PatchWork gang dropped a variant of the BADNEWS Trojan
PatchWork gang dropped a variant of the BADNEWS Trojan
Threat Level
Actor Report
For a detailed threat advisory, download the pdf file here
Summary
Patchwork deployed a variant of the BADNEWS (Ragnatela) Remote Administration Trojan that employed malicious RTF files in its most recent campaign. The group’s project name and control panel are named “Ragnatela,” which means “spider web” in Italian. The RAT is capable of executing commands through cmd, taking screenshots, logging keystrokes, collecting a list of folders on the victim’s PC, and downloading additional payloads