Sword2033

Description

(Palo Alto) Pivoting on the C2 domain, we identified one additional sample that also communicated with yrhsywu2009.zapto[.]org. Similar to the PingPull variant above, this sample was designed to connect to port 8443 over HTTPS. However, analysis of the sample revealed that it’s a simple backdoor that we track as Sword2033.

Names

Name
Sword2033

Category

Malware

Type

• Backdoor
• Downloader
• Exfiltration

Information

• https://unit42.paloaltonetworks.com/alloy-taurus/

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/elf.sword2033

Other Information

Uuid

e658d68f-cd4b-4132-8198-ff06d6c75da5

Last Card Change

2023-06-22