Makop Ransomware Distributed As Copyright Violation Related Materials
The ASEC analysis team has recently shared information about the distribution of Makop ransomware disguised as job applications. This week, the team confirmed that the ransomware is being distributed via e-mails that contain materials related to copyright violation. Unlike the last time, the compressed file is attached with the .dat
Cobalt Strike Targeting Korean Companies Being Distributed (Part 2)
The ASEC analysis team is monitoring attacks that utilize the Cobalt Strike hacking tool. In this article, the team will examine the latest Cobalt Strike attacks which were confirmed after the publishing of the past article that introduced the Cobalt Strike hacking tool. An attack confirmed on April 23 revealed
Attack Against Ukrainian Ministry of Defense Using E-mail Disguised as Free Bitcoin Reward
ASEC analysis team has confirmed the distribution of malicious e-mail disguised as a free Bitcoin reward that targets specific individuals in Ukrainian Ministry of Defense. This malware uses a recent hot topic, Bitcoin, and tricks people into downloading the end-stage malware through various methods. Figure 1. Phishing e-mail targeting Ukrainian
Lokibot Malware Disguised as Phishing E-mail Requesting for Estimate
ASEC analysis team has discovered the distribution of Lokibot malware disguised as an estimate request e-mail. Lokibot malware has been distributed continually over several years, and a closer look at the weekly malware statistics uploaded to the ASEC blog reveals the fact that Lokibot consistently remained high on the weekly
![[Caution] Makop Ransomware Disguised as Job Application E-mail Being Distributed!](https://asec.ahnlab.com/wp-content/uploads/2021/04/GetImageAttachment-2.png)
[Caution] Makop Ransomware Disguised as Job Application E-mail Being Distributed!
ASEC analysis team has recently discovered ransomware disguised as job application being distributed via e-mail. It appears that the attacker is targeting recruitment managers of various companies amidst the recruitment season of the first half of the year. Hence, recruiters must pay particular attention when managing their e-mail accounts. The
Distribution of RTF Vulnerability Malware that Takes Advantage of Microsoft Office Word’s External Connection
Distribution of RTF vulnerability (CVE-2017-11882) malware that uses external connection of MS Office Word document has been found. Employees must be on the lookout as the attacker is using spam e-mails to distribute malware to domestic shopping malls and other businesses. Recently, the distribution of MS Office Word malware using
Detection of Vulnerability (CVE-2021-26411) via V3 Memory Scan (Magniber)
Starting from March 2021, Magniber ransomware that operates in a fileless form has used the script that utilizes CVE-2021-26411 vulnerability instead of using CVE-2020-0968 vulnerability. There are still numerous damage reports that involve Magniber ransomware in Korea, and as the malware is being distributed via IE vulnerability (CVE-2021-26411), it is
Snake Keylogger Being Distributed via Spam E-mails
Recently, there has been an exponential increase in the distribution of Snake Keylogger via spam e-mails. Snake Keylogger is an info-leaking malware that is developed with .NET, and as seen from the weekly statistics below, it consecutively made its way into the Top 5 malware as of recent. Latest ASEC
Distribution of Hangul Word Processor (HWP) File with Title of North Korea-related Question
Previously, ASEC analysis team discovered the surge in the distribution of malicious Word files containing North Korea-related materials and shared detailed information about this trend. And today, ASEC analysis team has discovered the distribution of malware disguised as HWP files that contain North Korea-related questions. Judging by the information within
Distribution of Malicious Word Document Disguised as a Military Security Monthly Magazine (April 2021)
On March 29th, ASEC analysis team has introduced malicious word documents containing North Korea related materials. Upon opening the file, it connects to the ‘External URL’ written within XML and downloads additional files. Recently the team has found out that malicious word documents using the mentioned method and disguised as
