In September 2019, Proofpoint researchers observed a prolific threat actor, TA505, sending email campaigns that attempt to deliver and install Get2, a new downloader. Get2 was in turn observed downloading FlawedGrace, FlawedAmmyy, Snatch, and SDBbot (a new RAT) as secondary payloads. In this post, Proofpoint will detail the tactics, techniques, and procedures associated with these latest campaigns and provide a detailed analysis of Get2 downloader and SDBbot RAT.