On November 7th, the ASEC analysis team introduced through a blog post the Magniber ransomware which attempted MOTW (Mark of the Web) bypassing. Afterward, using the data left in Zone.Identifier, we conducted an investigation on the sources used for the distribution of Magniber. With the typosquatting method—which exploits typos—when the user accesses the wrongly entered … Continue reading Domains Used for Magniber Distribution in Korea