Dora RAT을 이용한 국내 기업 대상 APT 공격 사례 분석 (Andariel 그룹)

2024-05-16 Ahnlab Analysis of APT attacks against domestic companies using Dora RAT by the Andariel group

https://asec.ahnlab.com/ko/65495/

Thumbnail for Dora RAT을 이용한 국내 기업 대상 APT 공격 사례 분석 (Andariel 그룹)

AhnLab ASEC reports Andariel APT activity against South Korean companies and institutions in manufacturing, construction, and education. The attackers used backdoors, keyloggers, infostealers, proxy tools, and malware families including Nestdoor and Dora RAT, with one observed path involving compromise of an Apache Tomcat web server to deploy malicious tooling and enable data theft.

Indicators of Compromise

Type Value First Seen Last Seen
HASH 7416ea48102e2715c87edd49ddbd1526 2024-05-16 2024-07-25
HASH a2aefb7ab6c644aa8eeb482e27b2dbc4 2024-05-16 2024-07-25
HASH 33b2b5b7c830c34c688cf6ced287e5be 2024-05-16 2024-07-25
HASH e7fd7f48fbf5635a04e302af50dfb651 2024-05-16 2024-07-25
HASH 951e9fcd048b919516693b25c13a9ef2 2024-05-16 2024-05-30
HASH d92a317ef4d60dc491082a2fe6eb7a70 2024-05-16 2024-05-30
HASH 094f9a757c6dbd6030bc6dae3f8feab3 2024-05-16 2024-05-30
HASH 5df3c3e1f423f1cce5bf75f067d1d05c 2024-05-16 2024-05-30
HASH 468c369893d6fc6614d24ea89e149e80 2024-05-16 2024-05-30
HASH 4bc571925a80d4ae4aab1e8900bf753c 2024-05-16 2024-05-30
HASH afc5a07d6e438880cea63920277ed270 2024-05-16 2024-05-30
HASH fee610058c417b6c4b3054935b7e2730 2024-05-16 2024-05-30
HASH 5e00df548f2dcf7a808f1337f443f3d9 2024-05-16 2024-05-30
DOMAIN kmobile.bestunif.com 2024-05-16 2024-05-30
IPv4 209.127.19.223 2024-05-16 2024-05-30
IPv4 45.58.159.237 2024-05-16 2024-05-30
IPv4 206.72.205.117 2024-05-16 2024-05-30
IPv4 4.246.149.227 2023-08-22 2024-05-30

Related Actors

First seen: Jul 2017
Last seen: May 2026

Related Reports

« Back