Sibot

Malware updated 6 months ago (2024-05-04T19:23:10.977Z)
Download STIX
Preview STIX
Sibot is a malware that operates as a dual-purpose VBScript, designed to achieve persistence on an infected machine and then download and execute payloads from a remote C2 server. It reaches out to a compromised website to download a DLL to a folder under System32. Malware is harmful software capable of damaging computer systems, stealing personal information, disrupting operations, or holding data hostage for ransom. Since December 2020, the security community has identified a growing collection of payloads attributed to the NOBELIUM actor, including GoldMax, GoldFinder, and Sibot malware, as well as TEARDROP, SUNSPOT, Raindrop, and most recently, FLIPFLOP. These malwares are used for layered persistence, allowing them to maintain their presence on an infected device and evade detection. Microsoft analyzed the GoldMax, GoldFinder, and Sibot malware in March 2021. The analysis showed how the NOBELIUM group uses these malwares to achieve persistence on compromised devices. This highlights the importance of maintaining strong cybersecurity measures to prevent malware attacks and protect sensitive information.
Description last updated: 2023-06-23T14:14:55.600Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Sibot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more