216.73.217.176

Case of Malware Distribution Linking to Illegal Gambling Website Targeting Korean Web Server

· Published 08/05/2024 11:05 · Modified 08/05/2024 17:23

Export JSON

Essential information

Published
08/05/2024 11:05
Modified
08/05/2024 17:23
Tags
2024-05-03 2024-05-04 2024-05-05 2024-05-06 2024-05-07 2024-05-08 gamblingredirect iismodulemalware korea meterpreter webserver
Related entities
8 observables, 9 techniques (mitre), 1 malware

Description

This report examines a malware strain distributed to web servers in South that redirects users to an illegal gambling site. The threat actor installed a backdoor, a port forwarding tool, and an IIS module malware on a compromised web server. The IIS module inspects HTTP headers and modifies responses to expose ads for the illegal gambling site on portal websites. The actor also used ProcDump to steal credentials, likely for lateral movement.

External references