Analysis of APT Attack Cases Using Dora RAT Against Companies
Essential information
- Published
- 30/05/2024 15:37
- Modified
- 30/05/2024 16:02
- Tags
- 2024-05-30 dora rat infostealer nestdoor
- Related entities
- 1 vulnerabilities (cve), 7 observables, 1 intrusion sets (apt), 9 techniques (mitre), 2 malware, 1 others
Description
This analysis discusses an APT campaign by the Andariel threat group targeting Korean companies and educational institutions. The campaign employed various malware strains, including Nestdoor backdoor, Dora RAT, keyloggers, infostealers, and proxy tools. The attackers exploited vulnerabilities, such as Apache Tomcat and VMware Horizon's Log4Shell, for initial access and malware distribution. The report provides technical details on the malware strains, Command and Control infrastructure, and tactics utilized by the threat actors.