Waterbear (Malware Family)

Waterbear

aka: DbgPrint, EYEWELL

Waterbear, also known as DbgPrint in its earlier export function, has been active since 2009. The malware is presumably developed by the BlackTech APT group and adopts advanced anti-analysis and forward-thinking design. These designs include a sophisticated shellcode stager, the ability to load plugins on-the-fly, and overall evasiveness should the C2 server fail to respond with a valid session key.

References

2023-07-18 ⋅ Mandiant ⋅ Mandiant Intelligence
Stealth Mode: Chinese Cyber Espionage Actors Continue to Evolve Tactics to Avoid Detection
BPFDoor SALTWATER SEASPY SideWalk ZuoRAT Daxin HyperBro HyperSSL Waterbear

2021-09-01 ⋅ YouTube (Black Hat) ⋅ Aragorn Tseng, Charles Li
Mem2Img: Memory-Resident Malware Detection via Convolution Neural Network
Cobalt Strike PlugX Waterbear

2021-05-07 ⋅ TEAMT5 ⋅ Aragorn Tseng, Charles Li
Mem2Img: Memory-Resident Malware Detection via Convolution Neural Network
Cobalt Strike PlugX Waterbear

2020-10-08 ⋅ ZDNet ⋅ Charlie Osborne
Waterbear malware used in attack wave against government agencies
Waterbear

2020-08-19 ⋅ ⋅ TEAMT5 ⋅ TeamT5
調查局 08/19 公布中國對台灣政府機關駭侵事件說明
Cobalt Strike Waterbear

2020-01-14 ⋅ TEAMT5 ⋅ Aragorn Tseng, CiYi Yu
Evil Hidden in Shellcode: The Evolution of Malware DBGPRINT
Waterbear

2020-01-03 ⋅ ⋅ DayDayNews ⋅ DayDayNews
Waterbear, a cyber espionage virus, has a new variant with its own anti-virus function
Waterbear

2019-12-11 ⋅ Trend Micro ⋅ Anita Hsieh, Dove Chiu, Vickie Su
Waterbear Returns, Uses API Hooking to Evade Security
Waterbear

There is no Yara-Signature yet.

Waterbear Propose Change

References

Waterbear