Darkweb Malware Phishing/Scam Trend

Security Issues in Korean & Global Financial Sector – Malware, Phishing, Deep Web & Dark Web cases in April 2024

May 03 2024

Statistics on Malware Distributed to Financial Sectors

Statistics on Korean Accounts Exfiltrated Via Telegram by Industry

Phishing Email Distribution Cases Targeting the Financial Sector

Case 1. Targeting Yuanta Securities employees using the guise of product orders

Impersonation target

– Product order

How the phishing attack is triggered

– Prompting the download and execution of the attachment

Post-infection impact

– AgentTesla (Infostealer) is executed

– Download C2:
hxxps://mail-bigfile.hiworks[.]biz/service/download/e2772c16
cbf6c9e3574026f313c22c99781aca50b945a70db09d8fe6cf5e8171

– Malware MD5: 7da6b40ca39d05c023ce329240730e13

– Malware C2 (SMTP) info
server: auth.smtp.1and1[.]fr
password: auth.smtp.1and1[.]fr
sender: qualite@ennagram[.]eu
receiver: project@aramcosupplyoilcompany-uae[.]com

Figure 1. Phishing email

MD5

1c089552c29f12843d8cd8e2bbf5cf5b

3803e42f39f22349826b2917f5dc50ba

48b80f3c00734b3b78fc95345542f096

978ef7c5dc304283ab1889f37d11c048

97d7f752b8ab4556d3a183e7687f835c

Security Issues in Korean & Global Financial Sector – Malware, Phishing, Deep Web & Dark Web cases in April 2024

Statistics on Malware Distributed to Financial Sectors

Statistics on Korean Accounts Exfiltrated Via Telegram by Industry

Phishing Email Distribution Cases Targeting the Financial Sector

ViperSoftX Uses Deep Learning-based Tesseract to Exfiltrate Information

Threat Trend Report on Ransomware – Statistics and Major Issues in April 2024

Statistics on Malware Distributed to Financial Sectors

Statistics on Korean Accounts Exfiltrated Via Telegram by Industry

Phishing Email Distribution Cases Targeting the Financial Sector

Tags:

ViperSoftX Uses Deep Learning-based Tesseract to Exfiltrate Information

Threat Trend Report on Ransomware – Statistics and Major Issues in April 2024