NATION-STATE MONEYMULE'S HUNTING SEASON – APT ATTACKS TARGETING FINANCIAL INSTITUTION
Contents
NATION-STATE M ONEYM ULE'S HUNTING SEASON
APT ATTACKS TARGETING FINANCIAL INSTITUTIONS
Chi-en (Ashley) Shen & Kyoung-ju Kwak & Min-Chang Jang
CHI-EN
Shen
(Ashley)
Independent Researcher
• From Taiwan!
• Co-founder of HITCON GIRLS
• Focusing on APT research, malware analysis
and threat intelligence
• Frequent speaker at infosec conference
[email protected]
@ashley_shen_920
MIN-CHANG
JANG
(MC)
KOREA FINANCIAL SECURITY INSTITUTE
& KOREA UNIVERSITY
• Assistant Manager of Threat Analysis Team
• Co-author of Threat Intelligence Report “Campaign Rifle :
Andariel, The Maiden of Anguish”
• Graduate student pursuing a major in cyber warfare at
SANE (Security Analysis aNd Evaluation) Lab. (Supervisor:
Prof. Seungjoo Kim), Korea University.
• Served Korean Navy CERT for over 2 years
[email protected]
@051R15
KYOUNG-JU
KWAK
Korea Financial Institute
• Manager of Threat Analysis Team
• Author of Threat Intelligence Report “Campaign
Rifle : Andariel, The Maiden of Anguish”
• Member of National Police Agency Cybercrime
Advisory Committee
• Speaker of {PACSEC, HITCON, HACKCON, ISCR,
Kaspersky Cyber Security Weekend, etc}
[email protected]
@kjkwak12
• BACKGROUND
• THE MALWARES AND ATTACK CASES FROM LAZARUS,
BLUENOROFF AND ANDARIEL
• ANOTHER ATTACK TARGETING FINANCIAL INSTITUTES
FROM UNKNOWN GROUP
• TTP & KEY FINDING
• CONCLUSION …
APT ATTACKS TARGETING FINANCIAL INSTITUTIONS
Chi-en (Ashley) Shen & Kyoung-ju Kwak & Min-Chang Jang
CHI-EN
Shen
(Ashley)
Independent Researcher
• From Taiwan!
• Co-founder of HITCON GIRLS
• Focusing on APT research, malware analysis
and threat intelligence
• Frequent speaker at infosec conference
[email protected]
@ashley_shen_920
MIN-CHANG
JANG
(MC)
KOREA FINANCIAL SECURITY INSTITUTE
& KOREA UNIVERSITY
• Assistant Manager of Threat Analysis Team
• Co-author of Threat Intelligence Report “Campaign Rifle :
Andariel, The Maiden of Anguish”
• Graduate student pursuing a major in cyber warfare at
SANE (Security Analysis aNd Evaluation) Lab. (Supervisor:
Prof. Seungjoo Kim), Korea University.
• Served Korean Navy CERT for over 2 years
[email protected]
@051R15
KYOUNG-JU
KWAK
Korea Financial Institute
• Manager of Threat Analysis Team
• Author of Threat Intelligence Report “Campaign
Rifle : Andariel, The Maiden of Anguish”
• Member of National Police Agency Cybercrime
Advisory Committee
• Speaker of {PACSEC, HITCON, HACKCON, ISCR,
Kaspersky Cyber Security Weekend, etc}
[email protected]
@kjkwak12
• BACKGROUND
• THE MALWARES AND ATTACK CASES FROM LAZARUS,
BLUENOROFF AND ANDARIEL
• ANOTHER ATTACK TARGETING FINANCIAL INSTITUTES
FROM UNKNOWN GROUP
• TTP & KEY FINDING
• CONCLUSION …
IoC
115.92.103.37
22a279c5685d7c3e24c04580204a8a932b2909a77a549bdd7bcf7ead285efde9
49.239.189.45
http://115.92.103.37
http://49.239.189.45
http://foodforu.heliohost.org/blog/apache.ipp
http://foodforu.heliohost.org/blog/apache.jpg
http://foodforu.heliohost.org/blog/apache_backup.jpg
http://old.jrchina.com/btob_asiana/appach01.jpg
http://old.jrchina.com/btob_asiana/appach02.jpg
http://old.jrchina.com/btob_asiana/udel_ok.ipp
22a279c5685d7c3e24c04580204a8a932b2909a77a549bdd7bcf7ead285efde9
49.239.189.45
http://115.92.103.37
http://49.239.189.45
http://foodforu.heliohost.org/blog/apache.ipp
http://foodforu.heliohost.org/blog/apache.jpg
http://foodforu.heliohost.org/blog/apache_backup.jpg
http://old.jrchina.com/btob_asiana/appach01.jpg
http://old.jrchina.com/btob_asiana/appach02.jpg
http://old.jrchina.com/btob_asiana/udel_ok.ipp