Sarwent Malware Continues to Evolve With Updated Command Functions
released on 2020-05-22 @ 02:40:09 PM
Sarwent has received little attention from researchers, but this backdoor malware is still being actively developed, with new commands and a focus on RDP.
Executive Summary - Updates to Sarwent malware show a continued interest in backdoor functionality such as executing PowerShell commands. Updates also show a preference for using RDP. Sarwent has been seen using the same binary signer as at least one TrickBot operator.