MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-22 23:07:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

add SdBbot

Browse source
This commit is contained in:
Deborah Servili 2020-03-06 14:33:19 +01:00
parent d8ea0f865c
commit b007d5d3ce
No known key found for this signature in database
GPG key ID: 7E3A832850D4D7D1
1 changed files with 14 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
clusters/rat.json
View file

@ -3426,7 +3426,20 @@
},
"uuid": "bbff39cb-a12b-4b18-be20-aa9e6d378fa6",
"value": "Warzone"
},
{
"description": "SDBbot is a new remote access Trojan (RAT) written in C++ that has been delivered by the Get2 downloader in recent TA505 campaigns. Its name is derived from the debugging log file (sdb.log.txt) and DLL name (BotDLL[.]dll) used in the initial analyzed sample. It also makes use of application shimming [1] for persistence. SDBbot is composed of three pieces: an installer, a loader, and a RAT component.",
"meta": {
"refs": [
"https://www.proofpoint.com/us/threat-insight/post/ta505-distributes-new-sdbbot-remote-access-trojan-get2-downloader"
],
"synonyms": [
"SDB bot"
]
},
"uuid": "9d36db93-7d60-4da6-a611-1a32e02a054f",
"value": "SDBbot"
}
],
"version": 33
"version": 34
}