Digital Currency Exchanges and Users are under Targeted Attack by North Korean – TraderTraitor

Home/IOC's, Malware, Targeted Attacks, Tips/Digital Currency Exchanges and Users are under Targeted Attack by North Korean – TraderTraitor

Digital Currency Exchanges and Users are under Targeted Attack by North Korean – TraderTraitor

TraderTraitor – North Korean Group targeting the Blockchain companies and NFT trading platforms to heist your NFT’s and Digital Crypto Coins. FBI, CISA and US Treasury Department released Joint Cyber Security Advisory to be aware of the targeted attack and take adequate mitigations to deploy in your environment.

Attack Overview:

US government states that “It observed North Korean Cyber actors targeting a variety of organizations involved with the blockchain technology and the cryptocurrency industry, including exchanges, decentralized finance (DeFi) protocols, play-to-earn cryptocurrency video games, trading companies, Venture Capital Funds those invest in cryptocurrency, and individual holders of large amounts of cryptocurrency or valuable Non-Fungible Tokens (NFT’s) “

This targeted Attack is succeeded through effective “Social Engineering Techniques”. Techniques used here which resembles the attack from “Lazarus Group “AppleJeus”. Dangerous customized Trojan has been designed for this specific attack which is targeting the crypto currency industries and its users which can steal all your cryptocurrencies and NFT’s. Continuous Spear Phishing Campaigns has been targeted the exchanges which will utilize the presence of existing vulnerabilities in their applications and servers.

How Effective the Trojan is ?

The Campaign targets the end users by mimicking as recruitment agency which offers “high-paying jobs”: when victim falls prey, it downloads the malicious files in the background

Security experts briefed that the new Trojan is developed using various open-source tools and its very perilous impact. Attackers created their own websites which depicts they are the resellers of Digital Currencies and NFT’s. When you visit the website, Trojan Malware gets downloaded through “Drive by Downloads” while you are valuing the currencies. Trojan intact downloads more files through C&C and execute arbitrary commands similar tool as “North Korean Remote Access Tool: COPPERHEDGE” post infection

TraderTraitor_SynCheck
TraderTraitor_Sync Check

Security experts advising organizations and individuals to ensure awareness of the security attacks and capture the IOCs to deploy in your environment to Protect & Monitor

Even at the moment lot of security vendors have not tagged this as Malicious in their DAT’s and Threat Intelligence platforms

Security Vendors Observation
Security Vendors Observation

Please find the below list of IOC’s for your actions

Malicious Domains:

  • dafom[.]dev
  • tokenais[.]com
  • cryptais[.]com
  • alticgo[.]com
  • esilet[.]com
  • greenvideo[.]nl
  • dafnefonseca[.]com
  • haciendadeclarevot[.]com
  • sche-eg[.]org
  • www[.]vinoymas[.]com
  • infodigitalnew[.]com
  • creaideck[.]com
  • aideck[.]net

SHA Values to Block:

MD5 List:

  • c2ea5011a91cd59d0396eb4fa8da7d21
  • 930f6f729e5c4d5fb52189338e549e5e
  • 4e5ebbecd22c939f0edf1d16d68e8490
  • 1c7d0ae1c4d2c0b70f75eab856327956
  • 855b2f4c910602f895ee3c94118e979a
  • 9a6307362e3331459d350a201ad66cd9
  • 53d9af8829a9c7f6f177178885901c01
  • 1ca31319721740ecb79f4b9ee74cd9b0
  • 9578c2be6437dcc8517e78a5de1fa975
  • 5d43baf1c9e9e3a939e5defd8f8fbd8d
  • 8397ea747d2ab50da4f876a36d673272

SHA-1 List:

  • b2d9ca7b6d1bbbe4864ea11dfca343b7e15597d8
  • 8e67006585e49f51db96604487138e688df732d3
  • f1606d4d374d7e2ba756bdd4df9b780748f6dc98
  • f3263451f8988a9b02268f0fb6893f7c41b906d9
  • ff17bd5abe9f4939918f27afbe0072c18df6db37
  • 3f2c1e60b5fac4cf1013e3e1fc688be490d71a84
  • ae9f4e39c576555faadee136c6c3b2d358ad90b9
  • 41f855b54bf3db621b340b7c59722fb493ba39a5
  • d2a77c31c3e169bec655068e96cf4e7fc52e77b8
  • d5ff73c043f3bb75dd749636307500b60a436550
  • 48a6d5141e25b6c63ad8da20b954b56afe589031

SHA-256 List:

  • 60b3cfe2ec3100caf4afde734cfd5147f78acf58ab17d4480196831db4aa5f18
  • 5b40b73934c1583144f41d8463e227529fa7157e26e6012babd062e3fd7e0b03
  • f0e8c29e3349d030a97f4a8673387c2e21858cccd1fb9ebbf9009b27743b2e5b
  • 765a79d22330098884e0f7ce692d61c40dfcf288826342f33d976d8314cfd819
  • e3d98cc4539068ce335f1240deb1d72a0b57b9ca5803254616ea4999b66703ad
  • 8acd7c2708eb1119ba64699fd702ebd96c0d59a66cba5059f4e089f4b0914925
  • 9ba02f8a985ec1a99ab7b78fa678f26c0273d91ae7cbe45b814e6775ec477598
  • 9d9dda39af17a37d92b429b68f4a8fc0a76e93ff1bd03f06258c51b73eb40efa
  • dced1acbbe11db2b9e7ae44a617f3c12d6613a8188f6a1ece0451e4cd4205156
  • 867c8b49d29ae1f6e4a7cd31b6fe7e278753a1ba03d4be338ed11fd1efc7dd36
  • 89b5e248c222ebf2cb3b525d3650259e01cf7d8fff5e4aa15ccd7512b1e63957

Everyone is going crazy about digital currencies and its increasing value across the globe. All the users are victimized for such targeted attacks, we would like you to be vigilant and have a safe play in your currencies !!!

Post Views: 542
By | 2022-04-20T18:48:19+05:30 April 20th, 2022|IOC's, Malware, Targeted Attacks, Tips|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

One Comment

  1. Henrik April 20, 2022 at 7:16 pm - Reply

    The new era of digital attacks!!

Leave A Comment

Subscribe to our newsletter to receive security tips everday!