Malware Disguised as Normal Documents (Kimsuky)
The ASEC analysis team has recently discovered that the malware introduced in the post, <Malware Disguised as a Manuscript Solicitation Letter (Targeting Security-Related Workers)>, is being distributed to broadcasting and ordinary companies as well as those in the security-related field. Identical to the malware introduced in the blog post above,
Malicious Word Document Being Distributed in Disguise of a News Survey
The ASEC analysis team discovered that the Word document type identified in the blog, ‘Malicious Word Files Targeting Specific Individuals Related to North Korea,’ has recently been using FTP to leak user credentials. The filename of the identified Word document is ‘CNA[Q].doc’, disguised as a CNA Singaporean TV program interview.
LockBit 3.0 Ransomware Distributed via Word Documents
The ASEC analysis team has identified that LockBit 3.0 ransomware distributed while disguised as job application emails in NSIS format is also being distributed in Word document format. The specific distribution channel has not yet been identified, but considering that the distributed file names include names of people such as
Word File Provided as External Link When Replying to Attacker’s Email (Kimsuky)
The ASEC analysis team has discovered the continuous distribution of malicious Word files with North Korea-related materials. The types of discovered Word files included the one discussed in the “Overall Organizational Analysis Report of 2021 Kimsuky Attack Word Files” (AhnLab TIP) and ‘Word Files Related to Diplomacy and National Defense
Malicious Word Documents Using MS Media Player (Impersonating AhnLab)
Last week, the ASEC analysis team uploaded a post named “Malicious Word File Targeting Corporate Users Being Distributed” that contained information about a malicious Word file. Currently, documents of the same type are being distributed with text that impersonates AhnLab. The Word files confirmed this time download another Word file
Malicious Word File Targeting Corporate Users Being Distributed
The ASEC analysis team discovered a Word file that seems to target corporate users. The file contains an image that prompts users to enable macros like other malicious files. To trick users into thinking that this is an innocuous file, it shows information related to improving Google account security when
Malicious Word Files Disguised as Product Introduction
The ASEC analysis team has discovered a word document that is in the same category as the document introduced in the post <Word File Disguised as a Design Modification Request for Information Theft>, uploaded in December last year. The title of the document confirmed in this case is ‘Product Introduction.doc’.
Word File Disguised as a Design Modification Request for Information Theft
The ASEC analysis team has discovered the distribution of malicious Word file targeting Korean users. The filename is Design Modification Request.doc, and it includes an image that prompts the user to run the macro. Figure 1. Image in the Word file Figure 2. File information of Design Modification Request.doc
Word Document Titled ‘BIO Form’ Being Distributed
Since last month, the ASEC analysis team has been continuously uploading posts about APT attacks using word documents. Recently, it found that the malware of the same type is being constantly distributed in the name of ‘BIO form.’ By looking at the distribution history of previous word documents, we can
Attacker Distributing Malicious Word Document Written as Compensation Claim Form
A malicious word document file written as ‘compensation claim form’ is being distributed again. This is speculated to be a targeted APT attack. The exact malware that used the identical document format was also discovered back in March, and the ASEC team published a post that analyzes the malware in
