Dridex Operators Use SDBbot RAT in Recent Attacks

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Forum Veteran
Aug 17, 2014
12,734
123,862
8,399
Content source
https://www.securityweek.com/dridex-operators-use-sdbbot-rat-recent-attacks
TA505, the Russian-speaking threat actor known for operating the Dridex Trojan and Locky ransomware, has been using a new remote access Trojan (RAT) in recent attacks, Proofpoint reports.

Dubbed SDBbot, the backdoor is being dropped via Get2, a new downloader that distributes other payloads as well, including FlawedGrace, FlawedAmmyy, and Snatch. The RAT was initially observed in attacks on South Korean users, as a secondary payload to the FlawedAmmyy RAT.

The cybercriminals have been using the Get2 downloader since early September. Initially, it delivered FlawedAmmyy and FlawedGrace, but switched to dropping SDBbot in early October.

As part of these attacks, new Microsoft Office macros were used specifically with the Get2 downloader, Proofpoint’s security researchers report.
Click to expand...
www.securityweek.com

Dridex Operators Use SDBbot RAT in Recent Attacks

TA505, the Russian-speaking threat actor known for operating the Dridex Trojan and Locky ransomware, has been using a new remote access Trojan (RAT) in recent attacks.
www.securityweek.com www.securityweek.com
 
  • Like
  • +Reputation
Reactions: Gandalf_The_Grey, Andy Ful, upnorth and 2 others
You must log in or register to reply here.

You may also like...