Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Infrastructure linking PandorahVNC and Mesh Central

Sept. 27, 2024, 1:41 p.m.

Description

This analysis investigates PandorahVNC, a sophisticated Hidden Virtual Network Computing tool, and its connections to a new service called AnonVNC. The report explores the online presence of the tool's creator, known as 'All_father', and examines the infrastructure used for both PandorahVNC and AnonVNC. It reveals links between these services and MeshCentral, a legitimate remote session manager. The investigation uncovers potential new developments in the creator's toolkit, including the use of MeshCentral's Mesh Agent. The report also discusses various threat actors who have leveraged PandorahVNC for malicious purposes, ranging from state-sponsored groups to cybercriminals.

Date

Published: Sept. 27, 2024, 1:22 p.m.

Created: Sept. 27, 2024, 1:22 p.m.

Modified: Sept. 27, 2024, 1:41 p.m.

Indicators

94.131.121.91

51.254.27.112

141.95.6.166

62.112.11.136

66.94.109.162

validatax.com

vncapk.io

pandorahvnc.shop

hvncs.com

hiddenvnc.com

anonvnc.com

Attack Patterns

GraphSteel

GrimPlant

AveMariaRAT

PandorahVNC

BitRAT

All_father

T1021.001

T1556

T1136

T1059.001

T1571

T1555

T1021

T1559

T1547

T1105

T1134

T1078

T1059

Additional Informations

Finance

Government

Ukraine