Evasive Panda scouting cloud services
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
CloudScout is a post-compromise toolset used by Evasive Panda to target a Taiwanese government entity and religious organization between 2022 and 2023. The toolset can retrieve data from various cloud services using stolen web session cookies. It works with MgBot, Evasive Panda's malware framework, through a plugin. Three CloudScout modules were analyzed, targeting Google Drive, Gmail, and Outlook. The modules are deployed by MgBot plugins and use stolen cookies to access and exfiltrate cloud data. CloudScout's design includes a common architecture across modules and a core CommonUtilities package. The toolset demonstrates Evasive Panda's technical capabilities and focus on cloud-stored data in espionage operations.
OPENCTI LABELS :
china,apt,cyberespionage,mgbot,taiwan,cloud services,nightdoor,cookie theft,cloudscout
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Evasive Panda scouting cloud services