Trusted Design

TDrop2 Attacks Suggest Dark Seoul Attackers Return

概要

In March 2013, the country of South Korea experienced a major cyberattack, affecting tens of thousands of computer systems in the financial and broadcasting industries. This attack was dubbed ‘Dark Seoul’; it involved wreaking havoc on affected systems by wiping their hard drives, in addition to seeking military intelligence. The attack was initially thought to be attributed to North Korea, by way of a Chinese IP found during the attack, but no other strong evidence of North Korea’s involvement has been produced since then. In June 2013, McAfee published a report detailing the chronology and variance of the Dark Seoul campaign, but renamed it ‘Operation Troy’. The report analyzed the entirety of the purported attack campaign, beginning in 2009 using a family of tools dubbed ‘Troy’.

Created: 2026-02-23

Indicators

類似Pulses

FortiGuard Lion: A Peek into BlackMoon’s Sustained Attacks against South Korea (score: 0.60)
South Korea NIS’s use of Hacking Team’s RCS (score: 0.59)
Chinese Actors attacks on US Government and EU Media (score: 0.59)
Operation Armageddon (score: 0.59)
Targeted Attack Distributes PlugX in Russia (score: 0.58)

このPulseに関連する脅威アクター (事実ベース)

Tonto Team

Score: 3.17

Matched TTPs:

T1007 - System Service Discovery
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT39

Score: 3.17

Matched TTPs:

T1007 - System Service Discovery
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT32

Score: 11.13

Matched TTPs:

T1007 - System Service Discovery
T1592.004 - Client Configurations
T1588.001 - Malware
T1608.005 - Link Target
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT41

Score: 5.27

Matched TTPs:

T1007 - System Service Discovery
T1588.001 - Malware
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Medusa Group

Score: 15.46

Matched TTPs:

T1007 - System Service Discovery
T1218.003 - CMSTP
T1552.003 - Shell History
T1608.005 - Link Target
T1547.013 - XDG Autostart Entries
T1216 - System Script Proxy Execution

MITREへのリンク →

Chimera

Score: 3.17

Matched TTPs:

T1007 - System Service Discovery
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT38

Score: 6.80

Matched TTPs:

T1007 - System Service Discovery
T1547.013 - XDG Autostart Entries
T1216 - System Script Proxy Execution

MITREへのリンク →

BlackByte

Score: 6.33

Matched TTPs:

T1007 - System Service Discovery
T1001 - Data Obfuscation
T1547.013 - XDG Autostart Entries

MITREへのリンク →

FIN13

Score: 7.79

Matched TTPs:

T1007 - System Service Discovery
T1588.001 - Malware
T1552.003 - Shell History
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Tropic Trooper

Score: 3.17

Matched TTPs:

T1007 - System Service Discovery
T1547.013 - XDG Autostart Entries

MITREへのリンク →

INC Ransom

Score: 5.70

Matched TTPs:

T1007 - System Service Discovery
T1552.003 - Shell History
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Dragonfly

Score: 3.17

Matched TTPs:

T1007 - System Service Discovery
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Wizard Spider

Score: 5.27

Matched TTPs:

T1007 - System Service Discovery
T1588.001 - Malware
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Threat Group-3390

Score: 8.06

Matched TTPs:

T1218.003 - CMSTP
T1001 - Data Obfuscation
T1547.013 - XDG Autostart Entries

MITREへのリンク →

UNC3886

Score: 6.23

Matched TTPs:

T1021.006 - Windows Remote Management
T1588.001 - Malware

MITREへのリンク →

Contagious Interview

Score: 8.67

Matched TTPs:

T1021.006 - Windows Remote Management
T1552.003 - Shell History
T1608.005 - Link Target

MITREへのリンク →

APT29

Score: 6.63

Matched TTPs:

T1592.004 - Client Configurations
T1608.005 - Link Target
T1547.013 - XDG Autostart Entries

MITREへのリンク →

BRONZE BUTLER

Score: 4.62

Matched TTPs:

T1592.004 - Client Configurations
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Kimsuky

Score: 10.56

Matched TTPs:

T1588.001 - Malware
T1552.003 - Shell History
T1608.005 - Link Target
T1001 - Data Obfuscation
T1547.013 - XDG Autostart Entries

MITREへのリンク →

FIN7

Score: 4.88

Matched TTPs:

T1588.001 - Malware
T1608.005 - Link Target
T1547.013 - XDG Autostart Entries

MITREへのリンク →

ZIRCONIUM

Score: 4.88

Matched TTPs:

T1588.001 - Malware
T1608.005 - Link Target
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Magic Hound

Score: 4.88

Matched TTPs:

T1588.001 - Malware
T1608.005 - Link Target
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Lazarus Group

Score: 12.64

Matched TTPs:

T1588.001 - Malware
T1608.005 - Link Target
T1547.013 - XDG Autostart Entries
T1055.005 - Thread Local Storage
T1216 - System Script Proxy Execution

MITREへのリンク →

Storm-0501

Score: 4.62

Matched TTPs:

T1588.001 - Malware
T1552.003 - Shell History

MITREへのリンク →

Cinnamon Tempest

Score: 3.30

Matched TTPs:

T1552.003 - Shell History
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Scattered Spider

Score: 3.30

Matched TTPs:

T1552.003 - Shell History
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Play

Score: 3.30

Matched TTPs:

T1552.003 - Shell History
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Mustang Panda

Score: 6.92

Matched TTPs:

T1608.005 - Link Target
T1547.013 - XDG Autostart Entries
T1055.005 - Thread Local Storage

MITREへのリンク →

APT28

Score: 7.33

Matched TTPs:

T1608.005 - Link Target
T1146 - Clear Command History
T1547.013 - XDG Autostart Entries

MITREへのリンク →

TA2541

Score: 5.94

Matched TTPs:

T1608.005 - Link Target
T1001 - Data Obfuscation
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Gorgon Group

Score: 3.93

Matched TTPs:

T1001 - Data Obfuscation
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Patchwork

Score: 3.93

Matched TTPs:

T1001 - Data Obfuscation
T1547.013 - XDG Autostart Entries

MITREへのリンク →

menuPass

Score: 3.93

Matched TTPs:

T1001 - Data Obfuscation
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT37

Score: 4.40

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1216 - System Script Proxy Execution

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Medusa Group

Score: 0.80

Matched TTPs:

T1552.003 - Shell History
T1216 - System Script Proxy Execution
T1608.005 - Link Target
T1218.003 - CMSTP
T1547.013 - XDG Autostart Entries
T1007 - System Service Discovery

MITREへのリンク →

Lazarus Group

Score: 0.76

Matched TTPs:

T1216 - System Script Proxy Execution
T1588.001 - Malware
T1608.005 - Link Target
T1547.013 - XDG Autostart Entries
T1055.005 - Thread Local Storage

MITREへのリンク →

Kimsuky

Score: 0.65

Matched TTPs:

T1552.003 - Shell History
T1588.001 - Malware
T1608.005 - Link Target
T1547.013 - XDG Autostart Entries
T1001 - Data Obfuscation

MITREへのリンク →

APT32

Score: 0.64

Matched TTPs:

T1592.004 - Client Configurations
T1588.001 - Malware
T1608.005 - Link Target
T1547.013 - XDG Autostart Entries
T1007 - System Service Discovery

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る