Trusted Design

KRBanker Targets South Korea Through Adware and Exploit Kits

概要

Online banking services have been a prime target of cyber criminals for many years and attacks continue to grow. Targeting online banking users and stealing their credentials has yielded huge profits for the criminals behind these campaigns. Unit 42 has been tracking “KRBanker” AKA ‘Blackmoon’, since late last year. This campaign specifically targets banks of the Republic of Korea. On April 23, researchers at Fortinet published a blog describing the functionalities of the recent ‘Blackmoon’ campaign. Our objective in this blog is to share additional details on the distribution of the KRBanker or Blackmoon malware campaign and indicators of KRBanker samples. Source : http://researchcenter.paloaltonetworks.com/2016/05/unit42-krbanker-targets-south-korea-through-adware-and-exploit-kits-2/ + https://github.com/pan-unit42/iocs/blob/master/krbanker/hashes.txt

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

FortiGuard Lion: A Peek into BlackMoon’s Sustained Attacks against South Korea (score: 0.73)
South Korean Users Affected by BlackMoon Campaign (score: 0.70)
Updated Blackmoon banking Trojan (score: 0.69)
BlackEnergy by the SSHBearDoor (score: 0.67)
"KUHOOK" POINT OF SALE MALWARE (score: 0.65)

このPulseに関連する脅威アクター (事実ベース)

LAPSUS$

Score: 11.82

Matched TTPs:

T1597.002 - Purchase Technical Data
T1591.002 - Business Relationships
T1589.001 - Credentials

MITREへのリンク →

Ember Bear

Score: 17.82

Matched TTPs:

T1491.002 - External Defacement
T1195 - Supply Chain Compromise
T1190 - Exploit Public-Facing Application
T1203 - Exploitation for Client Execution
T1550.002 - Pass the Hash
T1588.005 - Exploits

MITREへのリンク →

Sandworm Team

Score: 28.91

Matched TTPs:

T1491.002 - External Defacement
T1587.001 - Malware
T1608.001 - Upload Malware
T1195 - Supply Chain Compromise
T1190 - Exploit Public-Facing Application
T1591.002 - Business Relationships
T1593 - Search Open Websites/Domains
T1592.002 - Software
T1195.002 - Compromise Software Supply Chain
T1203 - Exploitation for Client Execution

MITREへのリンク →

Mustard Tempest

Score: 11.05

Matched TTPs:

T1583.008 - Malvertising
T1608.001 - Upload Malware
T1608.006 - SEO Poisoning

MITREへのリンク →

Kimsuky

Score: 41.01

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1593.002 - Search Engines
T1657 - Financial Theft
T1583.006 - Web Services
T1591 - Gather Victim Org Information
T1593 - Search Open Websites/Domains
T1593.001 - Social Media
T1550.002 - Pass the Hash
T1588.003 - Code Signing Certificates
T1588.005 - Exploits
T1102.001 - Dead Drop Resolver
T1078.003 - Local Accounts

MITREへのリンク →

FIN13

Score: 11.50

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1657 - Financial Theft
T1550.002 - Pass the Hash
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Moonstone Sleet

Score: 12.81

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1591 - Gather Victim Org Information
T1195.002 - Compromise Software Supply Chain
T1566.003 - Spearphishing via Service

MITREへのリンク →

Lazarus Group

Score: 22.75

Matched TTPs:

T1587.001 - Malware
T1583.006 - Web Services
T1591 - Gather Victim Org Information
T1574.013 - KernelCallbackTable
T1203 - Exploitation for Client Execution
T1027.007 - Dynamic API Resolution
T1564.001 - Hidden Files and Directories
T1566.003 - Spearphishing via Service

MITREへのリンク →

Contagious Interview

Score: 22.39

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1681 - Search Threat Vendor Data
T1657 - Financial Theft
T1583.006 - Web Services
T1593 - Search Open Websites/Domains
T1593.001 - Social Media
T1566.003 - Spearphishing via Service

MITREへのリンク →

OilRig

Score: 21.45

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1195 - Supply Chain Compromise
T1203 - Exploitation for Client Execution
T1573.002 - Asymmetric Cryptography
T1555.004 - Windows Credential Manager
T1588.003 - Code Signing Certificates
T1566.003 - Spearphishing via Service

MITREへのリンク →

UNC3886

Score: 9.19

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1681 - Search Threat Vendor Data
T1203 - Exploitation for Client Execution

MITREへのリンク →

LuminousMoth

Score: 6.73

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Salt Typhoon

Score: 3.57

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application

MITREへのリンク →

APT29

Score: 16.80

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1583.006 - Web Services
T1203 - Exploitation for Client Execution
T1090.004 - Domain Fronting
T1566.003 - Spearphishing via Service
T1078.003 - Local Accounts

MITREへのリンク →

Play

Score: 8.75

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1657 - Financial Theft
T1078.003 - Local Accounts

MITREへのリンク →

Aoqin Dragon

Score: 3.59

Matched TTPs:

T1587.001 - Malware
T1203 - Exploitation for Client Execution

MITREへのリンク →

RedCurl

Score: 7.51

Matched TTPs:

T1587.001 - Malware
T1573.002 - Asymmetric Cryptography
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Moses Staff

Score: 3.57

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application

MITREへのリンク →

Turla

Score: 14.02

Matched TTPs:

T1587.001 - Malware
T1583.006 - Web Services
T1584.006 - Web Services
T1555.004 - Windows Credential Manager
T1078.003 - Local Accounts

MITREへのリンク →

Ke3chang

Score: 3.57

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application

MITREへのリンク →

Mustang Panda

Score: 20.81

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1583.006 - Web Services
T1593 - Search Open Websites/Domains
T1203 - Exploitation for Client Execution
T1588.003 - Code Signing Certificates
T1027.007 - Dynamic API Resolution
T1564.001 - Hidden Files and Directories

MITREへのリンク →

TeamTNT

Score: 4.07

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware

MITREへのリンク →

FIN7

Score: 23.63

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1674 - Input Injection
T1583.006 - Web Services
T1591 - Gather Victim Org Information
T1195.002 - Compromise Software Supply Chain
T1564.001 - Hidden Files and Directories
T1078.003 - Local Accounts

MITREへのリンク →

TA2541

Score: 6.73

Matched TTPs:

T1608.001 - Upload Malware
T1583.006 - Web Services
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Earth Lusca

Score: 9.08

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1583.006 - Web Services
T1584.006 - Web Services

MITREへのリンク →

LazyScripter

Score: 3.99

Matched TTPs:

T1608.001 - Upload Malware
T1583.006 - Web Services

MITREへのリンク →

Gamaredon Group

Score: 3.99

Matched TTPs:

T1608.001 - Upload Malware
T1583.006 - Web Services

MITREへのリンク →

Star Blizzard

Score: 5.26

Matched TTPs:

T1608.001 - Upload Malware
T1593 - Search Open Websites/Domains

MITREへのリンク →

Threat Group-3390

Score: 11.02

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1195.002 - Compromise Software Supply Chain
T1203 - Exploitation for Client Execution
T1588.003 - Code Signing Certificates

MITREへのリンク →

BlackByte

Score: 3.44

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application

MITREへのリンク →

BITTER

Score: 3.47

Matched TTPs:

T1608.001 - Upload Malware
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT32

Score: 13.56

Matched TTPs:

T1608.001 - Upload Malware
T1583.006 - Web Services
T1203 - Exploitation for Client Execution
T1550.002 - Pass the Hash
T1564.001 - Hidden Files and Directories
T1078.003 - Local Accounts

MITREへのリンク →

Saint Bear

Score: 5.48

Matched TTPs:

T1608.001 - Upload Malware
T1583.006 - Web Services
T1203 - Exploitation for Client Execution

MITREへのリンク →

EXOTIC LILY

Score: 14.37

Matched TTPs:

T1608.001 - Upload Malware
T1597 - Search Closed Sources
T1593.001 - Social Media
T1203 - Exploitation for Client Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT42

Score: 4.72

Matched TTPs:

T1608.001 - Upload Malware
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Rocke

Score: 7.42

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1564.001 - Hidden Files and Directories
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Volt Typhoon

Score: 8.04

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1591 - Gather Victim Org Information
T1593 - Search Open Websites/Domains

MITREへのリンク →

APT28

Score: 34.86

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1583.006 - Web Services
T1591 - Gather Victim Org Information
T1546.015 - Component Object Model Hijacking
T1589.001 - Credentials
T1203 - Exploitation for Client Execution
T1498 - Network Denial of Service
T1550.002 - Pass the Hash
T1564.001 - Hidden Files and Directories
T1550.001 - Application Access Token
T1669 - Wi-Fi Networks

MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.40

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1195.002 - Compromise Software Supply Chain

MITREへのリンク →

BlackTech

Score: 6.12

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1203 - Exploitation for Client Execution
T1588.003 - Code Signing Certificates

MITREへのリンク →

Magic Hound

Score: 16.91

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1583.006 - Web Services
T1592.002 - Software
T1589.001 - Credentials
T1036.010 - Masquerade Account Name
T1566.003 - Spearphishing via Service

MITREへのリンク →

Medusa Group

Score: 13.29

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1657 - Financial Theft
T1583.006 - Web Services
T1573.002 - Asymmetric Cryptography
T1650 - Acquire Access

MITREへのリンク →

Sea Turtle

Score: 5.63

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1203 - Exploitation for Client Execution
T1078.003 - Local Accounts

MITREへのリンク →

Storm-0501

Score: 8.13

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1657 - Financial Theft
T1556.009 - Conditional Access Policies

MITREへのリンク →

Cinnamon Tempest

Score: 3.99

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1657 - Financial Theft

MITREへのリンク →

ToddyCat

Score: 3.99

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1566.003 - Spearphishing via Service

MITREへのリンク →

GALLIUM

Score: 4.22

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1550.002 - Pass the Hash

MITREへのリンク →

Winter Vivern

Score: 5.09

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1584.006 - Web Services

MITREへのリンク →

Leviathan

Score: 6.40

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1589.001 - Credentials
T1203 - Exploitation for Client Execution

MITREへのリンク →

INC Ransom

Score: 3.99

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1657 - Financial Theft

MITREへのリンク →

Dragonfly

Score: 13.36

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1591.002 - Business Relationships
T1195.002 - Compromise Software Supply Chain
T1203 - Exploitation for Client Execution
T1036.010 - Masquerade Account Name

MITREへのリンク →

APT41

Score: 11.92

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1195.002 - Compromise Software Supply Chain
T1203 - Exploitation for Client Execution
T1550.002 - Pass the Hash
T1102.001 - Dead Drop Resolver

MITREへのリンク →

HAFNIUM

Score: 12.95

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1583.006 - Web Services
T1564.001 - Hidden Files and Directories
T1550.001 - Application Access Token
T1078.003 - Local Accounts

MITREへのリンク →

MuddyWater

Score: 4.98

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1583.006 - Web Services
T1203 - Exploitation for Client Execution

MITREへのリンク →

MoustachedBouncer

Score: 4.54

Matched TTPs:

T1659 - Content Injection

MITREへのリンク →

Scattered Spider

Score: 6.66

Matched TTPs:

T1657 - Financial Theft
T1556.009 - Conditional Access Policies

MITREへのリンク →

Confucius

Score: 3.51

Matched TTPs:

T1583.006 - Web Services
T1203 - Exploitation for Client Execution

MITREへのリンク →

CURIUM

Score: 6.14

Matched TTPs:

T1584.006 - Web Services
T1566.003 - Spearphishing via Service

MITREへのリンク →

Andariel

Score: 5.34

Matched TTPs:

T1592.002 - Software
T1203 - Exploitation for Client Execution

MITREへのリンク →

Chimera

Score: 6.19

Matched TTPs:

T1589.001 - Credentials
T1550.002 - Pass the Hash

MITREへのリンク →

Cobalt Group

Score: 7.17

Matched TTPs:

T1195.002 - Compromise Software Supply Chain
T1203 - Exploitation for Client Execution
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Patchwork

Score: 4.78

Matched TTPs:

T1203 - Exploitation for Client Execution
T1102.001 - Dead Drop Resolver

MITREへのリンク →

APT3

Score: 5.12

Matched TTPs:

T1203 - Exploitation for Client Execution
T1036.010 - Masquerade Account Name

MITREへのリンク →

BRONZE BUTLER

Score: 4.78

Matched TTPs:

T1203 - Exploitation for Client Execution
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Transparent Tribe

Score: 4.16

Matched TTPs:

T1203 - Exploitation for Client Execution
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Tropic Trooper

Score: 9.57

Matched TTPs:

T1203 - Exploitation for Client Execution
T1573.002 - Asymmetric Cryptography
T1564.001 - Hidden Files and Directories
T1078.003 - Local Accounts

MITREへのリンク →

Storm-1811

Score: 10.68

Matched TTPs:

T1667 - Email Bombing
T1036.010 - Masquerade Account Name
T1566.003 - Spearphishing via Service

MITREへのリンク →

Velvet Ant

Score: 5.41

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1078.003 - Local Accounts

MITREへのリンク →

FIN6

Score: 5.27

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1566.003 - Spearphishing via Service

MITREへのリンク →

FIN8

Score: 5.90

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1588.003 - Code Signing Certificates

MITREへのリンク →

Stealth Falcon

Score: 3.62

Matched TTPs:

T1555.004 - Windows Credential Manager

MITREへのリンク →

Wizard Spider

Score: 9.52

Matched TTPs:

T1555.004 - Windows Credential Manager
T1550.002 - Pass the Hash
T1588.003 - Code Signing Certificates

MITREへのリンク →

RTM

Score: 3.29

Matched TTPs:

T1102.001 - Dead Drop Resolver

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.87

Matched TTPs:

T1588.003 - Code Signing Certificates
T1102.001 - Dead Drop Resolver
T1078.003 - Local Accounts
T1190 - Exploit Public-Facing Application
T1593.001 - Social Media
T1550.002 - Pass the Hash
T1593.002 - Search Engines
T1591 - Gather Victim Org Information
T1608.001 - Upload Malware
T1583.006 - Web Services
T1593 - Search Open Websites/Domains
T1588.005 - Exploits
T1657 - Financial Theft
T1587.001 - Malware

MITREへのリンク →

APT28

Score: 0.75

Matched TTPs:

T1498 - Network Denial of Service
T1203 - Exploitation for Client Execution
T1190 - Exploit Public-Facing Application
T1546.015 - Component Object Model Hijacking
T1550.002 - Pass the Hash
T1669 - Wi-Fi Networks
T1591 - Gather Victim Org Information
T1583.006 - Web Services
T1564.001 - Hidden Files and Directories
T1550.001 - Application Access Token
T1589.001 - Credentials

MITREへのリンク →

Sandworm Team

Score: 0.63

Matched TTPs:

T1203 - Exploitation for Client Execution
T1190 - Exploit Public-Facing Application
T1593 - Search Open Websites/Domains
T1608.001 - Upload Malware
T1592.002 - Software
T1195 - Supply Chain Compromise
T1591.002 - Business Relationships
T1195.002 - Compromise Software Supply Chain
T1491.002 - External Defacement
T1587.001 - Malware

MITREへのリンク →

FIN7

Score: 0.58

Matched TTPs:

T1078.003 - Local Accounts
T1190 - Exploit Public-Facing Application
T1674 - Input Injection
T1591 - Gather Victim Org Information
T1608.001 - Upload Malware
T1583.006 - Web Services
T1564.001 - Hidden Files and Directories
T1195.002 - Compromise Software Supply Chain
T1587.001 - Malware

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る