SYMBOLCOMMON_NAMEaka. SYNONYMS
win.waterbear (Back to overview)

Waterbear

aka: DbgPrint, EYEWELL

Actor(s): BlackTech

Waterbear, also known as DbgPrint in its earlier export function, has been active since 2009. The malware is presumably developed by the BlackTech APT group and adopts advanced anti-analysis and forward-thinking design. These designs include a sophisticated shellcode stager, the ability to load plugins on-the-fly, and overall evasiveness should the C2 server fail to respond with a valid session key.

References
2023-07-18MandiantMandiant Intelligence
Stealth Mode: Chinese Cyber Espionage Actors Continue to Evolve Tactics to Avoid Detection
BPFDoor SALTWATER SEASPY SideWalk ZuoRAT Daxin HyperBro HyperSSL Waterbear
2021-09-01YouTube (Black Hat)Aragorn Tseng, Charles Li
Mem2Img: Memory-Resident Malware Detection via Convolution Neural Network
Cobalt Strike PlugX Waterbear
2021-05-07TEAMT5Aragorn Tseng, Charles Li
Mem2Img: Memory-Resident Malware Detection via Convolution Neural Network
Cobalt Strike PlugX Waterbear
2020-10-08ZDNetCharlie Osborne
Waterbear malware used in attack wave against government agencies
Waterbear
2020-08-19TEAMT5TeamT5
調查局 08/19 公布中國對台灣政府機關駭侵事件說明
Cobalt Strike Waterbear
2020-01-14TEAMT5Aragorn Tseng, CiYi Yu
Evil Hidden in Shellcode: The Evolution of Malware DBGPRINT
Waterbear
2020-01-03DayDayNewsDayDayNews
Waterbear, a cyber espionage virus, has a new variant with its own anti-virus function
Waterbear
2019-12-11Trend MicroAnita Hsieh, Dove Chiu, Vickie Su
Waterbear Returns, Uses API Hooking to Evade Security
Waterbear

There is no Yara-Signature yet.