Get2

Malware updated 23 days ago (2024-11-29T14:15:51.935Z)
Download STIX
Preview STIX
Get2 is a type of malware, harmful software designed to infiltrate and damage computer systems or devices. It can be unknowingly downloaded through suspicious emails, downloads, or websites, enabling it to steal personal information, disrupt operations, or hold data hostage for ransom. Among the most frequently observed loaders of such malware are Bazar, Buer, Dridex, Get2, IcedID, and Qakbot. In particular, Get2 has been used as a dropper to download other types of malware such as SDBot and FlawedGrace. In 2019, threat actors known as TA505 leveraged a type of ransomware called CL0P as the final payload of a phishing campaign. This campaign involved the use of a macro-enabled document that utilized Get2 as a malware dropper for downloading SDBot and FlawedGrace. Serving the Get2 payload was particularly noticeable in October 2019, with TA505 targeting a wide range of verticals and regions, indicating their consistent behavioral pattern of "following the money." The Get2 downloader, combined with SDBbot as its payload, appears to be TA505's latest strategy during the Fall of 2019. Proofpoint researchers speculate that the reboot functionality in the Get2 downloader is used to continue SDBbot’s execution after installation in the TA505 campaigns. SDBbot is a new remote access Trojan (RAT) written in C++ that has been delivered by the Get2 downloader in recent TA505 campaigns.
Description last updated: 2024-05-04T16:08:33.743Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Payload
Phishing
Malware
Loader
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The FlawedGrace Malware is associated with Get2. FlawedGrace is a notorious malware, a remote access trojan (RAT), that has been used extensively in cyberattacks. It was first brought to light in June 2023 when The DFIR Report revealed its use in Truebot operations. In these operations, following the successful download of a malicious file, TrueboUnspecified
4
The Clop Malware is associated with Get2. Clop, a malicious software (malware), is linked to a Russian-speaking cybercriminal group also known as Cl0p. It is designed to exploit and damage computer systems by stealing personal information, disrupting operations, or holding data hostage for ransom. In May 2023, the Clop group began exploitinUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The TA505 Threat Actor is associated with Get2. TA505, also known as Cl0p Ransomware Gang and Lace Tempest, is a highly active and sophisticated cybercriminal group. The group has been associated with various high-profile cyber-attacks, demonstrating adaptability through a multi-vector approach to their operations. In June 2023, the U.S. CybersecUnspecified
4
The cl0p Threat Actor is associated with Get2. Cl0p is a threat actor group that has emerged as the most used ransomware in March 2023, dethroning LockBit. The group has successfully exploited zero-day vulnerabilities in the past, but such attacks are relatively rare. Recent research by Malwarebytes highlights the bias of ransomware gangs for atUnspecified
2