Guess Who’s Back - The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 2024

    Wednesday, November 27, 2024 In: Threat Research Print

    Date: 11/27/2024

    Severity: Critical

    Summary

    Trend Micro research reveals a spear-phishing campaign targeting individuals and organizations in Japan since June 2024. Notably, this campaign marks the return of the ANEL backdoor, previously used by APT10 in attacks on Japan until around 2018, but not observed since. Additionally, NOOPDOOR, associated with Earth Kasha, has also been confirmed in this campaign. These findings suggest the campaign is part of a new operation by Earth Kasha.

    Indicators of Compromise (IOC) List

    IP Address :

    139.84.131.62

    139.84.136.105

    45.32.116.146

    45.77.252.85

    208.85.18.4

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    IP Address :

    dstipaddress IN ("139.84.131.62","139.84.136.105","45.32.116.146","45.77.252.85","208.85.18.4") or ipaddress IN ("139.84.131.62","139.84.136.105","45.32.116.146","45.77.252.85","208.85.18.4") or publicipaddress IN ("139.84.131.62","139.84.136.105","45.32.116.146","45.77.252.85","208.85.18.4") or srcipaddress IN ("139.84.131.62","139.84.136.105","45.32.116.146","45.77.252.85","208.85.18.4")

    Reference:   

    https://www.trendmicro.com/en_us/research/24/k/return-of-anel-in-the-recent-earth-kasha-spearphishing-campaign.html


    Tags

    MalwareSpear PhishingJapanANELBackdoorEarth KashaGovernment Services and FacilitiesCritical ManufacturingInformation TechnologyTransportation Systems

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2024 by Gurucul - All rights reserved.