Infrastructure linking PandorahVNC and Mesh Central
Sept. 27, 2024, 1:41 p.m.
Tags
External References
Description
This analysis investigates PandorahVNC, a sophisticated Hidden Virtual Network Computing tool, and its connections to a new service called AnonVNC. The report explores the online presence of the tool's creator, known as 'All_father', and examines the infrastructure used for both PandorahVNC and AnonVNC. It reveals links between these services and MeshCentral, a legitimate remote session manager. The investigation uncovers potential new developments in the creator's toolkit, including the use of MeshCentral's Mesh Agent. The report also discusses various threat actors who have leveraged PandorahVNC for malicious purposes, ranging from state-sponsored groups to cybercriminals.
Date
Published: Sept. 27, 2024, 1:22 p.m.
Created: Sept. 27, 2024, 1:22 p.m.
Modified: Sept. 27, 2024, 1:41 p.m.
Indicators
94.131.121.91
51.254.27.112
141.95.6.166
62.112.11.136
66.94.109.162
validatax.com
vncapk.io
pandorahvnc.shop
hvncs.com
hiddenvnc.com
anonvnc.com
Attack Patterns
GraphSteel
GrimPlant
AveMariaRAT
PandorahVNC
BitRAT
All_father
T1021.001
T1556
T1136
T1059.001
T1571
T1555
T1021
T1559
T1547
T1105
T1134
T1078
T1059
Additional Informations
Finance
Government
Ukraine