Infrastructure linking PandorahVNC and Mesh Central
Essential information
- Published
- 27/09/2024 13:22
- Modified
- 27/09/2024 13:41
- Tags
- 2024-09-27 meshcentral pandorahvnc
- Related entities
- 11 observables, 1 intrusion sets (apt), 13 techniques (mitre), 5 malware, 3 others
Description
This analysis investigates PandorahVNC, a sophisticated Hidden Virtual Network Computing tool, and its connections to a new service called AnonVNC. The report explores the online presence of the tool's creator, known as 'All_father', and examines the infrastructure used for both PandorahVNC and AnonVNC. It reveals links between these services and MeshCentral, a legitimate remote session manager. The investigation uncovers potential new developments in the creator's toolkit, including the use of MeshCentral's Mesh Agent. The report also discusses various threat actors who have leveraged PandorahVNC for malicious purposes, ranging from state-sponsored groups to cybercriminals.