Vulnerability

RTF Malware Disguised as a Cover Letter for a Particular Airline

In early October, the ASEC analysis team has discovered an RTF document-based malware disguised as a cover letter for a particular airline. This is not a type of document that appears often as other document-based malware (Word, Excel, etc.), and RTF malware disguised as a particular document hasn’t been discovered in a long time. Filename used in distribution: ****Airline Cover Letter_.rtf An MS Office equation editor program EQNEDT32.EXE related vulnerability (CVE-2017-11882) was used for the RTF document, and the last…

APT Attacks Using PDF Files, Possibly by North Korea Related Group

Targeted attacks using PDF files have been confirmed, and it seems the group related to North Korea is behind these attacks. While the attack group is thought to be either Kimsuky or Thallium, it might be another group that mimicked those two. The related information was already reported in the press, but this post will additionally reveal previously undisclosed IOC and analysis information such as environments for vulnerabilities. The attacker used PDF files as bait. Malicious JavaScript included in the…