Analysis of TargetCompany’s Attacks Against MS-SQL Servers (Mallox, BlueSky Ransomware)
While monitoring attacks targeting MS-SQL servers, AhnLab SEcurity intelligence Center (ASEC) recently identified cases of the TargetCompany ransomware group installing the Mallox ransomware. The TargetCompany ransomware group primarily targets improperly managed MS-SQL servers to install the Mallox ransomware. While these attacks have been ongoing for several years, here we will
Remcos RAT Distributed via Webhards
While monitoring the distribution sources of malware in South Korea, AhnLab SEcurity intelligence Center (ASEC) recently found that the Remcos RAT malware disguised as adult games is being distributed via webhards. Webhards and torrents are platforms commonly used for the distribution of malware in Korea. Attackers normally use easily obtainable
Distribution of Remcos RAT Disguised as Payslip
AhnLab Security Emergency response Center (ASEC) has discovered circumstances of the Remcos remote control malware being distributed through an email disguised as a payslip. As shown in Figure 1, the identified Remcos RAT was distributed under an email subject that read ‘This is a confirmation document for your payment transfer’,
GuLoader Malware Disguised as Tax Invoices and Shipping Statements (Detected by MDS Products)
AhnLab Security Emergency response Center (ASEC) has identified circumstances of GuLoader being distributed as attachments in emails disguised with tax invoices and shipping statements. The recently identified GuLoader variant was included in a RAR (Roshal Archive Compressed) compressed file. When a user executes GuLoader, it ultimately downloads known malware strains
Fileless Remcos RAT Malware Delivery
The ASEC analysis team identified that Remcos RAT malware is being distributed through malicious macros in Excel files. As for the malware, the team introduced it in detail in the post linked below this text. While the method of coming into the system through spam mails is the same as
