Trusted Design

South Korean Users Affected by BlackMoon Campaign

概要

BlackMoon Trojan is a banking trojan that is designed to phish user credentials from various South Korean banking institutions. It was discovered in early 2014 and was named after a debug string, “BlackMoon”, that was present in its code. While the BlackMoon malware code has been constantly updated by its perpetrators, the extent of the campaign's infection is previously unknown. This post intends to share the findings of the FortiGuard Lion Team on BlackMoon’s prevalence and its latest code updates.

Created: 2026-02-23

Indicators

類似Pulses

FortiGuard Lion: A Peek into BlackMoon’s Sustained Attacks against South Korea (score: 0.84)
Updated Blackmoon banking Trojan (score: 0.81)
KRBanker Targets South Korea Through Adware and Exploit Kits (score: 0.70)
Banking Trojan Attempts To Steal Brazillion$ (score: 0.65)
BlackEnergy by the SSHBearDoor (score: 0.64)

このPulseに関連する脅威アクター (事実ベース)

APT41

Score: 5.38

Matched TTPs:

T1560.003 - Archive via Custom Method
T1588.001 - Malware

MITREへのリンク →

Scattered Spider

Score: 3.29

Matched TTPs:

T1560.003 - Archive via Custom Method

MITREへのリンク →

TA505

Score: 3.29

Matched TTPs:

T1560.003 - Archive via Custom Method

MITREへのリンク →

Volt Typhoon

Score: 3.29

Matched TTPs:

T1560.003 - Archive via Custom Method

MITREへのリンク →

APT3

Score: 3.29

Matched TTPs:

T1560.003 - Archive via Custom Method

MITREへのリンク →

FIN13

Score: 8.05

Matched TTPs:

T1560.003 - Archive via Custom Method
T1588.001 - Malware
T1105 - Ingress Tool Transfer

MITREへのリンク →

Kimsuky

Score: 4.76

Matched TTPs:

T1588.001 - Malware
T1490 - Inhibit System Recovery

MITREへのリンク →

FIN7

Score: 7.43

Matched TTPs:

T1588.001 - Malware
T1105 - Ingress Tool Transfer
T1490 - Inhibit System Recovery

MITREへのリンク →

APT32

Score: 7.43

Matched TTPs:

T1588.001 - Malware
T1105 - Ingress Tool Transfer
T1490 - Inhibit System Recovery

MITREへのリンク →

Wizard Spider

Score: 5.72

Matched TTPs:

T1588.001 - Malware
T1556.009 - Conditional Access Policies

MITREへのリンク →

FIN6

Score: 4.84

Matched TTPs:

T1588.001 - Malware
T1128 - Netsh Helper DLL

MITREへのリンク →

PROMETHIUM

Score: 4.76

Matched TTPs:

T1588.001 - Malware
T1490 - Inhibit System Recovery

MITREへのリンク →

Lazarus Group

Score: 8.89

Matched TTPs:

T1588.001 - Malware
T1055.005 - Thread Local Storage
T1105 - Ingress Tool Transfer

MITREへのリンク →

Velvet Ant

Score: 5.41

Matched TTPs:

T1128 - Netsh Helper DLL
T1490 - Inhibit System Recovery

MITREへのリンク →

Tropic Trooper

Score: 8.08

Matched TTPs:

T1128 - Netsh Helper DLL
T1105 - Ingress Tool Transfer
T1490 - Inhibit System Recovery

MITREへのリンク →

RedCurl

Score: 5.41

Matched TTPs:

T1128 - Netsh Helper DLL
T1105 - Ingress Tool Transfer

MITREへのリンク →

OilRig

Score: 6.37

Matched TTPs:

T1128 - Netsh Helper DLL
T1556.009 - Conditional Access Policies

MITREへのリンク →

Stealth Falcon

Score: 3.62

Matched TTPs:

T1556.009 - Conditional Access Policies

MITREへのリンク →

Turla

Score: 6.29

Matched TTPs:

T1556.009 - Conditional Access Policies
T1490 - Inhibit System Recovery

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Mustang Panda

Score: 6.80

Matched TTPs:

T1055.005 - Thread Local Storage
T1105 - Ingress Tool Transfer

MITREへのリンク →

APT28

Score: 11.34

Matched TTPs:

T1105 - Ingress Tool Transfer
T1588.003 - Code Signing Certificates
T1055.008 - Ptrace System Calls

MITREへのリンク →

HAFNIUM

Score: 9.46

Matched TTPs:

T1105 - Ingress Tool Transfer
T1055.008 - Ptrace System Calls
T1490 - Inhibit System Recovery

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.82

Matched TTPs:

T1588.003 - Code Signing Certificates
T1055.008 - Ptrace System Calls
T1105 - Ingress Tool Transfer

MITREへのリンク →

HAFNIUM

Score: 0.69

Matched TTPs:

T1055.008 - Ptrace System Calls
T1490 - Inhibit System Recovery
T1105 - Ingress Tool Transfer

MITREへのリンク →

Lazarus Group

Score: 0.68

Matched TTPs:

T1055.005 - Thread Local Storage
T1588.001 - Malware
T1105 - Ingress Tool Transfer

MITREへのリンク →

FIN13

Score: 0.65

Matched TTPs:

T1105 - Ingress Tool Transfer
T1588.001 - Malware
T1560.003 - Archive via Custom Method

MITREへのリンク →

FIN7

Score: 0.61

Matched TTPs:

T1588.001 - Malware
T1490 - Inhibit System Recovery
T1105 - Ingress Tool Transfer

MITREへのリンク →

Tropic Trooper

Score: 0.60

Matched TTPs:

T1128 - Netsh Helper DLL
T1490 - Inhibit System Recovery
T1105 - Ingress Tool Transfer

MITREへのリンク →

APT32

Score: 0.56

Matched TTPs:

T1588.001 - Malware
T1490 - Inhibit System Recovery
T1105 - Ingress Tool Transfer

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る