Remsec
MITRE
Malware Type:
Other
Other
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[Remsec](https://attack.mitre.org/software/S0125) is a modular backdoor that has been used by [Strider](https://attack.mitre.org/groups/G0041) and appears to have been designed primarily for espionage purposes. Many of its modules are written in Lua. (Citation: Symantec Strider Blog)
Associated Techniques (30)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1003.002 | Security Account Manager | - |
| T1016 | System Network Configuration Discovery | - |
| T1018 | Remote System Discovery | - |
| T1025 | Data from Removable Media | - |
| T1027.013 | Encrypted/Encoded File | - |
| T1033 | System Owner/User Discovery | - |
| T1036.005 | Match Legitimate Resource Name or Location | - |
| T1046 | Network Service Discovery | - |
| T1048.003 | Exfiltration Over Unencrypted Non-C2 Protocol | - |
| T1049 | System Network Connections Discovery | - |
| T1052.001 | Exfiltration over USB | - |
| T1053.005 | Scheduled Task | - |
| T1055.001 | Dynamic-link Library Injection | - |
| T1056.001 | Keylogging | - |
| T1057 | Process Discovery | - |
Aliases (208)
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Backdoor.Remsec
ProjectSauron
Used by Actors (1)
Metadata
| ID: | 308 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 04:00 |