APT Attack Attempts Using Word Documents Targeting Specific Individuals Posted By jcleebobgatenet , July 27, 2021 The ASEC analysis team confirmed that the malware with the same format of malicious word documents introduced in the post “Malicious Word Documents Pretending ‘Korea Association for Political and Diplomatic History’ and ‘Policy Advisory Member Profile’ Being Distributed” is still being distributed. Like the malicious word documents introduced in previous cases, the recently discovered word files also download the dotm file with the malicious macro through the external link. The filenames and external URLs confirmed are as follows. Date Discovered…
Excel Files Becoming More Sophisticated (Distribution of Dridex and Cobalt Strike) Posted By jcleebobgatenet , July 26, 2021 The distribution method of Dridex through Excel files has been steadily discovered since last year and was introduced on this blog. Recently, the ASEC analysis team found that the Cobalt Strike tool along with Dridex is being distributed with a similar method as before. Yet unlike previous cases, recent Excel documents that are being distributed were found to perform malicious behaviors after a certain time using the task scheduler. It is assumed that the change in the operation method was…
Excel 4.0 Macro with Various Images being Distributed Posted By jcleebobgatenet , July 22, 2021 The ASEC analysis team found that malicious Excel files using the Excel 4.0 macro (formula macro) have been continually distributed. The malware has been distributed indiscriminately through e-mails since May, and as it is still being discovered today, users need to take caution. The malicious Excel files include images that prompt users to enable macros. Figures below show the files that are currently being distributed. The malware sets particular cells with Auto_Open in the Name Manager. When macros are enabled,…
Continuously Changing Malicious Word Macro Being Distributed – Trend of TA551 Posted By jcleebobgatenet , July 20, 2021 The ASEC analysis team has been continuously updating the blog with information on malicious macro files and has been urging users to take caution. This post will introduce a type of word macro file distributed recently by the attack group TA551, showing changes in an average of 1 week. For the distribution of malware, the group usually sends documents that contain malicious macros using emails. The operation method of the DOC file that downloads additional malware after dropping HTA file…
ASEC Weekly Malware Statistics (July 5th, 2021 – July 11th, 2021) Posted By jcleebobgatenet , July 19, 2021 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from July 5th, 2021 (Monday) to July 11th, 2021 (Sunday). For the main category, info-stealer ranked top with 53.4%, followed by CoinMiner malware with 15.5%, RAT (Remote Administration Tool) malware with 14.4%, downloader with 12.9%, ransomware with 2.7%, and Ddos with 0.8%. Top 1 – Glupteba Glupteba is a malware developed with Golang, taking…