Emails Disguised as ‘Emirates Post’ Being Distributed During the Overseas Direct Purchase Season

The ASEC analysis team has introduced numerous phishing websites disguised as various companies. The team has recently discovered a malicious email disguised as Emirates Post, a transport company, during the overseas direct purchase season. As shown in the figure below, the malicious email states that there is a problem with the shipping address, requesting the purchaser to check and return. The texts “Tracking Number” and “Click Here” contain a malicious URL that redirects the clicker to the phishing website. It…

North Korea-related Malicious Document Files Using CVE-2021-40444 Vulnerability

The ASEC analysis team has recently discovered the distribution of malicious files that include a new vulnerability CVE-2021-40444 which was revealed by Microsoft in September. It is noteworthy that the confirmed document files are all North Korea-related materials. North Korea-related malicious files have been evolving in new ways since the past. Seeing that the attackers are using a new vulnerability, they are quickly applying the new techniques in their distribution. CVE-2021-40444 is a vulnerability that allows remote code execution of MSHTML. MSHTML…

ASEC Weekly Malware Statistics (November 8th, 2021 – November 14th, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from November 8th, 2021 (Monday) to November 14th, 2021 (Sunday). For the main category, info-stealer ranked top with 41.8%, followed by RAT (Remote Administration Tool) malware with 24.7%, Downloader with 23.0%, Backdoor malware with 4.7%, CoinMiner with 3.3%, Ransomware with 2.3% and Banking malware with 0.2%. Top 1 –  BeamWinHTTP BeamWinHTTP is a downloader…

ASEC Weekly Malware Statistics (November 1st, 2021 – November 7th, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from November 1st, 2021 (Monday) to November 7th, 2021 (Sunday). For the main category, info-stealer ranked top with 51.8%, followed by Downloader with 22.7%, RAT (Remote Administration Tool) malware with 19.6%, Backdoor malware with 2.7%, and CoinMiner with 1.6%. Top 1 –  BeamWinHTTP BeamWinHTTP is a downloader malware that has taken first place once…

Analysis Report of Lazarus Group’s NukeSped Malware

AhnLab Security Emergency response Center (ASEC) reveals an analysis report of Lazarus group’s attacks found from around 2020 until recently. The malware discussed here is known as NukeSped, a backdoor type that can perform various malicious behaviors by receiving commands from the attacker. This report will show the analysis of the overall flow of attacks using NukeSped. It looks into the malware’s features starting from the confirmed distribution methods and then goes into details of each attack stage such as…