Tracking and Responding to AgentTesla Using EDR Posted By cka0 , June 7, 2023 AhnLab Security Emergency response Center (ASEC) has been uploading a summary of weekly malware statistics every week. https://asec.ahnlab.com/en/53647/ This post will cover how EDR is used to detect, track, and respond to AgentTesla, an Infostealer continuously being distributed among the malware mentioned in the post above. AgentTesla is an Infostealer that steals user credentials saved in web browsers, emails, and FTP clients. AhnLab’s EDR products detect certain types of PE files accessing user account credential files and categorize this behavior…
ASEC Weekly Malware Statistics (May 22nd, 2023 – May 28th, 2023) Posted By ASEC , June 7, 2023 AhnLab Security Emergency response Center (ASEC) uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from May 22nd, 2023 (Monday) to May 28th, 2023 (Sunday). For the main category, Infostealer ranked top with 52.5%, followed by downloader with 38.1%, backdoor with 6.4%, ransomware with 2.5%, and CoinMiner with 0.4%. Top 1 – Amadey This week, Amadey Bot ranked first place with 29.7%. Amadey is a downloader that…
Tracking Process Hollowing Malware Using EDR Posted By ohmintaek , June 1, 2023 AhnLab Security Emergency response Center (ASEC) once released a report on the types and distribution trends of .NET packers as shown in the post below. As indicated in the report, most .NET packers do not create actual malicious executables hidden via packing features in the local path, injecting malware in normal processes to run them instead. .NET packers are being exploited as initial distribution files or as mid-process loaders for various malware types such as Remcos, FormBook, ScrubCypt, AsyncRAT, etc. It…
Tracking Traces of Malware Disguised as Hancom Office Document File and Being Distributed (RedEyes) Posted By EASTSTON3 , June 1, 2023 AhnLab Security Emergency response Center (ASEC) has confirmed the distribution of malware disguised as Hancom Office document files. The malware that is being distributed is named “Who and What Threatens the World (Column).exe” and is designed to deceive users by using an icon that is similar to that of Hancom Office. Decompressing the compressed file reveals a relatively large file with a size of 36,466,238 bytes. AhnLab Endpoint Detection and Response (EDR) is capable of detecting such attack techniques through its…
ASEC Weekly Phishing Email Threat Trends (May 14th, 2023 – May 20th, 2023) Posted By ASEC , May 30, 2023 AhnLab Security Emergency response Center (ASEC) monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from May 14th, 2023 to May 20th, 2023 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users’ login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note,…