SystemBC is a malware sold that is on sale in underground marketplaces. SystemBC has evolved into a Tor proxy and remote control tool favored by actors behind the latest high-profile ransomware campaigns. It used by ransomware operators to make a persistence on compromised machines. Recently it is used by Ryuk Ransomware
and Egregor Ransomware
operators. The ransomware operators use this persistent backdoor as a remote administration tool (RAT) together with the Cobalt Strike post-exploitation tool in the lateral movement stage of their attacks after gaining access to victims networks.
SystemBC RAT Signatures
SystemBC RAT Download