ASEC Weekly Malware Statistics (December 20th, 2021 – December 26th, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from December 20th, 2021 (Monday) to December 26th, 2021 (Sunday). For the main category, info-stealer ranked top with 51.9%, followed by RAT (Remote Administration Tool) malware with 36.3%, downloader with 8.1%, coinminer with 2.2%, and ransomware with 1.5%. Top 1 – RedLine RedLine malware ranked first place with 21.5%. The malware steals various information such…

North Korea-related Hangul Word Processor (HWP) File Being Distributed

The ASEC analysis team has recently discovered that North Korea-related HWP file was being distributed. The operation method is not through a vulnerability, but instead, a hyperlink is inserted on the screen the user is exposed to upon running the file, prompting the user to click, and upon clicking, executables inside the file will run. Executables inside the file as such are often found in normal HWP files, and it can be considered a normal feature that is possible via…

Dridex Distributed with “Merry Christmas!” Excel File

The ASEC analysis team has discovered Excel files with Dridex downloader being distributed during the Christmas season. The team has continuously been uploading posts in the ASEC blog about the distribution of Dridex with the Excel file macro (see links below). Dridex is a banking malware that collects a user’s banking credentials and performs malicious behaviors by receiving commands from the attacker. It is usually distributed through spam emails and performs malicious behaviors after downloading the main module through a…

Detection of Log4j Vulnerability (CVE-2021-44228) Using V3 Network Detection

After the reveal of Apache Log4j vulnerability (CVE-2021-44228) on December 10th, 2021, there have been various POCs (Proof of Concept) uploaded on GitHub. The Log4j vulnerability has a huge impact because attackers can insert malicious class addresses and run malicious classes created by them on web servers. AhnLab has updated its network blocking signature to detect Log4j vulnerability attacks. Explanation of the vulnerability and a video of V3 detecting vulnerability is shown below. 1. Affected Products and Versions The products…

ASEC Weekly Malware Statistics (December 13th, 2021 – December 19th, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from December 13th, 2021 (Monday) to December 19th, 2021 (Sunday). For the main category, info-stealer ranked top with 63.4%, followed by RAT (Remote Administration Tool) malware with 22.0%, downloader with 7.5%, coinminer with 4.0%, banking malware and ransomware with 1.3%, and backdoor with 0.4%. Top 1 – Formbook Formbook is an info-stealer malware that ranked first…