Gauging How Big a Threat Gigabud RAT Is through an IoC List Expansion Analysis | WhoisXML API

Threat Reports

Gauging How Big a Threat Gigabud RAT Is through an IoC List Expansion Analysis

Cyble researchers recently reported their analysis of Gigabud RAT, which served as an attack vector targeting clients of Banco de Comercio, Advice, Thai Lion Air, Shopee Thailand, SUNAT, the Department of Special Investigation (DSI) of Thailand, the Bureau of Internal Revenue (BIR) of the Philippines, and Kasikornbank.1

The researchers have identified 10 indicators of compromise (IoCs) so far, including four URLs. We expanded these URLs to 1,190 artifacts, namely:

  • Three IP addresses to which the domains resolved
  • 301 IP-connected domains, seven of which turned out to be malicious
  • 367 string-connected domains, eight of which have been dubbed malware hosts
  • 519 brand-connected domains, 11 of which were tagged malicious

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://blog.cyble.com/2023/01/19/gigabud-rat-new-android-rat-masquerading-as-government-agencies/
Try our WhoisXML API for free
Get started