Names | WhiteAtlas | |
Category | Malware | |
Type | Dropper | |
Description | (Kaspersky) The White Atlas framework often utilized a small Javascript script to execute the malware dropper payload after it was decrypted by the VBA macro code, then to delete the dropper afterwards. A much more advanced and highly obfuscated Javascript script was utilized in White Atlas samples that dropped a Firefox extension backdoor developed by Turla, but again the script was responsible for the simple tasks of writing out the extension.json configuration file for the extension and deleting itself for cleanup purposes. | |
Information | <https://securelist.com/shedding-skin-turlas-fresh-faces/88069/> |
Last change to this tool card: 20 April 2020
Download this tool card in JSON format
Previous: Whisky
Next: White Lambert
Changed | Name | Country | Observed | ||
APT groups | |||||
![]() | Turla, Waterbug, Venomous Bear | ![]() | 1996-Jun 2020 |
1 group listed (1 APT, 0 other, 0 unknown)
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on![]() ![]() |
Report incidents |
|
![]() |
+66 (0)2-123-1234 | |
![]() |
report@thaicert.or.th | |
![]() |
Download PGP key |