Analysis of APT attack cases targeting domestic companies using Dora RAT (Andariel Group)

May 20, 2024, 10:35 a.m.

Tags
apt
infostealer
2024-05-20
dora rat
nestdoor
openvpn attack
External References
Description

AhnLab Security Intelligence Center (ASEC) recently confirmed that the Andariel group carried out APT attacks on domestic companies and institutions. The targeted organizations included manufacturing companies, construction firms, and educational institutions. The attackers employed backdoors, keyloggers, infostealers, and proxy tools to control the infected systems and steal data. In this attack, malicious codes previously associated with the Andariel group were identified, such as Nestdoor, a backdoor malware. Additionally, web shells were detected. Although not identical, the proxy tool used in past Lazarus group attacks was also employed in this incident.

Date

Published: May 20, 2024, 10:20 a.m.

Created: May 20, 2024, 10:20 a.m.

Modified: May 20, 2024, 10:35 a.m.

Indicators

3ec2292dc5be0161d25f258f716d92e96c591ab084548679dd7b169f80b2e967

209.127.19.223

4.246.149.227

206.72.205.117

45.58.159.237

http://45.58.159.237:443

http://kmobile.bestunif.com:443

http://209.127.19.223:443

http://206.72.205.117:443

Download all indicators here!

Attack Patterns

Andariel

Additional Informations

Construction

Education

Manufacturing