Attackers Using FRP (Fast Reverse Proxy) to Attack Korean Companies Posted By jcleebobgatenet , September 1, 2022 Recently, there have been frequent incidents where attackers infiltrated and took control of the internal network of Korean companies, starting with vulnerable servers externally exposed. Cases of Attacks Targeting Vulnerable Atlassian Confluence Servers Meterpreter Distributed to Vulnerable Server of Korean Medical Institution AsyncRAT Being Distributed to Vulnerable MySQL Servers This is a case of infiltration into an IIS web server or an MS Exchange server and is the same as previously known types. However, this post will discuss cases that…
AsyncRAT Being Distributed in Fileless Form Posted By jcleebobgatenet , August 24, 2022 The ASEC analysis team has recently discovered that malicious AsyncRAT codes are being distributed in fileless form. The distributed AsyncRAT is executed in fileless form through multiple script files and is thought to be distributed as a compressed file attachment in emails. AsyncRAT is an open-source RAT malware developed with .NET that can execute various malicious activities under the command of the attacker. The compressed file being distributed through phishing emails has an html file and executing this file will…
BitRAT and XMRig CoinMiner Being Distributed via Windows License Verification Tool Posted By Sanseo , August 24, 2022 The ASEC analysis team has recently discovered the distribution of BitRAT and XMRig CoinMiner disguised as a Windows license verification tool. As introduced in previous posts, BitRAT has a history of being distributed on webhards as MS Windows license verification tools and MS Office installation programs. It is likely that the case covered by this post is being done by the same attacker. One thing to note is that a BitRAT remote control tool is installed in the environment without…
ASEC Weekly Malware Statistics (August 8th, 2022 – August 14th, 2022) Posted By jcleebobgatenet , August 18, 2022 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from August 8th, 2022 (Monday) to August 14th, 2022 (Sunday). For the main category, info-stealer ranked top with 41.9%, followed by backdoor with 38.4%, downloader with 16.8%, ransomware with 2.2%, and CoinMiner with 0.6%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 23.1%. It is an info-stealer that leaks…
ASEC Weekly Malware Statistics (August 1st, 2022 – August 7th, 2022) Posted By jcleebobgatenet , August 17, 2022 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from August 1st, 2022 (Monday) to August 7th, 2022 (Sunday). For the main category, info-stealer ranked top with 47.4%, followed by backdoor with 22.6%, downloader with 20.0%, ransomware with 6.8%, banking with 2.6%, and CoinMiner with 0.5%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 25.8%. It is…