Circumstances of an Attack Exploiting an Asset Management Program (Andariel Group)
2023-11-20 • Ahnlab •
There have also been circumstances of the Andariel group having exploited other vulnerabilities in the attack process to distribute malware. The Andariel group is one of the threat groups that are highly active in South Korea, alongside the Kimsuky and Lazarus groups. Recently, the Andariel group has been exploiting vulnerabilities in many programs such as Log4Shell and Innorix Agent to attack targets in various corporate sectors in South Korea. Malware Used in Attacks Backdoors installed through the attacks above include TigerRat, a major malware strain used by the Andariel group, as well as Black RAT and variants of NukeSped.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | 0414a2ab718d44bf6f7103cff287b312 | 2023-11-10 | 2024-07-25 |
| HASH | fe25c192875ec1914b8880ea3896cda2 | 2023-11-10 | 2024-07-25 |
| HASH | 33a3da2de78418b89a603e28a1e8852c | 2023-11-10 | 2024-07-25 |
| HASH | 73eb2f4f101aab6158c615094f7a632a | 2023-11-10 | 2024-07-25 |
| HASH | ad6d4eb34d29e350f96dc8df6d8a092e | 2023-11-10 | 2024-07-25 |
| HASH | 49bb2ad67a8c5dfbfe8db2169e6fa46e | 2023-11-10 | 2024-07-25 |
| HASH | 232586f8cfe82b80fd0dfa6ed8795c56 | 2023-11-10 | 2024-07-25 |
| HASH | 4053ca3e37ed1f8d37b29eed61c2e729 | 2023-11-10 | 2024-07-25 |
| HASH | 3a0c8ae783116c1840740417c4fbe678 | 2023-11-10 | 2024-07-25 |
| HASH | ca564428a29faf1a613f35d9fa36313f | 2023-11-10 | 2024-07-25 |
| HASH | 4896da30a745079cd6265b6332886d45 | 2023-11-10 | 2024-07-25 |
| HASH | dc70dc9845aa747001ebf2a02467c203 | 2023-11-10 | 2024-07-25 |
| HASH | beb199b15bd075996fa8d6a0ed554ca8 | 2023-11-10 | 2024-07-25 |
| HASH | c2f8c9bb7df688d0a7030a96314bb493 | 2023-11-10 | 2024-07-25 |
| HASH | e1afd01400ef405e46091e8ef10c721c | 2023-11-10 | 2024-07-25 |
| HASH | 7f33d2d2a2ce9c195202acb59de31eee | 2023-11-10 | 2024-07-25 |
| HASH | 13b4ce1fc26d400d34ede460a8530d93 | 2023-11-10 | 2024-07-25 |
| HASH | 41895c5416fdc82f7e0babc6bb6c7216 | 2023-11-10 | 2024-07-25 |
| HASH | 3d2ec58f37c8176e0dbcc47ff93e5a76 | 2023-11-10 | 2024-07-25 |
| HASH | c1f266f7ec886278f030e7d7cd4e9131 | 2023-11-10 | 2024-07-25 |
| IPv4 | 109.248.150.147 | 2023-11-10 | 2024-07-25 |
| IPv4 | 27.102.128.152 | 2023-11-10 | 2023-11-27 |
| IPv4 | 84.38.132.67 | 2023-11-10 | 2023-11-20 |
| IPv4 | 27.102.118.204 | 2023-11-10 | 2023-11-20 |
| IPv4 | 27.102.115.207 | 2023-11-10 | 2023-11-20 |
| IPv4 | 185.29.8.108 | 2023-11-10 | 2023-11-20 |
| HASH | 01ccce480c60fcdb67b54f4509ffdb56 | 2023-08-22 | 2023-11-20 |
| HASH | dd7b696b96434d2bf07b34f9c125d51d | 2023-08-22 | 2023-11-20 |
Related Actors
Related Reports
Shares tags: Andariel, NukeSped, TigerRAT • Shares 28 IOCs • Same author: Ahnlab • Published within a month
2023-11-27 •
68% Match
Circumstances of the Andariel Group Exploiting an Apache ActiveMQ Vulnerability (CVE-2023-46604)
Ahnlab
Shares tags: Andariel, NukeSped • Shares 2 IOCs • Same author: Ahnlab • Published within a week
Shares tags: Andariel, NukeSped • Shares 2 IOCs • Same author: Ahnlab • Published within a week
Shares tag: Andariel • Same author: Ahnlab • Published within a month
Shares tag: Andariel • Same author: Ahnlab • Published within a week
Shares tag: Andariel • Same author: Ahnlab • Published within a month