Others

Case of Infection With Lockis Ransomware in a Company, Caused by Not Using Anti-Malware’s Lock Policy

Around November, one of AhnLab’s clients suffered an infection from the Lockis ransomware to several of their servers. As the targeted company suffered a malware infection despite the fact it was using the anti-malware program V3, AhnLab A-FIRST conducted a forensic analysis to find out the cause of infection.  As stated in “ASEC Blog: Hacking Tool Used Together With Lockis Ransomware,” the Lockis ransomware is a variant of the GlobeImposter ransomware that first appeared on September 16th. AhnLab has been…

Malicious Excel File Using Macro Sheets Being Distributed in Korea (2)

The ASEC analysis team has found multiple distributions of malicious excel file that uses macro sheet (Excel 4.0 Macro) via phishing email. The use of macro sheet is a method commonly used by the distributor, and such method was also used in the distribution of malware such as SquirrelWaffle and Qakbot. The malware that uses macro sheets was mentioned in the previous blogs as well. The distribution is not that different from previous methods, but considering that the files in…

Malicious Word File Disguised as ‘Purchase and Sales Agreement for Export-bound Gold Bars’

The ASEC analysis team discovered a malicious word document disguised as ‘Purchase and Sales Agreement for Export-bound Gold Bars’ and would like to inform the readers about it through this post. Judging by the title and body text of the original document on which the distributed document is based, it appears that the original was created in the past and was recently distributed following a revision. Document Title: 1MT Business Terms-20140428.doc Document Information: Last Printed Date – April 20th, 2014Last Modified…

ASEC Weekly Malware Statistics (May 31st, 2021 – June 6th, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from May 31st, 2021 (Monday) to June 6th, 2021 (Sunday). For the main category, info-stealer ranked top with 82.5%, followed by RAT (Remote Administration Tool) malware with 16.0%, and downloader with 1.5%. Banking malware and ransomware were excluded due to decrease in the number of cases. Top 1 –  AgentTesla AgentTesla was ranked first place…

Caution! Magniber Ransomware Being Distributed in Korea Using CVE-2021-26411 Vulnerability

The distributor of Magniber ransomware has continued to evolve to avoid V3’s detection. It goes without saying that subscribers of ASEC Blog are well aware of the fact that AhnLab has been fighting the developers of Magniber ransomware for a long time, and that the history almost resembles a cat-and-mouse chase. This time, the distributor of Magniber waited for the anniversary day of AhnLab (March 15th), which is also a traditional holiday for AhnLab. On this day, the distributor swiftly…