Derp.ca

RMS

Also known as: Gussdoor, Remote Manipulator System, RuRAT

CyberInt states that Remote Manipulator System (RMS) is a legitimate tool developed by Russian organization TektonIT and has been observed in campaigns conducted by TA505 as well as numerous smaller campaigns likely attributable to other, disparate, threat actors. In addition to the availability of commercial licenses, the tool is free for non-commercial use and supports the remote administration of both Microsoft Windows and Android devices.

Linked Threat Actors

TA505

Last 7 days

Mar 29, 2026
C2 Hosts: 1
Mar 28, 2026
C2 Hosts: 1

Further Reading

NetSupport RAT and RMS in malicious emails

Attackers are sending malicious scripts that download the Remote Manipulator System (RMS) build, known as BurnsRAT, and NetSupport RAT

securelist.com
The Gamaredon Group Toolset Evolution

Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon Group and our research shows that the G...

unit42.paloaltonetworks.com
Curly COMrades: A New Threat Actor Targeting Geopolitical Hotbeds

This research from Bitdefender Labs details a cluster of malicious activity we've been tracking since mid-2024.

bitdefender.com