Malware Information

ASEC Weekly Malware Statistics (July 12th, 2021 – July 18th, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from July 12th, 2021 (Monday) to July 18th, 2021 (Sunday). For the main category, info-stealer ranked top with 60.9%, followed by RAT (Remote Administration Tool) malware with 19.4%, downloader with 8.1%, CoinMiner with 7.1%, and Ransomware with 4.4%. Top 1 – Vidar Vidar was ranked first place with 13.7%. It is an infostealer / downloader…

APT Attack Attempts Using Word Documents Targeting Specific Individuals

The ASEC analysis team confirmed that the malware with the same format of malicious word documents introduced in the post “Malicious Word Documents Pretending ‘Korea Association for Political and Diplomatic History’ and ‘Policy Advisory Member Profile’ Being Distributed” is still being distributed. Like the malicious word documents introduced in previous cases, the recently discovered word files also download the dotm file with the malicious macro through the external link. The filenames and external URLs confirmed are as follows. Date Discovered…

Excel Files Becoming More Sophisticated (Distribution of Dridex and Cobalt Strike)

The distribution method of Dridex through Excel files has been steadily discovered since last year and was introduced on this blog. Recently, the ASEC analysis team found that the Cobalt Strike tool along with Dridex is being distributed with a similar method as before. Yet unlike previous cases, recent Excel documents that are being distributed were found to perform malicious behaviors after a certain time using the task scheduler. It is assumed that the change in the operation method was…

Excel 4.0 Macro with Various Images being Distributed

The ASEC analysis team found that malicious Excel files using the Excel 4.0 macro (formula macro) have been continually distributed. The malware has been distributed indiscriminately through e-mails since May, and as it is still being discovered today, users need to take caution. The malicious Excel files include images that prompt users to enable macros. Figures below show the files that are currently being distributed. The malware sets particular cells with Auto_Open in the Name Manager. When macros are enabled,…

Continuously Changing Malicious Word Macro Being Distributed – Trend of TA551

The ASEC analysis team has been continuously updating the blog with information on malicious macro files and has been urging users to take caution. This post will introduce a type of word macro file distributed recently by the attack group TA551, showing changes in an average of 1 week. For the distribution of malware, the group usually sends documents that contain malicious macros using emails. The operation method of the DOC file that downloads additional malware after dropping HTA file…