APT Attacks Using PDF Files, Possibly by North Korea Related Group
Targeted attacks using PDF files have been confirmed, and it seems the group related to North Korea is behind these attacks. While the attack group is thought to be either Kimsuky or Thallium, it might be another group that mimicked those two. The related information was already reported in the
Dridex Distributed Through Excel 4.0 Macro
The ASEC analysis team has recently discovered that the method of distributing Dridex via Excel files is changing more rapidly and frequently. The team has been introducing the distribution method of Dridex through the ASEC blog since last year, and the latest related post was uploaded last month to introduce
ASEC Weekly Malware Statistics (August 9th, 2021 – August 15th, 2021)
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known threats. This post will list weekly statistics collected from August 9th, 2021 (Monday) to August 15th, 2021 (Sunday). For the main category, Infostealer ranked top with 66.6%, followed by RAT (Remote Administration
Malicious Word File Disguised as ‘Purchase and Sales Agreement for Export-bound Gold Bars’
The ASEC analysis team discovered a malicious word document disguised as ‘Purchase and Sales Agreement for Export-bound Gold Bars’ and would like to inform the readers about it through this post. Judging by the title and body text of the original document on which the distributed document is based, it
Changed Form of CryptBot Infostealer Disguised as Software Crack Download
CryptBot Infostealer disguised as commercial software downloads are constantly making changes and are actively being distributed. In the previous post of ASEC blog, the ASEC analysis team has explained the change process of BAT script in malware. This post will discuss the change in its form. CryptBot Infostealer has changed
Malicious PowerPoint Files Constantly Being Distributed
On April 2021, the ASEC analysis team introduced the malware delivered via PowerPoint files attached to email in the ASEC blog. The team has found continuous malicious activities that use PPAM files in the form of PowerPoint and thus is sharing them. When a macro included in the PowerPoint is
ASEC Weekly Malware Statistics (August 2nd, 2021 – August 8th, 2021)
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to major threats. This post will list weekly statistics collected from August 2nd, 2021 (Monday) to August 8th, 2021 (Sunday). For the main category, Infostealer ranked top with 53.7%, followed by RAT (Remote Administration
ASEC Weekly Malware Statistics (July 26th, 2021 – August 1st, 2021)
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to major malware. This post will list weekly statistics collected from July 26th, 2021 (Monday) to August 1st, 2021 (Sunday). For the main category, Infostealer ranked top with 48.2%, followed by RAT (Remote Administration
NanoCore RAT Disguised as Notification of Foreign Currency Remittance Being Spread!
The ASEC analysis team recently discovered that the NanoCore remote access Trojan (RAT) disguised as notification of foreign currency remittance was distributed. Because the malware is usually spread through phishing mails, users need to take extra caution. The mail impersonates a capital company and is distributed with the title “[**
JavaScript-based BlueCrab Ransomware Has Stopped?
The distribution of BlueCrab (Sodinokibi and REvil) ransomware exploiting JavaScript has stopped since July 13th, 2021. There have been many cases of the distribution being stopped and then resumed after going through changes, but this is the first time to have it stopped for such a long period. BlueCrab ransomware
