TA505

TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader

Posted by Jay Bartlett October 16, 2019 6:00 am Categories: Cyber Security. Tags: downloader, Get2, RAT, SDBbot, TA505.

In September 2019, Proofpoint researchers observed a prolific threat actor, TA505, sending email campaigns that attempt to deliver and install Get2, a new downloader. Get2 was in turn observed downloading FlawedGrace, FlawedAmmyy, Snatch, and SDBbot (a new RAT) as secondary payloads. In this post, Proofpoint will detail the tactics, techniques, and procedures associated with these latest campaigns and provide a detailed analysis of Get2 downloader and SDBbot RAT.

Suspected Russian-speaking Threat Actors ?TA505? Continues Cybercrime Spree Against Global Retailers & Financial Institutions

Posted by Jay Bartlett April 18, 2019 8:18 am Categories: Cyber Security. Tags: Adi Peretz, CyberInt, TA505, TektonIT., Threat Actors.

Investigation from CyberInt?s Research Lab has connected a single gang to a range of attacks against retailers and financial institutions around the world using legitimate remote access software. CyberInt?s managed detection and response solutions protect the world?s leading companies. The group has used the same tactics, techniques and procedures along with the repeated nefarious use of an off-the-shelf commercial remote administration tool, ?Remote Manipulator System?.