ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Excalibur

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Excalibur

NamesExcalibur
Sabresac
Saber
CategoryMalware
TypeBackdoor
Description(Cylance) Saber is a custom RAT that periodically queries a web-based C2 server for commands. The only active instances SPEAR was able to identify were hosted on the Chinese code development site 'csdn(dot)net'. Kitkiot variants are commonly installed alongside other types of malware and often included additional functionality, including:
• Denial of Service (DoS) and Distributed Denial of Service (DDoS) capabilities
• The ability to hijack and steal in-game account information and items from multiple online gaming platforms
• In some rare cases these were used for click-through advertising fraud.
Information<https://threatvector.cylance.com/en_us/home/digitally-signed-malware-targeting-gaming-companies.html>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.excalibur>

Last change to this tool card: 22 April 2020

Download this tool card in JSON format

Previous: Exaramel
Next: ExDudell

All groups using tool Excalibur

ChangedNameCountryObserved

APT groups

 PassCVChina2016 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key