NSIS Type of LockBit 3.0 Ransomware Disguised as Job Application Emails Being Distributed Posted By jcleebobgatenet , September 27, 2022 In February and June, the ASEC Analysis team posted in the blog about LockBit 2.0 ransomware being distributed via email. In this blog, we will introduce the new version of the LockBit 3.0 ransomware that is still being distributed through similar method. While in June there were multiple cases of the ransomware being distributed disguised as a copyright-related email, recently it is being distributed as a phishing email disguised as an email on the subject of job applications. As shown in…
FARGO Ransomware (Mallox) Being Distributed to Unsecured MS-SQL Servers Posted By jcleebobgatenet , September 23, 2022 The ASEC analysis team is constantly monitoring malware distributed to unsecured MS-SQL servers. The analysis team has recently discovered the distribution of FARGO ransomware that is targeting unsecured MS-SQL servers. Along with GlobeImposter, FARGO is one of the prominent ransomware that targets unsecured MS-SQL servers. In the past, it was also called the Mallox because it used the file extension .mallox. – [ASEC Blog] Cobalt Strike Being Distributed to Unsecured MS-SQL Servers– [ASEC Blog] Cobalt Strike Being Distributed to Unsecured MS-SQL Servers…
Gwisin Ransomware Targeting Korean Companies Posted By jcleebobgatenet , August 3, 2022 The cases of Gwisin ransomware attacking Korean companies are recently on the rise. It is being distributed to target specific companies. It is similar to Magniber in that it operates in the MSI installer form. Yet unlike Magniber which targets random individuals, Gwisin does not perform malicious behaviors on its own, requiring a special value for the execution argument. The value is used as key information to run the DLL file included in the MSI. As such, the file alone…
LockBit Ransomware Disguised as Copyright Claim E-mail Being Distributed Posted By jcleebobgatenet , June 24, 2022 The ASEC analysis team has once again discovered the distribution of LockBit ransomware using phishing e-mail, and disguising itself as copyright claims e-mail which was introduced in the previous blog. The filename of the attachment in e-mail had password included, which is similar to that of phishing e-mail distributed last February (see the link below). LockBit Ransomware Being Distributed Using Resume and Copyright-related Emails As shown in Figure 2, the phishing e-mail has a compressed file as an attachment that…
XLL Malware Distributed Through Email Posted By jcleebobgatenet , May 27, 2022 Malware strains have been created and distributed in various forms and types. As such, the ASEC analysis team is actively monitoring and analyzing such changes to allow AhnLab products to detect them. This post will introduce XLL malware that was discovered being distributed last year. XLL files are Microsoft Excel add-in files that operate with the extension .xll and can be opened by Excel. One thing to note is that the files are opened with MS Excel. This means users…
