216.73.217.22

Beyond Tax Returns: How Shared Malware Infrastructure Scales Brand Abuse In Indonesia

· Published 20/05/2026 12:33 · Modified 21/05/2026 16:47

Export JSON

Essential information

Published
20/05/2026 12:33
Modified
21/05/2026 16:47
Tags
2026-05-20 banking trojan brand abuse gigabud.rat goldfactory indonesia maas mmrat phishing taotie vishing
Related entities
3 observables, 1 intrusion sets (apt), 3 malware, 66 others

Description

A sophisticated fraud campaign exploiting 's tax season targeted 67 million residents through fake Coretax applications distributed via websites and WhatsApp social engineering. The threat cluster orchestrated operations using and malware families with shared infrastructure abusing over 16 trusted brands across government and financial sectors. The attack chain combines , screen recording, and remote access capabilities to achieve device compromise and unauthorized financial transfers. Estimated financial impact reaches USD 1.5-2 million nationwide, with global implications extending to USD 6 million annually across multiple countries. The industrialized malware-as-a-service infrastructure enables horizontal scaling across Thailand, Vietnam, Philippines, and South Africa, demonstrating a shift toward unified cross-border operations that systematically undermine trust in digital government services.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Observables (3)

  • 137.220.194.7
  • b0f45091e7290797be2a85032d797891064a5cd611b194534b78cb024003468d
  • 5513348df877471f81188210d2e8f2ba1c11ae087692c4ff6f64639a928c6b3d

Intrusion sets (APT) (1)

  • GoldFactory
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 02:46 · Modified 21/12/2025 02:46

Malware (3)

  • Taotie
    Family
    Published 20/05/2026 12:33 · Modified 20/05/2026 12:33
  • Gigabud.RAT
    Family
    Published 20/05/2026 12:33 · Modified 20/05/2026 12:33
  • MMRat
    Family
    Published 20/05/2026 12:33 · Modified 20/05/2026 12:33

Others (66)

  • Peru
  • South Africa
  • Philippines
  • Indonesia
  • Thailand
  • Energy
  • Finance
  • Health
  • Transport
  • Government and administrations
  • pajak.crxind.com
  • onlinecoretaxpelayanan.com
  • pajak.mzfgo.cc
  • coretax-pajakonline.com
  • newsss.cc
  • pajak.ksjvgo.cc
  • newsss.net
  • pajak.jvcid.com
  • sso-tha.net
  • taspen.xufgo.com
  • sso-tha.com
  • coretax.skjgo.com
  • coretax-registrasi.com
  • djp.otuind.cc
  • peralihancoretax.com
  • sss-gov.com
  • coretax.vfbgo.com
  • pembaharuan-coretax.com
  • coretaxpelayananonline.com
  • pajakcoretax.com
  • pajak.oeixgo.cc
  • sss-cgov.com
  • sinkronisasicoretax.com
  • sss-negov.com
  • pajak.mghgo.cc
  • coretax-peralihan.com
  • sss.slhgo.cc
  • coretaxpelayan.com
  • pelayanan-coretax.com
  • pajak.abfigo.cc
  • pajak.abbgo.cc
  • pajak.nbvgo.com
  • djp.dvhid.cc
  • coretaxonline-pajak.com
  • verifikasicoretaxonline.com
  • verifikasi-coretax.com
  • pajak.yhvgo.com
  • ngovsss.com
  • registrasi-coretax.com
  • peralihan-coretax.com
  • pajak.dkhid.cc
  • pelayananonlinecoretax.com
  • sssnegov.com
  • pajak.nsbid.com
  • pelayananonlinepajak.com
  • coretax.svzgo.cc
  • sss.sksgo.cc
  • coretax-sinkronisasi.com
  • verifikasicoretax.online
  • coretaxperalihan.com
  • sss.aqego.cc
  • sss.sligo.cc
  • coretax-pajak.online
  • pajak.mvzgo.cc
  • pajak.wpiego.cc
  • coretaxlayanan.com

External references