Analysis of APT attack cases targeting domestic companies using Dora RAT (Andariel Group)
May 20, 2024, 10:35 a.m.
Tags
External References
Description
AhnLab Security Intelligence Center (ASEC) recently confirmed that the Andariel group carried out APT attacks on domestic companies and institutions. The targeted organizations included manufacturing companies, construction firms, and educational institutions. The attackers employed backdoors, keyloggers, infostealers, and proxy tools to control the infected systems and steal data. In this attack, malicious codes previously associated with the Andariel group were identified, such as Nestdoor, a backdoor malware. Additionally, web shells were detected. Although not identical, the proxy tool used in past Lazarus group attacks was also employed in this incident.
Date
Published: May 20, 2024, 10:20 a.m.
Created: May 20, 2024, 10:20 a.m.
Modified: May 20, 2024, 10:35 a.m.
Indicators
3ec2292dc5be0161d25f258f716d92e96c591ab084548679dd7b169f80b2e967
209.127.19.223
4.246.149.227
206.72.205.117
45.58.159.237
http://45.58.159.237:443
http://kmobile.bestunif.com:443
http://209.127.19.223:443
http://206.72.205.117:443
kmobile.bestunif.com
Attack Patterns
Andariel
Additional Informations
Construction
Education
Manufacturing