A Network of Harm: Gigabud Threat and Its Associates
Sept. 17, 2024, 11:58 a.m.
Tags
External References
Description
An investigation reveals a significant connection between Gigabud and Spynote malware families, targeting over 50 financial apps including banks and cryptocurrency platforms. The campaign utilizes sophisticated distribution methods, including 11 command and control servers and 79 phishing websites impersonating reputable brands. The malware, often protected by the Virbox packer, spreads through deceptive tactics and grants attackers remote control over compromised devices. The operation's global reach is evident, targeting not only Vietnamese entities but also international brands. This coordinated effort showcases a shift in focus from government impersonations to directly targeting financial institutions, posing risks to both consumer and corporate applications.
Date
Published: Sept. 17, 2024, 11:28 a.m.
Created: Sept. 17, 2024, 11:28 a.m.
Modified: Sept. 17, 2024, 11:58 a.m.
Indicators
f70049c87b787829642157cf69ed94e30bc4420a5560d8744b327ca9f0e7fdf5
eb1472d2d5828434ec488b05332f832ec0890bbdca859b8a8094fcf3662c844d
df7f06c21da998a549f1eca8b9161c0cc286b32d60344c4ac51c21cf13d1f5ea
ad8e774a3b3e9b15c3e97de105b8c0a2e04d7503f4e6c22d99ca42b259082549
cdbcabe3830bb0a71ab14cfbbae56d29b0e0cd0cf52c1f818227a334c15a137c
dcec15a02c9775a31f06a2634f51d9c9ea946529dc3acad4218ed53e45157b51
a503e0526495525ef0ce6777c681763cc3c60838e0e02fdfbac1f6c4ef5ab166
8ecd4ca7c5fc41a95ec56d5eb8df471457c07f78cb34a2888adbaf13da19e4ae
8b8bba07e8c9aafe2831690bb932289af0f15dbf26205c44044def688264562c
673a8e5a33a8afdc38847b69b9c422e3ae56f8a4f65f2ae6a1e512e11f085da5
5240dcc7fb5c2cfc6910ef7e95192da7847bb139f666ece6847f7b9b58040429
5f35569758bb6a129bea6eacdc0fa96a6ba60d7f7a2a3ae04fec1928f00523d5
35c734a5c78f08ba4ef718b80b0bd005add961588b5b28ed5d34d1a6e8c93f2c
337d20ec569f0c71272d83aefa8fd63221abe474ff21e9ab7558a2001dc906fb
2800e5f7fe3a6c479d59f2672afbd6c4724b2d8b91d5780eb6d1ebb082dca5e0
2167f5b7591900c2a99252cc1ade901082dbcf6cf15d3f08b10df2fa7ebb7d7e
14a45f6d4b58082bbb4ffc20a5052ff2b83a342925c988ab612449e577e96eb6
07aa10f0962a21feb350183a92868e9dce3cf2025e4e13af9dff53659c187fa4
ktbcs.netbank
www.drgo.cc
https://rpc.vnce6.xyz
https://rpc.vnlwe.top
https://h5.vngame.cyou
https://h5.renavnsc.com
https://h5.kindsend.cyou/
http://sock.vnsame.vip:8081
vneid.bzgo.cc
viet.xgovn.cc
viet.wgovn.cc
ethiopian.zkgo.cc
viet.vgovn.cc
ethiopian.oxgo.cc
ethiopian.orzgo.cc
ethiopian.ksgo.cc
ethiopian.kpgo.cc
ethiopian.kopgo.cc
ethiopian.kpggo.cc
ethiopian.kotgo.cc
ethiopian.kofgo.cc
ethiopian.koego.cc
ethiopian.koggo.cc
ethiopian.kodgo.cc
ethiopian.kago.cc
ethiopian.kggo.cc
dstv.xsgo.cc
dstv.atferu.com
dstv.atgo.cc
dstv.amgo.cc
dichvucong.zlgov.com
dichvucong.vnvngov.com
dichvucong.xgovn.net
dichvucong.vgovn.net
dichvucong.tkgov.com
dichvucong.thongtindancu.com
dichvucong.tgovn.cc
dichvucong.rvgov.com
dichvucong.rgovn.com
dichvucong.oggov.com
dichvucong.ogovn.com
dichvucong.lgov.net
dichvucong.kgov.net
dichvucong.kxgov.com
dichvucong.kgovn.cc
dichvucong.dulieuquocgia.com
dichvucong.hgov.cc
dichvucong.govn.cc
dichvucong.dlqg.org
dichvucong.dancuso.com
dichvucong.dancutru.com
dichvucong.dancuquocgia.net
dichvucong.dancucutru.com
dichvucong.cvgov.com
dichvucong.capnhatthongtin.com
dichvucong.bvgov.com
dichvucong.bgvgov.com
dichvucong.bcavngov.com
dichvucong.agovn.net
dichvucong.agovn.com
chinhphu.thongtincutru.org
zoomonline.cc
airways.ajgo.cc
vnthanh.com
vnoffice.vip
vnchinhphu.org
vnchinhphu.net
vnchinhphu.com
vn-eid.com
vietvn.org
vietnam-chinhphu.com
vietin.cc
vieteid.com
vietcp.com
viet-vn.com
viet-in.com
viet-eid.com
evietnam.vip
shopeeht.com
eviet.vip
dichvucong-gov.net
dichvucong-govn.com
dichvucong-gov.com
chinhphu.net
chinh-phu.com
chinh-phu.cc
sock.vnsame.vip
rpc.vnwx4.xyz
rpc.vnlwe.top
rpc.vnce6.xyz
rpc.vnjdy.top
rpc.vnloy.xyz
rpc.lxhaz.top
h5.renavnsc.com
h5.vngame.cyou
h5.kindsend.cyou
ops.namabank.com.vn
mobile.acb.com.vn
Attack Patterns
Spynote
Gigabud
Additional Informations
Finance
Government