Cyber&Ramen

Tag: NorthKorea

  • Overview of AppleSeed Dropper

    Overview of AppleSeed Dropper

    02 June 2022 Summary The Kimsuky APT Group has routinely utilized the AppleSeed Backdoor to target various entities within South Korea, mainly for the purposes of espionage. While phishing still remains the primary vector of delivering the backdoor, over the past year, Kimsuky has gone to great lengths to disguise its attacks, utilizing numerous types…

  • Info-Stealing Tool Posing As Naver OTP

    Info-Stealing Tool Posing As Naver OTP

    Summary SHA256: 3275f42c85c9e2fcb80d1f8c1c6227c2bcde9c0e719905ddbd2ca7373c6a8ec6 Filename: UpHelpers.exe Size: 3.41MB Extension: EXE Compilation Timestamp: 2022-01-05 23:41:20 Sandbox analysis: https://tria.ge/220118-emrgjsgfb7 UpHelpers.exe is an information-stealing/reconnaissance tool disguised as a Naver One Time Password, (OTP) generator app. Naver is a South Korean web portal that first debuted in 1999 and offers a number of services. The tool collects drive and directory…