AhnLab Security Emergency Response Center (ASEC)
@AhnLab_ASEC
#AhnLab #ASEC AhnLab ASEC
You might like
Kimsuky Group Using Meterpreter to Attack Web Servers | ASEC has recently discovered the distribution of malware targeting web servers by Kimsuky group; a threat group deemed supported by North Korea. asec.ahnlab.com/en/53046/ @AhnLab_ASEC
#Trigona #Ransomware Attacking MS-SQL Servers. Typical attacks that target MS-SQL servers include brute force attacks and dictionary attacks on systems where account credentials are poorly managed. asec.ahnlab.com/en/51343/
asec.ahnlab.com
Trigona Ransomware Attacking MS-SQL Servers - ASEC
Trigona Ransomware Attacking MS-SQL Servers ASEC
#Kimsuky Uses Alternate Data Stream (ADS) to Conceal Malware. asec.ahnlab.com/en/50625/
#AhnLab #MDS detects and blocks malicious #IcedID ms-office word file that uses anti-sandbox techniques. asec.ahnlab.com/en/50198/ 👍AhnLab MDS global.ahnlab.com/site/product/p…
#Nevada #Ransomware is being distributed. b673d92b77489d12779dc1fb5e8f6fdd ".NEVADA" extension 1. Main Features of Nevada Ransomware 2. Nevada Encryption Targets and Exception Conditions asec.ahnlab.com/en/50063/
ASEC has recently discovered the #ShellBot, also known as #PerlBot, malware being installed on poorly managed Linux SSH servers. If ShellBot is installed, Linux servers can be used as DDoS Bots for DDoS attacks against specific targets. asec.ahnlab.com/en/49769/
ASEC discovered a malware strain disguised as a password file and being distributed alongside a normal file within a compressed file. The recently discovered malware was in #CHM and #LNK file formats. asec.ahnlab.com/en/49760/
📝AhnLab Threat Intelligence Report A comprehensive report on monitoring the activities of Kimsuky (FlowerPower, AppleSeed) in 2022 asec.ahnlab.com/wp-content/upl… asec.ahnlab.com/en/49520/
📝AhnLab Threat Intelligence Report Unique characteristics of Kimsuky group’s spear phishing emails. Kimsuky used FQDN disguised as a famous Korean web portal. asec.ahnlab.com/wp-content/upl… asec.ahnlab.com/en/49507/ #AhnLab #Kimsuky #Anlaysis #Thallium
asec.ahnlab.com
Unique characteristics of Kimsuky group's spear phishing emails - ASEC
Unique characteristics of Kimsuky group's spear phishing emails ASEC
📝AhnLab Threat Intelligence Report Threat Trend Report on Region-Specific Ransomware - Localized Ransomware Attacks - Case Study: South Korea, Taiwan, China, Chile asec.ahnlab.com/wp-content/upl… asec.ahnlab.com/en/49515/ #AhnLab #Ransomware #Anlaysis
#Mallox #ransomware, which targets vulnerable MS-SQL servers, has been historically distributed at a consistently high rate. Mallox disguised as a program related to DirectPlay is a file built in .NET file. 📝Analysis: asec.ahnlab.com/en/49366/
AhnLab Security Emergency response Center (ASEC) has recently discovered #CHM malware which is assumed to have been created by #Kimsuky. It is distributed as an email attachment. IOC: 726af41024d06df195784ae88f2849e4 C2: hxxp://mpevalr.ria[.]monster asec.ahnlab.com/en/49295/
![AhnLab_ASEC's tweet image. AhnLab Security Emergency response Center (ASEC) has recently discovered #CHM malware which is assumed to have been created by #Kimsuky.
It is distributed as an email attachment.
IOC:
726af41024d06df195784ae88f2849e4
C2:
hxxp://mpevalr.ria[.]monster
asec.ahnlab.com/en/49295/](https://pbs.twimg.com/media/FroMgLLaIAEfOXC.jpg)
![AhnLab_ASEC's tweet image. AhnLab Security Emergency response Center (ASEC) has recently discovered #CHM malware which is assumed to have been created by #Kimsuky.
It is distributed as an email attachment.
IOC:
726af41024d06df195784ae88f2849e4
C2:
hxxp://mpevalr.ria[.]monster
asec.ahnlab.com/en/49295/](https://pbs.twimg.com/media/FroMjq4aEAAVlZb.jpg)
❗MS-SQL Attack The attacker used not only #CobaltStrike but also #Netcat to gain control over the infected system. It targets poorly managed MS-SQL servers. Various other malware were also installed like privilege escalator, infostealer, and proxy tools. asec.ahnlab.com/en/49249/
According to ASEC the North Korea-linked Lazarus Group has been observed weaponizing flaws in an undisclosed software to breach a financial business entity in South Korea twice within a span of a year. thehackernews.com/2023/03/lazaru… @TheHackersNews
#iswr #ransomware can be decrypted!!! iswr ransomware is a variant of #STOP ransomware. #AhnLab #ASEC offers a free script for decrypting files infected by iswr ransomware. 😆asec.ahnlab.com/en/48989/
CHM Malicious File Disguised as Security Email from a Korean Financial Company #RedEyes #Scarcruft asec.ahnlab.com/en/49089/
ASEC has recently discovered the installation of the #PlugX #malware through the Chinese remote control programs #Sunlogin and #Awesun’s remote code execution #vulnerability asec.ahnlab.com/en/49097/
#Lazarus exploited a zero-day #vulnerability in Korea’s widely used digital signature authentication software. They attacked Korean defense contractors, satellite companies, IT, and media companies. #0day This report will be translated into English soon. asec.ahnlab.com/ko/48416/
Anti-Forensic Techniques Used By #Lazarus Group - Data Hiding: Encryption, Other Forms of Data Hiding - Artifact Wiping: File Wiping - Trail Obfuscation: Timestamp Changes 📝Analysis by #AhnLab #ASEC #AFIRST asec.ahnlab.com/en/48223/
#Magniber #Ransomware’s Relaunch Technique using Windows Registry 🤐 Registering to be relaunched is a preliminary phase of encryption. asec.ahnlab.com/en/48312/
United States Trends
- 1. Grammy 415K posts
- 2. #FliffCashFriday 2,304 posts
- 3. Dizzy 11K posts
- 4. James Watson 10.1K posts
- 5. #NXXT 1,188 posts
- 6. Clipse 24K posts
- 7. Kendrick 67.3K posts
- 8. Chase 89.8K posts
- 9. Darryl Strawberry 1,529 posts
- 10. #GOPHealthCareShutdown 10.9K posts
- 11. MANELYK EN COMPLICES 14.2K posts
- 12. #tnwx N/A
- 13. Orban 53.7K posts
- 14. #FursuitFriday 12.7K posts
- 15. Klay 5,942 posts
- 16. Capitol Police 14K posts
- 17. Thune 82.5K posts
- 18. Bijan 3,299 posts
- 19. Laporta 14.5K posts
- 20. Starkville N/A
You might like
-
Aaron Jornet
@RexorVc0 -
eSentire Threat Intel
@esthreat -
Mangusta
@Tac_Mangusta -
3xp0rt
@3xp0rtblog -
lazarusholic
@lazarusholic -
SECUINFRA FALCON TEAM
@SI_FalconTeam -
Squiblydoo
@SquiblydooBlog -
13Cubed
@13CubedDFIR -
Team Cymru Research
@teamcymru_S2 -
Arkbird
@Arkbird_SOLG -
The DFIR Report
@TheDFIRReport -
Yogesh Londhe
@suyog41 -
Check Point Research
@_CPResearch_ -
Sekoia.io
@sekoia_io -
RedDrip Team
@RedDrip7
Something went wrong.
Something went wrong.