| Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
 |
2022-10-12 04:18:45 |
(Déjà vu) ASEC Weekly Malware Statistics (September 26th, 2022 – October 2nd, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from September 26th, 2022 (Monday) to October 2nd, 2022 (Sunday). For the main category, downloader ranked top with 38.2%, followed by info-stealer with 35.1%, ransomware with 14.7%, backdoor with 11.6%, and CoinMiner with 0.4%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 16.7%. BeamWinHTTP is distributed via malware disguised...
|
Ransomware
Malware
|
|
|
|
2022-10-05 01:33:03 |
Change in Magniber Ransomware (*.js → *.wsf) – September 28th (lien direct) |
The ASEC analysis team has explained through the blog post on September 8th that the Magniber ransomware has changed from having a CPL extension to a JSE extension. The attacker made another change after September 8th, changing the file extension from JSE to JS on September 16th. And on September 28th, the attacker changed the distribution method once again, changing the file extension from JS to WSF. It seems the attacker is continuously distributing variations to bypass various detection methods...
|
Ransomware
|
|
|
|
2022-09-28 04:06:47 |
(Déjà vu) ASEC Weekly Malware Statistics (September 19th, 2022 – September 25th, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from September 19th, 2022 (Monday) to September 25th, 2022 (Sunday). For the main category, info-stealer ranked top with 51.3%, followed by backdoor with 21.1%, downloader with 17.2%, and ransomware with 10.3%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 20.7%. It is an info-stealer that leaks user credentials saved...
|
Ransomware
Malware
|
|
|
|
2022-09-28 03:48:50 |
LockBit 3.0 Ransomware Distributed via Word Documents (lien direct) |
The ASEC analysis team has identified that LockBit 3.0 ransomware distributed while disguised as job application emails in NSIS format is also being distributed in Word document format. The specific distribution channel has not yet been identified, but considering that the distributed file names include names of people such as ‘Lim Gyu Min.docx’ or ‘Jeon Chae Rin.docx’, it is likely that they were distributed disguised as job applications, similar to the past cases. There is an external link in the...
|
Ransomware
|
|
|
|
2022-09-28 03:39:14 |
(Déjà vu) ASEC Weekly Malware Statistics (September 12th, 2022 – September 18th, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from September 12th, 2022 (Monday) to September 18th, 2022 (Sunday). For the main category, info-stealer ranked top with 41.5%, followed by downloader with 27.5%, backdoor with 19.9%, ransomware with 8.2%, and banking malware with 2.9%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 18.1%. It is an info-stealer that...
|
Ransomware
Malware
|
|
|
|
2022-09-27 03:55:32 |
NSIS Type of LockBit 3.0 Ransomware Disguised as Job Application Emails Being Distributed (lien direct) |
In February and June, the ASEC Analysis team posted in the blog about LockBit 2.0 ransomware being distributed via email. In this blog, we will introduce the new version of the LockBit 3.0 ransomware that is still being distributed through similar method. While in June there were multiple cases of the ransomware being distributed disguised as a copyright-related email, recently it is being distributed as a phishing email disguised as an email on the subject of job applications. As shown in...
|
Ransomware
|
|
|
|
2022-09-23 00:14:52 |
FARGO Ransomware (Mallox) Being Distributed to Vulnerable MS-SQL Servers (lien direct) |
The ASEC analysis team is constantly monitoring malware distributed to vulnerable MS-SQL servers. The analysis team has recently discovered the distribution of FARGO ransomware that is targeting vulnerable MS-SQL servers. Along with GlobeImposter, FARGO is one of the prominent ransomware that targets vulnerable MS-SQL servers. In the past, it was also called the Mallox because it used the file extension .mallox. – [ASEC Blog] Cobalt Strike Being Distributed to Vulnerable MS-SQL Servers– [ASEC Blog] Cobalt Strike Being Distributed to Vulnerable MS-SQL Servers...
|
Ransomware
Malware
|
|
|
|
2022-09-21 00:45:18 |
Video of Blocking Latest Magniber Ransomware Using V3 (AMSI + Memory Scan) (lien direct) |
The ASEC analysis team introduced the Magniber variants in the blog posted on September 15th. From September 16th, the Magniber ransomware script, whilst still a javascript, has its file extension changed from *.jse to *.js. As Magniber changed to javascript starting September 8th, its operational method has also changed from the previous method. The currently distributed javascript file contains a .NET DLL (see Figure 2), and injects the Magniber shell code into currently running processes. The overall operation flow of...
|
Ransomware
|
|
|
|
2022-09-21 00:28:20 |
(Déjà vu) ASEC Weekly Malware Statistics (September 5th, 2022 – September 11th, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from September 5th, 2022 (Monday) to September 11th, 2022 (Sunday). For the main category, info-stealer ranked top with 47.1%, followed by downloader with 32.7%, backdoor with 12.5%, and ransomware with 7.7%. Top 1 – GuLoader GuLoader, which ranked first place with 21.1%, is a downloader malware that downloads additional malware and runs it. It...
|
Ransomware
Malware
|
|
|
|
2022-09-15 00:00:00 |
Change in Magniber Ransomware (*.cpl → *.jse) – September 8th (lien direct) |
After Magniber changed its method of distribution from an MSI format to a CPL format on July 20th, it has been monitored to show decreased distribution activity as of mid-August. While continuously monitoring for changes, the ASEC analysis team found that the distribution format of Magniber has changed from *.CPL (DLL type) to *.JSE (script) format starting from September 8th, 2022. As Magniber is one of the most damaging ransomware to Korean users and is employing various methods to bypass...
|
Ransomware
|
|
|
|
2022-09-14 00:30:00 |
(Déjà vu) ASEC Weekly Malware Statistics (August 29th, 2022 – September 4th, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from August 29th, 2022 (Monday) to September 4th, 2022 (Sunday). For the main category, info-stealer ranked top with 45.9%, followed by downloader with 28.1%, backdoor with 18.5%, ransomware with 6.2%, and CoinMiner and banking malware with 0.7% each. Top 1 – GuLoader GuLoader, which ranked first place with 22.6%, is a downloader malware that...
|
Ransomware
Malware
|
|
|
|
2022-09-01 09:49:18 |
(Déjà vu) ASEC Weekly Malware Statistics (August 22nd, 2022 – August 28th, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from August 22nd, 2022 (Monday) to August 28th, 2022 (Sunday). For the main category, info-stealer ranked top with 41.0%, followed by backdoor with 31.8%, downloader with 21.4%, and ransomware with 5.8%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 23.7%. It is an info-stealer that leaks user credentials...
|
Ransomware
Malware
|
|
|
|
2022-09-01 09:47:35 |
(Déjà vu) ASEC Weekly Malware Statistics (August 15th, 2022 – August 21st, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from August 15th, 2022 (Monday) to August 21st, 2022 (Sunday). For the main category, info-stealer ranked top with 57.8%, followed by backdoor with 24.2%, downloader with 13.7%, ransomware with 3.7%, and CoinMiner with 0.6%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 38.5%. It is an info-stealer that leaks...
|
Ransomware
Malware
|
|
|
|
2022-08-18 00:26:46 |
(Déjà vu) ASEC Weekly Malware Statistics (August 8th, 2022 – August 14th, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from August 8th, 2022 (Monday) to August 14th, 2022 (Sunday). For the main category, info-stealer ranked top with 41.9%, followed by backdoor with 38.4%, downloader with 16.8%, ransomware with 2.2%, and CoinMiner with 0.6%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 23.1%. It is an info-stealer that leaks...
|
Ransomware
Malware
|
|
|
|
2022-08-17 01:43:10 |
(Déjà vu) ASEC Weekly Malware Statistics (August 1st, 2022 – August 7th, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from August 1st, 2022 (Monday) to August 7th, 2022 (Sunday). For the main category, info-stealer ranked top with 47.4%, followed by backdoor with 22.6%, downloader with 20.0%, ransomware with 6.8%, banking with 2.6%, and CoinMiner with 0.5%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 25.8%. It is...
|
Ransomware
Malware
|
|
|
|
2022-08-03 02:19:00 |
Gwisin Ransomware Targeting Korean Companies (lien direct) |
The cases of Gwisin ransomware attacking Korean companies are recently on the rise. It is being distributed to target specific companies. It is similar to Magniber in that it operates in the MSI installer form. Yet unlike Magniber which targets random individuals, Gwisin does not perform malicious behaviors on its own, requiring a special value for the execution argument. The value is used as key information to run the DLL file included in the MSI. As such, the file alone...
|
Ransomware
|
|
|
|
2022-07-28 05:48:00 |
(Déjà vu) ASEC Weekly Malware Statistics (July 18th, 2022 – July 24th, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from July 18th, 2022 (Monday) to July 24th, 2022 (Sunday). For the main category, info-stealer ranked top with 44.7%, followed by backdoor with 40.3%, downloader with 14.5%, and ransomware with 0.6%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 27.0%. It is an info-stealer that leaks user credentials...
|
Ransomware
Malware
|
|
|
|
2022-07-25 05:21:11 |
Change in Magniber Ransomware (*.msi → *.cpl) – July 20th (lien direct) |
Since February 2022, Magniber has been using a Windows installer package file (.msi) instead of IE browser vulnerability for its distribution. The ransomware includes a valid certificate and was distributed as DLL form inside the MSI file. However, starting from July 20th (Wednesday), it is now being distributed as a CPL file extension instead of MSI. As the cases of using an MSI file for distribution are decreasing, the attacker of Magniber likely has changed the method of distribution. (July...
|
Ransomware
Vulnerability
|
|
|
|
2022-07-25 05:17:47 |
(Déjà vu) ASEC Weekly Malware Statistics (July 11th, 2022 – July 17th, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from July 11th, 2022 (Monday) to July 17th, 2022 (Sunday). For the main category, info-stealer ranked top with 52.2%, followed by backdoor with 26.8%, downloader with 19.7%, banking with 0.6%, and ransomware with 0.6%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 29.9%. It is an info-stealer that leaks...
|
Ransomware
Malware
|
|
|
|
2022-07-21 00:17:28 |
(Déjà vu) ASEC Weekly Malware Statistics (July 4th, 2022 – July 10th, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from July 4th, 2022 (Monday) to July 10th, 2022 (Sunday). For the main category, info-stealer ranked top with 43.9%, followed by downloader with 27.2%, backdoor with 21.1%, banking with 6.1%, ransomware with 1.1%, and coinminer with 0.6%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 27.2%. It is an...
|
Ransomware
Malware
|
|
|
|
2022-07-21 00:06:36 |
Amadey Bot Being Distributed Through SmokeLoader (lien direct) |
Amadey Bot, a malware that was first discovered in 2018, is capable of stealing information and installing additional malware by receiving commands from the attacker. Like other malware strains, it has been sold in illegal forums and used by various attackers. The ASEC analysis team previously revealed cases where Amadey was used on attacks in the ASEC blog posted in 2019 (English version unavailable). Amadey was mainly used to install ransomware by attackers of GandCrab or to install FlawedAmmyy by...
|
Ransomware
Malware
|
|
|
|
2022-07-20 23:41:12 |
Change in Injection Method of Magniber Ransomware (lien direct) |
The ASEC analysis team is constantly monitoring Magniber, which has a higher number of distribution cases. It has been distributed through the IE (Internet Explorer) vulnerability for the past few years but stopped exploiting the vulnerability after the support for the browser ended. Recently, the ransomware is distributed as a Windows installer package file (.msi) on Edge and Chrome browsers. Magniber, which is being distributed as Windows installation package file (.msi), has hundreds of distribution logs reported every day (see...
|
Ransomware
Vulnerability
|
|
|
|
2022-07-07 01:27:25 |
(Déjà vu) ASEC Weekly Malware Statistics (June 27th, 2022 – July 3rd, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 27th, 2022 (Monday) to July 3rd, 2022 (Sunday). For the main category, info-stealer ranked top with 48.0%, followed by banking malware with 26.5%, RAT (Remote Administration Tool) with 12.5%, downloader with 8.2%, ransomware with 2.2%, coinminer with 1.8%, and backdoor with 0.7%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked...
|
Ransomware
Malware
|
|
|
|
2022-06-29 05:06:20 |
(Déjà vu) ASEC Weekly Malware Statistics (June 20th, 2022 – June 26th, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 20th, 2022 (Monday) to June 26th, 2022 (Sunday). For the main category, info-stealer ranked top with 53.8%, followed by downloader with 25.1%, backdoor with 14.8%, banking malware with 4.9%, and ransomware with 1.3%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 25.6%. It is an info-stealer that...
|
Ransomware
Malware
|
|
|
|
2022-06-28 04:44:03 |
ASEC Weekly Malware Statistics (June 13th, 2022 – June 19th, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 13th, 2022 (Monday) to June 19th, 2022 (Sunday). For the main category, info-stealer ranked top with 63.8%, followed by backdoor with 17.8%, downloader with 8.9%, banking malware with 7.5%, and ransomware with 1.9%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 29.1%. It is an info-stealer that...
|
Ransomware
Malware
|
|
|
