SPAMMAIL

Attack Against Ukrainian Ministry of Defense Using E-mail Disguised as Free Bitcoin Reward

ASEC analysis team has confirmed the distribution of malicious e-mail disguised as a free Bitcoin reward that targets specific individuals in Ukrainian Ministry of Defense. This malware uses a recent hot topic, Bitcoin, and tricks people into downloading the end-stage malware through various methods. Upon downloading the PDF file attached to the e-mail, the user can see the content of the PDF file which states that Bitcoin can be received for free if the user accesses the short URL written…

Distribution of RTF Vulnerability Malware that Takes Advantage of Microsoft Office Word’s External Connection

Distribution of RTF vulnerability (CVE-2017-11882) malware that uses external connection of MS Office Word document has been found. Employees must be on the lookout as the attacker is using spam e-mails to distribute malware to domestic shopping malls and other businesses. Recently, the distribution of MS Office Word malware using external connection has been increasing exponentially. As the attacker uses normal XML Relationship of OOXML (Office Open XML) format and uses malicious URL for only the target address, it is…

Analysis of Dridex Malware Distribution Method Armed with Bypass Detection

Dridex, also known as Cridex and Bugat, is a typical info-stealing malware that steals financial information. It is distributed on a massive scale by cybercrime organizations and it mainly uses macros within Microsoft Office Word or Excel document files that are included in spam mails. The most noticeable characteristic of Dridex malware is that it operates by modularizing files depending on features such as downloader, loader, and botnet. As such, there have been cases of ransomwares such as DoppelPaymer or…

Distribution of Malicious Word Document Disguised as a Military Security Monthly Magazine (April 2021)

On March 29th, ASEC analysis team has introduced malicious word documents containing North Korea related materials. Upon opening the file, it connects to the ‘External URL’ written within XML and downloads additional files. Recently the team has found out that malicious word documents using the mentioned method and disguised as a military security monthly magazine (April 2021) are currently being distributed. The names of the files are as follows: MonthlyKIMA2021_AprilMilitarySecurity0330.docx MonthlyKIMA2021_AprilMilitarySecurity0331.docx The document file is protected, and upon unlocking the…

Malicious Word Documents with External Link of North Korea Related Materials

In the previous, ASEC analysis team has introduced various types of document-based malware. Among them, malicious documents of North Korea related materials were generally produced in HWP file format. You can check the relevant information from previous ASEC blog posts. Today, DOC (Word) documents containing North Korea related materials collected by ASEC analysis team will partially be introduced. These documents are assumed to be distributed via email, and they had following content within. Upon opening, it connects to ‘External URL’…