Malicious PowerPoint Macro using Outlook.exe Being Distributed Posted By jcleebobgatenet , October 25, 2021 The ASEC analysis team has recently discovered a change in malicious PowerPoint files that are continually being distributed. As same as before, they use the method of executing a malicious script using mshta.exe, but added is the utilization of outlook.exe during the process. Malicious PowerPoint files are being distributed as attachments of phishing e-mails as shown below, and they contain information related to purchase inquiries. Also, the malicious PowerPoint file is disguised as a PDF extension like in the previous…
Forensic Analysis of Breaches that Used Cobalt Strike and MS Exchange Server Vulnerability Posted By jcleebobgatenet , October 25, 2021 The ASEC analysis team is consistently monitoring the activities of Cobalt Strike, one of the trending cybersecurity issues that were discussed in previous blog posts regarding its distribution to Korean companies. (The link to a previous blog post can be found at the bottom of this post.) While monitoring Cobalt Strike, the team detected its activities from specific IPs on July 15th and August 2nd, then suggested and conducted a forensic analysis for the client of these IPs. Upon tracking the…
Malware Being Distributed via Webhards (October 8) Posted By jcleebobgatenet , October 25, 2021 The ASEC analysis team is consistently monitoring the source of distribution of Korean malware, and recently, the team introduced UDP Rat and webhard posts that were used to distribute it. Since the upload of the post, the uploader who is speculated to be the attacker has been distributing similar malware disguised as adult games via other webhards, and they are still available for download. – UDP RAT Malware Being Distributed via Webhards The figure above shows that unlike the cases before…
Daum Phishing E-mails Disguised as ‘Purchase Order’ being Distributed Posted By jcleebobgatenet , October 25, 2021 One of the most frequently used methods for the distribution of malware is using phishing e-mails. The ASEC analysis team has introduced specific phishing attacks as well as the types of phishing e-mails in previous blog posts. Similar to the previous cases, the team has found a phishing e-mail that aims to leak Daum account credentials. Considering that the e-mail has a specific university set as its sender and recipient (see Figure 1), it appears that it was written to…
ASEC Weekly Malware Statistics (October 11th, 2021 – October 17th, 2021) Posted By jcleebobgatenet , October 22, 2021 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from October 11th, 2021 (Monday) to October 17th, 2021 (Sunday). For the main category, info-stealer ranked top with 58.2%, followed by Downloader with 24.6%, RAT (Remote Administration Tool) malware with 7.4%, Backdoor malware with 4.7%, Ransomware with 4.1%, and Banking malware with 0.9%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked…