Names | WhiteAtlas | |
Category | Malware | |
Type | Dropper | |
Description | (Kaspersky) The White Atlas framework often utilized a small Javascript script to execute the malware dropper payload after it was decrypted by the VBA macro code, then to delete the dropper afterwards. A much more advanced and highly obfuscated Javascript script was utilized in White Atlas samples that dropped a Firefox extension backdoor developed by Turla, but again the script was responsible for the simple tasks of writing out the extension.json configuration file for the extension and deleting itself for cleanup purposes. | |
Information | <https://securelist.com/shedding-skin-turlas-fresh-faces/88069/> |
Last change to this tool card: 20 April 2020
Download this tool card in JSON format
Previous: WhisperGate
Next: Whitebird
Changed | Name | Country | Observed | ||
APT groups | |||||
Turla, Waterbug, Venomous Bear | 1996-Dec 2023 |
1 group listed (1 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |