diff --git a/clusters/tool.json b/clusters/tool.json index 2ecdb674..8da1a550 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -3002,6 +3002,15 @@ "https://www.arbornetworks.com/blog/asert/formidable-formbook-form-grabber/" ] } + }, + { + "value": "Dimnie", + "description": "Dimnie, the commonly agreed upon name for the binary dropped by the PowerShell script above, has been around for several years. Palo Alto Networks has observed samples dating back to early 2014 with identical command and control mechanisms. The malware family serves as a downloader and has a modular design encompassing various information stealing functionalities. Each module is injected into the memory of core Windows processes, further complicating analysis. During its lifespan, it appears to have undergone few changes and its stealthy command and control methods combined with a previously Russian focused target base has allowed it to fly under the radar up until this most recent campaign.", + "meta": { + "refs": [ + "https://researchcenter.paloaltonetworks.com/2017/03/unit42-dimnie-hiding-plain-sight/" + ] + } } ] }