ProCC

Also known as: ProCC

ProCC is a threat actor targeting the hospitality sector with remote access Trojan malware. They use email attachments to exploit vulnerabilities like CVE-2017-0199 and deploy customized versions of RATs such as RevengeRAT, NjRAT, NanoCoreRAT, and 888 RAT. ProCC’s malware is capable of collecting data from the clipboard and printer spooler, as well as capturing screenshots on infected machines.

Introduction

ProCC is a threat actor targeting the hospitality sector with remote access Trojan malware. They use email attachments to exploit vulnerabilities like CVE-2017-0199 and deploy customized versions of RATs such as RevengeRAT, NjRAT, NanoCoreRAT, and 888 RAT. ProCC’s malware is capable of collecting data from the clipboard and printer spooler, as well as capturing screenshots on infected machines.

Activities and Tactics

Information pending cataloguing.

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • Trojan.Karagany
  • RemoteCMD
  • Trojan.Mebromi
  • jRAT
  • NJRat
  • Remote Utilities
  • RemotePC
  • NanoCore
  • Xploit
  • Revenge-RAT

Attribution and Evidence

Information pending cataloguing.

References

References pending cataloguing.