A Network of Harm: Gigabud Threat and Its Associates

Sept. 17, 2024, 11:58 a.m.

Description

An investigation reveals a significant connection between Gigabud and Spynote malware families, targeting over 50 financial apps including banks and cryptocurrency platforms. The campaign utilizes sophisticated distribution methods, including 11 command and control servers and 79 phishing websites impersonating reputable brands. The malware, often protected by the Virbox packer, spreads through deceptive tactics and grants attackers remote control over compromised devices. The operation's global reach is evident, targeting not only Vietnamese entities but also international brands. This coordinated effort showcases a shift in focus from government impersonations to directly targeting financial institutions, posing risks to both consumer and corporate applications.

External References

https://www.zimperium.com/blog/a-network-of-harm-gigabud-threat-and-its-associates
https://otx.alienvault.com/pulse/66e967f43b0ede232fa640cf
Tags
phishing
cryptocurrency
spynote
banking trojan
2024-09-17
gigabud
android rat

Date

  • Created: Sept. 17, 2024, 11:28 a.m.
  • Published: Sept. 17, 2024, 11:28 a.m.
  • Modified: Sept. 17, 2024, 11:58 a.m.

Indicators

  • f70049c87b787829642157cf69ed94e30bc4420a5560d8744b327ca9f0e7fdf5
  • eb1472d2d5828434ec488b05332f832ec0890bbdca859b8a8094fcf3662c844d
  • df7f06c21da998a549f1eca8b9161c0cc286b32d60344c4ac51c21cf13d1f5ea
  • ad8e774a3b3e9b15c3e97de105b8c0a2e04d7503f4e6c22d99ca42b259082549
  • cdbcabe3830bb0a71ab14cfbbae56d29b0e0cd0cf52c1f818227a334c15a137c
  • dcec15a02c9775a31f06a2634f51d9c9ea946529dc3acad4218ed53e45157b51
  • a503e0526495525ef0ce6777c681763cc3c60838e0e02fdfbac1f6c4ef5ab166
  • 8ecd4ca7c5fc41a95ec56d5eb8df471457c07f78cb34a2888adbaf13da19e4ae
  • 8b8bba07e8c9aafe2831690bb932289af0f15dbf26205c44044def688264562c
  • 673a8e5a33a8afdc38847b69b9c422e3ae56f8a4f65f2ae6a1e512e11f085da5
  • 5240dcc7fb5c2cfc6910ef7e95192da7847bb139f666ece6847f7b9b58040429
  • 5f35569758bb6a129bea6eacdc0fa96a6ba60d7f7a2a3ae04fec1928f00523d5
  • 35c734a5c78f08ba4ef718b80b0bd005add961588b5b28ed5d34d1a6e8c93f2c
  • 337d20ec569f0c71272d83aefa8fd63221abe474ff21e9ab7558a2001dc906fb
  • 2800e5f7fe3a6c479d59f2672afbd6c4724b2d8b91d5780eb6d1ebb082dca5e0
  • 2167f5b7591900c2a99252cc1ade901082dbcf6cf15d3f08b10df2fa7ebb7d7e
  • 14a45f6d4b58082bbb4ffc20a5052ff2b83a342925c988ab612449e577e96eb6
  • 07aa10f0962a21feb350183a92868e9dce3cf2025e4e13af9dff53659c187fa4
  • ktbcs.netbank
  • www.drgo.cc
  • https://rpc.vnce6.xyz
  • https://rpc.vnlwe.top
  • https://h5.vngame.cyou
  • https://h5.renavnsc.com
  • https://h5.kindsend.cyou/
  • http://sock.vnsame.vip:8081
  • vneid.bzgo.cc
  • viet.xgovn.cc
  • viet.wgovn.cc
  • ethiopian.zkgo.cc
  • viet.vgovn.cc
  • ethiopian.oxgo.cc
  • ethiopian.orzgo.cc
  • ethiopian.ksgo.cc
  • ethiopian.kpgo.cc
  • ethiopian.kopgo.cc
  • ethiopian.kpggo.cc
  • ethiopian.kotgo.cc
  • ethiopian.kofgo.cc
  • ethiopian.koego.cc
  • ethiopian.koggo.cc
  • ethiopian.kodgo.cc
  • ethiopian.kago.cc
  • ethiopian.kggo.cc
  • dstv.xsgo.cc
  • dstv.atferu.com
  • dstv.atgo.cc
  • dstv.amgo.cc
  • dichvucong.zlgov.com
  • dichvucong.vnvngov.com
  • dichvucong.xgovn.net
  • dichvucong.vgovn.net
  • dichvucong.tkgov.com
  • dichvucong.thongtindancu.com
  • dichvucong.tgovn.cc
  • dichvucong.rvgov.com
  • dichvucong.rgovn.com
  • dichvucong.oggov.com
  • dichvucong.ogovn.com
  • dichvucong.lgov.net
  • dichvucong.kgov.net
  • dichvucong.kxgov.com
  • dichvucong.kgovn.cc
  • dichvucong.dulieuquocgia.com
  • dichvucong.hgov.cc
  • dichvucong.govn.cc
  • dichvucong.dlqg.org
  • dichvucong.dancuso.com
  • dichvucong.dancutru.com
  • dichvucong.dancuquocgia.net
  • dichvucong.dancucutru.com
  • dichvucong.cvgov.com
  • dichvucong.capnhatthongtin.com
  • dichvucong.bvgov.com
  • dichvucong.bgvgov.com
  • dichvucong.bcavngov.com
  • dichvucong.agovn.net
  • dichvucong.agovn.com
  • chinhphu.thongtincutru.org
  • zoomonline.cc
  • airways.ajgo.cc
  • vnthanh.com
  • vnoffice.vip
  • vnchinhphu.org
  • vnchinhphu.net
  • vnchinhphu.com
  • vn-eid.com
  • vietvn.org
  • vietnam-chinhphu.com
  • vietin.cc
  • vieteid.com
  • vietcp.com
  • viet-vn.com
  • viet-in.com
  • viet-eid.com
  • evietnam.vip
  • shopeeht.com
  • eviet.vip
  • dichvucong-gov.net
  • dichvucong-govn.com
  • dichvucong-gov.com
  • chinhphu.net
  • chinh-phu.com
  • chinh-phu.cc
  • sock.vnsame.vip
  • rpc.vnwx4.xyz
  • rpc.vnlwe.top
  • rpc.vnce6.xyz
  • rpc.vnjdy.top
  • rpc.vnloy.xyz
  • rpc.lxhaz.top
  • h5.renavnsc.com
  • h5.vngame.cyou
  • h5.kindsend.cyou
  • ops.namabank.com.vn
  • mobile.acb.com.vn
Download all indicators here!

Attack Patterns

  • Spynote
  • Gigabud

Additional Informations

  • Finance
  • Government