Andariel 그룹의 새로운 공격 활동 분석

2023-08-22 Ahnlab Analysis of new attack activity by Andariel group

https://asec.ahnlab.com/ko/56256/

Thumbnail for Andariel 그룹의 새로운 공격 활동 분석

AhnLab ASEC analyzes recent attack activity attributed to Andariel, a Lazarus-linked group focused on South Korean defense, political, shipbuilding, energy, telecom, education, transport, and ICT targets. The report ties 2023 cases to abuse of vulnerable or misused Innorix Agent installations and to malware families including NukeSped/Volgmer-like variants, Andardoor, 1th Troy Reverse Shell, TigerRat, Black RAT, Goat RAT, AndarLoader, and DurianBeacon. Several tools are Go-based, while DurianBeacon also has a Rust version, showing continued diversification of Andariel backdoor development. The excerpt highlights C2/authentication behavior, registry/config handling, self-deletion scripts, reverse and bind shell variants, and overlap with earlier Lazarus/Hidden Cobra malware traits.

Indicators of Compromise

Type Value First Seen Last Seen
HASH 426bb55531e8e3055c942a1a035e46b9 2023-08-22 2024-07-25
HASH 6ab4eb4c23c9e419fbba85884ea141f4 2023-08-22 2024-07-25
HASH deae4be61c90ad6d499f5bdac5dad242 2023-08-22 2024-07-25
HASH 79e474e056b4798e0a3e7c60dd67fd28 2023-08-22 2024-07-25
HASH bbaee4fe73ccff1097d635422fdc0483 2023-08-22 2024-07-25
HASH 5291aed100cc48415636c4875592f70c 2023-08-22 2024-07-25
HASH 95c276215dcc1bd7606c0cb2be06bf70 2023-08-22 2024-07-25
HASH eb35b75369805e7a6371577b1d2c4531 2023-08-22 2024-07-25
HASH f4795f7aec4389c8323f7f40b50ae46f 2023-08-22 2024-07-25
HASH cfae52529468034dbbb40c9a985fa504 2023-08-22 2024-07-25
HASH bda0686d02a8b7685adf937cbcd35f46 2023-08-22 2024-07-25
HASH 5a3f3f75048b9cec177838fb8b40b945 2023-08-22 2024-07-25
HASH 6de6c27ca8f4e00f0b3e8ff5185a59d1 2023-08-22 2024-07-25
HASH c61a8c4f6f6870c7ca0013e084b893d2 2023-08-22 2024-07-25
HASH 9d7bd0caed10cc002670faff7ca130f5 2023-08-22 2024-07-25
HASH 8434cdd34425916be234b19f933ad7ea 2023-08-22 2024-07-25
DOMAIN privatemake.bounceme.net 2023-08-22 2024-07-25
HASH c892c60817e6399f939987bd2bf5dee0 2023-02-15 2024-07-25
HASH 1ffccc23fef2964e9b1747098c19d956 2023-02-15 2024-07-25
HASH 0211a3160cc5871cbcd4e5514449162b 2023-02-15 2024-07-25
HASH ac0ada011f1544aa3a1cf27a26f2e288 2023-02-15 2024-07-25
HASH 88a7c84ac7f7ed310b5ee791ec8bd6c5 2023-02-15 2024-07-25
HASH 9112efb49cae021abebd3e9a564e6ca4 2023-02-15 2024-07-25
HASH bcac28919fa33704a01d7a9e5e3ddf3f 2023-02-15 2024-07-25
HASH 0a09b7f2317b3d5f057180be6b6d0755 2023-02-15 2024-07-25
HASH e5410abaaac69c88db84ab3d0e9485ac 2023-02-15 2024-07-25
IPv4 4.246.149.227 2023-08-22 2024-05-30
HASH 01ccce480c60fcdb67b54f4509ffdb56 2023-08-22 2023-11-20
HASH dd7b696b96434d2bf07b34f9c125d51d 2023-08-22 2023-11-20
URL http://www.ipservice.kro.kr/cre… 2023-08-22 2023-08-31
URL http://www.ipservice.kro.kr/dat… 2023-08-22 2023-08-31
DOMAIN bbs.topigsnorsvin.com 2023-08-22 2023-08-31
DOMAIN chinesekungfu.org 2023-08-22 2023-08-31
IPv4 27.102.107.230 2023-08-22 2023-08-31
IPv4 8.213.128.76 2023-08-22 2023-08-31
IPv4 13.76.133.68 2023-08-22 2023-08-31
IPv4 27.102.107.233 2023-08-22 2023-08-31
IPv4 217.195.153.233 2023-08-22 2023-08-31
IPv4 27.102.129.196 2023-08-22 2023-08-31
IPv4 27.102.107.235 2023-08-22 2023-08-31
IPv4 46.183.223.21 2023-08-22 2023-08-31
IPv4 109.248.150.179 2023-02-15 2023-08-31
IPv4 27.102.113.88 2023-02-15 2023-08-31
IPv4 139.177.190.243 2023-02-15 2023-08-31
IPv4 4.246.144.112 2023-02-15 2023-08-31
IPv4 27.102.107.224 2023-02-15 2023-08-31
IPv4 27.102.107.234 2023-02-15 2023-08-31
HASH f5bfcee8b7af24ee5c6b6fbab730ce34 2023-08-22 2023-08-22
DOMAIN collectiveen.org 2023-08-22 2023-08-22
IPv4 3.35.140.121 2023-08-22 2023-08-22

Related Actors

First seen: Jul 2017
Last seen: May 2026

Related Reports

« Back