ASEC Weekly Malware Statistics (February 27th, 2023 – March 5th, 2023)
ASEC (AhnLab Security Emergency response Center) uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from February 27th, 2023 (Monday) to March 5th, 2023 (Sunday). For the main category, backdoor ranked top with 51.4%, followed by Infostealer with
CHM Malware Disguised as North Korea-related Questionnaire (Kimsuky)
AhnLab Security Emergency response Center (ASEC) has recently discovered a CHM malware which is assumed to have been created by the Kimsuky group. This malware type is the same as the one covered in the following ASEC blog posts and the analysis report on the malware distributed by the Kimsuky
Netcat Attack Cases Targeting MS-SQL Servers (LOLBins)
ASEC (AhnLab Security Emergency response Center) has recently discovered the distribution of the Netcat malware targeting poorly managed MS-SQL servers. Netcat is a utility that allows users to send and receive data from specific destinations on a network connected by the TCP/UDP protocol. Due to its various features and ability
ASEC Weekly Phishing Email Threat Trends (February 19th, 2023 – February 25th, 2023)
ASEC (AhnLab Security Emergency response Center) monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from February 19th, 2023 to February 25th, 2023 and provide statistical information on each type. Generally,
CHM Malware Disguised as Security Email from a Korean Financial Company: Redeyes (Scarcruft)
ASEC (AhnLab Security Emergency response Center) analysis team has discovered that the CHM malware, which is assumed to have been created by the RedEyes threat group (also known as APT37, ScarCruft), is being distributed to Korean users. The team has confirmed that the command used in the “2.3. Persistence” stage
PlugX Malware Being Distributed via Vulnerability Exploitation
ASEC (AhnLab Security Emergency response Center) has recently discovered the installation of the PlugX malware through the Chinese remote control programs Sunlogin and Awesun’s remote code execution vulnerability. Sunlogin’s remote code execution vulnerability (CNVD-2022-10270 / CNVD-2022-03672) is still being used for attacks even now ever since its exploit code was
ASEC Weekly Malware Statistics (February 20th, 2023 – February 26th, 2023)
ASEC (AhnLab Security Emergency response Center) uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from February 20th, 2023 (Monday) to February 26th, 2023 (Sunday). For the main category, backdoor ranked top with 51.0%, followed by downloader with
Decryptable iswr Ransomware Being Distributed in Korea
ASEC (AhnLab Security Emergency response Center) has recently discovered the distribution of the iswr ransomware during the team’s monitoring. A characteristic of iswr is the fact that it adds the iswr extension at the end of filenames after the files have been encrypted. The ransom note of this ransomware has
