Author: ATCP

AhnLab ASEC has pointed out on our blog that same certificate is utilized for distribution process of Ammyy, Ammyy backdoor and CLOP ransomware. In this article, we would like to give a comprehensive view from distribution to the infection. Figure 1 below outlines the general structure of ransomware flow, which

Code signing is a process of signing a file with digital signature based on the personal information of the applicant to enhance trust and secure integrity. The file creator receives digital certificate via Certificate Authority(CA) and signs the file using the certificate.  Since the code signed file is certified by

After the distribution of Magniber recovery tools developed by AhnLab Analysis Team in 2018, Magniber has been transformed into a fileless format, disabling any kind of recovery. For successful file encryption, this fileless Magniber has evolved to bypass behavior detection and perform indiscriminate injection to unspecified processes that have privileges on

A newly emerged BlueCrab ransomware is distributed in various ways, similar to GandCrab. Its distribution methods include phishing email with a malicious document attached and phishing utility download page. AhnLab ASEC has been monitoring the distribution code of Javascript disguising as a utility program. When Javascript file(.js) downloaded from the phishing utility

A malicious spam mail attack that distributes malware by attaching document or archive file has been one of the most popular method among the operators. AhnLab ASEC Analysis Team analyzed spam mails received from numbers of customers and confirmed that majority of files downloaded by malicious documents attached to the