NTDS
MITREへのリンク →
Score: 3.81
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1003.003 - NTDS
MITREへのリンク →
Score: 3.12
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 5.17
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1027.002 - Software Packing
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 5.34
Matched TTPs:
- T1217 - Browser Information Discovery
- T1027.002 - Software Packing
MITREへのリンク →
Score: 7.27
Matched TTPs:
- T1217 - Browser Information Discovery
- T1021.001 - Remote Desktop Protocol
- T1003.003 - NTDS
MITREへのリンク →
Score: 9.87
Matched TTPs:
- T1217 - Browser Information Discovery
- T1021.001 - Remote Desktop Protocol
- T1003.003 - NTDS
- T1124 - System Time Discovery
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1205.001 - Port Knocking
MITREへのリンク →
Score: 5.34
Matched TTPs:
- T1592.002 - Software
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 4.09
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1124 - System Time Discovery
MITREへのリンク →
Score: 6.14
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1027.002 - Software Packing
- T1124 - System Time Discovery
MITREへのリンク →
Score: 9.87
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1027.007 - Dynamic API Resolution
- T1021.001 - Remote Desktop Protocol
- T1124 - System Time Discovery
MITREへのリンク →
Score: 5.19
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1027.002 - Software Packing
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 4.09
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1124 - System Time Discovery
MITREへのリンク →
Score: 3.14
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 5.19
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1027.002 - Software Packing
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 4.09
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1124 - System Time Discovery
MITREへのリンク →
Score: 3.55
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1027.002 - Software Packing
MITREへのリンク →
Score: 3.55
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1027.002 - Software Packing
MITREへのリンク →
Score: 4.09
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1124 - System Time Discovery
MITREへのリンク →
Score: 4.65
Matched TTPs:
- T1027.002 - Software Packing
- T1124 - System Time Discovery
MITREへのリンク →
Score: 3.99
Matched TTPs:
- T1021.001 - Remote Desktop Protocol
- T1003.003 - NTDS
MITREへのリンク →
Score: 3.99
Matched TTPs:
- T1021.001 - Remote Desktop Protocol
- T1003.003 - NTDS
MITREへのリンク →
Score: 4.54
Matched TTPs:
- T1056.004 - Credential API Hooking
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1211 - Exploitation for Defense Evasion
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.84
Matched TTPs:
- T1195 - Supply Chain Compromise
- T1608.001 - Upload Malware
- T1003.003 - NTDS
- T1592.002 - Software
- T1190 - Exploit Public-Facing Application
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 0.78
Matched TTPs:
- T1003.003 - NTDS
- T1211 - Exploitation for Defense Evasion
- T1190 - Exploit Public-Facing Application
- T1669 - Wi-Fi Networks
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 0.76
Matched TTPs:
- T1681 - Search Threat Vendor Data
- T1124 - System Time Discovery
- T1205.001 - Port Knocking
- T1190 - Exploit Public-Facing Application
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 0.73
Matched TTPs:
- T1021.001 - Remote Desktop Protocol
- T1003.003 - NTDS
- T1124 - System Time Discovery
- T1217 - Browser Information Discovery
- T1027.002 - Software Packing
- T1190 - Exploit Public-Facing Application
MITREへのリンク →
Score: 0.70
Matched TTPs:
- T1021.001 - Remote Desktop Protocol
- T1003.003 - NTDS
- T1650 - Acquire Access
- T1027.002 - Software Packing
- T1190 - Exploit Public-Facing Application
MITREへのリンク →
Score: 0.62
Matched TTPs:
- T1021.001 - Remote Desktop Protocol
- T1608.001 - Upload Malware
- T1587 - Develop Capabilities
- T1027.002 - Software Packing
- T1190 - Exploit Public-Facing Application
MITREへのリンク →
Score: 0.61
Matched TTPs:
- T1681 - Search Threat Vendor Data
- T1587 - Develop Capabilities
- T1608.001 - Upload Malware
MITREへのリンク →
Score: 0.59
Matched TTPs:
- T1027.007 - Dynamic API Resolution
- T1203 - Exploitation for Client Execution
- T1003.003 - NTDS
- T1608.001 - Upload Malware
MITREへのリンク →
Score: 0.58
Matched TTPs:
- T1217 - Browser Information Discovery
- T1021.001 - Remote Desktop Protocol
- T1003.003 - NTDS
- T1124 - System Time Discovery
MITREへのリンク →
Score: 0.57
Matched TTPs:
- T1027.007 - Dynamic API Resolution
- T1021.001 - Remote Desktop Protocol
- T1203 - Exploitation for Client Execution
- T1124 - System Time Discovery
MITREへのリンク →
Score: 0.56
Matched TTPs:
- T1021.001 - Remote Desktop Protocol
- T1003.003 - NTDS
- T1027.002 - Software Packing
- T1190 - Exploit Public-Facing Application
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design