WebMonitor is a remote access trojan (RAT) that has been sold as a service on underground forums since 2017. The RAT is a service bundled with a VPN, C2 service, and a web-based interface. WebMonitor comes with a client builder designed for ease of use; it can be crafted to preference of persistence, it can run at startup and processes can be restarted if terminated. The C2-as-a-Service (C2aaS) model gives the attacker the ability to use their own C2 server or the one implemented within the WebMonitor kit.

Technical Details

  • Palo Alto Networks provides technical analysis of WebMonitor, here.