ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool Sword2033

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Sword2033

NamesSword2033
CategoryMalware
TypeBackdoor, Downloader, Exfiltration
Description(Palo Alto) Pivoting on the C2 domain, we identified one additional sample that also communicated with yrhsywu2009.zapto[.]org.
Similar to the PingPull variant above, this sample was designed to connect to port 8443 over HTTPS. However, analysis of the sample revealed that it’s a simple backdoor that we track as Sword2033.
Information<https://unit42.paloaltonetworks.com/alloy-taurus/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/elf.sword2033>

Last change to this tool card: 22 June 2023

Download this tool card in JSON format

Previous: Sword
Next: Sykipot

All groups using tool Sword2033

ChangedNameCountryObserved

APT groups

 GalliumChina2018-Jun 2022 

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]