Dridex Distributed with “Merry Christmas!” Excel File Posted By jcleebobgatenet , December 28, 2021 The ASEC analysis team has discovered Excel files with Dridex downloader being distributed during the Christmas season. The team has continuously been uploading posts in the ASEC blog about the distribution of Dridex with the Excel file macro (see links below). Dridex is a banking malware that collects a user’s banking credentials and performs malicious behaviors by receiving commands from the attacker. It is usually distributed through spam emails and performs malicious behaviors after downloading the main module through a…
Detection of Log4j Vulnerability (CVE-2021-44228) Using V3 Network Detection Posted By jcleebobgatenet , December 28, 2021 After the reveal of Apache Log4j vulnerability (CVE-2021-44228) on December 10th, 2021, there have been various POCs (Proof of Concept) uploaded on GitHub. The Log4j vulnerability has a huge impact because attackers can insert malicious class addresses and run malicious classes created by them on web servers. AhnLab has updated its network blocking signature to detect Log4j vulnerability attacks. Explanation of the vulnerability and a video of V3 detecting vulnerability is shown below. 1. Affected Products and Versions The products…
ASEC Weekly Malware Statistics (December 13th, 2021 – December 19th, 2021) Posted By jcleebobgatenet , December 28, 2021 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from December 13th, 2021 (Monday) to December 19th, 2021 (Sunday). For the main category, info-stealer ranked top with 63.4%, followed by RAT (Remote Administration Tool) malware with 22.0%, downloader with 7.5%, coinminer with 4.0%, banking malware and ransomware with 1.3%, and backdoor with 0.4%. Top 1 – Formbook Formbook is an info-stealer malware that ranked first…
Redline Stealer Targeting Accounts Saved to Web Browser with Automatic Login Feature Included Posted By jcleebobgatenet , December 28, 2021 While investigating a recent breach case of the internal network of a certain company, AhnLab ASEC analysis team has confirmed that the VPN account used to access the company network was leaked from the PC of a certain employee who was working from home. The company where the damage occurred provided VPN service to employees who were working from home to give access to the company’s internal network, and the employees connected to the VPN on the provided laptops or…
APT Attack Cases of Kimsuky Group (PebbleDash) Posted By jcleebobgatenet , December 28, 2021 The ASEC analysis team has been keeping an eye on the trend of malware that attempts APT attacks, sharing findings on the blog. In this confirmed case, PebbleDash backdoor was used in the attack, but logs of AppleSeed, Meterpreter, and other additional malware strains were also found. PebbleDash Backdoor The attacker sent the following spear phishing email, prompting the user to download and run the compressed file after clicking the link for the attachment. “Construction completion notice.pif” file can be…