SystemBC
Essential information
- Confidence
- 100/100
- Is family
- No
- Published
- 20/12/2025 19:38
- Modified
- 27/05/2026 21:40
- Revoked
- No
- Author / Source
- AlienVault
- Related entities
- 74 attack patterns (mitre), 2 intrusion sets (apt), 9 sectors, 9 countries, 98 indicators, 7 vulnerabilities (cve), 23 reports
Description
[SystemBC](https://attack.mitre.org/software/S9001) is a malware family offered as a malware-as-a-service (MaaS) that is used to establish command and control and facilitate follow-on activity, including ransomware deployment.[SystemBC](https://attack.mitre.org/software/S9001) executes a variety of tasks including setting up SOCKS5 proxies, maintaining persistence, ingesting malicious files, and handing C2 communication. [SystemBC](https://attack.mitre.org/software/S9001) was first detected in 2018, and has been used by [Wizard Spider](https://attack.mitre.org/groups/G0102) since at least 2020, and by [FIN7](https://attack.mitre.org/groups/G0046) since at least 2022.(Citation: TrumanKroll_SYSTEMBCServer_Jan2024)(Citation: SophosGnGal_SystemBC_Dec2020)(Citation: BlackBasta)(Citation: AhnLab_SystemBC_Apr2022)(Citation: Lumen_SystemBC_Sept2025)
Marking (TLP)
TLP:CLEAR