RTM is a cyber criminal group that has been active since at least 2015, and has primarily targeted victims of remote banking systems in Russia and neighboring countries. The group uses a Trojan of the same name.

This is a collection of rules based on the presence of indicators of compromise publicly reported as associated with this malicious actor.