add PNG Dropper

This commit is contained in:
Deborah Servili 2018-11-23 10:38:36 +01:00
parent 1be4a1cedb
commit b50c8bd805
No known key found for this signature in database
GPG key ID: 7E3A832850D4D7D1
2 changed files with 18 additions and 2 deletions

View file

@ -2242,7 +2242,8 @@
"https://www2.fireeye.com/rs/848-DID-242/images/rpt-witchcoven.pdf",
"https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-stage-backdoor/",
"https://www.cfr.org/interactive/cyber-operations/turla",
"https://www.bleepingcomputer.com/news/security/turla-outlook-backdoor-uses-clever-tactics-for-stealth-and-persistence/"
"https://www.bleepingcomputer.com/news/security/turla-outlook-backdoor-uses-clever-tactics-for-stealth-and-persistence/",
"https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/november/turla-png-dropper-is-back/"
],
"synonyms": [
"Turla",
@ -6029,5 +6030,5 @@
"value": "INDRIK SPIDER"
}
],
"version": 80
"version": 81
}

View file

@ -7405,6 +7405,21 @@
},
"uuid": "1ac4a966-0c74-46d5-b7e1-a40f4c681bc8",
"value": "China Chopper"
},
{
"description": "The PNG_dropper family primarily uses a modified version of the publicly available tool JPEGView.exe (version 1.0.32.1 both x86 and x64 bit versions). Carbon Black Threat Research also observed where PNG_dropper malware was seen compiled into a modified version of the 7-Zip File Manager Utility (version 9.36.0.0 x64 bit). ",
"meta": {
"refs": [
"https://www.carbonblack.com/2017/08/18/threat-analysis-carbon-black-threat-research-dissects-png-dropper/",
"https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/november/turla-png-dropper-is-back/"
],
"synonyms": [
"PNG_Dropper",
"PNGDropper"
]
},
"uuid": "6ab71ed6-e5c7-4545-a46e-6445e78758ed",
"value": "PNG Dropper"
}
],
"version": 101