SmallTiger Malware Campaign Targeting South Korean Businesses

This technical report details a malware campaign involving SmallTiger malware that has been reported to target South Korean companies in sectors such as defense, automobile parts, and semiconductor manufacturing. The malware functions as a downloader, establishing a connection to the attackers' command and control (C&C) server to retrieve and execute a final payload in the system's memory. The report outlines the attack chain, which includes the installation of tools like Mimikatz and ProcDump on compromised systems. These tools are utilized to extract credentials from the LSASS process memory. The report also describes the various attack vectors employed by the threat actor, including the use of DLL files and command-line tools to extract sensitive information from web browsers. Additionally, it mentions the evolution of the malware distribution methods, including the use of GitHub for malware delivery. Recommendations for mitigating the threat are provided, emphasizing the importance of security awareness and robust endpoint protection.