FunnyDream

Malware Profile Updated 3 months ago

Download STIX

Preview STIX

FunnyDream is a dangerous malware campaign that started in mid-2018, specifically targeting high-profile entities in Malaysia, Taiwan, and the Philippines, with the majority of victims being located in Vietnam. The malware is designed to exploit and damage computer systems, often without the users' knowledge. Once inside a system, it can steal personal information, disrupt operations, or even hold data hostage for ransom. APT threat actors, such as CactusPete, TwoSail Junk, FunnyDream, DarkHotel, continue to exploit software vulnerabilities to gain access to targeted systems. In the case of FunnyDream, the group employed spear-phishing techniques, where victims were sent emails containing malicious attachments or links. Once clicked, the malware would then be downloaded onto their systems, allowing the perpetrators to take control. The FunnyDream campaign has continued to pose a significant threat, with attacks still ongoing in 2021. Users are advised to exercise caution when clicking on suspicious emails or downloading unfamiliar files. Additionally, it is recommended that all software updates and patches are installed promptly to minimize the risk of exploitation by cybercriminals.

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apt

Exploit

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Darkhotel	Unspecified	1	DarkHotel, also known as DUBNIUM, is a cyber threat actor that has been active since at least 2018. This group has been observed primarily targeting Japanese organizations and has recently been linked to a campaign utilizing unique Tactics, Techniques, and Procedures (TTPs). The campaign involved a
CactusPete	Unspecified	1	CactusPete, also known as Tonto Team, is a Chinese-speaking cyber-espionage group that has been active since at least 2012. Characterized by medium-level technical capabilities, CactusPete has demonstrated a significant development pace, producing more than 20 samples per month. The group primarily

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the FunnyDream Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
MITRE	a year ago	APT trends report Q1 2020