VERY IMPORTANT

The dropper family, referred to internally as PNG_dropper, was observed being used as a second stage tool in different targeted attacks. One of final payloads that is created by this dropper is an Uroburos variant used by the Turla group, which traditionally operates out of Russia. This technique is being used to allow the attackers to conceal their secondary payloads, bypassing different AV products. Attackers, regardless of their skills and motives, often attempt to wrap malicious code in a way that will seem innocuous to practitioners and security products.