Analysis of APT Attack Cases Using Dora RAT Against Companies

Description

This analysis discusses an APT campaign by the Andariel threat group targeting Korean companies and educational institutions. The campaign employed various malware strains, including Nestdoor backdoor, Dora RAT, keyloggers, infostealers, and proxy tools. The attackers exploited vulnerabilities, such as Apache Tomcat and VMware Horizon's Log4Shell, for initial access and malware distribution. The report provides technical details on the malware strains, Command and Control infrastructure, and tactics utilized by the threat actors.