ASEC Weekly Malware Statistics (May 3rd, 2021 – May 9th, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from May 3rd, 2021 (Monday) to May 9th, 2021 (Sunday). For the main category, info-stealer ranked top with 72.7%, followed by RAT (Remote Administration Tool) malware with 16.0%, CoinMiner with 8.2%, Ransomware with 1.7%, and downloader with 1.3%. Top 1 – AgentTesla AgentTesla was ranked first place with 25.1%. It is an info-stealer malware…

Cobalt Strike Targeting Korean Companies Being Distributed (Part 2)

The ASEC analysis team is monitoring attacks that utilize the Cobalt Strike hacking tool. In this article, the team will examine the latest Cobalt Strike attacks which were confirmed after the publishing of the past article that introduced the Cobalt Strike hacking tool. An attack confirmed on April 23 revealed that the Cobalt Strike beacon was run by the process that possesses the command line shown below. Cobalt Strike threat actors usually designate and run the normal process after giving…

Info-leaking Malware Distributed Through Google Keyword Search

The ASEC analysis team has previously dealt with BeamWinHTTP malware being distributed through adware and PUP programs. When users install cracks and keygens by downloading the installers from the phishing page, various PUP programs and BeamWinHTTP malware are installed together. BeamWinHTTP additionally installs info-leaking malware (info-stealers). When users search with keywords like ‘program names,’ ‘cracks,’ and ‘keygens’ in a search engine like Google, they may come across websites with fake shortened URLs. In the example below, the short URL is…

Makop Ransomware Distributed As Copyright Violation Related Materials

The ASEC analysis team has recently shared information about the distribution of Makop ransomware disguised as job applications. This week, the team confirmed that the ransomware is being distributed via e-mails that contain materials related to copyright violation. Unlike the last time, the compressed file is attached with the .dat extension instead of .zip and to avoid the e-mail attachment scan, the date the mail was distributed was used as a password. Inside the attached file, there is a file…

ASEC Weekly Malware Statistics (April 26th, 2021 – May 2nd, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from April 26th, 2021 Monday to May 2nd, 2021 Sunday. For the main category, info-stealer ranked top with 75.9%, followed by RAT (Remote Administration Tool) malware with 19.3%, downloader with 1.3%, and CoinMiner with 2.6%. Ransomware and banking malware accounted for 0.4%. Top 1 – AgentTesla AgentTesla was ranked first place with 32.9%. It…