ASEC Weekly Malware Statistics (July 19th, 2021 – July 25th, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to major malware. This post will list weekly statistics collected from July 19th, 2021 (Monday) to July 25th, 2021 (Sunday). For the main category, info-stealer ranked top with 54.7%, followed by RAT (Remote Administration Tool) malware with 23.6%, CoinMiner with 9.2%, downloader with 8.0%, ransomware with 2.4%, and backdoor with 1.7%. Top 1 – RedLine RedLine malware was ranked first place with 9.2%. The number…

Fileless Remcos RAT Malware Delivery

The ASEC analysis team identified that Remcos RAT malware is being distributed through malicious macros in Excel files. As for the malware, the team introduced it in detail in the post linked below this text. While the method of coming into the system through spam mails is the same as before, it should be noted that the Remcos RAT malware is ultimately delivered filelessly after going through multiple loader stages. In summary, the overall operation method is as follows: The attacker attaches…

ASEC Weekly Malware Statistics (July 12th, 2021 – July 18th, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from July 12th, 2021 (Monday) to July 18th, 2021 (Sunday). For the main category, info-stealer ranked top with 60.9%, followed by RAT (Remote Administration Tool) malware with 19.4%, downloader with 8.1%, CoinMiner with 7.1%, and Ransomware with 4.4%. Top 1 – Vidar Vidar was ranked first place with 13.7%. It is an infostealer / downloader…

APT Attack Attempts Using Word Documents Targeting Specific Individuals

The ASEC analysis team confirmed that the malware with the same format of malicious word documents introduced in the post “Malicious Word Documents Pretending ‘Korea Association for Political and Diplomatic History’ and ‘Policy Advisory Member Profile’ Being Distributed” is still being distributed. Like the malicious word documents introduced in previous cases, the recently discovered word files also download the dotm file with the malicious macro through the external link. The filenames and external URLs confirmed are as follows. Date Discovered…

Excel Files Becoming More Sophisticated (Distribution of Dridex and Cobalt Strike)

The distribution method of Dridex through Excel files has been steadily discovered since last year and was introduced on this blog. Recently, the ASEC analysis team found that the Cobalt Strike tool along with Dridex is being distributed with a similar method as before. Yet unlike previous cases, recent Excel documents that are being distributed were found to perform malicious behaviors after a certain time using the task scheduler. It is assumed that the change in the operation method was…