BellaCPP: Discovering a new BellaCiao variant written in C++
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A new C++ variant of the BellaCiao malware, dubbed BellaCPP, has been discovered by researchers. This variant shares similarities with the original .NET-based BellaCiao, including domain generation and SSH tunneling capabilities. BellaCPP was found on a machine also infected with a .NET BellaCiao sample. The malware is designed to run as a Windows service and uses XOR encryption to decrypt strings. It generates domains and checks DNS records to establish communication. The discovery highlights the importance of thorough network investigations, as attackers may deploy unknown samples to maintain persistence. The malware is attributed to the Charming Kitten threat actor with medium-to-high confidence based on similarities in functionality and infrastructure.
OPENCTI LABELS :
c++,charming kitten,bellaciao,bellacpp
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
BellaCPP: Discovering a new BellaCiao variant written in C++