Cases of Attacks Targeting Vulnerable Atlassian Confluence Servers Posted By jcleebobgatenet , July 25, 2022 The ASEC analysis team has been monitoring attacks that are targeting vulnerable systems. This post will discuss cases of attacks targeting vulnerable Atlassian Confluence Servers that are not patched. Atlassian’s Confluence is a major collaboration platform used by many companies across the globe. Being a web-based platform, services such as managing projects and collaboration are mainly provided by Confluence Servers (or Confluence Data Centers). As it is a solution used by many companies, many vulnerabilities targeting vulnerable Confluence Servers and…
Why Remediation Alone Is Not Enough When Infected by Malware Posted By jcleebobgatenet , May 20, 2022 In January 2022, a prominent Korean company in the manufacturing industry had many of its internal systems infected by the Darkside ransomware. As the ransomware was found to be distributed using the AD group policy, AhnLab attempted to conduct a DC server forensic analysis. However, as the virtual environment operating system of the DC server operating in the virtual environment was damaged, the server could not be secured. Among the systems that were restored by the previous backup after the infection,…
CoinMiner Being Distributed to Unsecured MS-SQL Servers Posted By Sanseo , February 28, 2022 The ASEC analysis team is constantly monitoring malware distributed to unsecured MS-SQL servers. The previous blogs explained the distribution cases of Cobalt Strike and Remcos RAT, but the majority of the discovered attacks are CoinMiners. – [ASEC Blog] Remcos RAT Being Distributed to Vulnerable MS-SQL Servers– [ASEC Blog] Cobalt Strike Being Distributed to Unsecured MS-SQL Servers– [ASEC Blog] Cobalt Strike Being Distributed to Unsecured MS-SQL Servers (2) This blog will explain a specific form of CoinMiner that has been consistently distributed since last…
Attack Cases Using Metasploit Meterpreter Posted By Sanseo , September 14, 2021 Metasploit is a framework used in penetration testing. It is a tool that can be used to inspect security vulnerabilities for networks and systems of companies and organizations, providing various features for each penetration test stage. Like Cobalt Strike, it provides features necessary for each stage, from creating various types of payloads for the initial infection and stealing account information to dominating the system via lateral movement. While Cobalt Strike is commercial software, its crack version is leaked and used…
CoinMiner’s Attempt to Bypass AMSI by V3 Memory Scan Posted By jcleebobgatenet , May 28, 2021 The ASEC analysis team confirmed the distribution of CoinMiner that can disable the AMSI detection feature. Added in Windows 10, AMSI is a feature supported by Microsoft that allows applications and services to be linked with anti-malware software to detect malware. Currently, V3 Lite 4.0 and V3 365 Clinic 4.0 are utilizing the AMSI feature to respond to various types of malware including BlueCrab ransomware. The CoinMiner that can disable AMSI is being distributed in the fileless form utilizing the…
