ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Derusbi

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Derusbi

NamesDerusbi
PHOTO
Atros2.CKPN
CategoryMalware
TypeBackdoor
Description(Palo Alto) Derusbi is a backdoor Trojan believed to be used among a small group of attackers, which includes the Rancor group. This particular sample is a loader that loads an encrypted payload for its functionality. This DLL requires the loading executable to include a 32-byte key on the command line to be able to decrypt the embedded payload, which unfortunately we do not have. Even though we don’t have the decryption key or loader, we have uncovered some interesting artifacts.
Information<https://unit42.paloaltonetworks.com/rancor-cyber-espionage-group-uses-new-custom-malware-to-attack-southeast-asia/>
<http://www.novetta.com/wp-content/uploads/2014/11/Derusbi.pdf>
<https://www.threatconnect.com/the-anthem-hack-all-roads-lead-to-china/>
MITRE ATT&CK<https://attack.mitre.org/software/S0021/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.derusbi>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:Derusbi>

Last change to this tool card: 13 May 2020

Download this tool card in JSON format

All groups using tool Derusbi

ChangedNameCountryObserved

APT groups

 APT 19, Deep Panda, C0d0so0China2013-May 2019X
 APT 41China2012-Aug 2020 HOTX
 Axiom, Group 72China2008-2008/2014 
 Leviathan, APT 40, TEMP.PeriscopeChina2013-Jan 2020 
 RancorChina2017 
 Stone Panda, APT 10, menuPassChina2006-Jul 2020X
 Turbine Panda, APT 26, Shell Crew, WebMasters, KungFu KittensChina2010-Oct 2018X

7 groups listed (7 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key