Get2

Malware Profile Updated 25 days ago
Download STIX
Preview STIX
Get2 is a type of malware, harmful software designed to infiltrate and damage computer systems or devices. It can be unknowingly downloaded through suspicious emails, downloads, or websites, enabling it to steal personal information, disrupt operations, or hold data hostage for ransom. Among the most frequently observed loaders of such malware are Bazar, Buer, Dridex, Get2, IcedID, and Qakbot. In particular, Get2 has been used as a dropper to download other types of malware such as SDBot and FlawedGrace. In 2019, threat actors known as TA505 leveraged a type of ransomware called CL0P as the final payload of a phishing campaign. This campaign involved the use of a macro-enabled document that utilized Get2 as a malware dropper for downloading SDBot and FlawedGrace. Serving the Get2 payload was particularly noticeable in October 2019, with TA505 targeting a wide range of verticals and regions, indicating their consistent behavioral pattern of "following the money." The Get2 downloader, combined with SDBbot as its payload, appears to be TA505's latest strategy during the Fall of 2019. Proofpoint researchers speculate that the reboot functionality in the Get2 downloader is used to continue SDBbot’s execution after installation in the TA505 campaigns. SDBbot is a new remote access Trojan (RAT) written in C++ that has been delivered by the Get2 downloader in recent TA505 campaigns.
What's your take? (Question 1 of 5)
7f75d7f4-2087-4094-bd86-c194ee590df6 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Payload
Phishing
Malware
Loader
Ransomware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
FlawedGraceUnspecified
4
FlawedGrace is a notorious malware, a remote access trojan (RAT), that has been used extensively in cyberattacks. It was first brought to light in June 2023 when The DFIR Report revealed its use in Truebot operations. In these operations, following the successful download of a malicious file, Truebo
ClopUnspecified
2
Clop is a malicious software (malware) designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or hold data hostage for ransom. T
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
TA505Unspecified
4
TA505, also known as Cl0p Ransomware Gang and Lace Tempest, is a highly active and sophisticated cybercriminal group. The group has been associated with various high-profile cyber-attacks, demonstrating adaptability through a multi-vector approach to their operations. In June 2023, the U.S. Cybersec
cl0pUnspecified
2
Cl0p is a threat actor group that has emerged as the most used ransomware in March 2023, dethroning LockBit. The group has successfully exploited zero-day vulnerabilities in the past, but such attacks are relatively rare. Recent research by Malwarebytes highlights the bias of ransomware gangs for at
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Get2 Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader | Proofpoint US
MITRE
a year ago
TA505: A Brief History Of Their Time
MITRE
a year ago
Cybereason vs. Cl0p Ransomware
MITRE
a year ago
Probable Iranian Cyber Actors, Static Kitten, Conducting Cyberespionage Campaign Targeting UAE and Kuwait Government Agencies
Secureworks
a year ago
Phases of a Post-Intrusion Ransomware Attack
MITRE
a year ago
Threat Assessment: Clop Ransomware
CERT-EU
a year ago
New Malware Granting Threat Actors Hidden VNC Access
CERT-EU
a year ago
#StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability – Cyber Safe NV
CISA
a year ago
#StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability | CISA
Flashpoint
a year ago
No title