PatchWork gang dropped a variant of the BADNEWS Trojan

Threat Advisories

PatchWork gang dropped a variant of the BADNEWS Trojan

Threat Level
Actor Report

For a detailed threat advisory, download the pdf file here

Summary

Patchwork deployed a variant of the BADNEWS (Ragnatela) Remote Administration Trojan that employed malicious RTF files in its most recent campaign. The group’s project name and control panel are named “Ragnatela,” which means “spider web” in Italian. The RAT is capable of executing commands through cmd, taking screenshots, logging keystrokes, collecting a list of folders on the victim’s PC, and downloading additional payloads