ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool Derusbi

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Derusbi

NamesDerusbi
PHOTO
CategoryMalware
TypeBackdoor
Description(Palo Alto) Derusbi is a backdoor Trojan believed to be used among a small group of attackers, which includes the Rancor group. This particular sample is a loader that loads an encrypted payload for its functionality. This DLL requires the loading executable to include a 32-byte key on the command line to be able to decrypt the embedded payload, which unfortunately we do not have. Even though we don’t have the decryption key or loader, we have uncovered some interesting artifacts.
Information<https://unit42.paloaltonetworks.com/rancor-cyber-espionage-group-uses-new-custom-malware-to-attack-southeast-asia/>
<http://www.novetta.com/wp-content/uploads/2014/11/Derusbi.pdf>
<https://www.threatconnect.com/the-anthem-hack-all-roads-lead-to-china/>
MITRE ATT&CK<https://attack.mitre.org/software/S0021/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.derusbi>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:Derusbi>

Last change to this tool card: 29 December 2022

Download this tool card in JSON format

All groups using tool Derusbi

ChangedNameCountryObserved

APT groups

 APT 19, Deep Panda, C0d0so0China2013-Mar 2022X
 APT 41China2012-Aug 2024 HOTX
 Axiom, Group 72China2008-2008/2014 
 Leviathan, APT 40, TEMP.PeriscopeChina2013-Jul 2021X
 RancorChina2017 
 Stone Panda, APT 10, menuPassChina2006-Feb 2022X
 Turbine Panda, APT 26, Shell Crew, WebMasters, KungFu KittensChina2010-Oct 2018X

7 groups listed (7 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]