ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool SDBbot

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: SDBbot

NamesSDBbot
CategoryMalware
TypeBackdoor, Loader, Info stealer, Tunneling
Description(Proofpoint) SDBbot is a new remote access Trojan (RAT) written in C++ that has been delivered by the Get2 downloader in recent TA505 campaigns. Its name is derived from the debugging log file (sdb.log.txt) and DLL name (BotDLL[.]dll) used in the initial analyzed sample. It also makes use of application shimming for persistence. SDBbot is composed of three pieces: an installer, a loader, and a RAT component.
Information<https://www.proofpoint.com/us/threat-insight/post/ta505-distributes-new-sdbbot-remote-access-trojan-get2-downloader>
<https://www.cyber.gov.au/acsc/view-all-content/alerts/sdbbot-targeting-health-sector>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.sdbbot>

Last change to this tool card: 23 April 2021

Download this tool card in JSON format

Previous: sctrls
Next: SDelete

All groups using tool SDBbot

ChangedNameCountryObserved

APT groups

 TA505, Graceful Spider, Gold EvergreenRussia2006-Oct 2020X

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key