국내 기업 대상 공격에 사용 중인 SmallTiger 악성코드 (Kimsuky, Andariel 그룹)

2024-05-27 • Ahnlab • SmallTiger malware used in attacks against domestic companies by Kimsuky and Andariel-linked activity •

https://asec.ahnlab.com/ko/65918/

#Andariel #Kimsuky #DurianBeacon #SmallTiger

Thumbnail for 국내 기업 대상 공격에 사용 중인 SmallTiger 악성코드 (Kimsuky, Andariel 그룹)

AhnLab ASEC reports attacks on South Korean defense, automotive-parts, and semiconductor organizations using the SmallTiger malware family. The activity shows overlap with Kimsuky tradecraft but also includes enterprise software-update abuse and DurianBeacon, a backdoor previously associated with Andariel, making the campaign important for tracking North Korean intrusion clusters and lateral-movement tooling.

Indicators of Compromise

Type	Value	First Seen	Last Seen
HASH	2766fcf5fa81a2877864a07ef306cde4	2024-05-27	2025-04-01
HASH	49070c554161628b85157423611fb764	2024-05-27	2024-06-11
HASH	ee1db63be5d5ee0938d98e6a3d8094db	2024-05-27	2024-06-11
HASH	9e1203bbd0b90461022b66d9e9197cc9	2024-05-27	2024-06-11
HASH	57445041f7a1e57da92e858fc3efeabe	2024-05-27	2024-06-11
HASH	2ab94919a1201f5fb4d2173405f3cfac	2024-05-27	2024-06-11
HASH	2a66a7ada05eb52f1776838b3dce5d06	2024-05-27	2024-06-11
HASH	e930b05efe23891d19bc354a4209be3e	2024-05-27	2024-06-11
HASH	9c184826f3204461ae0a08dbc825473b	2024-05-27	2024-06-11
HASH	2a60348bd0fb2b5fadeb2a691c921370	2024-05-27	2024-06-11
HASH	188f289206c3a945d670f29400d9f77f	2024-05-27	2024-06-11
HASH	0be7d0975d3d81403d16ba4c4c9c7bf8	2024-05-27	2024-06-11
HASH	383e179513166b4869992072829f0ffb	2024-05-27	2024-06-11
HASH	461024c289d60c40093b82eed59afff9	2024-05-27	2024-06-11
HASH	7327039d79843587b76af435e7ac27cd	2024-05-27	2024-06-11
HASH	2b8fabd12a20fd4a6b5b426dca916f68	2024-05-27	2024-06-11
HASH	5e287812438655b76132a904e340c023	2024-05-27	2024-06-11
HASH	5e7acd7bf25dd7ef69bd76cbf7e96819	2024-05-27	2024-06-11
HASH	c08e276205ed88e7fecf8c0914453702	2024-05-27	2024-06-11
HASH	48d53985cefb9029feb349bcd514c444	2024-05-27	2024-06-11
HASH	f873e1ffac39818f4dd86b17843f9351	2024-05-27	2024-06-11
HASH	0859f9666e0428447451c036a38057f6	2024-05-27	2024-06-11
HASH	1210ff921922f2e27db4feae9fe63394	2024-05-27	2024-06-11
HASH	afe4a8291fb1d6a050a657b1d6d0f650	2024-05-27	2024-06-11
HASH	751229f1aed80d2a5097010118d11152	2024-05-27	2024-06-11
HASH	9283c404ec0e6f6e13780722f17e8acb	2024-05-27	2024-06-11
HASH	ffb29b1cd4e0ffa1f96df9514711fefc	2024-05-27	2024-06-11
HASH	fc8eb59d39dc5a3ee7cf231c76f2e606	2024-05-27	2024-06-11
HASH	88f7dd7c62cd5d24c2b837e006c01919	2024-05-27	2024-06-11
URL	http://www.navver.o-r.kr/	2024-05-27	2024-06-11
URL	http://www.navver.o-r.kr/nav.ht…	2024-05-27	2024-06-11
URL	http://w3.navver.o-r.kr/bbs.html	2024-05-27	2024-06-11
URL	http://kevinblog.ddns.net/	2024-05-27	2024-06-11
URL	http://www.kepir.p-e.kr/	2024-05-27	2024-06-11
URL	http://www.yah00.o-r.kr/	2024-05-27	2024-06-11
URL	http://w3.navver.o-r.kr/	2024-05-27	2024-06-11
URL	http://my.shoping.kro.kr/settin…	2024-05-27	2024-06-11
URL	http://my.shoping.kro.kr/m.dat	2024-05-27	2024-06-11
URL	http://my.shoping.kro.kr/ng.db	2024-05-27	2024-06-11
DOMAIN	kevinblog.ddns.net	2024-05-27	2024-06-11
DOMAIN	my.shoping.kro.kr	2024-05-27	2024-06-11
DOMAIN	w3.navver.o-r.kr	2024-05-27	2024-06-11
IPv4	91.228.218.7	2024-05-27	2024-06-11
IPv4	104.36.229.179	2024-05-27	2024-06-11
HASH	e582bd909800e87952eb1f206a279e47	2023-12-22	2024-06-11
HASH	232046aff635f1a5d81e415ef64649b7	2023-12-22	2024-06-11
IPv4	104.168.145.83	2023-12-22	2024-06-11
IPv4	38.110.1.69	2023-12-22	2024-06-11
HASH	d6a38ffdbac241d69674fb142a420740	2023-06-28	2024-06-11