ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool NewPass

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: NewPass

NamesNewPass
CategoryMalware
TypeDropper, Loader, Backdoor, Info stealer, Exfiltration
Description(Telsy) NewPass is quite a complex malware composed by different components that rely on an encoded file to pass information and configuration between each other. There are at least three components of the malware: a dropper, that deploys the binary file; a loader library, that is able to decode the binary file extracting the last component, responsible for performing specific operations, such as communicate with the attackers’ command and control server (the “agent”)

The loader and the agent share a JSON configuration resident in memory that demonstrate the potential of the malware and the ease with which the attackers can customize the implant by simply changing the configuration entries’ values.
Information<https://www.telsy.com/turla-venomous-bear-updates-its-arsenal-newpass-appears-on-the-apt-threat-scene/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.newpass>

Last change to this tool card: 24 April 2021

Download this tool card in JSON format

All groups using tool NewPass

ChangedNameCountryObserved

APT groups

XTurla, Waterbug, Venomous BearRussia1996-Dec 2023 HOT 

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]