Trusted Design

KRBanker Targets South Korea Through Adware and Exploit Kits

概要

Online banking services have been a prime target of cyber criminals for many years and attacks continue to grow. Targeting online banking users and stealing their credentials has yielded huge profits for the criminals behind these campaigns. Unit 42 has been tracking “KRBanker” AKA ‘Blackmoon’, since late last year. This campaign specifically targets banks of the Republic of Korea. On April 23, researchers at Fortinet published a blog describing the functionalities of the recent ‘Blackmoon’ campaign. Our objective in this blog is to share additional details on the distribution of the KRBanker or Blackmoon malware campaign and indicators of KRBanker samples. Source : http://researchcenter.paloaltonetworks.com/2016/05/unit42-krbanker-targets-south-korea-through-adware-and-exploit-kits-2/ + https://github.com/pan-unit42/iocs/blob/master/krbanker/hashes.txt

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

FortiGuard Lion: A Peek into BlackMoon’s Sustained Attacks against South Korea (score: 0.73)
South Korean Users Affected by BlackMoon Campaign (score: 0.70)
Updated Blackmoon banking Trojan (score: 0.69)
BlackEnergy by the SSHBearDoor (score: 0.67)
"KUHOOK" POINT OF SALE MALWARE (score: 0.65)

このPulseに関連する脅威アクター (事実ベース)

LAPSUS$

Score: 11.82

Matched TTPs:

T1216.001 - PubPrn
T1193 - Spearphishing Attachment
T1592.003 - Firmware

MITREへのリンク →

Ember Bear

Score: 17.82

Matched TTPs:

T1564.008 - Email Hiding Rules
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1668 - Exclusive Control
T1003.003 - NTDS

MITREへのリンク →

Sandworm Team

Score: 28.91

Matched TTPs:

T1564.008 - Email Hiding Rules
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1193 - Spearphishing Attachment
T1102.003 - One-Way Communication
T1187 - Forced Authentication
T1573 - Encrypted Channel
T1218.010 - Regsvr32

MITREへのリンク →

Mustard Tempest

Score: 11.05

Matched TTPs:

T1682 - Query Public AI Services
T1091 - Replication Through Removable Media
T1543.002 - Systemd Service

MITREへのリンク →

Kimsuky

Score: 41.01

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1683.001 - Written Content
T1552.003 - Shell History
T1608.005 - Link Target
T1057 - Process Discovery
T1102.003 - One-Way Communication
T1690 - Prevent Command History Logging
T1668 - Exclusive Control
T1526 - Cloud Service Discovery
T1003.003 - NTDS
T1008 - Fallback Channels
T1490 - Inhibit System Recovery

MITREへのリンク →

FIN13

Score: 11.50

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History
T1668 - Exclusive Control
T1105 - Ingress Tool Transfer

MITREへのリンク →

Moonstone Sleet

Score: 12.81

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1057 - Process Discovery
T1573 - Encrypted Channel
T1547.008 - LSASS Driver

MITREへのリンク →

Lazarus Group

Score: 22.75

Matched TTPs:

T1606.002 - SAML Tokens
T1608.005 - Link Target
T1057 - Process Discovery
T1069.001 - Local Groups
T1218.010 - Regsvr32
T1055.005 - Thread Local Storage
T1105 - Ingress Tool Transfer
T1547.008 - LSASS Driver

MITREへのリンク →

Contagious Interview

Score: 22.39

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1021.006 - Windows Remote Management
T1552.003 - Shell History
T1608.005 - Link Target
T1102.003 - One-Way Communication
T1690 - Prevent Command History Logging
T1547.008 - LSASS Driver

MITREへのリンク →

OilRig

Score: 21.45

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1218.010 - Regsvr32
T1128 - Netsh Helper DLL
T1556.009 - Conditional Access Policies
T1526 - Cloud Service Discovery
T1547.008 - LSASS Driver

MITREへのリンク →

UNC3886

Score: 9.19

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1021.006 - Windows Remote Management
T1218.010 - Regsvr32

MITREへのリンク →

LuminousMoth

Score: 6.73

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1105 - Ingress Tool Transfer

MITREへのリンク →

Salt Typhoon

Score: 3.57

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

APT29

Score: 16.80

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1608.005 - Link Target
T1218.010 - Regsvr32
T1218.009 - Regsvcs/Regasm
T1547.008 - LSASS Driver
T1490 - Inhibit System Recovery

MITREへのリンク →

Play

Score: 8.75

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History
T1490 - Inhibit System Recovery

MITREへのリンク →

Aoqin Dragon

Score: 3.59

Matched TTPs:

T1606.002 - SAML Tokens
T1218.010 - Regsvr32

MITREへのリンク →

RedCurl

Score: 7.51

Matched TTPs:

T1606.002 - SAML Tokens
T1128 - Netsh Helper DLL
T1105 - Ingress Tool Transfer

MITREへのリンク →

Moses Staff

Score: 3.57

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Turla

Score: 14.02

Matched TTPs:

T1606.002 - SAML Tokens
T1608.005 - Link Target
T1218.001 - Compiled HTML File
T1556.009 - Conditional Access Policies
T1490 - Inhibit System Recovery

MITREへのリンク →

Ke3chang

Score: 3.57

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Mustang Panda

Score: 20.81

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1102.003 - One-Way Communication
T1218.010 - Regsvr32
T1526 - Cloud Service Discovery
T1055.005 - Thread Local Storage
T1105 - Ingress Tool Transfer

MITREへのリンク →

TeamTNT

Score: 4.07

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media

MITREへのリンク →

FIN7

Score: 23.63

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1011.001 - Exfiltration Over Bluetooth
T1608.005 - Link Target
T1057 - Process Discovery
T1573 - Encrypted Channel
T1105 - Ingress Tool Transfer
T1490 - Inhibit System Recovery

MITREへのリンク →

TA2541

Score: 6.73

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1128 - Netsh Helper DLL

MITREへのリンク →

Earth Lusca

Score: 9.08

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1608.005 - Link Target
T1218.001 - Compiled HTML File

MITREへのリンク →

LazyScripter

Score: 3.99

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target

MITREへのリンク →

Gamaredon Group

Score: 3.99

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target

MITREへのリンク →

Star Blizzard

Score: 5.26

Matched TTPs:

T1091 - Replication Through Removable Media
T1102.003 - One-Way Communication

MITREへのリンク →

Threat Group-3390

Score: 11.02

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1573 - Encrypted Channel
T1218.010 - Regsvr32
T1526 - Cloud Service Discovery

MITREへのリンク →

BlackByte

Score: 3.44

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

BITTER

Score: 3.47

Matched TTPs:

T1091 - Replication Through Removable Media
T1218.010 - Regsvr32

MITREへのリンク →

APT32

Score: 13.56

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1218.010 - Regsvr32
T1668 - Exclusive Control
T1105 - Ingress Tool Transfer
T1490 - Inhibit System Recovery

MITREへのリンク →

Saint Bear

Score: 5.48

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1218.010 - Regsvr32

MITREへのリンク →

EXOTIC LILY

Score: 14.37

Matched TTPs:

T1091 - Replication Through Removable Media
T1149 - LC_MAIN Hijacking
T1690 - Prevent Command History Logging
T1218.010 - Regsvr32
T1547.008 - LSASS Driver

MITREへのリンク →

APT42

Score: 4.72

Matched TTPs:

T1091 - Replication Through Removable Media
T1128 - Netsh Helper DLL

MITREへのリンク →

Rocke

Score: 7.42

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1105 - Ingress Tool Transfer
T1008 - Fallback Channels

MITREへのリンク →

Volt Typhoon

Score: 8.04

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1057 - Process Discovery
T1102.003 - One-Way Communication

MITREへのリンク →

APT28

Score: 34.86

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1608.005 - Link Target
T1057 - Process Discovery
T1548.004 - Elevated Execution with Prompt
T1592.003 - Firmware
T1218.010 - Regsvr32
T1146 - Clear Command History
T1668 - Exclusive Control
T1105 - Ingress Tool Transfer
T1055.008 - Ptrace System Calls
T1546.007 - Netsh Helper DLL

MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.40

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1573 - Encrypted Channel

MITREへのリンク →

BlackTech

Score: 6.12

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1526 - Cloud Service Discovery

MITREへのリンク →

Magic Hound

Score: 16.91

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1608.005 - Link Target
T1187 - Forced Authentication
T1592.003 - Firmware
T1578.002 - Create Cloud Instance
T1547.008 - LSASS Driver

MITREへのリンク →

Medusa Group

Score: 13.29

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History
T1608.005 - Link Target
T1128 - Netsh Helper DLL
T1598 - Phishing for Information

MITREへのリンク →

Sea Turtle

Score: 5.63

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1490 - Inhibit System Recovery

MITREへのリンク →

Storm-0501

Score: 8.13

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History
T1090.004 - Domain Fronting

MITREへのリンク →

Cinnamon Tempest

Score: 3.99

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History

MITREへのリンク →

ToddyCat

Score: 3.99

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1547.008 - LSASS Driver

MITREへのリンク →

GALLIUM

Score: 4.22

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1668 - Exclusive Control

MITREへのリンク →

Winter Vivern

Score: 5.09

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.001 - Compiled HTML File

MITREへのリンク →

Leviathan

Score: 6.40

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1592.003 - Firmware
T1218.010 - Regsvr32

MITREへのリンク →

INC Ransom

Score: 3.99

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History

MITREへのリンク →

Dragonfly

Score: 13.36

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1193 - Spearphishing Attachment
T1573 - Encrypted Channel
T1218.010 - Regsvr32
T1578.002 - Create Cloud Instance

MITREへのリンク →

APT41

Score: 11.92

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1573 - Encrypted Channel
T1218.010 - Regsvr32
T1668 - Exclusive Control
T1008 - Fallback Channels

MITREへのリンク →

HAFNIUM

Score: 12.95

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1608.005 - Link Target
T1105 - Ingress Tool Transfer
T1055.008 - Ptrace System Calls
T1490 - Inhibit System Recovery

MITREへのリンク →

MuddyWater

Score: 4.98

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1608.005 - Link Target
T1218.010 - Regsvr32

MITREへのリンク →

MoustachedBouncer

Score: 4.54

Matched TTPs:

T1055.003 - Thread Execution Hijacking

MITREへのリンク →

Scattered Spider

Score: 6.66

Matched TTPs:

T1552.003 - Shell History
T1090.004 - Domain Fronting

MITREへのリンク →

Confucius

Score: 3.51

Matched TTPs:

T1608.005 - Link Target
T1218.010 - Regsvr32

MITREへのリンク →

CURIUM

Score: 6.14

Matched TTPs:

T1218.001 - Compiled HTML File
T1547.008 - LSASS Driver

MITREへのリンク →

Andariel

Score: 5.34

Matched TTPs:

T1187 - Forced Authentication
T1218.010 - Regsvr32

MITREへのリンク →

Chimera

Score: 6.19

Matched TTPs:

T1592.003 - Firmware
T1668 - Exclusive Control

MITREへのリンク →

Cobalt Group

Score: 7.17

Matched TTPs:

T1573 - Encrypted Channel
T1218.010 - Regsvr32
T1128 - Netsh Helper DLL

MITREへのリンク →

Patchwork

Score: 4.78

Matched TTPs:

T1218.010 - Regsvr32
T1008 - Fallback Channels

MITREへのリンク →

APT3

Score: 5.12

Matched TTPs:

T1218.010 - Regsvr32
T1578.002 - Create Cloud Instance

MITREへのリンク →

BRONZE BUTLER

Score: 4.78

Matched TTPs:

T1218.010 - Regsvr32
T1008 - Fallback Channels

MITREへのリンク →

Transparent Tribe

Score: 4.16

Matched TTPs:

T1218.010 - Regsvr32
T1105 - Ingress Tool Transfer

MITREへのリンク →

Tropic Trooper

Score: 9.57

Matched TTPs:

T1218.010 - Regsvr32
T1128 - Netsh Helper DLL
T1105 - Ingress Tool Transfer
T1490 - Inhibit System Recovery

MITREへのリンク →

Storm-1811

Score: 10.68

Matched TTPs:

T1567.003 - Exfiltration to Text Storage Sites
T1578.002 - Create Cloud Instance
T1547.008 - LSASS Driver

MITREへのリンク →

Velvet Ant

Score: 5.41

Matched TTPs:

T1128 - Netsh Helper DLL
T1490 - Inhibit System Recovery

MITREへのリンク →

FIN6

Score: 5.27

Matched TTPs:

T1128 - Netsh Helper DLL
T1547.008 - LSASS Driver

MITREへのリンク →

FIN8

Score: 5.90

Matched TTPs:

T1128 - Netsh Helper DLL
T1526 - Cloud Service Discovery

MITREへのリンク →

Stealth Falcon

Score: 3.62

Matched TTPs:

T1556.009 - Conditional Access Policies

MITREへのリンク →

Wizard Spider

Score: 9.52

Matched TTPs:

T1556.009 - Conditional Access Policies
T1668 - Exclusive Control
T1526 - Cloud Service Discovery

MITREへのリンク →

RTM

Score: 3.29

Matched TTPs:

T1008 - Fallback Channels

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.87

Matched TTPs:

T1003.003 - NTDS
T1140 - Deobfuscate/Decode Files or Information
T1608.005 - Link Target
T1008 - Fallback Channels
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1102.003 - One-Way Communication
T1690 - Prevent Command History Logging
T1490 - Inhibit System Recovery
T1668 - Exclusive Control
T1683.001 - Written Content
T1526 - Cloud Service Discovery
T1057 - Process Discovery
T1552.003 - Shell History

MITREへのリンク →

APT28

Score: 0.75

Matched TTPs:

T1218.010 - Regsvr32
T1140 - Deobfuscate/Decode Files or Information
T1608.005 - Link Target
T1548.004 - Elevated Execution with Prompt
T1146 - Clear Command History
T1592.003 - Firmware
T1546.007 - Netsh Helper DLL
T1668 - Exclusive Control
T1055.008 - Ptrace System Calls
T1057 - Process Discovery
T1105 - Ingress Tool Transfer

MITREへのリンク →

Sandworm Team

Score: 0.63

Matched TTPs:

T1193 - Spearphishing Attachment
T1573 - Encrypted Channel
T1564.008 - Email Hiding Rules
T1187 - Forced Authentication
T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1102.003 - One-Way Communication
T1005 - Data from Local System

MITREへのリンク →

FIN7

Score: 0.58

Matched TTPs:

T1573 - Encrypted Channel
T1140 - Deobfuscate/Decode Files or Information
T1608.005 - Link Target
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1490 - Inhibit System Recovery
T1011.001 - Exfiltration Over Bluetooth
T1057 - Process Discovery
T1105 - Ingress Tool Transfer

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る