Sdbot

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
SDBot is a malicious software, or malware, that has been leveraged by threat actors known as TA505 and CL0P to exploit vulnerabilities in computer systems. It is used as a backdoor to enable the execution of commands and functions in the compromised computer, often without the user's knowledge. The malware can infect systems through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. SDBot also has the capability to drop copies of itself in removable drives and network shares, further propagating the infection. In 2019, TA505 actors used SDBot as part of a phishing campaign involving a macro-enabled document. This campaign utilized a Get2 malware dropper to download SDBot and another malware called FlawedGrace. These actors have a sophisticated toolkit that includes other malware such as FlawedAmmyy/FlawedGrace RAT, SDBot RAT, and Truebot downloader module, allowing them to collect sensitive information and spread their malware extensively. Organizations should be particularly aware of SDBot due to its association with Clop ransomware. CL0P actors use SDBot for application shimming for persistence and to avoid detection. They also use it as a backdoor to enable other commands and functions to be executed in the compromised computer. Furthermore, SDBot has been observed delivering Clop as the final payload, highlighting the potential severity of an SDBot infection. Therefore, understanding and mitigating against SDBot is crucial to preventing the deployment of Clop ransomware.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Rat
Payload
Ransomware
Malware
t1059.001
Phishing
Loader
Downloader
T1105
Backdoor
Malware Drop...
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
FlawedGraceUnspecified
2
FlawedGrace is a notorious malware, a remote access trojan (RAT), that has been used extensively in cyberattacks. It was first brought to light in June 2023 when The DFIR Report revealed its use in Truebot operations. In these operations, following the successful download of a malicious file, Truebo
ClopUnspecified
2
Clop is a notorious malware, short for malicious software, known for its disruptive and damaging effects on computer systems. It primarily infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Clop can steal personal information, disrupt o
TruebotUnspecified
1
Truebot is a highly potent malware used by the threat actor group CL0P, which has been linked to various malicious activities aimed at exploiting and damaging computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once embedded,
Get2Unspecified
1
Get2 is a type of malware, harmful software designed to infiltrate and damage computer systems or devices. It can be unknowingly downloaded through suspicious emails, downloads, or websites, enabling it to steal personal information, disrupt operations, or hold data hostage for ransom. Among the mos
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
TA505Unspecified
2
TA505, also known as Cl0p Ransomware Gang and Lace Tempest, is a highly active and sophisticated cybercriminal group. The group has been associated with various high-profile cyber-attacks, demonstrating adaptability through a multi-vector approach to their operations. In June 2023, the U.S. Cybersec
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Sdbot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Flashpoint
a year ago
No title
MITRE
a year ago
Threat Assessment: Clop Ransomware
CERT-EU
a year ago
Bitdefender Threat Debrief | July 2023