Names | Excalibur Sabresac Saber | |
Category | Malware | |
Type | Backdoor | |
Description | (Cylance) Saber is a custom RAT that periodically queries a web-based C2 server for commands. The only active instances SPEAR was able to identify were hosted on the Chinese code development site 'csdn(dot)net'. Kitkiot variants are commonly installed alongside other types of malware and often included additional functionality, including: • Denial of Service (DoS) and Distributed Denial of Service (DDoS) capabilities • The ability to hijack and steal in-game account information and items from multiple online gaming platforms • In some rare cases these were used for click-through advertising fraud. | |
Information | <https://threatvector.cylance.com/en_us/home/digitally-signed-malware-targeting-gaming-companies.html> | |
Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.excalibur> |
Last change to this tool card: 23 April 2020
Download this tool card in JSON format
Previous: Exaramel
Next: ExDudell
Changed | Name | Country | Observed | ||
APT groups | |||||
PassCV | 2016 |
1 group listed (1 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |