1. Home
  2. Software
  3. FlawedGrace

FlawedGrace

FlawedGrace is a fully featured remote access tool (RAT) written in C++ that was first observed in late 2017.[1]

ID: S0383
Type: MALWARE
Platforms: Windows
Version: 1.1
Created: 29 May 2019
Last Modified: 11 April 2024
Version Permalink
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1027 .013 Obfuscated Files or Information: Encrypted/Encoded File

FlawedGrace encrypts its C2 configuration files with AES in CBC mode.[1]

Groups That Use This Software

ID Name References
G0092 TA505

[1][2][3]

References

  1. Schwarz, D. and Proofpoint Staff. (2019, January 9). ServHelper and FlawedGrace - New malware introduced by TA505. Retrieved May 28, 2019.
  2. Hiroaki, H. and Lu, L. (2019, June 12). Shifting Tactics: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns. Retrieved May 29, 2020.
  1. Schwarz, D. et al. (2019, October 16). TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader. Retrieved May 29, 2020.