TinyZBot

Description

(Cylance) TinyZBot supports a wide array of features that continually evolved over time. The following is a list of supported features: • SMTP exfiltration • Log keystrokes • Monitor clipboard activity • Enable a SOAP-based command and control channel • Self-updating • Download and execute arbitrary code • Capture screenshots • Extract saved passwords for Internet Explorer • Install as a service • Establish persistence by shortcut in startup folder • Provide unique malware campaign identifiers for tracking and control purposes • Deceptive execution methods • Dynamic backdoor configuration • FTP exfiltration • Security software detection • Ability to disable Avira antivirus • Ability to modify PE resources • Dynamic plugin structure

Names

Name
TinyZBot

Category

Malware

Type

• Backdoor
• Keylogger
• Info stealer
• Credential stealer
• Downloader
• Exfiltration

Information

• https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf

Mitre Attack

• https://attack.mitre.org/software/S0004/

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.tinyzbot
• https://malpedia.caad.fkie.fraunhofer.de/details/apk.tinyz

Other Information

Uuid

cf1c4408-2236-4656-bb9f-0773acbb26af

Last Card Change

2020-05-22