Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Analysis of APT Attack Cases Using Dora RAT Against Companies

May 30, 2024, 4:02 p.m.

Description

This analysis discusses an APT campaign by the Andariel threat group targeting Korean companies and educational institutions. The campaign employed various malware strains, including Nestdoor backdoor, Dora RAT, keyloggers, infostealers, and proxy tools. The attackers exploited vulnerabilities, such as Apache Tomcat and VMware Horizon's Log4Shell, for initial access and malware distribution. The report provides technical details on the malware strains, Command and Control infrastructure, and tactics utilized by the threat actors.

Date

Published: May 30, 2024, 3:37 p.m.

Created: May 30, 2024, 3:37 p.m.

Modified: May 30, 2024, 4:02 p.m.

Indicators

0995f1f2e4bb43ef7e3dcd57c06154fc812394ac214861c5e30084a215018dbe

3ec2292dc5be0161d25f258f716d92e96c591ab084548679dd7b169f80b2e967

209.127.19.223

4.246.149.227

206.72.205.117

45.58.159.237

kmobile.bestunif.com

Attack Patterns

Backdoor:Win32/Dora

Nestdoor

Andariel

T1091

T1548

T1071

T1543

T1219

T1036

T1053

T1190

T1059

CVE-2021-44228

Additional Informations

Korea, Republic of