Malware: DropBook

Description

[DropBook](https://attack.mitre.org/software/S0547) is a Python-based backdoor compiled with PyInstaller.(Citation: Cybereason Molerats Dec 2020)

External References

• mitre-attack
• Cybereason Molerats Dec 2020
• BleepingComputer Molerats Dec 2020

Techniques Used by This Malware

• T1059.003 — Windows Command Shell
• T1059.006 — Python
• T1082 — System Information Discovery
• T1083 — File and Directory Discovery
• T1102 — Web Service
• T1105 — Ingress Tool Transfer
• T1140 — Deobfuscate/Decode Files or Information
• T1567 — Exfiltration Over Web Service
• T1614.001 — System Language Discovery

APT Groups Using This Malware

• Molerats