Phone : +91 95 8290 7788 | Email :

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » FlawedAmmyy: A close look at the notorious activities and capabilities of the RAT

FlawedAmmyy: A close look at the notorious activities and capabilities of the RAT

  • FlawedAmmyy derives its source code from version 3 of the Ammyy Admin remote desktop software.
  • The malware has been active since the beginning of 2016.

FlawedAmmyy RAT has been rated as one of the most remote access trojans in 2018. The malware, that is active since the beginning of 2016, has been observed to be used in highly targeted email attacks as well as massive cyberespionage campaigns.

According to Proofpoint, a majority of these campaigns affected the automotive industry, with many of them associated with TA505 threat actor group.

Creation of the RAT – FlawedAmmyy derives its source code from version 3 of the Ammyy Admin remote desktop software. Ammyy Admin is a popular remote access tool used by businesses and consumers to remote control and diagnostics on Microsoft Windows machines.

Although FlawedAmmyy was publicly available since 2016, the RAT came to the light in 2018. It includes several functionalities of the leaked version such as:

  • Remote Desktop control;
  • File system manager;
  • Proxy support;
  • Audio chat.

Capabilities – Upon infection, the RAT can enable potential attackers to perform a variety of malicious activities such as:

  • Gaining complete access to PCs’ camera and microphone
  • Captures screenshots;
  • Ability to access a variety of services, steal files and credentials;
  • Stealing customer data, proprietary information and more.

The FlawedAmmyy C2 protocol occurs over port 443 with HTTP.

Major instances – The notorious FlawedAmmyy RAT is delivered to the target via phishing emails. Some of the known attack campaigns where the RAT was distributed via phishing emails include:

  • The widespread ‘Pied Piper phishing campaign’ in December 2018. The campaign was used against multiple targets. Attackers were found using weaponized .pub (Microsoft Publisher) documents to spread the RAT.
  • The massive attack campaigns on March 5 and 6, 2018. The message in these campaigns contained zipped .url attachments which were used to deliver the RAT. The emails were sent with subjects such as ‘Receipt No 1234567’ to match with the number of the attached zip file.
  • The targeted attack on March 1, 2018 – Phishing emails containing an attachment 0103_022.doc was used to deliver the malware. The attached doc included macros which when opened, downloaded the FlawedAmmyy directly.
  • In January, 2018, the RAT was used against the automotive industry. Here, the phishing emails contained an attachment which read ‘16.01.2018.doc’. Once the doc was opened, it unleashed the malicious macros onto a victim’s machine.

Experts believe that attackers will continue to use FlawedAmmyy’s activeness to target more and more enterprises in the future.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India













What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.


Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.


Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : | Support Email :

Register & Request Quote | Submit Support Ticket