ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool NewPass

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: NewPass

NamesNewPass
CategoryMalware
TypeDropper, Loader, Backdoor, Info stealer, Exfiltration
Description(Telsy) NewPass is quite a complex malware composed by different components that rely on an encoded file to pass information and configuration between each other. There are at least three components of the malware: a dropper, that deploys the binary file; a loader library, that is able to decode the binary file extracting the last component, responsible for performing specific operations, such as communicate with the attackers’ command and control server (the “agent”)

The loader and the agent share a JSON configuration resident in memory that demonstrate the potential of the malware and the ease with which the attackers can customize the implant by simply changing the configuration entries’ values.
Information<https://www.telsy.com/turla-venomous-bear-updates-its-arsenal-newpass-appears-on-the-apt-threat-scene/>

Last change to this tool card: 31 July 2020

Download this tool card in JSON format

All groups using tool NewPass

ChangedNameCountryObserved

APT groups

 Turla, Waterbug, Venomous BearRussia1996-Jun 2020 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key