 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: Sardonic| Names | Sardonic | |
| Category | Malware | |
| Type | Backdoor | |
| Description | (Bitdefender) As this backdoor has not been documented or referenced before, we named it “Sardonic”, given that artifacts led us to believe the threat actors use this name for an entire project including the backdoor itself, the loader and some additional scripts. We believe this project is still under development, and additional updates will likely follow. Key facts about Sardonic: • Sardonic is a new backdoor in the FIN8 ecosystem • Sardonic is a project still under development and includes several components • The new components were identified in a real-life attack and seems to be compiled just before the attack • Sardonic backdoor is extremely potent and has a wide range of capabilities that help the threat actor leverage new malware on the fly without updating components | |
| Information | <https://www.bitdefender.com/files/News/CaseStudies/study/401/Bitdefender-PR-Whitepaper-FIN8-creat5619-en-EN.pdf> | |
| MITRE ATT&CK | <https://attack.mitre.org/software/S1085> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.unidentified_103> | |
Last change to this tool card: 30 November 2023
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
APT groups | |||||
| FIN8 | [Unknown] | 2016-Dec 2022 | |||
1 group listed (1 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |