Sbz

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
SBZ is a potent piece of malware, characterized as a file stealer with the SHA-256 hash 80721e6b2d6168cf17b41d2f1ab0f1e6e3bf4db585754109f3b7ff9931ae9e5b. The discovery of this malware was facilitated by its similarity to the signatures associated with the Equation malware family. Its coding style and practices also bear resemblance to those seen in SBZ malware, adding a layer of complexity to its origin and purpose. The SBZ malware has been linked to the STRAITBIZARRE (also known as SBZ) cyber espionage platform, which is suspected to be connected to a U.S.-linked adversarial collective. This connection is based on similarities in coding style, data format, naming conventions, and the URL scheme used by the Command & Control (C2) server. These resemblances deepen the mystery surrounding the malware's origins and objectives. Despite these similarities, it's important to note that the SBZ file stealer is not directly related to the STRAITBIZARRE implant. Among the malicious tools observed in Tomiris attacks, SBZ stands out alongside others like Tomiris downloader, download scheduler, .NET downloader and implant, Telemiris backdoor, Roopy stealer, JLORAT backdoor, JLOGRAB stealer, RATel open source RAT, Python Meterpreter loader, and Warzone commercial RAT. Therefore, while SBZ shares characteristics with other known malwares, it functions as a unique threat in the cybersecurity landscape.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Tomiris
2
Tomiris is a malicious software (malware) group that has been active since before 2019. Known for its use of the QUIETCANARY backdoor, Tomiris has expanded its capabilities and influence within the region, targeting government entities and other high-value targets. The group has shown a particular i
Straitbizarre
1
None
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Downloader
Malware
Rat
Loader
Implant
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
TelemirisUnspecified
1
Telemiris is a malware identified as a Python backdoor that uses Telegram as a command-and-control (C2) channel. It was originally packed with PyInstaller, but later instances of Nuitka-packaged samples were also identified. Telemiris is primarily used as a first-stage implant by operators to deploy
MeterpreterUnspecified
1
Meterpreter, a type of malware, is an attack payload of Metasploit that serves as an interactive shell, enabling threat actors to control and execute code on a system. Advanced Persistent Threat (APT) actors have created and used a variant of Metasploit (Meterpreter) on the ServiceDesk system, liste
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Equation GroupUnspecified
1
The Equation Group, a threat actor suspected of having ties to the United States, has been associated with various sophisticated cyber exploits. The group's EpMe exploit, which existed since at least 2013, was the original exploit for the vulnerability later labeled CVE-2017-0005. Another exploit, E
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Sbz Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Tomiris backdoor and its connection to Sunshuttle and Kazuar
CERT-EU
9 months ago
Kaspersky reveals 'elegant' malware resembling NSA code
CERT-EU
9 months ago
StripedFly Malware's Covert Cryptocurrency Mining Operation
CERT-EU
9 months ago
StripedFly Malware Operated Unnoticed for 5 Years, Infecting 1 Million Devices
CERT-EU
a year ago
Kaspersky Analyzes Links Between Russian State-Sponsored APTs
CERT-EU
9 months ago
StripedFly: Perennially flying under the radar – GIXtools
CERT-EU
a year ago
Tomiris called, they want their Turla malware back
CERT-EU
9 months ago
StripedFly: Perennially flying under the radar
CERT-EU
a year ago
Tomiris called, they want their Turla malware back - GIXtools