SystemBC, a proxy and remote administrative tool, was first discovered in 2019. SystemBC is used primarily to gain further persistence on the victim system. Researchers believe it is being used by ransomware-as-a-service affiliates due to it being associated with multiple types of ransomware that are deployed in the same way. In the past few months researchers have detected hundreds of attempted SystemBC deployments globally, as part of recent Ryuk and Egregor ransomware attacks. The backdoor also acts both as a network proxy for concealed communications; here a primary change exists in how SystemBC has evolved.
Source: https://threatpost.com/ryuk-egregor-ransomware-systembc-backdoor/162333/