Malware with the Filename kakaoTest.exe, Possibly Developed by Kimsuky Posted By jcleebobgatenet , October 6, 2021 The ASEC analysis team has been keeping eye on the trend of malware that attempts APT attacks using Word documents, and sharing them in the blog. The team has found additional malicious files that use the same code as the malware created from document files such as ‘Constitution Day International Academic Forum.doc’ and ’28th North Korea-South Korea Relations Experts Discussion***.doc’ that Kimsuky group developed and distributed which were mentioned in the previous post. More information will be shared below. The…
Continuously Changing Malicious Word Macro Being Distributed – Trend of TA551 (2) Posted By jcleebobgatenet , September 29, 2021 The ASEC analysis team is back to continuously introduce DOC macro documents used by the TA551 group in attacks. The operation flow of macro documents hasn’t changed since its introduction in July. However, we have confirmed that in the most recent case, BazarLoader was distributed at the last step after the macro was run. First, to quote BazarLoader analysis report published in May by AhnLab: Excerpt from ATIP – BazarLoader Analysis Report ‘Abstract’ BazarLoader is a malware that downloads and…
Scam Mail Prompting Bitcoin Deposit Being Distributed Posted By jcleebobgatenet , September 28, 2021 The ASEC analysis team has confirmed that a scam mail with the purpose of stealing Bitcoins is being distributed in Korea. The mail contains information about depositing Bitcoins. When users click the malicious URL in the mail, they are redirected to a scam website. As seen below, the scam mail is distributed with the title ‘Bitcoin Payment’ and the sender disguising as Admin Support. Inside the mail is a message saying 25 BTC ($1,184,081.00 USD) was deposited in the portfolio…
Attack Cases Using Metasploit Meterpreter Posted By Sanseo , September 14, 2021 Metasploit is a framework used in penetration testing. It is a tool that can be used to inspect security vulnerabilities for networks and systems of companies and organizations, providing various features for each penetration test stage. Like Cobalt Strike, it provides features necessary for each stage, from creating various types of payloads for the initial infection and stealing account information to dominating the system via lateral movement. While Cobalt Strike is commercial software, its crack version is leaked and used…
Dridex Distributed Through Excel 4.0 Macro Posted By jcleebobgatenet , September 8, 2021 The ASEC analysis team has recently discovered that the method of distributing Dridex via Excel files is changing more rapidly and frequently. The team has been introducing the distribution method of Dridex through the ASEC blog since last year, and the latest related post was uploaded last month to introduce Excel file that uses the task scheduler to distribute Dridex. The recently distributed Excel files use the Excel 4.0 macro instead of the VBA macro which was used in previous…