A Network of Harm: Gigabud Threat and Its Associates
Sept. 17, 2024, 11:58 a.m.
Description
An investigation reveals a significant connection between Gigabud and Spynote malware families, targeting over 50 financial apps including banks and cryptocurrency platforms. The campaign utilizes sophisticated distribution methods, including 11 command and control servers and 79 phishing websites impersonating reputable brands. The malware, often protected by the Virbox packer, spreads through deceptive tactics and grants attackers remote control over compromised devices. The operation's global reach is evident, targeting not only Vietnamese entities but also international brands. This coordinated effort showcases a shift in focus from government impersonations to directly targeting financial institutions, posing risks to both consumer and corporate applications.
Tags
Date
- Created: Sept. 17, 2024, 11:28 a.m.
- Published: Sept. 17, 2024, 11:28 a.m.
- Modified: Sept. 17, 2024, 11:58 a.m.
Indicators
- f70049c87b787829642157cf69ed94e30bc4420a5560d8744b327ca9f0e7fdf5
- eb1472d2d5828434ec488b05332f832ec0890bbdca859b8a8094fcf3662c844d
- df7f06c21da998a549f1eca8b9161c0cc286b32d60344c4ac51c21cf13d1f5ea
- ad8e774a3b3e9b15c3e97de105b8c0a2e04d7503f4e6c22d99ca42b259082549
- cdbcabe3830bb0a71ab14cfbbae56d29b0e0cd0cf52c1f818227a334c15a137c
- dcec15a02c9775a31f06a2634f51d9c9ea946529dc3acad4218ed53e45157b51
- a503e0526495525ef0ce6777c681763cc3c60838e0e02fdfbac1f6c4ef5ab166
- 8ecd4ca7c5fc41a95ec56d5eb8df471457c07f78cb34a2888adbaf13da19e4ae
- 8b8bba07e8c9aafe2831690bb932289af0f15dbf26205c44044def688264562c
- 673a8e5a33a8afdc38847b69b9c422e3ae56f8a4f65f2ae6a1e512e11f085da5
- 5240dcc7fb5c2cfc6910ef7e95192da7847bb139f666ece6847f7b9b58040429
- 5f35569758bb6a129bea6eacdc0fa96a6ba60d7f7a2a3ae04fec1928f00523d5
- 35c734a5c78f08ba4ef718b80b0bd005add961588b5b28ed5d34d1a6e8c93f2c
- 337d20ec569f0c71272d83aefa8fd63221abe474ff21e9ab7558a2001dc906fb
- 2800e5f7fe3a6c479d59f2672afbd6c4724b2d8b91d5780eb6d1ebb082dca5e0
- 2167f5b7591900c2a99252cc1ade901082dbcf6cf15d3f08b10df2fa7ebb7d7e
- 14a45f6d4b58082bbb4ffc20a5052ff2b83a342925c988ab612449e577e96eb6
- 07aa10f0962a21feb350183a92868e9dce3cf2025e4e13af9dff53659c187fa4
- ktbcs.netbank
- www.drgo.cc
- https://rpc.vnce6.xyz
- https://rpc.vnlwe.top
- https://h5.vngame.cyou
- https://h5.renavnsc.com
- https://h5.kindsend.cyou/
- http://sock.vnsame.vip:8081
- vneid.bzgo.cc
- viet.xgovn.cc
- viet.wgovn.cc
- ethiopian.zkgo.cc
- viet.vgovn.cc
- ethiopian.oxgo.cc
- ethiopian.orzgo.cc
- ethiopian.ksgo.cc
- ethiopian.kpgo.cc
- ethiopian.kopgo.cc
- ethiopian.kpggo.cc
- ethiopian.kotgo.cc
- ethiopian.kofgo.cc
- ethiopian.koego.cc
- ethiopian.koggo.cc
- ethiopian.kodgo.cc
- ethiopian.kago.cc
- ethiopian.kggo.cc
- dstv.xsgo.cc
- dstv.atferu.com
- dstv.atgo.cc
- dstv.amgo.cc
- dichvucong.zlgov.com
- dichvucong.vnvngov.com
- dichvucong.xgovn.net
- dichvucong.vgovn.net
- dichvucong.tkgov.com
- dichvucong.thongtindancu.com
- dichvucong.tgovn.cc
- dichvucong.rvgov.com
- dichvucong.rgovn.com
- dichvucong.oggov.com
- dichvucong.ogovn.com
- dichvucong.lgov.net
- dichvucong.kgov.net
- dichvucong.kxgov.com
- dichvucong.kgovn.cc
- dichvucong.dulieuquocgia.com
- dichvucong.hgov.cc
- dichvucong.govn.cc
- dichvucong.dlqg.org
- dichvucong.dancuso.com
- dichvucong.dancutru.com
- dichvucong.dancuquocgia.net
- dichvucong.dancucutru.com
- dichvucong.cvgov.com
- dichvucong.capnhatthongtin.com
- dichvucong.bvgov.com
- dichvucong.bgvgov.com
- dichvucong.bcavngov.com
- dichvucong.agovn.net
- dichvucong.agovn.com
- chinhphu.thongtincutru.org
- zoomonline.cc
- airways.ajgo.cc
- vnthanh.com
- vnoffice.vip
- vnchinhphu.org
- vnchinhphu.net
- vnchinhphu.com
- vn-eid.com
- vietvn.org
- vietnam-chinhphu.com
- vietin.cc
- vieteid.com
- vietcp.com
- viet-vn.com
- viet-in.com
- viet-eid.com
- evietnam.vip
- shopeeht.com
- eviet.vip
- dichvucong-gov.net
- dichvucong-govn.com
- dichvucong-gov.com
- chinhphu.net
- chinh-phu.com
- chinh-phu.cc
- sock.vnsame.vip
- rpc.vnwx4.xyz
- rpc.vnlwe.top
- rpc.vnce6.xyz
- rpc.vnjdy.top
- rpc.vnloy.xyz
- rpc.lxhaz.top
- h5.renavnsc.com
- h5.vngame.cyou
- h5.kindsend.cyou
- ops.namabank.com.vn
- mobile.acb.com.vn
Attack Patterns
- Spynote
- Gigabud
Additional Informations
- Finance
- Government