ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool Sardonic

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Sardonic

NamesSardonic
CategoryMalware
TypeBackdoor
Description(Bitdefender) As this backdoor has not been documented or referenced before, we named it “Sardonic”, given that artifacts led us to believe the threat actors use this name for an entire project including the backdoor itself, the loader and some additional scripts. We believe this project is still under development, and additional updates will likely follow.

Key facts about Sardonic:
• Sardonic is a new backdoor in the FIN8 ecosystem
• Sardonic is a project still under development and includes several components
• The new components were identified in a real-life attack and seems to be compiled just before the attack
• Sardonic backdoor is extremely potent and has a wide range of capabilities that help the threat actor leverage new malware on the fly without updating components
Information<https://www.bitdefender.com/files/News/CaseStudies/study/401/Bitdefender-PR-Whitepaper-FIN8-creat5619-en-EN.pdf>
MITRE ATT&CK<https://attack.mitre.org/software/S1085>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.unidentified_103>

Last change to this tool card: 30 November 2023

Download this tool card in JSON format

Previous: SandroRAT
Next: Sasfis

All groups using tool Sardonic

ChangedNameCountryObserved

APT groups

 FIN8[Unknown]2016-Dec 2022 

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]