Dboxshell

Malware updated 4 months ago (2024-05-05T05:18:14.104Z)
Download STIX
Preview STIX
DboxShell is a type of malware that uses cloud storage services as a command and control (C&C) mechanism. It is also known as PowerMagic by Kaspersky. This malicious software infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can disrupt operations, steal personal information, or even hold data for ransom. The malware was deployed in multiple operations, with variants used in OP#1 and OP#4. Upon execution of DBoxShell or its variant GraphShell, which was utilized in OP#5, the reconnaissance phase begins. This stage serves as an entry point for the attackers, allowing them to evaluate the potential interest of their targets. They use different tools during this phase to assess the value of the compromised system. In one instance, the attack involved a phishing email with a malicious attachment that downloaded a variant of DBoxShell malware onto the victim’s device. In a specific scenario, a .vbs file was found to be responsible for XORing and executing a .dat file, which contained a small loader and a variant of DBoxShell. After applying a conversion to the file, it was identified as DBoxShell. The cybersecurity firm Malwarebytes has studied this malware extensively, noting its unique utilization of cloud storage services for its C&C mechanism.
Description last updated: 2024-05-05T04:52:06.011Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Powermagic
2
PowerMagic is a sophisticated malware, also known as DBoxShell, that has been linked to a series of advanced persistent threat (APT) activities. This malicious software was identified by Kaspersky researchers who traced its connections to previous APT activities such as Operation Groundbait, the Pri
Graphshell
2
GraphShell is a malicious software (malware) that has been used in cyber-attacks to exploit and damage computer systems. It was first reported in March 2023 by the cybersecurity firm Bad Magic, which documented its use in attacks targeting Russian-occupied territories of Ukraine. The malware, also k
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Malwarebytes
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Dboxshell Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Malwarebytes
a year ago
Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020
CERT-EU
a year ago
Mysterious Red Stinger APT spying on pro-Ukraine and pro-Russia targets in Ukraine
BankInfoSecurity
a year ago
Enigmatic Hacking Group Operating in Ukraine
CERT-EU
a year ago
Enigmatic Hacking Group Operating in Ukraine | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker – National Cyber Security Consulting
CERT-EU
a year ago
A Decade of ‘Bad Magic’ In Cyber Espionage
CERT-EU
a year ago
Bad Magic's Extended Reign in Cyber Espionage Goes Back Over a Decade
CERT-EU
a year ago
New APT Group Red Stinger Targets Military and Critical Infrastructure in Eastern Europe
CERT-EU
a year ago
Newly identified APT group's motives in Ukraine baffle researchers