Springtail APT group abuses valid certificate of known Korean public entity
Contents
Springtail APT group abuses valid certificate of known Korean public entity
March 21, 2024
Copy Link
The Springtail (also known as Kimsuky) APT group has been observed distributing dropper malware disguised as an application from a known Korean public entity. Once compromised, the dropper installs an Endoor backdoor malware. This threat enables attackers to collect sensitive information from the victim or install additional malware.
Symantec protects you from this threat, identified by the following:
Adaptive-based
ACM.Untrst-RunSys!g1
ACM.Ps-Schtsk!g1
Behavior-based
SONAR.SuspLaunch!g266
SONAR.SuspLaunch!g13
File-based
Trojan.Gen.MBT
WS.Malware.1
Machine Learning-based
Heur.AdvML.A!300
Heur.AdvML.B
Heur.AdvML.B!100
Heur.AdvML.B!200
Heur.AdvML.C
Web-based
Observed domains/IPs are covered under security categories in all WebPulse enabled products
March 21, 2024
Copy Link
The Springtail (also known as Kimsuky) APT group has been observed distributing dropper malware disguised as an application from a known Korean public entity. Once compromised, the dropper installs an Endoor backdoor malware. This threat enables attackers to collect sensitive information from the victim or install additional malware.
Symantec protects you from this threat, identified by the following:
Adaptive-based
ACM.Untrst-RunSys!g1
ACM.Ps-Schtsk!g1
Behavior-based
SONAR.SuspLaunch!g266
SONAR.SuspLaunch!g13
File-based
Trojan.Gen.MBT
WS.Malware.1
Machine Learning-based
Heur.AdvML.A!300
Heur.AdvML.B
Heur.AdvML.B!100
Heur.AdvML.B!200
Heur.AdvML.C
Web-based
Observed domains/IPs are covered under security categories in all WebPulse enabled products