Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-08-22AhnLabASEC Analysis Team
@online{team:20230822:analyzing:a2e958c, author = {ASEC Analysis Team}, title = {{Analyzing the new attack activity of the Andariel group}}, date = {2023-08-22}, organization = {AhnLab}, url = {https://asec.ahnlab.com/ko/56256/}, language = {Korean}, urldate = {2023-08-28} } Analyzing the new attack activity of the Andariel group
Andardoor MimiKatz QuiteRAT Tiger RAT Volgmer
2023-08-10AhnLabAhnLab ASEC Analysis Team
@online{team:20230810:guloader:3b02e84, author = {AhnLab ASEC Analysis Team}, title = {{GuLoader Malware Disguised as Tax Invoices and Shipping Statements (Detected by MDS Products)}}, date = {2023-08-10}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/55978/}, language = {English}, urldate = {2023-08-15} } GuLoader Malware Disguised as Tax Invoices and Shipping Statements (Detected by MDS Products)
CloudEyE
2023-06-08AhnLabASEC Analysis Team
@online{team:20230608:lazarus:e8fb47d, author = {ASEC Analysis Team}, title = {{Lazarus Group exploiting vulnerabilities in domestic financial security solutions}}, date = {2023-06-08}, organization = {AhnLab}, url = {https://asec.ahnlab.com/ko/53832/}, language = {Korean}, urldate = {2023-06-12} } Lazarus Group exploiting vulnerabilities in domestic financial security solutions
LazarDoor LazarLoader
2023-05-15AhnLabAhnLab ASEC Analysis Team
@online{team:20230515:lokilocker:684344c, author = {AhnLab ASEC Analysis Team}, title = {{LokiLocker, a Ransomware Similar to BlackBit Being Distributed in Korea}}, date = {2023-05-15}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/52570/}, language = {English}, urldate = {2023-06-12} } LokiLocker, a Ransomware Similar to BlackBit Being Distributed in Korea
LokiLocker
2022-10-24AhnLabASEC Analysis Team
@online{team:20221024:malware:495a611, author = {ASEC Analysis Team}, title = {{Malware infection case of Lazarus attack group that neutralizes antivirus program with BYOVD technique}}, date = {2022-10-24}, organization = {AhnLab}, url = {https://asec.ahnlab.com/ko/40495/}, language = {Korean}, urldate = {2022-10-25} } Malware infection case of Lazarus attack group that neutralizes antivirus program with BYOVD technique
LazarDoor
2022-10-12AhnLabASEC Analysis Team
@online{team:20221012:lazarus:871078f, author = {ASEC Analysis Team}, title = {{Lazarus Group Uses the DLL Side-Loading Technique (mi.dll)}}, date = {2022-10-12}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/39828/}, language = {Korean}, urldate = {2022-10-14} } Lazarus Group Uses the DLL Side-Loading Technique (mi.dll)
2022-10-11AhnLabASEC Analysis Team
@online{team:20221011:from:a35b468, author = {ASEC Analysis Team}, title = {{From Exchange Server vulnerability to ransomware infection in just 7 days}}, date = {2022-10-11}, organization = {AhnLab}, url = {https://asec.ahnlab.com/ko/39682/}, language = {Korean}, urldate = {2022-10-11} } From Exchange Server vulnerability to ransomware infection in just 7 days
LockBit MimiKatz
2022-09-22AhnLabAhnLab ASEC Analysis Team
@techreport{team:20220922:analysis:9dea34b, author = {AhnLab ASEC Analysis Team}, title = {{Analysis Report on Lazarus Group's Rootkit Attack Using BYOVD}}, date = {2022-09-22}, institution = {AhnLab}, url = {https://asec.ahnlab.com/wp-content/uploads/2022/09/Analysis-Report-on-Lazarus-Groups-Rootkit-Attack-Using-BYOVD_Sep-22-2022.pdf}, language = {English}, urldate = {2022-12-29} } Analysis Report on Lazarus Group's Rootkit Attack Using BYOVD
FudModule
2022-08-08AhnLabASEC Analysis Team
@online{team:20220808:monero:368d22b, author = {ASEC Analysis Team}, title = {{Monero CoinMiner Being Distributed via Webhards}}, date = {2022-08-08}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/37526/}, language = {English}, urldate = {2023-01-19} } Monero CoinMiner Being Distributed via Webhards
Monero Miner
2022-08-03AhnLabASEC Analysis Team
@online{team:20220803:gwisin:b89efa2, author = {ASEC Analysis Team}, title = {{Gwisin Ransomware Targeting Korean Companies}}, date = {2022-08-03}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/37483}, language = {English}, urldate = {2022-08-30} } Gwisin Ransomware Targeting Korean Companies
Gwisin
2022-08-02ASECASEC Analysis Team
@online{team:20220802:word:dbe2c7e, author = {ASEC Analysis Team}, title = {{Word File Provided as External Link When Replying to Attacker’s Email (Kimsuky)}}, date = {2022-08-02}, organization = {ASEC}, url = {https://asec.ahnlab.com/en/37396/}, language = {English}, urldate = {2022-08-02} } Word File Provided as External Link When Replying to Attacker’s Email (Kimsuky)
Kimsuky
2022-07-21ASECASEC Analysis Team
@online{team:20220721:malware:6c62ac8, author = {ASEC Analysis Team}, title = {{Malware Being Distributed by Disguising Itself as Icon of V3 Lite}}, date = {2022-07-21}, organization = {ASEC}, url = {https://asec.ahnlab.com/en/36629/}, language = {English}, urldate = {2022-07-25} } Malware Being Distributed by Disguising Itself as Icon of V3 Lite
Ave Maria
2022-07-21ASECASEC Analysis Team
@online{team:20220721:dissemination:586ca95, author = {ASEC Analysis Team}, title = {{Dissemination of AppleSeed to Specific Military Maintenance Companies}}, date = {2022-07-21}, organization = {ASEC}, url = {https://asec.ahnlab.com/ko/36918/}, language = {Korean}, urldate = {2022-07-25} } Dissemination of AppleSeed to Specific Military Maintenance Companies
Appleseed
2022-04-18ASECASEC Analysis Team
@online{team:20220418:new:4825c0e, author = {ASEC Analysis Team}, title = {{A new type of malware from the Lazarus attack group that exploits the INITECH process.}}, date = {2022-04-18}, organization = {ASEC}, url = {https://asec.ahnlab.com/ko/33706/}, language = {Korean}, urldate = {2022-04-20} } A new type of malware from the Lazarus attack group that exploits the INITECH process.
2022-04-12AhnLabASEC Analysis Team
@online{team:20220412:systembc:7bdd20c, author = {ASEC Analysis Team}, title = {{SystemBC Being Used by Various Attackers}}, date = {2022-04-12}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/33600/}, language = {English}, urldate = {2022-04-15} } SystemBC Being Used by Various Attackers
Emotet SmokeLoader SystemBC
2022-04-05AhnLabASEC Analysis Team
@online{team:20220405:malicious:ecf993a, author = {ASEC Analysis Team}, title = {{Malicious Word Documents Using MS Media Player (Impersonating AhnLab)}}, date = {2022-04-05}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/33477/}, language = {English}, urldate = {2022-04-15} } Malicious Word Documents Using MS Media Player (Impersonating AhnLab)
2022-03-30ASECASEC Analysis Team
@online{team:20220330:malicious:3b01394, author = {ASEC Analysis Team}, title = {{Malicious Word File Targeting Corporate Users Being Distributed}}, date = {2022-03-30}, organization = {ASEC}, url = {https://asec.ahnlab.com/en/33186/}, language = {English}, urldate = {2022-03-31} } Malicious Word File Targeting Corporate Users Being Distributed
2022-03-29ASECASEC Analysis Team
@online{team:20220329:attack:9e20edd, author = {ASEC Analysis Team}, title = {{APT Attack Impersonating Defector Resume Form (VBS SCRIPT)}}, date = {2022-03-29}, organization = {ASEC}, url = {https://asec.ahnlab.com/ko/33141/}, language = {Korean}, urldate = {2022-03-31} } APT Attack Impersonating Defector Resume Form (VBS SCRIPT)
2022-03-21AhnLabASEC Analysis Team
@online{team:20220321:bitrat:865b183, author = {ASEC Analysis Team}, title = {{BitRAT Disguised as Windows Product Key Verification Tool Being Distributed}}, date = {2022-03-21}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/32781/}, language = {English}, urldate = {2022-04-14} } BitRAT Disguised as Windows Product Key Verification Tool Being Distributed
BitRAT TinyNuke
2022-03-16AhnLabASEC Analysis Team
@online{team:20220316:gh0stcringe:65e2d3e, author = {ASEC Analysis Team}, title = {{Gh0stCringe RAT Being Distributed to Vulnerable Database Servers}}, date = {2022-03-16}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/32572/}, language = {English}, urldate = {2022-04-14} } Gh0stCringe RAT Being Distributed to Vulnerable Database Servers
Ghost RAT Kingminer