Cobalt Strike Being Distributed to Unsecured MS-SQL Servers

The ASEC analysis team has recently discovered the distribution of Cobalt Strike targeting unsecured MS-SQL servers. MS-SQL server is a typical database server of the Windows environment, and it has consistently been a target of attack from the past. Attacks that target MS-SQL servers include attacks to the environment where its vulnerability has not been patched, brute forcing, and dictionary attack against poorly managed servers. The attacker or the malware usually scans port 1433 to check for MS-SQL servers open…

Modified CryptBot Infostealer Being Distributed

CryptBot is an infostealer that is usually distributed under the disguise of web pages that share cracks and tools. The distribution pages are exposed at the top of the search result page of search engines such as Google, so the risk of infection is high, and the number of relevant detection cases is also relatively high. The ASEC analysis team had thus advised users on these relevant threats in the previous blog posts. CryptBot Infostealer Constantly Changing and Being Distributed…

PseudoManuscrypt Being Distributed in the Same Method as Cryptbot

The ASEC analysis team has discovered that PseudoManuscrypt malware was being distributed in Korea since May 2021. Introduced in the previous ASEC blog, PseudoManuscrypt is disguised as an installer that is similar to a form of Cryptbot, and is being distributed. Not only is its file form similar to Cryptbot, but it is also distributed via malicious sites exposed on the top search page when users search commercial software-related illegal programs such as Crack and Keygen. The team has confirmed…

Distribution of Magniber Ransomware Stops (Since February 5th)

The ASEC analysis team constantly monitors ‘malvertising’ which is a term for the distribution of malware via browser online advertisement links. The team has recently discovered that Magniber ransomware, a typical malware distributed via malvertising has stopped its distribution. The malvertising distribution method of Magniber in Internet Explorer is to attempt at infecting the target by only accessing via a vulnerability, and in Chromium-based browsers (E.g. Edge, Chrome), it disguises itself as a browser update installer (.appx) and prompts the…

ASEC Weekly Malware Statistics (February 7th, 2022 – February 13th, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from February 7th, 2022 (Monday) to February 13th, 2022 (Sunday). For the main category, info-stealer ranked top with 62.3%, followed by banking malware with 18.6%, RAT (Remote Administration Tool) with 13.6%, downloader with 3.4%, and ransomware with 1.3%. Top 1 –  AgentTesla AgentTesla ranked first place with 30.9% once again. It is an info-stealer malware…