Get2 Downloader

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
The Get2 downloader is a type of malware that has been recently used by the threat actor TA505 in its campaigns. The malicious software, which can infiltrate systems through suspicious downloads, emails, or websites, has been incorporated into new Microsoft Office macros. These macros are embedded within Microsoft Excel spreadsheets, luring users to open the document and enable them, thereby activating the Get2 downloader. The malware's reboot functionality is speculated to be used for the continued execution of another malicious program post-installation. In October 2019, TA505 initiated a wide range of attacks across various verticals and regions, employing the Get2 downloader as part of its strategy. This downloader was used to deliver SDBbot, a new remote access Trojan (RAT) written in C++. The combination of Get2 and SDBbot marks TA505's latest tactic for that period, aligning with the group's typical "follow the money" behavioral pattern. Proofpoint researchers have provided a detailed analysis of the Get2 downloader and SDBbot RAT, outlining the tactics, techniques, and procedures associated with these recent campaigns. They've noted the use of Visual Basic macro code samples from the malicious Microsoft Excel spreadsheets in conjunction with the Get2 downloader. The findings were published on October 16, 2019, highlighting the emerging threat landscape and the evolving strategies of threat actors like TA505.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
TA505
1
TA505, also known as Cl0p Ransomware Gang and Lace Tempest, is a highly active and sophisticated cybercriminal group. The group has been associated with various high-profile cyber-attacks, demonstrating adaptability through a multi-vector approach to their operations. In June 2023, the U.S. Cybersec
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Rat
Payload
Trojan
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
SDBbotUnspecified
1
SDBbot is a malicious software (malware) that infiltrates computer systems typically through deceptive downloads, emails, or websites. In the context of cyber threats, it falls under the category of custom malware, used by threat groups such as GOLD TAHOE. Other common offensive security tools and c
Get2Unspecified
1
Get2 is a type of malware, harmful software designed to infiltrate and damage computer systems or devices. It can be unknowingly downloaded through suspicious emails, downloads, or websites, enabling it to steal personal information, disrupt operations, or hold data hostage for ransom. Among the mos
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Get2 Downloader Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Probable Iranian Cyber Actors, Static Kitten, Conducting Cyberespionage Campaign Targeting UAE and Kuwait Government Agencies
MITRE
a year ago
TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader | Proofpoint US