Description
This analysis discusses an APT campaign by the Andariel threat group targeting Korean companies and educational institutions. The campaign employed various malware strains, including Nestdoor backdoor, Dora RAT, keyloggers, infostealers, and proxy tools. The attackers exploited vulnerabilities, such as Apache Tomcat and VMware Horizon's Log4Shell, for initial access and malware distribution. The report provides technical details on the malware strains, Command and Control infrastructure, and tactics utilized by the threat actors.
Date
| Published | Created | Modified |
|---|---|---|
| May 30, 2024, 3:37 p.m. | May 30, 2024, 3:37 p.m. | May 30, 2024, 4:02 p.m. |
Indicators
0995f1f2e4bb43ef7e3dcd57c06154fc812394ac214861c5e30084a215018dbe
3ec2292dc5be0161d25f258f716d92e96c591ab084548679dd7b169f80b2e967
209.127.19.223
4.246.149.227
206.72.205.117
45.58.159.237
Attack Patterns
Backdoor:Win32/Dora
Nestdoor
Andariel
T1091
T1548
T1071
T1543
T1219
T1036
T1053
T1190
T1059
CVE-2021-44228
Additional Informations
Korea, Republic of