What’s new?
Researchers from Proofpoint have observed that the Russian threat actor group ‘TA505’ distributes a new Remote Access Trojan dubbed ‘SDBbot’ via the Get2 downloader.
Key Highlights
Proofpoint researchers tracked the TA505 group using Get2 as their initial downloader and found out that the loader downloads FlawedGrace, FlawedAmmyy, and Snatch as secondary payloads along with the new SDBbot RAT.
Recent campaigns
Researchers have observed three new campaigns between September 9, 2019, and October 7, 2019.
“With this recently observed October 2019 push by TA505 with attacks on a wide range of verticals and regions, the actor’s usual “follow the money” behavioral pattern remains consistent. The new Get2 downloader, when combined with the SDBbot as its payload appears to be TA505’s latest trick (or treat) for the Fall of 2019,” researchers said.
Publisher