악성코드로 둔갑한 Putty

2023-11-10 • Hauri • Putty disguised as malware •

https://hauri.co.kr/security/security_view.html?intSeq=55&page=1&keyfield=&key=

#PuTTY

Attachments

2023-11-10_상세_분석_보고서악성코드로_둔갑한_Putty.pdf (825 KB)

The source says Lazarus modified open source tools including PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and muPDF or Subliminal Recording to deliver malware to engineers. Operators posed as recruiters on LinkedIn and targeted engineers at specific companies, using trojanized utilities that stayed quiet until the victim opened a specific PDF or connected to a particular server with the modified PuTTY. The event driven execution is presented as a sandbox evasion technique because the malware does not act maliciously on simple launch.

Related Reports

2024-04-23 • 45% Match

GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining

Avast

#Kimsuky #PuTTY #GuptiMiner #eScan

Shares tag: PuTTY

2025-02-16 • 40% Match

Analysis of attack activities of Moonstone sleet a division of APT-C-26 (Lazarus) group

Blue Eye

#PuTTY #MoonstoneSleet

Shares tag: PuTTY

2024-05-28 • 40% Match

Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks

Microsoft

#PuTTY #NPM #ITWorker #MoonstoneSleet #FakePenny #Storm-1789 #Storm-1877 #DeTankWar #DeFiTankLand

Shares tag: PuTTY

2022-11-03 • 40% Match

Not a dream job: Hunting for malicious job offers from an APT

Virustotal

#DreamJob #UNC4034 #PuTTY

Shares tag: PuTTY

2022-09-14 • 40% Match

It's Time to PuTTY! DPRK Job Opportunity Phishing via WhatsApp

Mandiant

#UNC4034 #PuTTY #T1059.003 #T1071.001 #T1566.003 #T1566.001 #T1053.005 #T1132.001 #T1620 #T1573.001 #T1218 #T1573.002 #T1071.002 #T1574.001 #T1055.001

Shares tag: PuTTY

« Back