ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool DropPhone

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: DropPhone

NamesDropPhone
CategoryMalware
TypeReconnaissance, Info stealer
Description(Kaspersky) DropPhone launches sdclt.exe, then collects environment information from the victim machine and sends it to Dropbox. The last thing this implant does is delete data.dat without ever accessing its contents. We speculate that they are consumed by sdclt.exe, and that this is another way to lock together the execution of two components, frustrating the efforts of the reverse-engineers who are missing pieces of the puzzle – as is our case here.
Information<https://securelist.com/the-leap-of-a-cycldek-related-threat-actor/101243/>

Last change to this tool card: 14 May 2021

Download this tool card in JSON format

Previous: Dropbox
Next: Drovorub

All groups using tool DropPhone

ChangedNameCountryObserved

APT groups

 Goblin Panda, Cycldek, ConimesChina2013-Jun 2020 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key