 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: NewPass| Names | NewPass | |
| Category | Malware | |
| Type | Dropper, Loader, Backdoor, Info stealer, Exfiltration | |
| Description | (Telsy) NewPass is quite a complex malware composed by different components that rely on an encoded file to pass information and configuration between each other. There are at least three components of the malware: a dropper, that deploys the binary file; a loader library, that is able to decode the binary file extracting the last component, responsible for performing specific operations, such as communicate with the attackers’ command and control server (the “agent”) The loader and the agent share a JSON configuration resident in memory that demonstrate the potential of the malware and the ease with which the attackers can customize the implant by simply changing the configuration entries’ values. | |
| Information | <https://www.telsy.com/turla-venomous-bear-updates-its-arsenal-newpass-appears-on-the-apt-threat-scene/> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.newpass> | |
Last change to this tool card: 24 April 2021
Download this tool card in JSON format
Previous: NewCT2
Next: NewPosThings
| Changed | Name | Country | Observed | ||
APT groups | |||||
| Turla, Waterbug, Venomous Bear |  | 1996-Dec 2023 | |||
1 group listed (1 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |