Change in Magniber Ransomware Vulnerability (CVE-2021-40444)
Magniber is a fileless ransomware using an IE vulnerability and it is one of the ransomware that causes damage to numerous Korean users. It is difficult to prevent infection if not detected and blocked in advance during the vulnerability occurrence phase, which makes it difficult for anti-malware programs to detect
Detection of JavaScript Vulnerability (CVE-2021-26411) via V3 Behavior Detection (Magniber)
Attackers are using the CVE-2021-26411 JavaScript vulnerability to actively distribute fileless Magniber ransomware via IE browser. Its internal code flow is changing rapidly, and there are still numerous damage reports that involve Magniber ransomware in Korea. As it is being distributed via an IE vulnerability (CVE-2021-26411), it is absolutely crucial
Distribution of RTF Vulnerability Malware that Takes Advantage of Microsoft Office Word’s External Connection
Distribution of RTF vulnerability (CVE-2017-11882) malware that uses external connection of MS Office Word document has been found. Employees must be on the lookout as the attacker is using spam e-mails to distribute malware to domestic shopping malls and other businesses. Recently, the distribution of MS Office Word malware using
Detection of Vulnerability (CVE-2021-26411) via V3 Memory Scan (Magniber)
Starting from March 2021, Magniber ransomware that operates in a fileless form has used the script that utilizes CVE-2021-26411 vulnerability instead of using CVE-2020-0968 vulnerability. There are still numerous damage reports that involve Magniber ransomware in Korea, and as the malware is being distributed via IE vulnerability (CVE-2021-26411), it is
Caution! Magniber Ransomware Being Distributed in Korea Using CVE-2021-26411 Vulnerability
The distributor of Magniber ransomware has continued to evolve to avoid V3’s detection. It goes without saying that subscribers of ASEC Blog are well aware of the fact that AhnLab has been fighting the developers of Magniber ransomware for a long time, and that the history almost resembles a cat-and-mouse
Magniber Ransomware Changed Vulnerability (CVE-2019-1367 -> CVE-2020-0968) and Attempted to Bypass Behavior Detection
At the beginning of this year, ASEC analysis team published the change of vulnerability which is used by the developer of Magniber to distribute the ransomware. Since September 23, 2019, CVE-2019-1367 vulnerability, which the developer of Magniber used for distribution, stopped operating in the systems with emergency security patch (Version
