← threatfilter.dev / all groups / RTM
RTM
Overview
RTM is a cybercriminal group that has been active since at least 2015 and is primarily interested in users of remote banking systems in Russia and neighboring countries. The group uses a Trojan by the same name (RTM).
TTPs — 7 techniques across 5 tactics
Initial Access
-
T1189Drive-by Compromise -
T1566.001Spearphishing Attachment
Execution
-
T1204.002Malicious File
Persistence
-
T1547.001Registry Run Keys / Startup Folder
Stealth
-
T1574.001DLL
Command and Control
-
T1102.001Dead Drop Resolver -
T1219.002Remote Desktop Software
Tools & malware (1)
RTM
Reporting (1)
- Read The Manual: A Guide to the RTM Banking Trojan — Faou, M. and Boutin, J