mirror of https://github.com/MISP/misp-galaxy
add PNG Dropper
parent
1be4a1cedb
commit
b50c8bd805
|
@ -2242,7 +2242,8 @@
|
|||
"https://www2.fireeye.com/rs/848-DID-242/images/rpt-witchcoven.pdf",
|
||||
"https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-stage-backdoor/",
|
||||
"https://www.cfr.org/interactive/cyber-operations/turla",
|
||||
"https://www.bleepingcomputer.com/news/security/turla-outlook-backdoor-uses-clever-tactics-for-stealth-and-persistence/"
|
||||
"https://www.bleepingcomputer.com/news/security/turla-outlook-backdoor-uses-clever-tactics-for-stealth-and-persistence/",
|
||||
"https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/november/turla-png-dropper-is-back/"
|
||||
],
|
||||
"synonyms": [
|
||||
"Turla",
|
||||
|
@ -6029,5 +6030,5 @@
|
|||
"value": "INDRIK SPIDER"
|
||||
}
|
||||
],
|
||||
"version": 80
|
||||
"version": 81
|
||||
}
|
||||
|
|
|
@ -7405,6 +7405,21 @@
|
|||
},
|
||||
"uuid": "1ac4a966-0c74-46d5-b7e1-a40f4c681bc8",
|
||||
"value": "China Chopper"
|
||||
},
|
||||
{
|
||||
"description": "The PNG_dropper family primarily uses a modified version of the publicly available tool JPEGView.exe (version 1.0.32.1 – both x86 and x64 bit versions). Carbon Black Threat Research also observed where PNG_dropper malware was seen compiled into a modified version of the 7-Zip File Manager Utility (version 9.36.0.0 – x64 bit). ",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.carbonblack.com/2017/08/18/threat-analysis-carbon-black-threat-research-dissects-png-dropper/",
|
||||
"https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/november/turla-png-dropper-is-back/"
|
||||
],
|
||||
"synonyms": [
|
||||
"PNG_Dropper",
|
||||
"PNGDropper"
|
||||
]
|
||||
},
|
||||
"uuid": "6ab71ed6-e5c7-4545-a46e-6445e78758ed",
|
||||
"value": "PNG Dropper"
|
||||
}
|
||||
],
|
||||
"version": 101
|
||||
|
|
Loading…
Reference in New Issue