Trusted Design

South Korean Users Affected by BlackMoon Campaign

概要

BlackMoon Trojan is a banking trojan that is designed to phish user credentials from various South Korean banking institutions. It was discovered in early 2014 and was named after a debug string, “BlackMoon”, that was present in its code. While the BlackMoon malware code has been constantly updated by its perpetrators, the extent of the campaign's infection is previously unknown. This post intends to share the findings of the FortiGuard Lion Team on BlackMoon’s prevalence and its latest code updates.

Created: 2026-02-23

Indicators

類似Pulses

FortiGuard Lion: A Peek into BlackMoon’s Sustained Attacks against South Korea (score: 0.84)
Updated Blackmoon banking Trojan (score: 0.81)
KRBanker Targets South Korea Through Adware and Exploit Kits (score: 0.70)
Banking Trojan Attempts To Steal Brazillion$ (score: 0.65)
BlackEnergy by the SSHBearDoor (score: 0.64)

このPulseに関連する脅威アクター (事実ベース)

APT41

Score: 5.38

Matched TTPs:

T1069 - Permission Groups Discovery
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Scattered Spider

Score: 3.29

Matched TTPs:

T1069 - Permission Groups Discovery

MITREへのリンク →

TA505

Score: 3.29

Matched TTPs:

T1069 - Permission Groups Discovery

MITREへのリンク →

Volt Typhoon

Score: 3.29

Matched TTPs:

T1069 - Permission Groups Discovery

MITREへのリンク →

APT3

Score: 3.29

Matched TTPs:

T1069 - Permission Groups Discovery

MITREへのリンク →

FIN13

Score: 8.05

Matched TTPs:

T1069 - Permission Groups Discovery
T1036.004 - Masquerade Task or Service
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Kimsuky

Score: 4.76

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1078.003 - Local Accounts

MITREへのリンク →

FIN7

Score: 7.43

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1564.001 - Hidden Files and Directories
T1078.003 - Local Accounts

MITREへのリンク →

APT32

Score: 7.43

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1564.001 - Hidden Files and Directories
T1078.003 - Local Accounts

MITREへのリンク →

Wizard Spider

Score: 5.72

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1555.004 - Windows Credential Manager

MITREへのリンク →

FIN6

Score: 4.84

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

PROMETHIUM

Score: 4.76

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1078.003 - Local Accounts

MITREへのリンク →

Lazarus Group

Score: 8.89

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1027.007 - Dynamic API Resolution
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Velvet Ant

Score: 5.41

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1078.003 - Local Accounts

MITREへのリンク →

Tropic Trooper

Score: 8.08

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1564.001 - Hidden Files and Directories
T1078.003 - Local Accounts

MITREへのリンク →

RedCurl

Score: 5.41

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1564.001 - Hidden Files and Directories

MITREへのリンク →

OilRig

Score: 6.37

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1555.004 - Windows Credential Manager

MITREへのリンク →

Stealth Falcon

Score: 3.62

Matched TTPs:

T1555.004 - Windows Credential Manager

MITREへのリンク →

Turla

Score: 6.29

Matched TTPs:

T1555.004 - Windows Credential Manager
T1078.003 - Local Accounts

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Mustang Panda

Score: 6.80

Matched TTPs:

T1027.007 - Dynamic API Resolution
T1564.001 - Hidden Files and Directories

MITREへのリンク →

APT28

Score: 11.34

Matched TTPs:

T1564.001 - Hidden Files and Directories
T1137.002 - Office Test
T1550.001 - Application Access Token

MITREへのリンク →

HAFNIUM

Score: 9.46

Matched TTPs:

T1564.001 - Hidden Files and Directories
T1550.001 - Application Access Token
T1078.003 - Local Accounts

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.82

Matched TTPs:

T1550.001 - Application Access Token
T1137.002 - Office Test
T1564.001 - Hidden Files and Directories

MITREへのリンク →

HAFNIUM

Score: 0.69

Matched TTPs:

T1550.001 - Application Access Token
T1078.003 - Local Accounts
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Lazarus Group

Score: 0.68

Matched TTPs:

T1027.007 - Dynamic API Resolution
T1564.001 - Hidden Files and Directories
T1036.004 - Masquerade Task or Service

MITREへのリンク →

FIN13

Score: 0.65

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1564.001 - Hidden Files and Directories
T1069 - Permission Groups Discovery

MITREへのリンク →

FIN7

Score: 0.61

Matched TTPs:

T1078.003 - Local Accounts
T1564.001 - Hidden Files and Directories
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Tropic Trooper

Score: 0.60

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1078.003 - Local Accounts
T1564.001 - Hidden Files and Directories

MITREへのリンク →

APT32

Score: 0.56

Matched TTPs:

T1078.003 - Local Accounts
T1564.001 - Hidden Files and Directories
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る