Dridex Operators Use SDBbot RAT in Recent Attacks

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,003
TA505, the Russian-speaking threat actor known for operating the Dridex Trojan and Locky ransomware, has been using a new remote access Trojan (RAT) in recent attacks, Proofpoint reports.

Dubbed SDBbot, the backdoor is being dropped via Get2, a new downloader that distributes other payloads as well, including FlawedGrace, FlawedAmmyy, and Snatch. The RAT was initially observed in attacks on South Korean users, as a secondary payload to the FlawedAmmyy RAT.

The cybercriminals have been using the Get2 downloader since early September. Initially, it delivered FlawedAmmyy and FlawedGrace, but switched to dropping SDBbot in early October.

As part of these attacks, new Microsoft Office macros were used specifically with the Get2 downloader, Proofpoint’s security researchers report.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top