UNC5174 Group’s Discord Bot Backdoor Malware
Recently, AhnLab SEcurity intelligence Center (ASEC) has identified an attack leveraging a backdoor malware that uses the Discord API to establish a Command and Control (C2) infrastructure, linked to the UNC5174 threat group [1]). UNC5174 employs an operational strategy designed to maintain long-term control after initial compromise by sequentially deploying
DDoS IRC Bot Malware (GoLang) Being Distributed via Webhards
While monitoring the distribution source of malware in Korea, the ASEC analysis team has discovered that DDoS IRC Bot strains disguised as adult games are being installed via webhards. Webhards are platforms commonly used for the distribution of malware in Korea, where njRAT and UDP Rat were distributed in the
