Malware Being Distributed by Disguising Itself as Icon of V3 Lite
The ASEC analysis team has discovered the distribution of malware disguised as a V3 Lite icon and packed with the .NET packer. The attacker likely created an icon that is almost identical to that of V3 Lite to trick the user, and AveMaria RAT and AgentTesla were discovered during the
Windows MSDT Zero-day Vulnerability ‘DogWalk’ Detected by V3
On June 8th, a new Windows Zero-day vulnerability named DogWalk was revealed by Hacker News (thehackernews.com). Similar to that of Follina vulnerability that targeted MS Office document files, this is a vulnerability that occurs from MSDT (Microsoft Support Diagnostic Tool), and it has a risk of copying malware in Windows
Detection of Log4j Vulnerability (CVE-2021-44228) Using V3 Network Detection
After the reveal of Apache Log4j vulnerability (CVE-2021-44228) on December 10th, 2021, there have been various POCs (Proof of Concept) uploaded on GitHub. The Log4j vulnerability has a huge impact because attackers can insert malicious class addresses and run malicious classes created by them on web servers. AhnLab has updated
Detection of JavaScript Vulnerability (CVE-2021-26411) via V3 Behavior Detection (Magniber)
Attackers are using the CVE-2021-26411 JavaScript vulnerability to actively distribute fileless Magniber ransomware via IE browser. Its internal code flow is changing rapidly, and there are still numerous damage reports that involve Magniber ransomware in Korea. As it is being distributed via an IE vulnerability (CVE-2021-26411), it is absolutely crucial
Detection of Vulnerability (CVE-2021-26411) via V3 Memory Scan (Magniber)
Starting from March 2021, Magniber ransomware that operates in a fileless form has used the script that utilizes CVE-2021-26411 vulnerability instead of using CVE-2020-0968 vulnerability. There are still numerous damage reports that involve Magniber ransomware in Korea, and as the malware is being distributed via IE vulnerability (CVE-2021-26411), it is
Analysis of Dridex Malware Distribution Method Armed with Bypass Detection
Dridex, also known as Cridex and Bugat, is a typical info-stealing malware that steals financial information. It is distributed on a massive scale by cybercrime organizations and it mainly uses macros within Microsoft Office Word or Excel document files that are included in spam mails. The most noticeable characteristic of
BlueCrab Ransomware’s Continuous Attempts to Bypass Detection
BlueCrab Ransomware (=Sodinokibi Ransomware) is a ransomware that is being vigorously distributed to Korean users. It distributes through a fake forum web page created using various search keywords. The infection process begins at the moment when a user runs the JS file downloaded from the distribution page. The distribution page
