🇰🇷

Andariel Group

APT Group 8 zero-day CVEs ETDA ✓

Also Known As

No alias recorded

Target Countries 14

Countries highlighted in red

Brazil China Cyprus Egypt United Kingdom India Japan Republic of Korea Mexico Netherlands Russian Federation Province of China Taiwan United States Vietnam

Sectors Targeted

Telecommunications 517 Utilities 22 Commercial Banking 52211 Construction 23 Information 51 National Security and International Affairs 928 Hospitals 622 Professional, Scientific, and Technical Services 54 Computer Systems Design Services 541512 Outpatient Care Centers 6214 National Security and International Affairs 928110 Computer Systems Design and Related Services 54151 NAICS:31 31 Software Publishers 5112 Public Administration 92 Finance and Insurance 52 Health Care and Social Assistance 62 Commodity Contracts Intermediation 523160 Computer Systems Design and Related Services 5415 Educational Services 61 Educational Services 611 Business, Professional, Labor, Political, and Similar Organizations 8139 Space Research and Technology 927

Details

Origin 🇰🇷 KR
Last Updated 13 Apr 2026

Malware Families 88

wannacryptor
bistromath
nachocheese
brambul
tigerlite
lambload
wagenttea
hotwax
magic_rat
sierras
alphanc
wormhole
artfulpie
blindtoad
wininetloader
vyveva
simpletea
touchmove
cur1_downloader
electricfish
spectral_blur
fudmodule
jessiecontea
andardoor
unidentified_105
quiterat
cheesetray
win.scoutc2
yamabot
DARKCOMET
bookcodesrat
unidentified_101
tiger_rat
iconic_stealer
fuwuqidrama
win.shatteredglass
minitypeframe
httpsuploader
lpeclient
feed_load
3cx_backdoor
anchormtea
coredn
contopee
roll_sling
duuzer
ghost_secret
crat
joanap
redshawl
forest_tiger
buffetline
casso
redhat_hacker
phandoor
slickshoes
collection_rat
lazardoor
banpolmex
power_ratankba
pslogger
nestegg
manuscrypt
watchcat
lazarus_killdisk
lazarloader
snatchcrypto
lcpdot
ratankbapos
unidentified_077
unidentified_090
cleantoad
maui
vsingle
racket
bravonc
bitsran
bootwreck
deltas
alreay
klackring
webbytea
yort
imprudentcook
neddnloader
interception
dyepack
hloader

MITRE ATT&CK 84

T1001.003 - Protocol Impersonation T1003 - OS Credential Dumping T1005 T1010 - Application Window Discovery T1012 - Query Registry T1016 - System Network Configuration Discovery T1016.001 - Internet Connection Discovery T1017 - Application Deployment Software T1018 - Remote System Discovery T1021 - Remote Services T1023 - Shortcut Modification T1027 - Obfuscated Files or Information T1027.003 T1031 - Modify Existing Service T1033 - System Owner/User Discovery T1036 - Masquerading T1040 - Network Sniffing T1045 - Software Packing T1047 - Windows Management Instrumentation T1049 T1053 - Scheduled Task/Job T1055 - Process Injection T1056 - Input Capture T1057 - Process Discovery T1059 - Command and Scripting Interpreter T1059.001 - PowerShell T1060 - Registry Run Keys / Startup Folder T1068 - Exploitation for Privilege Escalation T1070 - Indicator Removal on Host T1071 - Application Layer Protocol T1071.004 - DNS T1078 - Valid Accounts T1078.002 - Domain Accounts T1082 - System Information Discovery T1083 - File and Directory Discovery T1089 - Disabling Security Tools T1090 - Proxy T1105 - Ingress Tool Transfer T1106 - Native API T1110 - Brute Force T1112 - Modify Registry T1115 - Clipboard Data T1119 - Automated Collection T1125 - Video Capture T1129 - Shared Modules T1133 - External Remote Services T1134 - Access Token Manipulation T1135 - Network Share Discovery T1136 - Create Account T1138 - Application Shimming T1140 - Deobfuscate/Decode Files or Information T1143 - Hidden Window T1155 - AppleScript T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application T1199 - Trusted Relationship T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 T1210 - Exploitation of Remote Services T1428 - Exploit Enterprise Resources T1445 - Abuse of iOS Enterprise App Signing Key T1449 - Exploit SS7 to Redirect Phone Calls/SMS T1459 - Device Unlock Code Guessing or Brute Force T1485 - Data Destruction T1486 - Data Encrypted for Impact T1497 - Virtualization/Sandbox Evasion T1498 - Network Denial of Service T1512 - Capture Camera T1543 - Create or Modify System Process T1547 - Boot or Logon Autostart Execution T1553 - Subvert Trust Controls T1562 - Impair Defenses T1564 - Hide Artifacts T1566 - Phishing T1566.001 T1573 - Encrypted Channel T1574 - Hijack Execution Flow T1588 T1588.001 T1590 T1590.005 T1592 T1592.002

Related Zero-Days 8

CVE-2017-0144 CVE-2018-8453 CVE-2021-44228 CVE-2022-41040 CVE-2022-41082 CVE-2023-27350 CVE-2023-4966 CVE-2024-12356