SEC News

What's new arround internet

Last one

Src	Date (GMT)	Titre	Description	Tags	Stories	Notes
	2024-05-08 00:59:58	Cas de distribution de logiciels malveillants liant le site Web de jeu illégal ciblant le serveur Web coréen Case of Malware Distribution Linking to Illegal Gambling Website Targeting Korean Web Server (lien direct)	Ahnlab Security Intelligence Center (ASEC) a découvert des preuves d'une souche malveillante distribuée aux serveurs Web au sudLa Corée, conduisant les utilisateurs à un site de jeu illégal.Après avoir initialement infiltré un serveur Web Windows Information (IIS) des services d'information sur Internet (IIS) mal gérés en Corée, l'acteur de menace a installé la porte arrière de METERPRETRER, un outil de transfert de port et un outil de logiciel malveillant du module IIS.Ils ont ensuite utilisé ProCDump pour exfiltrater les informations d'identification du compte du serveur.Les modules IIS prennent en charge les fonctionnalités d'extension des serveurs Web tels que ... AhnLab SEcurity intelligence Center (ASEC) has discovered evidence of a malware strain being distributed to web servers in South Korea, leading users to an illegal gambling site. After initially infiltrating a poorly managed Windows Internet Information Services (IIS) web server in Korea, the threat actor installed the Meterpreter backdoor, a port forwarding tool, and an IIS module malware tool. They then used ProcDump to exfiltrate account credentials from the server. IIS modules support expansion features of web servers such as...	Malware Tool Threat		★★
	2024-03-19 01:50:49	Andariel Group exploitant les solutions de gestion des actifs coréens (Meshagent) Andariel Group Exploiting Korean Asset Management Solutions (MeshAgent) (lien direct)	Ahnlab Security Intelligence Center (ASEC) a récemment découvert les attaques continues d'Andariel Group & # 8217;.Il est à noter que des installations de Meshagent ont été trouvées dans certains cas.Les acteurs de la menace exploitent souvent Meshagent ainsi que d'autres outils de gestion à distance similaires car il offre diverses fonctionnalités de télécommande.Le groupe Andariel a exploité les solutions de gestion des actifs coréens pour installer des logiciels malveillants tels que Andarloader et ModelOader, qui sont les logiciels malveillants utilisés dans les cas précédents.En commençant par l'agent Innix dans le passé, le groupe ... AhnLab SEcurity intelligence Center (ASEC) recently discovered the Andariel group’s continuous attacks on Korean companies. It is notable that installations of MeshAgent were found in some cases. Threat actors often exploit MeshAgent along with other similar remote management tools because it offers diverse remote control features. The Andariel group exploited Korean asset management solutions to install malware such as AndarLoader and ModeLoader, which are the malware used in the previous cases. Starting with Innorix Agent in the past, the group...	Malware Tool Threat		★★
	2024-02-13 03:52:20	Malware de revanche de vengeance sans fichier Fileless Revenge RAT Malware (lien direct)	Ahnlab Security Intelligence Center (ASEC) a récemment découvert la distribution des logiciels malveillants de Revenge Rat qui avaient été développés en fonction deOutils légitimes.Il semble que les attaquants aient utilisé des outils tels que & # 8216; SMTP-Validator & # 8217;et & # 8216; e-mail à SMS & # 8217;.Au moment de l'exécution, le logiciel malveillant crée et exécute à la fois un outil légitime et un fichier malveillant, ce qui rend difficile pour les utilisateurs de réaliser qu'une activité malveillante s'est produite.Comme indiqué dans le code ci-dessous, l'acteur de menace crée et exécute setup.exe ... AhnLab SEcurity intelligence Center (ASEC) recently discovered the distribution of Revenge RAT malware that had been developed based on legitimate tools. It appears that the attackers have used tools such as ‘smtp-validator’ and ‘Email To Sms’. At the time of execution, the malware creates and runs both a legitimate tool and a malicious file, making it difficult for users to realize that a malicious activity has occurred. As shown in the code below, the threat actor creates and runs Setup.exe...	Malware Tool Threat		★★
	2023-12-15 01:31:05	Systèmes infectés contrôlés par des outils d'administration à distance (détectés par EDR) Infected Systems Controlled Through Remote Administration Tools (Detected by EDR) (lien direct)	Les outils d'administration à distance sont des logiciels pour gérer et contrôler les terminaux dans des endroits distants.Les outils peuvent être utilisés comme solutions de travail à domicile dans des circonstances telles que la pandémie Covid-19 et dans le but de contrôler, de gérer et de réparer les appareils sans pilote à distance.Ces outils de télécommande utilisés à des fins légitimes sont appelés rat, ce qui signifie & # 8220; outils d'administration à distance. & # 8221;De plus, les types de logiciels malveillants de porte dérobée tels que Remcos Rat, NJRAT, Quasar Rat et Avemaria sont appelés chevaux de Troie à distance (rat) parce que ceux-ci le rendent également ... Remote administration tools are software for managing and controlling terminals at remote locations. The tools can be used as work-at-home solutions in circumstances such as the COVID-19 pandemic and for the purpose of controlling, managing, and repairing unmanned devices remotely. Such remote control tools used for legitimate purposes are called RAT, meaning “Remote Administration Tools.” Additionally, backdoor malware types such as Remcos RAT, njRAT, Quasar RAT, and AveMaria are called Remote Access Trojans (RAT) because these also make it possible...	Malware Tool		★★
	2023-12-04 01:13:29	Ransomware Attacks utilisant RDP comme vecteur d'attaque & # 8211;Détecté par EDR Ransomware Attacks Using RDP as the Attack Vector – Detected by EDR (lien direct)	Un service de bureau à distance fait référence à la fonctionnalité qui permet le contrôle à distance d'autres PC.Dans Windows, ce service est fourni par défaut via le protocole de bureau distant (RDP).Cela signifie que si le système cible est un environnement Windows, RDP peut être utilisé pour contrôler cette cible distante sans avoir à installer des outils de télécommande supplémentaires.Pour la télécommande, l'opérateur doit avoir des informations d'identification de compte pour le système cible et se connecter à l'aide de ces informations d'identification.En tant que tel, si ... A remote desktop service refers to the feature that allows remote control of other PCs. In Windows, this service is provided by default through Remote Desktop Protocol (RDP). This means that if the target system is a Windows environment, RDP can be used to control this remote target without having to install additional remote control tools. For remote control, the operator is required to have account credentials for the target system and log in using these credentials. As such, if...	Ransomware Tool		★★
	2023-10-10 04:42:35	Infostaler avec un certificat anormal en cours de distribution Infostealer with Abnormal Certificate Being Distributed (lien direct)	Récemment, il y a eu un taux de distribution élevé de logiciels malveillants en utilisant des certificats anormaux.Les logiciels malveillants se déguisent souvent avec des certificats normaux.Cependant, dans ce cas, les logiciels malveillants ont saisi les informations de certificat au hasard, le nom du sujet et les champs de noms émetteur ayant des chaînes inhabituellement longues.En conséquence, les informations sur le certificat ne sont pas visibles dans les systèmes d'exploitation Windows, et un outil ou une infrastructure spécifique est nécessaire pour inspecter la structure de ces certificats.Bien sûr, ces certificats échouent en vérification de signature depuis ... Recently, there has been a high distribution rate of malware using abnormal certificates. Malware often disguise themselves with normal certificates. However, in this case, the malware entered the certificate information randomly, with the Subject Name and Issuer Name fields having unusually long strings. As a result, the certificate information is not visible in Windows operating systems, and a specific tool or infrastructure is required to inspect the structure of these certificates. Of course, these certificates fail in signature verification since...	Malware Tool		★★★
	2023-05-17 23:20:00	Sparkrat est distribué dans un programme d'installation VPN coréen SparkRAT Being Distributed Within a Korean VPN Installer (lien direct)	Ahnlab Security Emergency Response Center (ASEC) a récemment découvert que Sparkrat était distribué au sein de l'installateur d'un certain VPNprogramme.Sparkrat est un outil d'administration à distance (rat) développé avec Golang.Lorsqu'il est installé sur un système d'utilisateur, il peut effectuer une variété de comportements malveillants, tels que l'exécution de commandes à distance, le contrôle des fichiers et les processus, le téléchargement de charges utiles supplémentaires et la collecte d'informations à partir du système infecté comme en prenant des captures d'écran.1. Cas de distribution Le fournisseur VPN, dont l'installateur contenait Sparkrat semble ... AhnLab Security Emergency response Center (ASEC) has recently discovered SparkRAT being distributed within the installer of a certain VPN program. SparkRAT is a Remote Administration Tool (RAT) developed with GoLang. When installed on a user’s system, it can perform a variety of malicious behaviors, such as executing commands remotely, controlling files and processes, downloading additional payloads, and collecting information from the infected system like by taking screenshots. 1. Case of Distribution The VPN provider, whose installer contained SparkRAT appears to...	Tool		★★
	2023-02-06 01:00:00	Sliver Malware With BYOVD Distributed Through Sunlogin Vulnerability Exploitations (lien direct)	Sliver is an open-source penetration testing tool developed in the Go programming language. Cobalt Strike and Metasploit are major examples of penetration testing tools used by many threat actors, and various attack cases involving these tools have been covered here on the ASEC blog. Recently, there have been cases of threat actors using Sliver in addition to Cobalt Strike and Metasploit. The ASEC (AhnLab Security Emergency response Center) analysis team is monitoring attacks against systems with either unpatched vulnerabilities or...	Malware Tool Vulnerability Threat		★★
	2023-01-13 00:52:34	Orcus RAT Being Distributed Disguised as a Hangul Word Processor Crack (lien direct)	The ASEC analysis team recently identified Orcus RAT being distributed on file-sharing sites disguised as a cracked version of Hangul Word Processor. The threat actor that distributed this malware is the same person that distributed BitRAT and XMRig CoinMiner disguised as a Windows license verification tool on file-sharing sites.[1] The malware distributed by the threat actor has a similar form as those of the past, except for the fact that Orcus RAT was used instead of BitRAT. Furthermore, the new malware...	Malware Tool Threat		★★
	2023-01-05 23:47:00	Distribution of NetSupport RAT Malware Disguised as a Pokemon Game (lien direct)	NetSupport Manager is a remote control tool that can be installed and used by ordinary or corporate users for the purpose of remotely controlling systems. However, it is being abused by many threat actors because it allows external control over specific systems. Unlike backdoors and RATs (Remote Access Trojans), which are mostly based on command lines, remote control tools (Remote Administration Tools) place emphasis on user-friendliness, so they offer remote desktops, also known as GUI environments. Even though they may...	Malware Tool Threat		★★
	2022-12-07 01:41:18	Malware Distributed with Disguised Filenames (RIGHT-TO-LEFT OVERRIDE) (lien direct)	In August, the ASEC analysis team made a post on the malware being distributed with filenames that utilize RTLO (Right-To-Left Override). RTLO is a unicode that makes an override from right to left. This type of malware induces users to execute its files by mixing filenames with extensions, with its distribution still being continued to this day. RAT Tool Disguised as Solution File (*.sln) Being Distributed on Github As of November 30th, 2022, when the keywords based on the last...	Malware Tool		★★★
	2022-08-31 23:26:41	RAT Tool Disguised as Solution File (*.sln) Being Distributed on Github (lien direct)	The ASEC analysis team has recently discovered the distribution of a RAT Tool disguised as a solution file (.sln) on GitHub. As shown in Figure 1, the malware distributor is sharing a source code on GitHub titled “Jpg Png Exploit Downloader Fud Cryter Malware Builder Cve 2022”. The file composition looks normal, but the solution file (.sln) is actually a RAT tool. It is through methods like this that the malware distributor lures users to run the RAT tool by...	Malware Tool
	2022-08-24 04:26:37	BitRAT and XMRig CoinMiner Being Distributed via Windows License Verification Tool (lien direct)	The ASEC analysis team has recently discovered the distribution of BitRAT and XMRig CoinMiner disguised as a Windows license verification tool. As introduced in previous posts, BitRAT has a history of being distributed on webhards as MS Windows license verification tools and MS Office installation programs. It is likely that the case covered by this post is being done by the same attacker. One thing to note is that a BitRAT remote control tool is installed in the environment without...	Tool
	2022-07-01 05:27:57	Case of Attack Exploiting AnyDesk Remote Tool (Cobalt Strike and Meterpreter) (lien direct)	MS-SQL servers are mainly the attack targets for Windows systems. Attackers scan vulnerable MS-SQL servers that are poorly managed and install malware upon gaining control. Malware strains installed by attackers include CoinMiner, ransomware, backdoor, etc., and may vary depending on the purpose of the attack. Most backdoor strains are remote control types such as Remcos RAT and Gh0st RAT, but there are also infiltration testing tools used to dominate companies’ internal systems such as Cobalt Strike and Meterpreter. The attack...	Malware Tool

Last update at: 2024-05-13 13:08:13
See our sources.

To see everything: Our RSS (filtrered)