Emails Disguised as ‘Emirates Post’ Being Distributed During the Overseas Direct Purchase Season Posted By jcleebobgatenet , November 24, 2021 The ASEC analysis team has introduced numerous phishing websites disguised as various companies. The team has recently discovered a malicious email disguised as Emirates Post, a transport company, during the overseas direct purchase season. As shown in the figure below, the malicious email states that there is a problem with the shipping address, requesting the purchaser to check and return. The texts “Tracking Number” and “Click Here” contain a malicious URL that redirects the clicker to the phishing website. It…
North Korea-related Malicious Document Files Using CVE-2021-40444 Vulnerability Posted By jcleebobgatenet , November 22, 2021 The ASEC analysis team has recently discovered the distribution of malicious files that include a new vulnerability CVE-2021-40444 which was revealed by Microsoft in September. It is noteworthy that the confirmed document files are all North Korea-related materials. North Korea-related malicious files have been evolving in new ways since the past. Seeing that the attackers are using a new vulnerability, they are quickly applying the new techniques in their distribution. CVE-2021-40444 is a vulnerability that allows remote code execution of MSHTML. MSHTML…
Analysis Report of Lazarus Group’s NukeSped Malware Posted By jcleebobgatenet , November 16, 2021 AhnLab Security Emergency response Center (ASEC) reveals an analysis report of Lazarus group’s attacks found from around 2020 until recently. The malware discussed here is known as NukeSped, a backdoor type that can perform various malicious behaviors by receiving commands from the attacker. This report will show the analysis of the overall flow of attacks using NukeSped. It looks into the malware’s features starting from the confirmed distribution methods and then goes into details of each attack stage such as…
Malicious Excel File Using Macro Sheets Being Distributed in Korea (2) Posted By jcleebobgatenet , November 10, 2021 The ASEC analysis team has found multiple distributions of malicious excel file that uses macro sheet (Excel 4.0 Macro) via phishing email. The use of macro sheet is a method commonly used by the distributor, and such method was also used in the distribution of malware such as SquirrelWaffle and Qakbot. The malware that uses macro sheets was mentioned in the previous blogs as well. The distribution is not that different from previous methods, but considering that the files in…
Malicious Word Files with External Links of Similar Domain Form Posted By jcleebobgatenet , November 9, 2021 Most malicious Word files that have been discovered in attacks contained macro, however, the ASEC analysis team has discovered a case where an external link connecting to an active C2 was used in a superior attack process to execute the malicious Word macro. This method was introduced in a previous blog post and was often used in malicious Word documents with North Korea-related materials. Previous blog post: Malicious Word Documents with External Link of North Korea Related Materials The execution…
