CoinMiner Distribution Process within Infiltrated Systems (Detected by EDR) Posted By eastston , September 25, 2023 AhnLab Security Emergency Response Center (ASEC) has identified the process through which threat actors install CoinMiners, which utilize a compromised system’s resources for cryptocurrency mining. This post will cover how the AhnLab EDR product detects the installation process of CoinMiners that use system resources for cryptocurrency mining. Figure 1. Execution of command from threat actor Figure 1 shows that the threat actor used the same command consistently on the infiltrated system. It shows a PowerShell script was detected being…
Malicious LNK File Being Distributed, Impersonating the National Tax Service Posted By gygy0101 , September 21, 2023 AhnLab Security Emergency response Center (ASEC) has discovered circumstances of a malicious LNK file impersonating the National Tax Service being distributed. Distribution using LNK files is a method that has been used in the past, and recently, there have been multiple cases of distribution to Korean users. The recently identified LNK file is presumed to be distributed via a URL included in emails. The URL identified through AhnLab Smart Defense (ASD) is as follows, and from it, a compressed file…
HiddenGh0st Malware Attacking MS-SQL Servers Posted By Sanseo , September 21, 2023 Gh0st RAT is a remote control malware developed by the C. Rufus Security Team from China. Due to its source code being publicly available, malware developers use it as a reference as they continue developing numerous variants that are still actively used in attacks. Although the source code is public, Gh0st RAT is mainly used by threat actors based in China. Cases of Gh0stCringe RAT, a variant of Gh0st RAT, being distributed targeting database servers (MS-SQL, MySQL servers) were disclosed…
Downloader Disguised With Contents on Violation of Intellectual Property Rights (Detected by MDS) Posted By muhan , September 14, 2023 On August 28, AhnLab Security Emergency response Center (ASEC) discovered circumstances of a downloader in distribution disguised with contents regarding the violation of intellectual property rights, targeting unspecified masses in Korea. The distributed malware included a code that detects virtual environments to evade sandbox-based security solutions and was a .NET-type that downloads the MainBot malware. Judging from the file information collected by AhnLab Smart Defense (ASD) and VirusTotal, it seems that Korea and Taiwan were the target destinations for distribution….
Threat Trend Report on Ransomware – July 2023 Posted By ahnlabti , September 11, 2023 This report provides statistics on the number of new ransomware samples, targeted systems, and targeted businesses in July 2023, as well as notable ransomware issues in Korea and other countries. Key Trends 1) More businesses affected by CLOP ransomware’s exploitation of MOVEit zero-day vulnerability 2) Big Head ransomware disguised as an emergency Windows update 3) Detection names for ransomware disguised as Sophos file ATIP_2023_Jul_Threat Trend Report on Ransomware Statistics and Major Issues
