S2W BLOG
Published in

S2W BLOG

Campaign Rifle: Andariel, The Maiden of Anguish

Author: Kay Kwak (Kyoung-Ju Kwak)

NOTICE
Currently, the report is not available. FSI (Financial Security Institute) would like to add more things to it and will be published on FSI’s website officially. The report will be much prettier than before. Coming soon! :)

This report was originally published in 2017 when I worked for FSI (Financial Security Institute) in South Korea and the copyright of this report belongs to FSI. Despite the passage of time, there was a constant request for an English version, so I translated this report with my S2W LAB colleagues (Hyunmin Suh, hypen, JAEKI KIM), the oldest son (Hyojun Suh) of the CEO and FSI.

This English version report will be published on FSI (Financial Security Institute) website soon. We (FSI and I) are working on it together.

Frankly, I also found the English version of this report which was done by Group-IB in 2018. They obviously gave it to me at that time but I don’t clearly remember that how I could get this.

Anyway, special thanks to Group-IB.

It has been a long time since this report was published, but Andariel Group is still using some of the patterns presented in this report. We observed the activity of Andariel this year. It seems they resumed the attack.

I will continuously post more about Andariel’s features which I found after this report was published such as Charon RAT and some vulnerabilities Andariel used in 2021.

We hope this English version of Andariel report helps many people.

Andariel-related content was also presented at several conferences such as Blackhat Asia, Blackhat Europe, and Kaspersky SAS.

Report Download (redirect to fsec.or.kr)

Campaign Rifle: Andariel, The Maiden of Anguish

Currently, the report is not available. FSI would like to add more things to it and will be published on FSI’s website. Coming soon!

Recent Reference

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
S2W

S2W is specializing in cybersecurity data analysis for cyber threat intelligence.