Under Attack? Call (844) END.DDoS

The Big Bong Theory: Conjectures on a Korean Banking Trojan

ASERT team

Download the full report here.

ASERT has been analyzing samples of a banking trojan targeting South Korean financial institutions. We call the banker “Big Bong” and provide, in this threat intelligence report, an in-depth behavioral analysis of the malware from builder to bot and from installation to exfiltration including obfuscation techniques, certificate use, and VPN-based network communications. A goal hypothesis is put forth – “The Big Bong Theory,” including some background on the South Korean banking infrastructure. This intelligence report will be of interest to security researchers, incident responders, and anyone interested in advanced malware analysis.