BBSRAT

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
BBSRAT is a malware, typically packaged within a portable executable file, although in some instances, it has been discovered within a raw DLL. This harmful program is designed to exploit and damage computers or devices and can be delivered through suspicious downloads, emails, or websites. In the most recent attack campaign using BBSRAT, the adversary appears to have deployed purpose-built variants and/or infrastructure for each of the intended targets, indicating a high level of sophistication and customization. The malware was observed being deployed via a downloader that used the Invoke-ReflectivePEInjection.ps1 script from the PowerSploit framework. The first known attack using BBSRAT was observed in August 2015 as part of the "Roaming Tiger" campaign. During this attack, weaponized exploit documents were used which left Russian language decoy document files after infecting the system. In more recent attacks, the Trojan was found in AutoFocus, a cybersecurity tool, highlighting the evolving nature of the threat. Palo Alto Networks' WildFire technology has been successful in classifying BBSRAT malware samples as malicious, providing a degree of defense against this threat. BBSRAT accepts many possible commands that the C2 (Command and Control) server can provide, giving attackers a wide range of options for exploiting infected systems. Upon execution, BBSRAT loads certain libraries at runtime, starting its disruptive operations. The downloaded executable contains a copy of the BBSRAT malware family, further propagating the threat. To protect against BBSRAT and similar threats, users are advised to avoid suspicious downloads, emails, and websites, and to regularly update their security software.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the BBSRAT Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger