Over the course of the last year, ESET has detected and analyzed several instances of malware used for targeted espionage – dubbed SBDH toolkit. Using powerful filters, various methods of communication with its operators and an interesting persistence technique, it aims to exfiltrate selected files from governmental and public institutions, which are mostly focused on economic growth and cooperation in Central and Eastern Europe. ESET’s SBDH findings were presented during the Copenhagen Cybercrime Conference 2016 by researchers Tomáš Gardoň and Robert Lipovský.
This toolkit – actually only its initial part – was spreading as an executable with a double extension attached to a phishing email (counting on Windows’ default behavior of hiding an extension). To further increase its chances of being run by the receiver, it uses legitimate looking icons of several Microsoft applications or a Word document.