Circumstances of an Attack Exploiting an Asset Management Program (Andariel Group) [Wednesday, November 22, 2023]

Circumstances of an Attack Exploiting an Asset Management Program (Andariel Group) [Wednesday, November 22, 2023]
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/ATTACK-REPORT-LOGO-2.png
Report

Circumstances of an Attack Exploiting an Asset Management Program (Andariel Group)

Description :
The Andariel group has been distributing malware via an attack using an asset management program, according to an analysis by AhnLab's ASEC team.

Published :
2023-11-22T15:59:06.876Z

Created :
2023-11-22T15:59:06.876Z

Modified :
2023-11-22T16:28:44.356Z

Tags

  • apt
  • blackrat
  • nukesped
  • andariel
  • log4shell
  • tigerrat
  • lilith rat

Indicators

IPv4s :
  • 27.102.118.204
  • 185.29.8.108
  • 27.102.128.152
  • 109.248.150.147
  • 84.38.132.67
  • 27.102.115.207
URLs :
  • http://109.248.150.147:8585/load.html
  • http://185.29.8.108:8585/view.php
  • http://185.29.8.108:8585/load.html
  • http://27.102.128.152:8098/load.png
  • http://84.38.132.67:9479/fav.ico
  • http://109.248.150.147:8585/view.php
  • http://109.248.150.147:8585/load.png
  • http://84.38.132.67:9479/netpass.png
  • http://27.102.118.204:6099/fav.ico
Domains :
  • song.th
  • primez.online
Hashes :
  • 3bb8445c95142da1bda0e3440b53cc70e05a3fe996a77e6dcfb2919fd8878ca9
  • 4a87fc2f9da25152bf26fff375dd9a18e81eeb78c2b5c5babcc04dc93371d0aa
  • 048698159bbb051af779d22eb5b1282ce895e8311d641d50cc23cbfd36cc020a
  • 9033a46f756fa5225ed30692317d92b31fa5b23fa4587caa87172031efa25e12
  • 9f90670d2197496f7d9d20152fe822238d9806716baf55c0078eef937dc8dfdb
  • 18679f10e50678804a44f8cddbc0ed937b3ed234e95fe28357f2703a259c47d4
Attacks Pattern :
  • T1589
  • T1136
  • T1056
  • T1036
  • T1053
  • T1566
  • T1068
  • T1105
  • T1059
  • T1087
  • T1203
External References :

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.