Drbcontrol

DRBControl is a malicious software (malware) that infiltrates computer systems, often undetected, to exploit and damage them. This malware can steal personal information, disrupt operations, or even hold data hostage for ransom. It was discovered that the same library used in the DRBControl backdoor was also found in several samples of the PlugX backdoor, a tool popular among Chinese-speaking groups. Interestingly, this specific library has not been detected in any other known malware. Upon comparison of samples of the PlugY implant and the DRBControl backdoor, it was revealed that these two samples share the exact same architecture. The command code for taking screenshots, retrieving information about connected disks, and active windows in the DRBControl backdoor are identical to those in the implant. However, the analysis of the implant is still ongoing, but initial findings indicate that the code of the DRBControl backdoor was used in its development. The DRBControl backdoor supports three different protocols for communicating with C2, showing a significant resemblance to the code of the implant. Several companies attribute the DRBControl backdoor, also known as Clambling, to the APT27 group. This finding suggests a high likelihood that the APT27 group may have played a role in the development and deployment of this malware.