Trusted Design

Infected Korean Website Installs Banking Malware

概要

On September 18, 2015, we saw an activity on koreatimes.com where we captured a malicious binary. We investigated further and found that this campaign is specifically targeted to Korean sites and Korean banks. The payload we got also specifically targets Korean banks by modifying the infected systems hosts file to redirect traffic from Korean banks to its controlled server. This means the attacker can craft a phishing website without the user knowing it is visiting a phishing site. It also targets Ahnlab by killing processes and deleting files specific to the software. Ahnlab is a popular antivirus software in South Korea.

Created: 2026-02-23

Indicators

類似Pulses

Updated Blackmoon banking Trojan (score: 0.73)
TROJ_WERDLOD: New Banking Trojan Targets Japan (score: 0.68)
Android banking malware masquerades as Flash Player (score: 0.64)
FortiGuard Lion: A Peek into BlackMoon’s Sustained Attacks against South Korea (score: 0.64)
Phishing malware - Standard Bank SA (score: 0.64)

このPulseに関連する脅威アクター (事実ベース)

Sidewinder

Score: 6.57

Matched TTPs:

T1566.002 - Spearphishing Link
T1583.006 - Web Services
T1578.001 - Create Snapshot

MITREへのリンク →

Scattered Spider

Score: 8.42

Matched TTPs:

T1566.002 - Spearphishing Link
T1552.003 - Shell History
T1197 - BITS Jobs

MITREへのリンク →

Mustang Panda

Score: 14.59

Matched TTPs:

T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1567.004 - Exfiltration Over Webhook
T1583.006 - Web Services
T1209 - Time Providers
T1055.005 - Thread Local Storage

MITREへのリンク →

Sandworm Team

Score: 7.36

Matched TTPs:

T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1573 - Encrypted Channel

MITREへのリンク →

ZIRCONIUM

Score: 8.49

Matched TTPs:

T1566.002 - Spearphishing Link
T1197 - BITS Jobs
T1578.001 - Create Snapshot

MITREへのリンク →

APT32

Score: 15.85

Matched TTPs:

T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1567.004 - Exfiltration Over Webhook
T1027.014 - Polymorphic Code
T1059.012 - Hypervisor CLI
T1209 - Time Providers
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Kimsuky

Score: 17.40

Matched TTPs:

T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1567.004 - Exfiltration Over Webhook
T1552.003 - Shell History
T1583.006 - Web Services
T1027.014 - Polymorphic Code
T1197 - BITS Jobs

MITREへのリンク →

Magic Hound

Score: 10.03

Matched TTPs:

T1566.002 - Spearphishing Link
T1583.006 - Web Services
T1059.012 - Hypervisor CLI
T1209 - Time Providers
T1547.008 - LSASS Driver

MITREへのリンク →

APT28

Score: 20.19

Matched TTPs:

T1566.002 - Spearphishing Link
T1567.004 - Exfiltration Over Webhook
T1583.006 - Web Services
T1197 - BITS Jobs
T1059.012 - Hypervisor CLI
T1055.008 - Ptrace System Calls
T1566.003 - Spearphishing via Service

MITREへのリンク →

Star Blizzard

Score: 4.43

Matched TTPs:

T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media

MITREへのリンク →

Moonstone Sleet

Score: 15.72

Matched TTPs:

T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1573 - Encrypted Channel
T1197 - BITS Jobs
T1027.007 - Dynamic API Resolution
T1547.008 - LSASS Driver

MITREへのリンク →

CURIUM

Score: 9.34

Matched TTPs:

T1566.002 - Spearphishing Link
T1059.012 - Hypervisor CLI
T1578.001 - Create Snapshot
T1547.008 - LSASS Driver

MITREへのリンク →

Dragonfly

Score: 7.15

Matched TTPs:

T1566.002 - Spearphishing Link
T1573 - Encrypted Channel
T1059.012 - Hypervisor CLI

MITREへのリンク →

Patchwork

Score: 4.22

Matched TTPs:

T1566.002 - Spearphishing Link
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT39

Score: 15.47

Matched TTPs:

T1499.002 - Service Exhaustion Flood
T1599 - Network Boundary Bridging
T1209 - Time Providers
T1027.007 - Dynamic API Resolution
T1569.002 - Service Execution

MITREへのリンク →

TA2541

Score: 5.12

Matched TTPs:

T1091 - Replication Through Removable Media
T1546.017 - Udev Rules

MITREへのリンク →

Earth Lusca

Score: 5.26

Matched TTPs:

T1091 - Replication Through Removable Media
T1583.006 - Web Services
T1059.012 - Hypervisor CLI

MITREへのリンク →

Mustard Tempest

Score: 3.74

Matched TTPs:

T1091 - Replication Through Removable Media
T1059.012 - Hypervisor CLI

MITREへのリンク →

OilRig

Score: 7.78

Matched TTPs:

T1091 - Replication Through Removable Media
T1583.006 - Web Services
T1209 - Time Providers
T1547.008 - LSASS Driver

MITREへのリンク →

TeamTNT

Score: 5.26

Matched TTPs:

T1091 - Replication Through Removable Media
T1583.006 - Web Services
T1209 - Time Providers

MITREへのリンク →

Gamaredon Group

Score: 6.64

Matched TTPs:

T1091 - Replication Through Removable Media
T1583.006 - Web Services
T1546.017 - Udev Rules

MITREへのリンク →

Threat Group-3390

Score: 11.58

Matched TTPs:

T1091 - Replication Through Removable Media
T1573 - Encrypted Channel
T1059.012 - Hypervisor CLI
T1209 - Time Providers
T1546.017 - Udev Rules

MITREへのリンク →

BlackByte

Score: 6.14

Matched TTPs:

T1091 - Replication Through Removable Media
T1209 - Time Providers
T1027.007 - Dynamic API Resolution

MITREへのリンク →

HEXANE

Score: 3.49

Matched TTPs:

T1091 - Replication Through Removable Media
T1583.006 - Web Services

MITREへのリンク →

Contagious Interview

Score: 7.02

Matched TTPs:

T1091 - Replication Through Removable Media
T1552.003 - Shell History
T1547.008 - LSASS Driver

MITREへのリンク →

FIN7

Score: 15.95

Matched TTPs:

T1091 - Replication Through Removable Media
T1011.001 - Exfiltration Over Bluetooth
T1583.006 - Web Services
T1573 - Encrypted Channel
T1027.007 - Dynamic API Resolution
T1578.001 - Create Snapshot

MITREへのリンク →

EXOTIC LILY

Score: 4.50

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.008 - LSASS Driver

MITREへのリンク →

APT42

Score: 5.82

Matched TTPs:

T1091 - Replication Through Removable Media
T1599 - Network Boundary Bridging

MITREへのリンク →

APT5

Score: 4.26

Matched TTPs:

T1567.004 - Exfiltration Over Webhook
T1583.006 - Web Services

MITREへのリンク →

UNC3886

Score: 6.86

Matched TTPs:

T1567.004 - Exfiltration Over Webhook
T1583.006 - Web Services
T1578.001 - Create Snapshot

MITREへのリンク →

APT38

Score: 12.05

Matched TTPs:

T1567.004 - Exfiltration Over Webhook
T1583.006 - Web Services
T1059.012 - Hypervisor CLI
T1027.007 - Dynamic API Resolution
T1216 - System Script Proxy Execution

MITREへのリンク →

APT29

Score: 9.81

Matched TTPs:

T1567.004 - Exfiltration Over Webhook
T1218.009 - Regsvcs/Regasm
T1547.008 - LSASS Driver

MITREへのリンク →

Chimera

Score: 11.02

Matched TTPs:

T1567.004 - Exfiltration Over Webhook
T1583.006 - Web Services
T1209 - Time Providers
T1027.007 - Dynamic API Resolution
T1578.001 - Create Snapshot

MITREへのリンク →

Lazarus Group

Score: 23.59

Matched TTPs:

T1567.004 - Exfiltration Over Webhook
T1583.006 - Web Services
T1059.012 - Hypervisor CLI
T1209 - Time Providers
T1055.005 - Thread Local Storage
T1578.001 - Create Snapshot
T1547.008 - LSASS Driver
T1569.002 - Service Execution
T1216 - System Script Proxy Execution

MITREへのリンク →

Rocke

Score: 6.03

Matched TTPs:

T1567.004 - Exfiltration Over Webhook
T1583.006 - Web Services
T1209 - Time Providers

MITREへのリンク →

INC Ransom

Score: 6.69

Matched TTPs:

T1552.003 - Shell History
T1209 - Time Providers
T1027.007 - Dynamic API Resolution

MITREへのリンク →

FIN13

Score: 7.22

Matched TTPs:

T1552.003 - Shell History
T1209 - Time Providers
T1569.002 - Service Execution

MITREへのリンク →

Storm-0501

Score: 6.79

Matched TTPs:

T1552.003 - Shell History
T1583.006 - Web Services
T1027.014 - Polymorphic Code

MITREへのリンク →

Medusa Group

Score: 16.36

Matched TTPs:

T1552.003 - Shell History
T1583.006 - Web Services
T1209 - Time Providers
T1027.007 - Dynamic API Resolution
T1216 - System Script Proxy Execution
T1094 - Custom Command and Control Protocol

MITREへのリンク →

Play

Score: 4.04

Matched TTPs:

T1552.003 - Shell History
T1583.006 - Web Services

MITREへのリンク →

Windshift

Score: 5.81

Matched TTPs:

T1583.006 - Web Services
T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

Volt Typhoon

Score: 8.80

Matched TTPs:

T1583.006 - Web Services
T1209 - Time Providers
T1578.001 - Create Snapshot
T1569.002 - Service Execution

MITREへのリンク →

Tropic Trooper

Score: 3.28

Matched TTPs:

T1583.006 - Web Services
T1209 - Time Providers

MITREへのリンク →

Deep Panda

Score: 4.26

Matched TTPs:

T1583.006 - Web Services
T1027.014 - Polymorphic Code

MITREへのリンク →

HAFNIUM

Score: 5.65

Matched TTPs:

T1583.006 - Web Services
T1055.008 - Ptrace System Calls

MITREへのリンク →

Darkhotel

Score: 5.87

Matched TTPs:

T1583.006 - Web Services
T1059.012 - Hypervisor CLI
T1578.001 - Create Snapshot

MITREへのリンク →

Andariel

Score: 3.28

Matched TTPs:

T1583.006 - Web Services
T1059.012 - Hypervisor CLI

MITREへのリンク →

Molerats

Score: 4.67

Matched TTPs:

T1583.006 - Web Services
T1546.017 - Udev Rules

MITREへのリンク →

ToddyCat

Score: 4.04

Matched TTPs:

T1583.006 - Web Services
T1547.008 - LSASS Driver

MITREへのリンク →

Turla

Score: 8.80

Matched TTPs:

T1583.006 - Web Services
T1059.012 - Hypervisor CLI
T1578.001 - Create Snapshot
T1569.002 - Service Execution

MITREへのリンク →

APT37

Score: 6.90

Matched TTPs:

T1583.006 - Web Services
T1059.012 - Hypervisor CLI
T1216 - System Script Proxy Execution

MITREへのリンク →

Higaisa

Score: 10.19

Matched TTPs:

T1583.006 - Web Services
T1578.001 - Create Snapshot
T1569.002 - Service Execution
T1546.017 - Udev Rules

MITREへのリンク →

Ke3chang

Score: 3.92

Matched TTPs:

T1583.006 - Web Services
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Inception

Score: 4.26

Matched TTPs:

T1583.006 - Web Services
T1027.014 - Polymorphic Code

MITREへのリンク →

Cobalt Group

Score: 7.44

Matched TTPs:

T1027.014 - Polymorphic Code
T1573 - Encrypted Channel
T1209 - Time Providers

MITREへのリンク →

Blue Mockingbird

Score: 9.68

Matched TTPs:

T1027.014 - Polymorphic Code
T1027.007 - Dynamic API Resolution
T1001.001 - Junk Data

MITREへのリンク →

Leviathan

Score: 7.66

Matched TTPs:

T1027.014 - Polymorphic Code
T1059.012 - Hypervisor CLI
T1546.017 - Udev Rules

MITREへのリンク →

APT19

Score: 4.51

Matched TTPs:

T1027.014 - Polymorphic Code
T1059.012 - Hypervisor CLI

MITREへのリンク →

Storm-1811

Score: 6.37

Matched TTPs:

T1599 - Network Boundary Bridging
T1547.008 - LSASS Driver

MITREへのリンク →

APT41

Score: 7.09

Matched TTPs:

T1573 - Encrypted Channel
T1209 - Time Providers
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Daggerfly

Score: 4.69

Matched TTPs:

T1573 - Encrypted Channel
T1059.012 - Hypervisor CLI

MITREへのリンク →

Dark Caracal

Score: 4.29

Matched TTPs:

T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

BRONZE BUTLER

Score: 4.36

Matched TTPs:

T1059.012 - Hypervisor CLI
T1578.001 - Create Snapshot

MITREへのリンク →

Leafminer

Score: 3.53

Matched TTPs:

T1059.012 - Hypervisor CLI
T1209 - Time Providers

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 7.06

Matched TTPs:

T1130 - Install Root Certificate
T1569.002 - Service Execution

MITREへのリンク →

FIN6

Score: 6.69

Matched TTPs:

T1209 - Time Providers
T1027.007 - Dynamic API Resolution
T1547.008 - LSASS Driver

MITREへのリンク →

Lotus Blossom

Score: 4.69

Matched TTPs:

T1209 - Time Providers
T1569.002 - Service Execution

MITREへのリンク →

Velvet Ant

Score: 9.46

Matched TTPs:

T1027.007 - Dynamic API Resolution
T1569.002 - Service Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

Mofang

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.83

Matched TTPs:

T1569.002 - Service Execution
T1547.008 - LSASS Driver
T1216 - System Script Proxy Execution
T1209 - Time Providers
T1059.012 - Hypervisor CLI
T1578.001 - Create Snapshot
T1583.006 - Web Services
T1055.005 - Thread Local Storage
T1567.004 - Exfiltration Over Webhook

MITREへのリンク →

APT28

Score: 0.71

Matched TTPs:

T1055.008 - Ptrace System Calls
T1566.003 - Spearphishing via Service
T1197 - BITS Jobs
T1566.002 - Spearphishing Link
T1583.006 - Web Services
T1567.004 - Exfiltration Over Webhook
T1059.012 - Hypervisor CLI

MITREへのリンク →

Kimsuky

Score: 0.65

Matched TTPs:

T1027.014 - Polymorphic Code
T1552.003 - Shell History
T1197 - BITS Jobs
T1091 - Replication Through Removable Media
T1566.002 - Spearphishing Link
T1583.006 - Web Services
T1567.004 - Exfiltration Over Webhook

MITREへのリンク →

FIN7

Score: 0.63

Matched TTPs:

T1573 - Encrypted Channel
T1027.007 - Dynamic API Resolution
T1011.001 - Exfiltration Over Bluetooth
T1091 - Replication Through Removable Media
T1578.001 - Create Snapshot
T1583.006 - Web Services

MITREへのリンク →

Moonstone Sleet

Score: 0.61

Matched TTPs:

T1547.008 - LSASS Driver
T1573 - Encrypted Channel
T1027.007 - Dynamic API Resolution
T1197 - BITS Jobs
T1091 - Replication Through Removable Media
T1566.002 - Spearphishing Link

MITREへのリンク →

Medusa Group

Score: 0.60

Matched TTPs:

T1216 - System Script Proxy Execution
T1209 - Time Providers
T1094 - Custom Command and Control Protocol
T1027.007 - Dynamic API Resolution
T1552.003 - Shell History
T1583.006 - Web Services

MITREへのリンク →

APT32

Score: 0.58

Matched TTPs:

T1209 - Time Providers
T1027.014 - Polymorphic Code
T1027.007 - Dynamic API Resolution
T1091 - Replication Through Removable Media
T1566.002 - Spearphishing Link
T1567.004 - Exfiltration Over Webhook
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT39

Score: 0.57

Matched TTPs:

T1599 - Network Boundary Bridging
T1569.002 - Service Execution
T1209 - Time Providers
T1027.007 - Dynamic API Resolution
T1499.002 - Service Exhaustion Flood

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る