Cloud Atlas using a new backdoor, VBCloud, to steal data
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Cloud Atlas, a threat group active since 2014, has introduced a new backdoor called VBCloud in its latest campaign targeting Eastern Europe and Central Asia. The attack chain begins with phishing emails containing malicious documents exploiting CVE-2018-0802. The infection process involves downloading and executing an HTA file, which then deploys the VBShower backdoor. VBShower installs both VBCloud and PowerShower backdoors. VBCloud replicates previous capabilities, including downloading and executing malicious plugins, communicating with cloud servers, and performing various tasks. The campaign aims to steal data from victim devices, with VBCloud collecting system information and exfiltrating files. PowerShower is used for network reconnaissance and further infiltration.
OPENCTI LABELS :
cve-2018-0802,vbcloud,vbshower
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Cloud Atlas using a new backdoor, VBCloud, to steal data