Word Document Titled ‘BIO Form’ Being Distributed
Since last month, the ASEC analysis team has been continuously uploading posts about APT attacks using word documents. Recently, it found that the malware of the same type is being constantly distributed in the name of ‘BIO form.’ By looking at the distribution history of previous word documents, we can
CryptBot Infostealer Constantly Changing and Being Distributed
CryptBot is an Infostealer that is being distributed through malicious websites disguised as software download pages. Because there are multiple malicious websites created and many of them appear on the top page when keywords such as cracks and serials of popular commercial software are entered in search engines, many users
Malware Disguised as Job Offer Letter
The ASEC analysis team has recently discovered that KPOT Infostealer is being distributed via spam mails containing word files. There has been a number of cases ultimately downloading Infostealer programs when the macro was enabled, but this case is noticeable in that it used a word file with a particular
Fileless Remcos RAT Malware Delivery
The ASEC analysis team identified that Remcos RAT malware is being distributed through malicious macros in Excel files. As for the malware, the team introduced it in detail in the post linked below this text. While the method of coming into the system through spam mails is the same as
APT Attack Attempts Using Word Documents Targeting Specific Individuals
The ASEC analysis team confirmed that the malware with the same format of malicious word documents introduced in the post “Malicious Word Documents Pretending ‘Korea Association for Political and Diplomatic History’ and ‘Policy Advisory Member Profile’ Being Distributed” is still being distributed. Like the malicious word documents introduced in previous
Excel Files Becoming More Sophisticated (Distribution of Dridex and Cobalt Strike)
The distribution method of Dridex through Excel files has been steadily discovered since last year and was introduced on this blog. Recently, the ASEC analysis team found that the Cobalt Strike tool along with Dridex is being distributed with a similar method as before. Yet unlike previous cases, recent Excel
Excel 4.0 Macro with Various Images being Distributed
The ASEC analysis team found that malicious Excel files using the Excel 4.0 macro (formula macro) have been continually distributed. The malware has been distributed indiscriminately through e-mails since May, and as it is still being discovered today, users need to take caution. The malicious Excel files include images that
Kaseya VSA Supply Chain Ransomware Attacks (REvil Gang)
The ransomware attack by leveraging a vulnerability in VSA (a cloud-based management service that can manage various patches and perform client monitoring) made by Kaseya, an IT solutions developer for enterprises and managed service providers (MSPs), turned out to be BlueCrab (Sodinikibi) ransomware that is being actively distributed in korea
Continuously Changing Malicious Word Macro Being Distributed – Trend of TA551
The ASEC analysis team has been continuously updating the blog with information on malicious macro files and has been urging users to take caution. This post will introduce a type of word macro file distributed recently by the attack group TA551, showing changes in an average of 1 week. For
Nitol Malware Being Distributed in Forum Archive
The ASEC analysis team confirmed that malware is being distributed in a forum archive in Korea. The attacker uploaded 4 posts disguised as sharing utility programs that are used to distribute malware. These posts distribute Nitol malware disguised as certain utility programs. The related attacks have been happening since last
