Vetta Loader (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

win.vetta_loader (Back to overview)

Vetta Loader

aka: BrokerLoader, EMPTYSPACE

Vetta Loader is a persistent Loader spreading with infected USB drives. It downloads other components leveraging legit hosting services.
https://yoroi.company/wp-content/uploads/2023/12/202311-Vetta-Loader_Def-min.pdf

References

2024-01-30 ⋅ Mandiant ⋅ Diana Ion, Jae Young Kim, Muhammad Umair, Panagiotis Antoniou, Yash Gupta
Evolution of UNC4990: Uncovering USB Malware's Hidden Depths
QUIETBOARD Vetta Loader UNC4990

2023-12-06 ⋅ Carmelo Ragusa, Luigi Martire
Unveiling “Vetta Loader”: A custom loader hitting Italy and spread through infected USB Drives
Vetta Loader

2023-12-06 ⋅ Fortgale ⋅ Fortgale
Nebula Broker: offensive operations made in Italy
Vetta Loader

There is no Yara-Signature yet.

Vetta Loader Propose Change

References

Vetta Loader