DropBook

Malware updated 5 months ago (2024-05-04T20:36:02.841Z)

Download STIX

Preview STIX

DropBook is a new type of malware that allows attackers to gain unauthorized access to computers and networks. It is a backdoor that can be used to steal personal information, disrupt operations, or hold data for ransom. DropBook is part of the Molerats threat actor's arsenal of tools and was used in recent attacks. DropBook is unique because it receives instructions only through fake accounts on Facebook and Simplenote, the note-taking app for iOS. It can check installed programs and file names for reconnaissance, execute shell commands received from Facebook or Simplenote, and fetch additional payloads from Dropbox and run them. The researchers believe that DropBook is the work of the same developer that made JhoneRAT, a remote access tool written in Python that uses legitimate services (Google Drive, Twitter, ImgBB, and Google Forms) for command and control, to store malicious documents, or exfiltrate data.

Description last updated: 2023-06-23T15:26:07.802Z

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the DropBook Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Preview	Source Link	CreatedAt	Title
	MITRE	2 years ago	Hacking group’s new malware abuses Google and Facebook services