Get2 Downloader

Malware Profile Updated a month ago
Download STIX
Preview STIX
The Get2 downloader is a type of malware that has been recently used by the threat actor TA505 in its campaigns. The malicious software, which can infiltrate systems through suspicious downloads, emails, or websites, has been incorporated into new Microsoft Office macros. These macros are embedded within Microsoft Excel spreadsheets, luring users to open the document and enable them, thereby activating the Get2 downloader. The malware's reboot functionality is speculated to be used for the continued execution of another malicious program post-installation. In October 2019, TA505 initiated a wide range of attacks across various verticals and regions, employing the Get2 downloader as part of its strategy. This downloader was used to deliver SDBbot, a new remote access Trojan (RAT) written in C++. The combination of Get2 and SDBbot marks TA505's latest tactic for that period, aligning with the group's typical "follow the money" behavioral pattern. Proofpoint researchers have provided a detailed analysis of the Get2 downloader and SDBbot RAT, outlining the tactics, techniques, and procedures associated with these recent campaigns. They've noted the use of Visual Basic macro code samples from the malicious Microsoft Excel spreadsheets in conjunction with the Get2 downloader. The findings were published on October 16, 2019, highlighting the emerging threat landscape and the evolving strategies of threat actors like TA505.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Get2 Downloader Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Probable Iranian Cyber Actors, Static Kitten, Conducting Cyberespionage Campaign Targeting UAE and Kuwait Government Agencies
MITRE
a year ago
TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader | Proofpoint US