KRBanker Targets South Korea Through Adware and Exploit Kits
Tags
country: South Korea
maec-delivery-vectors: Watering Hole
attack-pattern: Data Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Process Hollowing - T1055.012 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Process Hollowing - T1093
Show in Graph
Common Information
Type Value
UUID 9546ff1a-328e-459f-bb67-7760894ccd6f
Fingerprint c095d1db8c2062dd
Analysis status DONE
Considered CTI value 0
Text language
Published May 9, 2016, 1:30 p.m.
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 17, 2024, 11:40 p.m.
Headline KRBanker Targets South Korea Through Adware and Exploit Kits
Title KRBanker Targets South Korea Through Adware and Exploit Kits
Detected Hints/Tags/Attributes 58/3/15
Source URLs
Redirection Url
Details Source http://researchcenter.paloaltonetworks.com/2016/05/unit42-krbanker-targets-south-korea-through-adware-and-exploit-kits-2/
URL Provider
Details Provider Source level domain
Details paloaltonetworks.com researchcenter.paloaltonetworks.com
Attributes
Details Type #Events CTI Value
Details CVE 8 
cve-2014-0569
Details CVE 2 
cve-2015-3133
Details Domain 88 
malware-traffic-analysis.net
Details Domain 1 
www.newspot.kr
Details Domain 2 
users.qzone.qq.com
Details Domain 4128 
github.com
Details File 94 
config.php
Details File 11 
ca.php
Details File 20 
hashes.txt
Details Github username 13 
pan-unit42
Details IPv4 1 
23.107.204.38
Details IPv4 1441 
127.0.0.1
Details Url 37 
http://127.0.0.1
Details Url 1 
https://github.com/pan-unit42/iocs/blob/master/krbanker/hashes.txt
Details Windows Registry Key 14 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet