Why Remediation Alone Is Not Enough When Infected by Malware Posted By jcleebobgatenet , May 20, 2022 In January 2022, a prominent Korean company in the manufacturing industry had many of its internal systems infected by the Darkside ransomware. As the ransomware was found to be distributed using the AD group policy, AhnLab attempted to conduct a DC server forensic analysis. However, as the virtual environment operating system of the DC server operating in the virtual environment was damaged, the server could not be secured. Among the systems that were restored by the previous backup after the infection,…
Emotet Being Distributed Using Various Files Posted By jcleebobgatenet , May 20, 2022 The ASEC analysis team has recently discovered the distribution of Emotet through link files (.lnk). The malware has been steadily distributed in the past, but starting from April, it was found that the Emotet downloader uses Excel files as well as link files (.lnk). One feature that the secured EML files share is that they all disguise themselves as replies to the user’s email to distribute the malware strain. The Excel file attached in the email of Figure 1 uses…
Lazarus Group Exploiting Log4Shell Vulnerability (NukeSped) Posted By jcleebobgatenet , May 19, 2022 In December last year, the vulnerability (CVE-2021-44228) of Java-based logging utility Log4j became a worldwide issue. It is a remote code execution vulnerability that can include the remote Java object address in the log message and send it to the server using Log4j to run the Java object in the server. The ASEC analysis team is monitoring the Lazarus group’s attacks on targets in Korea. In April, the team discovered an attack group suspected of being Lazarus distributing NukeSped by…
Malicious Help File Disguised as Missing Coins Report and Wage Statement (*.chm) Posted By Hansoyoung , May 16, 2022 The ASEC analysis team has discovered a continuous distribution of malware disguised as a Windows Help File (*.chm). The most recent CHM file is identical to the file introduced in <APT Attack Being Distributed as Windows Help File (*.chm)> to download the additional malware. It appears that the CHM file of this type is distributed in the form of a compressed file. The confirmed filenames of the compressed files and internal CHM files are as follows: Names of Compressed Files…
ASEC Weekly Malware Statistics (May 2nd, 2022 – May 8th, 2022) Posted By Hansoyoung , May 12, 2022 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from May 2nd, 2022 (Monday) to May 8th, 2022 (Sunday). For the main category, info-stealer ranked top with 73.1%, followed by RAT (Remote Administration Tool) malware with 19.3%, ransomware with 5.0%, and downloader with 2.5%. Top 1 – AgentTesla AgentTesla is an infostealer that has taken first place once again with 49.6%. It is an…
