Sbz

Malware updated 4 months ago (2024-05-04T20:18:22.912Z)
Download STIX
Preview STIX
SBZ is a potent piece of malware, characterized as a file stealer with the SHA-256 hash 80721e6b2d6168cf17b41d2f1ab0f1e6e3bf4db585754109f3b7ff9931ae9e5b. The discovery of this malware was facilitated by its similarity to the signatures associated with the Equation malware family. Its coding style and practices also bear resemblance to those seen in SBZ malware, adding a layer of complexity to its origin and purpose. The SBZ malware has been linked to the STRAITBIZARRE (also known as SBZ) cyber espionage platform, which is suspected to be connected to a U.S.-linked adversarial collective. This connection is based on similarities in coding style, data format, naming conventions, and the URL scheme used by the Command & Control (C2) server. These resemblances deepen the mystery surrounding the malware's origins and objectives. Despite these similarities, it's important to note that the SBZ file stealer is not directly related to the STRAITBIZARRE implant. Among the malicious tools observed in Tomiris attacks, SBZ stands out alongside others like Tomiris downloader, download scheduler, .NET downloader and implant, Telemiris backdoor, Roopy stealer, JLORAT backdoor, JLOGRAB stealer, RATel open source RAT, Python Meterpreter loader, and Warzone commercial RAT. Therefore, while SBZ shares characteristics with other known malwares, it functions as a unique threat in the cybersecurity landscape.
Description last updated: 2024-05-04T19:43:18.350Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Tomiris
2
Tomiris is a malicious software (malware) group that has been active since before 2019. Known for its use of the QUIETCANARY backdoor, Tomiris has expanded its capabilities and influence within the region, targeting government entities and other high-value targets. The group has shown a particular i
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Sbz Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
MITRE
2 years ago
Tomiris backdoor and its connection to Sunshuttle and Kazuar
CERT-EU
10 months ago
Kaspersky reveals 'elegant' malware resembling NSA code
CERT-EU
10 months ago
StripedFly Malware's Covert Cryptocurrency Mining Operation
CERT-EU
10 months ago
StripedFly Malware Operated Unnoticed for 5 Years, Infecting 1 Million Devices
CERT-EU
a year ago
Kaspersky Analyzes Links Between Russian State-Sponsored APTs
CERT-EU
10 months ago
StripedFly: Perennially flying under the radar – GIXtools
CERT-EU
a year ago
Tomiris called, they want their Turla malware back
CERT-EU
10 months ago
StripedFly: Perennially flying under the radar
CERT-EU
a year ago
Tomiris called, they want their Turla malware back - GIXtools