Rapidly Evolving Magniber Ransomware Posted By jcleebobgatenet , October 25, 2022 The Magniber ransomware has recently been evolving rapidly. From changing its file extension, injection and to UAC bypassing techniques, the Magniber ransomware has been rapidly changing to bypass the detection of anti-malware software. This article summarizes the evolution of the Magniber ransomware in the last few months based on the analysis that had been previously performed. Table 1 shows the major characteristics of the distributed Magniber ransomware files by date. It had been distributed as five different file extensions (msi,…
Analysis on Attack Techniques and Cases Using RDP Posted By Sanseo , October 25, 2022 Overview One of the previous ASEC blog posts discussed cases where attackers abused various remote control tools that are originally used for system management purposes to gain control over infected systems.[1] This post will cover cases where RDP (Remote Desktop Protocol), a default service provided by baseline Windows OS, was used. RDP is commonly used in most attacks, and this is because it is useful for initial compromise or lateral movement in comparison to remote control tools that require additional…
GuLoader Malware Disguised as a Word File Being Distributed in Korea Posted By jcleebobgatenet , October 21, 2022 The ASEC analysis team has discovered that the GuLoader malware is being distributed to Korean corporate users. GuLoader is a downloader that has been steadily distributed since the past, downloading various malware. The phishing mail being distributed is as follows, and has an HTML file attached. When the user opens the attached HTML file, a compressed file is downloaded from the URL below. The compressed file contains an IMG file and the GuLoader malware is inside this IMG file. GuLoader…
Attackers Abusing Various Remote Control Tools Posted By Sanseo , October 21, 2022 Overview Ordinarily, attackers install malware through various methods such as spear phishing emails with a malicious attachment, malvertising, vulnerabilities, and disguising the malware as normal software and uploading them to websites. The malware that is installed include infostealers which steal information from the infected system, ransomware which encrypts files to demand ransom, and DDoS Bots which are used in DDoS attacks. In addition to these, backdoor and RAT are also major malware programs used by attackers. Backdoor malware is installed…
ASEC Weekly Malware Statistics (October 3rd, 2022 – October 9th, 2022) Posted By jcleebobgatenet , October 19, 2022 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from October 3rd, 2022 (Monday) to October 9th, 2022 (Sunday). For the main category, downloader ranked top with 45.0%, followed by info-stealer with 39.6%, backdoor with 14.6%, ransomware with 0.4%, and CoinMiner with 0.4%. Top1. SmokeLoader Smokeloader is infostealer / downloader malware that is distributed via exploit kits. This week, it ranked first place…