KRBanker

Description

(Proofpoint) First analyzed in early 2014, the Blackmoon banking Trojan targets a user’s online banking credentials using a type of pharming that involves modifying or replacing the local Hosts file with one that redirects online banking domain lookups to an IP address controlled by the attacker. Blackmoon has been observed targeting primarily customers of South Korean online banking sites and services, and is usually distributed via drive-by download.

Names

Name
KRBanker
Blackmoon

Type

Banking trojan

Information

https://www.proofpoint.com/us/threat-insight/post/Updated-Blackmoon-Banking-Trojan
https://unit42.paloaltonetworks.com/unit42-krbanker-targets-south-korea-through-adware-and-exploit-kits-2/
https://www.peppermalware.com/2019/03/analysis-of-blackmoon-banking-trojans.html
http://training.nshc.net/ENG/Document/virus/20140305_Internet_Bank_Pharming_-_BlackMoon_Ver_1.0_External_ENG.pdf

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.krbanker

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:krbanker

Other Information

Uuid

fc359147-48b8-4b01-b018-bc3a0b7f4727

Last Card Change

2020-05-24

Threat Intelligence Garden

Explorer

KRBanker

KRBanker

Description

Names

Category

Type

Information

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks