From b50c8bd805c8d2a9bf933400bdfba33495b452d4 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Fri, 23 Nov 2018 10:38:36 +0100 Subject: [PATCH] add PNG Dropper --- clusters/threat-actor.json | 5 +++-- clusters/tool.json | 15 +++++++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index ca89856..10db40c 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -2242,7 +2242,8 @@ "https://www2.fireeye.com/rs/848-DID-242/images/rpt-witchcoven.pdf", "https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-stage-backdoor/", "https://www.cfr.org/interactive/cyber-operations/turla", - "https://www.bleepingcomputer.com/news/security/turla-outlook-backdoor-uses-clever-tactics-for-stealth-and-persistence/" + "https://www.bleepingcomputer.com/news/security/turla-outlook-backdoor-uses-clever-tactics-for-stealth-and-persistence/", + "https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/november/turla-png-dropper-is-back/" ], "synonyms": [ "Turla", @@ -6029,5 +6030,5 @@ "value": "INDRIK SPIDER" } ], - "version": 80 + "version": 81 } diff --git a/clusters/tool.json b/clusters/tool.json index d6e310b..234649c 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -7405,6 +7405,21 @@ }, "uuid": "1ac4a966-0c74-46d5-b7e1-a40f4c681bc8", "value": "China Chopper" + }, + { + "description": "The PNG_dropper family primarily uses a modified version of the publicly available tool JPEGView.exe (version 1.0.32.1 – both x86 and x64 bit versions). Carbon Black Threat Research also observed where PNG_dropper malware was seen compiled into a modified version of the 7-Zip File Manager Utility (version 9.36.0.0 – x64 bit). ", + "meta": { + "refs": [ + "https://www.carbonblack.com/2017/08/18/threat-analysis-carbon-black-threat-research-dissects-png-dropper/", + "https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/november/turla-png-dropper-is-back/" + ], + "synonyms": [ + "PNG_Dropper", + "PNGDropper" + ] + }, + "uuid": "6ab71ed6-e5c7-4545-a46e-6445e78758ed", + "value": "PNG Dropper" } ], "version": 101