← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Bahamut cybermercenary group targets Android users with fake VPN apps | WeLiveSecurity
WHITE Bahamut CyberHunter_NL 2022-11-25 Modified: 2022-11-25
17
IOCs
MEDIUM VOLUME
ESET researchers have identified an active campaign by the Bahamut cybermercenary group, which targets Android users with fake VPN apps, and can extract sensitive data from their victims’ messaging apps.
bahamutdiscovery bahamutsecurechatsecurevpnscripts bahamutkeylogging bahamuttracking bahamutcapture bahamutdata bahamutlist bahamutmessages bahamutprotocols bahamutchannel bahamutbahamut spywarefigurec serveropenvpnfake securevpngoogle playsoftvpnsecurevpn appviberandroidborgeshuntertwitterchatlazarus
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
Channel Bahamut Protocols Bahamut Messages Bahamut List Bahamut Data Bahamut Capture Bahamut Tracking Bahamut Keylogging Bahamut Scripts Bahamut SecureVPN SecureChat Discovery Bahamut Bahamut
Indicators of Compromise (17)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 20e66b734fa959145a8ef75d2e6cdffb MD5 of 3144b187edf4309263ff0bcfd02c6542704145b1 2022-11-25
FileHash-MD5 babbd2b9f9267b43cd8abf8e6bca5b10 MD5 of 79bd0bdfdc3645531c6285c3eb7c24cd0d6b0faf 2022-11-25
FileHash-SHA1 1a9371b8aead5ba7d309aebe4bffb86b23e38229 2022-11-25
FileHash-SHA1 2e40f7fd49fa8538879f90a85300247fbf2f8f67 2022-11-25
FileHash-SHA1 2fbdc11613a065afbbf36a66e8f17c0d802f8347 2022-11-25
FileHash-SHA1 3144b187edf4309263ff0bcfd02c6542704145b1 2022-11-25
FileHash-SHA1 4f05482e93825e6a40af3dfe45f6226a044d8635 2022-11-25
FileHash-SHA1 79bd0bdfdc3645531c6285c3eb7c24cd0d6b0faf 2022-11-25
FileHash-SHA1 7c49c8a34d1d032606a5e9cddebb33aac86ce4a6 2022-11-25
FileHash-SHA1 976cc12b71805f4e8e49dca232e95e00432c1778 2022-11-25
FileHash-SHA1 b54fff5a7f0a279040a4499d5aabce41ea1840fb 2022-11-25
FileHash-SHA1 c74b006badbb3844843609dd5811ab2cef16d63b 2022-11-25
FileHash-SHA256 767744f41c8feb141369122e5d3d75b636ccc63ecef3865b82e8420ee44ec19b SHA256 of 79bd0bdfdc3645531c6285c3eb7c24cd0d6b0faf 2022-11-25
FileHash-SHA256 b65a8edc06bbeb598e495ccc44dc40e77ab2ef0ab11e136a0a10c24970640b42 SHA256 of 3144b187edf4309263ff0bcfd02c6542704145b1 2022-11-25
domain ft8hua063okwfdcu21pw.de 2022-11-25
domain securevpn.com 2022-11-25
domain thesecurevpn.com 2022-11-25
References (1)
↗ https://www.welivesecurity.com/2022/11/23/bahamut-cybermercenary-group-targets-android-users-fake-vpn-apps/