Trusted Design

Infected Korean Website Installs Banking Malware

概要

On September 18, 2015, we saw an activity on koreatimes.com where we captured a malicious binary. We investigated further and found that this campaign is specifically targeted to Korean sites and Korean banks. The payload we got also specifically targets Korean banks by modifying the infected systems hosts file to redirect traffic from Korean banks to its controlled server. This means the attacker can craft a phishing website without the user knowing it is visiting a phishing site. It also targets Ahnlab by killing processes and deleting files specific to the software. Ahnlab is a popular antivirus software in South Korea.

Created: 2026-02-23

Indicators

類似Pulses

Updated Blackmoon banking Trojan (score: 0.73)
TROJ_WERDLOD: New Banking Trojan Targets Japan (score: 0.68)
Android banking malware masquerades as Flash Player (score: 0.64)
FortiGuard Lion: A Peek into BlackMoon’s Sustained Attacks against South Korea (score: 0.64)
Phishing malware - Standard Bank SA (score: 0.64)

このPulseに関連する脅威アクター (事実ベース)

Sidewinder

Score: 6.57

Matched TTPs:

T1598.003 - Spearphishing Link
T1057 - Process Discovery
T1124 - System Time Discovery

MITREへのリンク →

Scattered Spider

Score: 8.42

Matched TTPs:

T1598.003 - Spearphishing Link
T1657 - Financial Theft
T1598 - Phishing for Information

MITREへのリンク →

Mustang Panda

Score: 14.59

Matched TTPs:

T1598.003 - Spearphishing Link
T1608.001 - Upload Malware
T1070.006 - Timestomp
T1057 - Process Discovery
T1046 - Network Service Discovery
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Sandworm Team

Score: 7.36

Matched TTPs:

T1598.003 - Spearphishing Link
T1608.001 - Upload Malware
T1195.002 - Compromise Software Supply Chain

MITREへのリンク →

ZIRCONIUM

Score: 8.49

Matched TTPs:

T1598.003 - Spearphishing Link
T1598 - Phishing for Information
T1124 - System Time Discovery

MITREへのリンク →

APT32

Score: 15.85

Matched TTPs:

T1598.003 - Spearphishing Link
T1608.001 - Upload Malware
T1070.006 - Timestomp
T1218.010 - Regsvr32
T1189 - Drive-by Compromise
T1046 - Network Service Discovery
T1569.002 - Service Execution

MITREへのリンク →

Kimsuky

Score: 17.40

Matched TTPs:

T1598.003 - Spearphishing Link
T1608.001 - Upload Malware
T1070.006 - Timestomp
T1657 - Financial Theft
T1057 - Process Discovery
T1218.010 - Regsvr32
T1598 - Phishing for Information

MITREへのリンク →

Magic Hound

Score: 10.03

Matched TTPs:

T1598.003 - Spearphishing Link
T1057 - Process Discovery
T1189 - Drive-by Compromise
T1046 - Network Service Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT28

Score: 20.19

Matched TTPs:

T1598.003 - Spearphishing Link
T1070.006 - Timestomp
T1057 - Process Discovery
T1598 - Phishing for Information
T1189 - Drive-by Compromise
T1550.001 - Application Access Token
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

Star Blizzard

Score: 4.43

Matched TTPs:

T1598.003 - Spearphishing Link
T1608.001 - Upload Malware

MITREへのリンク →

Moonstone Sleet

Score: 15.72

Matched TTPs:

T1598.003 - Spearphishing Link
T1608.001 - Upload Malware
T1195.002 - Compromise Software Supply Chain
T1598 - Phishing for Information
T1569.002 - Service Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

CURIUM

Score: 9.34

Matched TTPs:

T1598.003 - Spearphishing Link
T1189 - Drive-by Compromise
T1124 - System Time Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

Dragonfly

Score: 7.15

Matched TTPs:

T1598.003 - Spearphishing Link
T1195.002 - Compromise Software Supply Chain
T1189 - Drive-by Compromise

MITREへのリンク →

Patchwork

Score: 4.22

Matched TTPs:

T1598.003 - Spearphishing Link
T1189 - Drive-by Compromise

MITREへのリンク →

APT39

Score: 15.47

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1056 - Input Capture
T1046 - Network Service Discovery
T1569.002 - Service Execution
T1090.001 - Internal Proxy

MITREへのリンク →

TA2541

Score: 5.12

Matched TTPs:

T1608.001 - Upload Malware
T1027.015 - Compression

MITREへのリンク →

Earth Lusca

Score: 5.26

Matched TTPs:

T1608.001 - Upload Malware
T1057 - Process Discovery
T1189 - Drive-by Compromise

MITREへのリンク →

Mustard Tempest

Score: 3.74

Matched TTPs:

T1608.001 - Upload Malware
T1189 - Drive-by Compromise

MITREへのリンク →

OilRig

Score: 7.78

Matched TTPs:

T1608.001 - Upload Malware
T1057 - Process Discovery
T1046 - Network Service Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

TeamTNT

Score: 5.26

Matched TTPs:

T1608.001 - Upload Malware
T1057 - Process Discovery
T1046 - Network Service Discovery

MITREへのリンク →

Gamaredon Group

Score: 6.64

Matched TTPs:

T1608.001 - Upload Malware
T1057 - Process Discovery
T1027.015 - Compression

MITREへのリンク →

Threat Group-3390

Score: 11.58

Matched TTPs:

T1608.001 - Upload Malware
T1195.002 - Compromise Software Supply Chain
T1189 - Drive-by Compromise
T1046 - Network Service Discovery
T1027.015 - Compression

MITREへのリンク →

BlackByte

Score: 6.14

Matched TTPs:

T1608.001 - Upload Malware
T1046 - Network Service Discovery
T1569.002 - Service Execution

MITREへのリンク →

HEXANE

Score: 3.49

Matched TTPs:

T1608.001 - Upload Malware
T1057 - Process Discovery

MITREへのリンク →

Contagious Interview

Score: 7.02

Matched TTPs:

T1608.001 - Upload Malware
T1657 - Financial Theft
T1566.003 - Spearphishing via Service

MITREへのリンク →

FIN7

Score: 15.95

Matched TTPs:

T1608.001 - Upload Malware
T1674 - Input Injection
T1057 - Process Discovery
T1195.002 - Compromise Software Supply Chain
T1569.002 - Service Execution
T1124 - System Time Discovery

MITREへのリンク →

EXOTIC LILY

Score: 4.50

Matched TTPs:

T1608.001 - Upload Malware
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT42

Score: 5.82

Matched TTPs:

T1608.001 - Upload Malware
T1056 - Input Capture

MITREへのリンク →

APT5

Score: 4.26

Matched TTPs:

T1070.006 - Timestomp
T1057 - Process Discovery

MITREへのリンク →

UNC3886

Score: 6.86

Matched TTPs:

T1070.006 - Timestomp
T1057 - Process Discovery
T1124 - System Time Discovery

MITREへのリンク →

APT38

Score: 12.05

Matched TTPs:

T1070.006 - Timestomp
T1057 - Process Discovery
T1189 - Drive-by Compromise
T1569.002 - Service Execution
T1529 - System Shutdown/Reboot

MITREへのリンク →

APT29

Score: 9.81

Matched TTPs:

T1070.006 - Timestomp
T1090.004 - Domain Fronting
T1566.003 - Spearphishing via Service

MITREへのリンク →

Chimera

Score: 11.02

Matched TTPs:

T1070.006 - Timestomp
T1057 - Process Discovery
T1046 - Network Service Discovery
T1569.002 - Service Execution
T1124 - System Time Discovery

MITREへのリンク →

Lazarus Group

Score: 23.59

Matched TTPs:

T1070.006 - Timestomp
T1057 - Process Discovery
T1189 - Drive-by Compromise
T1046 - Network Service Discovery
T1027.007 - Dynamic API Resolution
T1124 - System Time Discovery
T1566.003 - Spearphishing via Service
T1090.001 - Internal Proxy
T1529 - System Shutdown/Reboot

MITREへのリンク →

Rocke

Score: 6.03

Matched TTPs:

T1070.006 - Timestomp
T1057 - Process Discovery
T1046 - Network Service Discovery

MITREへのリンク →

INC Ransom

Score: 6.69

Matched TTPs:

T1657 - Financial Theft
T1046 - Network Service Discovery
T1569.002 - Service Execution

MITREへのリンク →

FIN13

Score: 7.22

Matched TTPs:

T1657 - Financial Theft
T1046 - Network Service Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

Storm-0501

Score: 6.79

Matched TTPs:

T1657 - Financial Theft
T1057 - Process Discovery
T1218.010 - Regsvr32

MITREへのリンク →

Medusa Group

Score: 16.36

Matched TTPs:

T1657 - Financial Theft
T1057 - Process Discovery
T1046 - Network Service Discovery
T1569.002 - Service Execution
T1529 - System Shutdown/Reboot
T1218.014 - MMC

MITREへのリンク →

Play

Score: 4.04

Matched TTPs:

T1657 - Financial Theft
T1057 - Process Discovery

MITREへのリンク →

Windshift

Score: 5.81

Matched TTPs:

T1057 - Process Discovery
T1189 - Drive-by Compromise
T1566.003 - Spearphishing via Service

MITREへのリンク →

Volt Typhoon

Score: 8.80

Matched TTPs:

T1057 - Process Discovery
T1046 - Network Service Discovery
T1124 - System Time Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

Tropic Trooper

Score: 3.28

Matched TTPs:

T1057 - Process Discovery
T1046 - Network Service Discovery

MITREへのリンク →

Deep Panda

Score: 4.26

Matched TTPs:

T1057 - Process Discovery
T1218.010 - Regsvr32

MITREへのリンク →

HAFNIUM

Score: 5.65

Matched TTPs:

T1057 - Process Discovery
T1550.001 - Application Access Token

MITREへのリンク →

Darkhotel

Score: 5.87

Matched TTPs:

T1057 - Process Discovery
T1189 - Drive-by Compromise
T1124 - System Time Discovery

MITREへのリンク →

Andariel

Score: 3.28

Matched TTPs:

T1057 - Process Discovery
T1189 - Drive-by Compromise

MITREへのリンク →

Molerats

Score: 4.67

Matched TTPs:

T1057 - Process Discovery
T1027.015 - Compression

MITREへのリンク →

ToddyCat

Score: 4.04

Matched TTPs:

T1057 - Process Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

Turla

Score: 8.80

Matched TTPs:

T1057 - Process Discovery
T1189 - Drive-by Compromise
T1124 - System Time Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

APT37

Score: 6.90

Matched TTPs:

T1057 - Process Discovery
T1189 - Drive-by Compromise
T1529 - System Shutdown/Reboot

MITREへのリンク →

Higaisa

Score: 10.19

Matched TTPs:

T1057 - Process Discovery
T1124 - System Time Discovery
T1090.001 - Internal Proxy
T1027.015 - Compression

MITREへのリンク →

Ke3chang

Score: 3.92

Matched TTPs:

T1057 - Process Discovery
T1569.002 - Service Execution

MITREへのリンク →

Inception

Score: 4.26

Matched TTPs:

T1057 - Process Discovery
T1218.010 - Regsvr32

MITREへのリンク →

Cobalt Group

Score: 7.44

Matched TTPs:

T1218.010 - Regsvr32
T1195.002 - Compromise Software Supply Chain
T1046 - Network Service Discovery

MITREへのリンク →

Blue Mockingbird

Score: 9.68

Matched TTPs:

T1218.010 - Regsvr32
T1569.002 - Service Execution
T1574.012 - COR_PROFILER

MITREへのリンク →

Leviathan

Score: 7.66

Matched TTPs:

T1218.010 - Regsvr32
T1189 - Drive-by Compromise
T1027.015 - Compression

MITREへのリンク →

APT19

Score: 4.51

Matched TTPs:

T1218.010 - Regsvr32
T1189 - Drive-by Compromise

MITREへのリンク →

Storm-1811

Score: 6.37

Matched TTPs:

T1056 - Input Capture
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT41

Score: 7.09

Matched TTPs:

T1195.002 - Compromise Software Supply Chain
T1046 - Network Service Discovery
T1569.002 - Service Execution

MITREへのリンク →

Daggerfly

Score: 4.69

Matched TTPs:

T1195.002 - Compromise Software Supply Chain
T1189 - Drive-by Compromise

MITREへのリンク →

Dark Caracal

Score: 4.29

Matched TTPs:

T1189 - Drive-by Compromise
T1566.003 - Spearphishing via Service

MITREへのリンク →

BRONZE BUTLER

Score: 4.36

Matched TTPs:

T1189 - Drive-by Compromise
T1124 - System Time Discovery

MITREへのリンク →

Leafminer

Score: 3.53

Matched TTPs:

T1189 - Drive-by Compromise
T1046 - Network Service Discovery

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Strider

Score: 7.06

Matched TTPs:

T1564.005 - Hidden File System
T1090.001 - Internal Proxy

MITREへのリンク →

FIN6

Score: 6.69

Matched TTPs:

T1046 - Network Service Discovery
T1569.002 - Service Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

Lotus Blossom

Score: 4.69

Matched TTPs:

T1046 - Network Service Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

Velvet Ant

Score: 9.46

Matched TTPs:

T1569.002 - Service Execution
T1090.001 - Internal Proxy
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

Mofang

Score: 3.15

Matched TTPs:

T1027.015 - Compression

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.83

Matched TTPs:

T1057 - Process Discovery
T1566.003 - Spearphishing via Service
T1070.006 - Timestomp
T1090.001 - Internal Proxy
T1124 - System Time Discovery
T1189 - Drive-by Compromise
T1046 - Network Service Discovery
T1027.007 - Dynamic API Resolution
T1529 - System Shutdown/Reboot

MITREへのリンク →

APT28

Score: 0.71

Matched TTPs:

T1211 - Exploitation for Defense Evasion
T1598 - Phishing for Information
T1057 - Process Discovery
T1550.001 - Application Access Token
T1070.006 - Timestomp
T1598.003 - Spearphishing Link
T1189 - Drive-by Compromise

MITREへのリンク →

Kimsuky

Score: 0.65

Matched TTPs:

T1657 - Financial Theft
T1057 - Process Discovery
T1598 - Phishing for Information
T1070.006 - Timestomp
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1608.001 - Upload Malware

MITREへのリンク →

FIN7

Score: 0.63

Matched TTPs:

T1057 - Process Discovery
T1124 - System Time Discovery
T1569.002 - Service Execution
T1608.001 - Upload Malware
T1674 - Input Injection
T1195.002 - Compromise Software Supply Chain

MITREへのリンク →

Moonstone Sleet

Score: 0.61

Matched TTPs:

T1598 - Phishing for Information
T1566.003 - Spearphishing via Service
T1598.003 - Spearphishing Link
T1569.002 - Service Execution
T1608.001 - Upload Malware
T1195.002 - Compromise Software Supply Chain

MITREへのリンク →

Medusa Group

Score: 0.60

Matched TTPs:

T1657 - Financial Theft
T1057 - Process Discovery
T1218.014 - MMC
T1569.002 - Service Execution
T1046 - Network Service Discovery
T1529 - System Shutdown/Reboot

MITREへのリンク →

APT32

Score: 0.58

Matched TTPs:

T1070.006 - Timestomp
T1598.003 - Spearphishing Link
T1569.002 - Service Execution
T1218.010 - Regsvr32
T1189 - Drive-by Compromise
T1046 - Network Service Discovery
T1608.001 - Upload Malware

MITREへのリンク →

APT39

Score: 0.57

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1090.001 - Internal Proxy
T1569.002 - Service Execution
T1056 - Input Capture
T1046 - Network Service Discovery

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る