Sibot

Sibot is a malware that operates as a dual-purpose VBScript, designed to achieve persistence on an infected machine and then download and execute payloads from a remote C2 server. It reaches out to a compromised website to download a DLL to a folder under System32. Malware is harmful software capable of damaging computer systems, stealing personal information, disrupting operations, or holding data hostage for ransom. Since December 2020, the security community has identified a growing collection of payloads attributed to the NOBELIUM actor, including GoldMax, GoldFinder, and Sibot malware, as well as TEARDROP, SUNSPOT, Raindrop, and most recently, FLIPFLOP. These malwares are used for layered persistence, allowing them to maintain their presence on an infected device and evade detection. Microsoft analyzed the GoldMax, GoldFinder, and Sibot malware in March 2021. The analysis showed how the NOBELIUM group uses these malwares to achieve persistence on compromised devices. This highlights the importance of maintaining strong cybersecurity measures to prevent malware attacks and protect sensitive information.