ASEC Weekly Malware Statistics (December 13th, 2021 – December 19th, 2021)
Light Statistics

ASEC Weekly Malware Statistics (December 13th, 2021 – December 19th, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from December 13th, 2021 (Monday) to December 19th, 2021 (Sunday). For the main category, info-stealer ranked top with 63.4%, followed by RAT (Remote Administration

  • Dec 28 2021
North Korea-related Hangul Word Processor (HWP) File Being Distributed
APT Malware

North Korea-related Hangul Word Processor (HWP) File Being Distributed

The ASEC analysis team has recently discovered that North Korea-related HWP file was being distributed. The operation method is not through a vulnerability, but instead, a hyperlink is inserted on the screen the user is exposed to upon running the file, prompting the user to click, and upon clicking, executables

  • Dec 24 2021
Dridex Distributed with “Merry Christmas!” Excel File
Malware

Dridex Distributed with “Merry Christmas!” Excel File

The ASEC analysis team has discovered Excel files with Dridex downloader being distributed during the Christmas season. The team has continuously been uploading posts in the ASEC blog about the distribution of Dridex with the Excel file macro (see links below). Dridex is a banking malware that collects a user’s

  • Dec 23 2021
Detection of Log4j Vulnerability (CVE-2021-44228) Using V3 Network Detection
EndPoint Vulnerabilities

Detection of Log4j Vulnerability (CVE-2021-44228) Using V3 Network Detection

After the reveal of Apache Log4j vulnerability (CVE-2021-44228) on December 10th, 2021, there have been various POCs (Proof of Concept) uploaded on GitHub. The Log4j vulnerability has a huge impact because attackers can insert malicious class addresses and run malicious classes created by them on web servers. AhnLab has updated

  • Dec 22 2021
APT Attack Cases of Kimsuky Group (PebbleDash)
APT

APT Attack Cases of Kimsuky Group (PebbleDash)

The ASEC analysis team has been keeping an eye on the trend of malware that attempts APT attacks, sharing findings on the blog. In this confirmed case, PebbleDash backdoor was used in the attack, but logs of AppleSeed, Meterpreter, and other additional malware strains were also found. PebbleDash Backdoor The

  • Dec 21 2021
[Announcement] New Log4j Vulnerability (CVE-2021-45105) – Log4j 2.17.0
Vulnerabilities

[Announcement] New Log4j Vulnerability (CVE-2021-45105) – Log4j 2.17.0

CVE-2021-45105 vulnerability that operates in Log4j 2.16.0 version was additionally revealed on December 18th, 2021 (CVSS 7.5). 1. Vulnerable Versions Log4j 2.0-beta9 to 2.16.0 2. Vulnerability Exploitation Technique Vulnerability exploitations may occur if applications that use Log4j are enabled with the layout pattern and thread context features. The following shows

  • Dec 19 2021
ASEC Weekly Malware Statistics (December 6th, 2021 – December 12th, 2021)
Light Statistics

ASEC Weekly Malware Statistics (December 6th, 2021 – December 12th, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from December 6th, 2021 (Monday) to December 12th, 2021 (Sunday). For the main category, info-stealer ranked top with 33.3%, followed by CoinMiner with 25.3%,

  • Dec 17 2021
[Notice] Log4j Core Affected by Apache Log4j Vulnerability CVE-2021-44228
Vulnerabilities

[Notice] Log4j Core Affected by Apache Log4j Vulnerability CVE-2021-44228

AhnLab recommends security updates for Apache Log4j vulnerability. Apache Log4j Vulnerability Information Vulnerability Vulnerability (CVE-2021-44228, CVSS 10.0) that the attacker can remote code execute via a log message in Log4j 2.x version [1] Vulnerability (CVE-2021-45046, CVSS 3.7) in Log4j 2.x version that allows the attacker to cause Denied of Service

  • Dec 17 2021
Case of Ransomware Infection in a Company Using Local Administrator Accounts Set with Same Password
Malware

Case of Ransomware Infection in a Company Using Local Administrator Accounts Set with Same Password

After analyzing the infected systems of the company that suffered damage from the recent Lockis ransomware infection, the ASEC analysis team discovered that the attacker executed the ransomware after RDP accessing the infected systems with local Administrator accounts.  An investigation of local Administrator information of the infected systems showed that

  • Dec 15 2021
Redline Stealer Targeting Accounts Saved to Web Browser with Automatic Login Feature Included
Malware

Redline Stealer Targeting Accounts Saved to Web Browser with Automatic Login Feature Included

While investigating a recent breach case of the internal network of a certain company, AhnLab ASEC analysis team has confirmed that the VPN account used to access the company network was leaked from the PC of a certain employee who was working from home. The company where the damage occurred

  • Dec 14 2021