SystemBC (c30929fb-28a1-407c-a1c3-a83374c63267)

SystemBC is a commodity backdoor malware used as a Tor proxy and remote access Trojan (RAT). It was used during the high-profile 2021 Colonial Pipeline DarkSide ransomware attack and has since been used as a persistence & lateral movement tool during other ransomware compromises, including intrusions involving Ryuk, Egregor, and Play.^{[BlackBerry SystemBC June 10 2021]}^{[Sophos SystemBC December 16 2020]}^{[WithSecure SystemBC May 10 2021]}^{[Trend Micro Play Ransomware September 06 2022]} According to Mandiant's 2023 M-Trends report, SystemBC was the second most frequently seen malware family in 2022 after only Cobalt Strike Beacon.^{[TechRepublic M-Trends 2023]}

Malpedia (Research): https://malpedia.caad.fkie.fraunhofer.de/details/win.systembc

Malware Bazaar (Samples & IOCs): https://bazaar.abuse.ch/browse/tag/systembc/

PulseDive (IOCs): https://pulsedive.com/threat/SystemBC

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
SystemBC (c30929fb-28a1-407c-a1c3-a83374c63267)	Tidal Software	Play Ransomware Actors (6eb50f82-86cc-4eff-b1d1-66e1c6fd74f3)	Tidal Groups	1
SystemBC (c30929fb-28a1-407c-a1c3-a83374c63267)	Tidal Software	TA577 (28f3dbcc-b248-442f-9ff3-234210bb2f2a)	Tidal Groups	1
SystemBC (c30929fb-28a1-407c-a1c3-a83374c63267)	Tidal Software	Vice Society (2e2d3e75-1160-4ba5-80cc-8e7685fcfc44)	Tidal Groups	1
SystemBC (c30929fb-28a1-407c-a1c3-a83374c63267)	Tidal Software	FIN12 (6d6ed42c-760c-4964-a81e-1d4df06a8800)	Tidal Groups	1