← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
New Malware Campaign Targets LetsVPN Users
WHITE AlienVault 2023-06-19 Modified: 2023-06-19
24
IOCs
MEDIUM VOLUME
Recently, researchers discovered the existence of numerous counterfeit LetsVPN websites while conducting a routine threat-hunting exercise. These fraudulent sites share a common user interface and are deliberately designed to distribute malware, masquerading as the genuine LetsVPN application.
farfliblackmoonwindowsfarfli backdoorkeyloggingphishingbackdoor.farfliweb injectionvpnletsgoaccount hijackingbackdoorgamingspywarekingsoftletsgo networkletsvpnremote accesscrilletsvpn websitekrbanker
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
BlackMoon Farfli
Indicators of Compromise (24)
All URL domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
URL https://latavpn.world/letsvpn-latest.exe 2023-06-19
domain latavpn.world 2023-06-19
FileHash-MD5 1064ebc1de3f748be48c401dee85d686 2023-06-19
FileHash-MD5 34028e2d59d73ba916600cecd5334c4b 2023-06-19
FileHash-MD5 4de841949ede68d74507f545ea3e04c6 2023-06-19
FileHash-MD5 4e1d8f2e812c925ba8655cb6e052649e 2023-06-19
FileHash-MD5 e84192f3f3a1f74ac6b4b7a12309225c MD5 of 51fc61ce15b2c0fbd44608dd0a0667a505c2d40c 2023-06-19
FileHash-SHA1 0f5ae81e62bc2debef540c33b88912c9c5592452 2023-06-19
FileHash-SHA1 4e6575aefaaec7386a2b49201d065bf570ef920b 2023-06-19
FileHash-SHA1 51fc61ce15b2c0fbd44608dd0a0667a505c2d40c 2023-06-19
FileHash-SHA1 9b5a9d80581eb434cbc2365c89761f1712f6bafa 2023-06-19
FileHash-SHA1 d6cfeedb11025b1ae0f479f33fb60cc764661927 2023-06-19
FileHash-SHA256 881882113fce1ccd6c236e9c23ae5d25638bf7d2930772d7b01f627156558d2e 2023-06-19
FileHash-SHA256 888d47d26e861c10e1df3ff81dac7c198e5edd4092b03eaf45c0ba329890e50a SHA256 of 51fc61ce15b2c0fbd44608dd0a0667a505c2d40c 2023-06-19
FileHash-SHA256 90701156e937348a1f3d2ad50f0f38b4071acaaa38f4d58a91889153317443c2 2023-06-19
FileHash-SHA256 ba93f686849659e446821b6d19edf43775a28d93975eed14a68a8102b6486927 2023-06-19
FileHash-SHA256 decc5c92b09bb6ef97ad68caf0ec802c530aa8974cd6a90ab313c8a309bf27f3 2023-06-19
URL https://letevpn.world/kuailian.zip 2023-06-19
URL https://letsvpnaa.com/letsv-vpn3.2.5.exe 2023-06-19
domain lestvpn.com 2023-06-19
domain letevpn.world 2023-06-19
domain letsvpn.club 2023-06-19
domain letsvpn.cyou 2023-06-19
domain letsvpnaa.com 2023-06-19
References (1)
↗ https://blog.cyble.com/2023/06/16/new-malware-campaign-targets-letsvpn-users/