RTM
MITRE
Malware Type:
Other
Other
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[RTM](https://attack.mitre.org/software/S0148) is custom malware written in Delphi. It is used by the group of the same name ([RTM](https://attack.mitre.org/groups/G0048)). Newer versions of the malware have been reported publicly as Redaman.(Citation: ESET RTM Feb 2017)(Citation: Unit42 Redaman January 2019)
Associated Techniques (38)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1027 | Obfuscated Files or Information | - |
| T1027.015 | Compression | - |
| T1033 | System Owner/User Discovery | - |
| T1036 | Masquerading | - |
| T1036.004 | Masquerade Task or Service | - |
| T1053.005 | Scheduled Task | - |
| T1056.001 | Keylogging | - |
| T1057 | Process Discovery | - |
| T1059.003 | Windows Command Shell | - |
| T1070.004 | File Deletion | - |
| T1070.009 | Clear Persistence | - |
| T1071.001 | Web Protocols | - |
| T1082 | System Information Discovery | - |
| T1083 | File and Directory Discovery | - |
| T1102.001 | Dead Drop Resolver | - |
Aliases (105)
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Redaman
Used by Actors (1)
Metadata
| ID: | 417 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |