Sdbot

Malware updated 23 days ago (2024-11-29T14:26:25.954Z)
Download STIX
Preview STIX
SDBot is a malicious software, or malware, that has been leveraged by threat actors known as TA505 and CL0P to exploit vulnerabilities in computer systems. It is used as a backdoor to enable the execution of commands and functions in the compromised computer, often without the user's knowledge. The malware can infect systems through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. SDBot also has the capability to drop copies of itself in removable drives and network shares, further propagating the infection. In 2019, TA505 actors used SDBot as part of a phishing campaign involving a macro-enabled document. This campaign utilized a Get2 malware dropper to download SDBot and another malware called FlawedGrace. These actors have a sophisticated toolkit that includes other malware such as FlawedAmmyy/FlawedGrace RAT, SDBot RAT, and Truebot downloader module, allowing them to collect sensitive information and spread their malware extensively. Organizations should be particularly aware of SDBot due to its association with Clop ransomware. CL0P actors use SDBot for application shimming for persistence and to avoid detection. They also use it as a backdoor to enable other commands and functions to be executed in the compromised computer. Furthermore, SDBot has been observed delivering Clop as the final payload, highlighting the potential severity of an SDBot infection. Therefore, understanding and mitigating against SDBot is crucial to preventing the deployment of Clop ransomware.
Description last updated: 2024-05-05T05:36:02.336Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Rat
Payload
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The FlawedGrace Malware is associated with Sdbot. FlawedGrace is a notorious malware, a remote access trojan (RAT), that has been used extensively in cyberattacks. It was first brought to light in June 2023 when The DFIR Report revealed its use in Truebot operations. In these operations, following the successful download of a malicious file, TrueboUnspecified
2
The Clop Malware is associated with Sdbot. Clop, a malicious software (malware), is linked to a Russian-speaking cybercriminal group also known as Cl0p. It is designed to exploit and damage computer systems by stealing personal information, disrupting operations, or holding data hostage for ransom. In May 2023, the Clop group began exploitinUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The TA505 Threat Actor is associated with Sdbot. TA505, also known as Cl0p Ransomware Gang and Lace Tempest, is a highly active and sophisticated cybercriminal group. The group has been associated with various high-profile cyber-attacks, demonstrating adaptability through a multi-vector approach to their operations. In June 2023, the U.S. CybersecUnspecified
2
Source Document References
Information about the Sdbot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Flashpoint
2 years ago
MITRE
2 years ago
CERT-EU
a year ago