Dboxshell

Malware updated 24 days ago (2024-11-29T13:43:18.250Z)
Download STIX
Preview STIX
DboxShell is a type of malware that uses cloud storage services as a command and control (C&C) mechanism. It is also known as PowerMagic by Kaspersky. This malicious software infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can disrupt operations, steal personal information, or even hold data for ransom. The malware was deployed in multiple operations, with variants used in OP#1 and OP#4. Upon execution of DBoxShell or its variant GraphShell, which was utilized in OP#5, the reconnaissance phase begins. This stage serves as an entry point for the attackers, allowing them to evaluate the potential interest of their targets. They use different tools during this phase to assess the value of the compromised system. In one instance, the attack involved a phishing email with a malicious attachment that downloaded a variant of DBoxShell malware onto the victim’s device. In a specific scenario, a .vbs file was found to be responsible for XORing and executing a .dat file, which contained a small loader and a variant of DBoxShell. After applying a conversion to the file, it was identified as DBoxShell. The cybersecurity firm Malwarebytes has studied this malware extensively, noting its unique utilization of cloud storage services for its C&C mechanism.
Description last updated: 2024-05-05T04:52:06.011Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Powermagic is a possible alias for Dboxshell. PowerMagic is a sophisticated malware, also known as DBoxShell, that has been linked to a series of advanced persistent threat (APT) activities. This malicious software was identified by Kaspersky researchers who traced its connections to previous APT activities such as Operation Groundbait, the Pri
2
Graphshell is a possible alias for Dboxshell. GraphShell is a malicious software (malware) that has been used in cyber-attacks to exploit and damage computer systems. It was first reported in March 2023 by the cybersecurity firm Bad Magic, which documented its use in attacks targeting Russian-occupied territories of Ukraine. The malware, also k
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Malwarebytes
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.