ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Tdrop

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Tdrop

NamesTdrop
CategoryMalware
TypeDropper
Description(McAfee) TDrop is the third generation of HTTP Troy. TDrop uses one of two DLL files, payload32.dll and payload64.dll, and injects one, depending on operating system, into svchost.exe. Previous versions used bs.dll, which contained the code for communicating with the IRC botnet. TDrop has some further functionality not present in HTTP Troy that extends this Trojan’s ability to operate on 64-bit machines and to evade automated analysis systems and emulation technologies.
Information<https://www.mcafee.com/enterprise/en-us/assets/white-papers/wp-dissecting-operation-troy.pdf>

Last change to this tool card: 20 April 2020

Download this tool card in JSON format

Previous: tDiscoverer
Next: Tdrop2

All groups using tool Tdrop

ChangedNameCountryObserved

APT groups

XLazarus Group, Hidden Cobra, Labyrinth ChollimaNorth Korea2007-Dec 2020 HOTX

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key