The Abuse of ITarian RMM by Dolphin Loader

NetmanageIT OpenCTI - opencti.netmanageit.com

The Abuse of ITarian RMM by Dolphin Loader



SUMMARY :

This report explores how the Dolphin Loader, a malware-as-a-service loader, abuses the legitimate ITarian Remote Monitoring and Management (RMM) software to distribute various malware payloads. The loader leverages the built-in functionality of RMM tools, such as remote command execution and system monitoring, to operate stealthily and evade detection. The report provides an in-depth analysis of the Dolphin Loader's techniques, including the use of AutoIt scripts for payload execution and the abuse of the ITarian RMM software's 'Procedures' feature to run malicious Python scripts on registered devices.

OPENCTI LABELS :

redline,darkgate,python,rhadamanthys,rmm,autoit,stealthy,sectoprat,lummac2,malware-as-a-service,itarian,evade,dolphin loader


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


The Abuse of ITarian RMM by Dolphin Loader