DropBook

Description

(Cybereason) The newly discovered DropBook backdoor used fake Facebook accounts or Simplenote for command and control (C2) operations, and both SharpStage and DropBook implement a Dropbox client in order to exfiltrate the data stolen from their targets to a cloud storage, as well as for storing their espionage tools.

DropBook can download and execute an extended arsenal of payloads stored on Dropbox, such as: MoleNet Downloader, QuasarRAT, SharpStage Backdoor, an updated version of DropBook, and ProcessExplorer, a legitimate tool by Microsoft to monitor Windows processes, often used by attackers for reconnaissance and to dump credentials.

Names

Name
DropBook

Type

Backdoor
Info stealer
Exfiltration

Information

https://www.cybereason.com/hubfs/dam/collateral/reports/Molerats-in-the-Cloud-New-Malware-Arsenal-Abuses-Cloud-Platforms-in-Middle-East-Espionage-Campaign.pdf

Mitre Attack

https://attack.mitre.org/software/S0547/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.dropbook

Other Information

Uuid

7ff05b70-6c5f-4aa1-b95e-1c29508fded7

Last Card Change

2022-12-30

Threat Intelligence Garden

Explorer

DropBook

DropBook

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks