A Network of Harm: Gigabud Threat and Its Associates

Sept. 17, 2024, 11:58 a.m.

Tags
phishing
cryptocurrency
spynote
banking trojan
2024-09-17
gigabud
android rat
External References
Description

An investigation reveals a significant connection between Gigabud and Spynote malware families, targeting over 50 financial apps including banks and cryptocurrency platforms. The campaign utilizes sophisticated distribution methods, including 11 command and control servers and 79 phishing websites impersonating reputable brands. The malware, often protected by the Virbox packer, spreads through deceptive tactics and grants attackers remote control over compromised devices. The operation's global reach is evident, targeting not only Vietnamese entities but also international brands. This coordinated effort showcases a shift in focus from government impersonations to directly targeting financial institutions, posing risks to both consumer and corporate applications.

Date

Published: Sept. 17, 2024, 11:28 a.m.

Created: Sept. 17, 2024, 11:28 a.m.

Modified: Sept. 17, 2024, 11:58 a.m.

Indicators

f70049c87b787829642157cf69ed94e30bc4420a5560d8744b327ca9f0e7fdf5

eb1472d2d5828434ec488b05332f832ec0890bbdca859b8a8094fcf3662c844d

df7f06c21da998a549f1eca8b9161c0cc286b32d60344c4ac51c21cf13d1f5ea

ad8e774a3b3e9b15c3e97de105b8c0a2e04d7503f4e6c22d99ca42b259082549

cdbcabe3830bb0a71ab14cfbbae56d29b0e0cd0cf52c1f818227a334c15a137c

dcec15a02c9775a31f06a2634f51d9c9ea946529dc3acad4218ed53e45157b51

a503e0526495525ef0ce6777c681763cc3c60838e0e02fdfbac1f6c4ef5ab166

8ecd4ca7c5fc41a95ec56d5eb8df471457c07f78cb34a2888adbaf13da19e4ae

8b8bba07e8c9aafe2831690bb932289af0f15dbf26205c44044def688264562c

673a8e5a33a8afdc38847b69b9c422e3ae56f8a4f65f2ae6a1e512e11f085da5

5240dcc7fb5c2cfc6910ef7e95192da7847bb139f666ece6847f7b9b58040429

5f35569758bb6a129bea6eacdc0fa96a6ba60d7f7a2a3ae04fec1928f00523d5

35c734a5c78f08ba4ef718b80b0bd005add961588b5b28ed5d34d1a6e8c93f2c

337d20ec569f0c71272d83aefa8fd63221abe474ff21e9ab7558a2001dc906fb

2800e5f7fe3a6c479d59f2672afbd6c4724b2d8b91d5780eb6d1ebb082dca5e0

2167f5b7591900c2a99252cc1ade901082dbcf6cf15d3f08b10df2fa7ebb7d7e

14a45f6d4b58082bbb4ffc20a5052ff2b83a342925c988ab612449e577e96eb6

07aa10f0962a21feb350183a92868e9dce3cf2025e4e13af9dff53659c187fa4

ktbcs.netbank

www.drgo.cc

https://rpc.vnce6.xyz

https://rpc.vnlwe.top

https://h5.vngame.cyou

https://h5.renavnsc.com

https://h5.kindsend.cyou/

http://sock.vnsame.vip:8081

Download all indicators here!

Attack Patterns

Spynote

Gigabud

Additional Informations

Finance

Government