Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-06 02:10:01 UTC
Home > List all groups > List all tools > List all groups using tool Sword2033
 Tool: Sword2033
Names Sword2033
Category Malware
Type Backdoor, Downloader, Exfiltration
Description
(Palo Alto) Pivoting on the C2 domain, we identified one additional sample that also
communicated with yrhsywu2009.zapto[.]org.
Similar to the PingPull variant above, this sample was designed to connect to port 8443 over
HTTPS. However, analysis of the sample revealed that it’s a simple backdoor that we track as
Sword2033.
Information Malpedia Last change to this tool card: 22 June 2023
Download this tool card in JSON format
All groups using tool Sword2033
Changed Name Country Observed
APT groups
 Gallium 2018-Jun 2022
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e658d68f-cd4b-4132-8198-ff06d6c75da5
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e658d68f-cd4b-4132-8198-ff06d6c75da5
Page 1 of 1