S0574Windows

S0574BendyBear

Platforms
1
ATT&CK
14.1
References
2

Description

[BendyBear](https://attack.mitre.org/software/S0574) is an x64 shellcode for a stage-zero implant designed to download malware from a C2 server. First discovered in August 2020, [BendyBear](https://attack.mitre.org/software/S0574) shares a variety of features with [Waterbear](https://attack.mitre.org/software/S0579), malware previously attributed to the Chinese cyber espionage group [BlackTech](https://attack.mitre.org/groups/G0098).(Citation: Unit42 BendyBear Feb 2021)

Platforms· 1

Windows

References

  1. https://attack.mitre.org/software/S0574
  2. https://unit42.paloaltonetworks.com/bendybear-shellcode-blacktech/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
Waterbear
Software
SYSCON
Software
Brave Prince
Software
BLACKCOFFEE
Software
ShimRat
Software
BS2005
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.