ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool DropBook

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: DropBook

NamesDropBook
CategoryMalware
TypeBackdoor, Info stealer, Exfiltration
Description(Cybereason) The newly discovered DropBook backdoor used fake Facebook accounts or Simplenote for command and control (C2) operations, and both SharpStage and DropBook implement a Dropbox client in order to exfiltrate the data stolen from their targets to a cloud storage, as well as for storing their espionage tools.

DropBook can download and execute an extended arsenal of payloads stored on Dropbox, such as: MoleNet Downloader, QuasarRAT, SharpStage Backdoor, an updated version of DropBook, and ProcessExplorer, a legitimate tool by Microsoft to monitor Windows processes, often used by attackers for reconnaissance and to dump credentials.
Information<https://www.cybereason.com/hubfs/dam/collateral/reports/Molerats-in-the-Cloud-New-Malware-Arsenal-Abuses-Cloud-Platforms-in-Middle-East-Espionage-Campaign.pdf>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.dropbook>

Last change to this tool card: 23 April 2021

Download this tool card in JSON format

All groups using tool DropBook

ChangedNameCountryObserved

APT groups

 Molerats, Extreme Jackal, Gaza Cybergang[Gaza]2012-Apr 2021 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key