RTM (Read The Manual)

Kazakhstan
Russia

General description

The RTM cybercrime group began its activity in 2015 and it attacks organizations from various sectors, to steal cash from accounts, confidential documents and accounts. The group uses malware that it develops itself. The group's malware does not have a static control server; it receives it through the blockchain.

Objectives

Cash theft
Confidential data
Account theft

Tools

RTM downloader
RTM backdoor
Pony stealer
Azorult stealer

Targeted countries

Kazakhstan
Russia

Targeted sectors:

The finance sector
The energy sector
State sector
Information technologies
Industrial sector

Reports by Positive Technologies and other researchers

https://www.welivesecurity.com/wp-content/uploads/2017/02/Read-The-Manual.pdf
https://habr.com/ru/company/pt/blog/460857/
https://broadcast.comdi.com/watch/r0uikvnq
https://www.group-ib.com/blog/rtm