Domains Used for Magniber Distribution in Korea
On November 7th, the ASEC analysis team introduced through a blog post the Magniber ransomware which attempted MOTW (Mark of the Web) bypassing. Afterward, using the data left in Zone.Identifier, we conducted an investigation on the sources used for the distribution of Magniber. With the typosquatting method—which exploits typos—when the user accesses the wrongly entered domain, the msi file (Magniber) is downloaded after redirecting to an advertisement page. Examination of Zone.Identifier created at this stage reveals the URL from where … Continue reading Domains Used for Magniber Distribution in Korea
2 Comments