Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-10-24AhnLabASEC Analysis Team
@online{team:20221024:malware:495a611, author = {ASEC Analysis Team}, title = {{Malware infection case of Lazarus attack group that neutralizes antivirus program with BYOVD technique}}, date = {2022-10-24}, organization = {AhnLab}, url = {https://asec.ahnlab.com/ko/40495/}, language = {Korean}, urldate = {2022-10-25} } Malware infection case of Lazarus attack group that neutralizes antivirus program with BYOVD technique
LazarDoor
2022-10-12AhnLabASEC Analysis Team
@online{team:20221012:lazarus:871078f, author = {ASEC Analysis Team}, title = {{Lazarus Group Uses the DLL Side-Loading Technique (mi.dll)}}, date = {2022-10-12}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/39828/}, language = {Korean}, urldate = {2022-10-14} } Lazarus Group Uses the DLL Side-Loading Technique (mi.dll)
2022-10-11AhnLabASEC Analysis Team
@online{team:20221011:from:a35b468, author = {ASEC Analysis Team}, title = {{From Exchange Server vulnerability to ransomware infection in just 7 days}}, date = {2022-10-11}, organization = {AhnLab}, url = {https://asec.ahnlab.com/ko/39682/}, language = {Korean}, urldate = {2022-10-11} } From Exchange Server vulnerability to ransomware infection in just 7 days
LockBit MimiKatz
2022-09-22AhnLabAhnLab ASEC Analysis Team
@techreport{team:20220922:analysis:9dea34b, author = {AhnLab ASEC Analysis Team}, title = {{Analysis Report on Lazarus Group's Rootkit Attack Using BYOVD}}, date = {2022-09-22}, institution = {AhnLab}, url = {https://asec.ahnlab.com/wp-content/uploads/2022/09/Analysis-Report-on-Lazarus-Groups-Rootkit-Attack-Using-BYOVD_Sep-22-2022.pdf}, language = {English}, urldate = {2022-12-29} } Analysis Report on Lazarus Group's Rootkit Attack Using BYOVD
FudModule
2022-08-08AhnLabASEC Analysis Team
@online{team:20220808:monero:368d22b, author = {ASEC Analysis Team}, title = {{Monero CoinMiner Being Distributed via Webhards}}, date = {2022-08-08}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/37526/}, language = {English}, urldate = {2023-01-19} } Monero CoinMiner Being Distributed via Webhards
Monero Miner
2022-08-03AhnLabASEC Analysis Team
@online{team:20220803:gwisin:b89efa2, author = {ASEC Analysis Team}, title = {{Gwisin Ransomware Targeting Korean Companies}}, date = {2022-08-03}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/37483}, language = {English}, urldate = {2022-08-30} } Gwisin Ransomware Targeting Korean Companies
Gwisin
2022-08-02ASECASEC Analysis Team
@online{team:20220802:word:dbe2c7e, author = {ASEC Analysis Team}, title = {{Word File Provided as External Link When Replying to Attacker’s Email (Kimsuky)}}, date = {2022-08-02}, organization = {ASEC}, url = {https://asec.ahnlab.com/en/37396/}, language = {English}, urldate = {2022-08-02} } Word File Provided as External Link When Replying to Attacker’s Email (Kimsuky)
Kimsuky
2022-07-21ASECASEC Analysis Team
@online{team:20220721:malware:6c62ac8, author = {ASEC Analysis Team}, title = {{Malware Being Distributed by Disguising Itself as Icon of V3 Lite}}, date = {2022-07-21}, organization = {ASEC}, url = {https://asec.ahnlab.com/en/36629/}, language = {English}, urldate = {2022-07-25} } Malware Being Distributed by Disguising Itself as Icon of V3 Lite
Ave Maria
2022-07-21ASECASEC Analysis Team
@online{team:20220721:dissemination:586ca95, author = {ASEC Analysis Team}, title = {{Dissemination of AppleSeed to Specific Military Maintenance Companies}}, date = {2022-07-21}, organization = {ASEC}, url = {https://asec.ahnlab.com/ko/36918/}, language = {Korean}, urldate = {2022-07-25} } Dissemination of AppleSeed to Specific Military Maintenance Companies
Appleseed
2022-04-18ASECASEC Analysis Team
@online{team:20220418:new:4825c0e, author = {ASEC Analysis Team}, title = {{A new type of malware from the Lazarus attack group that exploits the INITECH process.}}, date = {2022-04-18}, organization = {ASEC}, url = {https://asec.ahnlab.com/ko/33706/}, language = {Korean}, urldate = {2022-04-20} } A new type of malware from the Lazarus attack group that exploits the INITECH process.
2022-04-12AhnLabASEC Analysis Team
@online{team:20220412:systembc:7bdd20c, author = {ASEC Analysis Team}, title = {{SystemBC Being Used by Various Attackers}}, date = {2022-04-12}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/33600/}, language = {English}, urldate = {2022-04-15} } SystemBC Being Used by Various Attackers
Emotet SmokeLoader SystemBC
2022-04-05AhnLabASEC Analysis Team
@online{team:20220405:malicious:ecf993a, author = {ASEC Analysis Team}, title = {{Malicious Word Documents Using MS Media Player (Impersonating AhnLab)}}, date = {2022-04-05}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/33477/}, language = {English}, urldate = {2022-04-15} } Malicious Word Documents Using MS Media Player (Impersonating AhnLab)
2022-03-30ASECASEC Analysis Team
@online{team:20220330:malicious:3b01394, author = {ASEC Analysis Team}, title = {{Malicious Word File Targeting Corporate Users Being Distributed}}, date = {2022-03-30}, organization = {ASEC}, url = {https://asec.ahnlab.com/en/33186/}, language = {English}, urldate = {2022-03-31} } Malicious Word File Targeting Corporate Users Being Distributed
2022-03-29ASECASEC Analysis Team
@online{team:20220329:attack:9e20edd, author = {ASEC Analysis Team}, title = {{APT Attack Impersonating Defector Resume Form (VBS SCRIPT)}}, date = {2022-03-29}, organization = {ASEC}, url = {https://asec.ahnlab.com/ko/33141/}, language = {Korean}, urldate = {2022-03-31} } APT Attack Impersonating Defector Resume Form (VBS SCRIPT)
2022-03-21AhnLabASEC Analysis Team
@online{team:20220321:bitrat:865b183, author = {ASEC Analysis Team}, title = {{BitRAT Disguised as Windows Product Key Verification Tool Being Distributed}}, date = {2022-03-21}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/32781/}, language = {English}, urldate = {2022-04-14} } BitRAT Disguised as Windows Product Key Verification Tool Being Distributed
BitRAT TinyNuke
2022-03-16AhnLabASEC Analysis Team
@online{team:20220316:gh0stcringe:65e2d3e, author = {ASEC Analysis Team}, title = {{Gh0stCringe RAT Being Distributed to Vulnerable Database Servers}}, date = {2022-03-16}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/32572/}, language = {English}, urldate = {2022-04-14} } Gh0stCringe RAT Being Distributed to Vulnerable Database Servers
Ghost RAT Kingminer
2022-02-28AhnLabASEC Analysis Team
@online{team:20220228:coinminer:32d7604, author = {ASEC Analysis Team}, title = {{CoinMiner Being Distributed to Vulnerable MS-SQL Servers}}, date = {2022-02-28}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/32143/}, language = {English}, urldate = {2022-03-02} } CoinMiner Being Distributed to Vulnerable MS-SQL Servers
2022-02-28AhnLabASEC Analysis Team
@online{team:20220228:change:c9b5e5c, author = {ASEC Analysis Team}, title = {{Change in Distribution Method of Malware Disguised as Estimate (VBS Script)}}, date = {2022-02-28}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/32149/}, language = {English}, urldate = {2022-03-02} } Change in Distribution Method of Malware Disguised as Estimate (VBS Script)
Formbook
2022-02-25AhnLabASEC Analysis Team
@online{team:20220225:new:828e765, author = {ASEC Analysis Team}, title = {{New Infostealer ‘ColdStealer’ Being Distributed}}, date = {2022-02-25}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/32090/}, language = {English}, urldate = {2022-03-02} } New Infostealer ‘ColdStealer’ Being Distributed
ColdStealer
2022-02-18AhnLabASEC Analysis Team
@online{team:20220218:pseudomanuscrypt:4aa75d9, author = {ASEC Analysis Team}, title = {{PseudoManuscrypt Being Distributed in the Same Method as Cryptbot}}, date = {2022-02-18}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/31683/}, language = {English}, urldate = {2022-02-19} } PseudoManuscrypt Being Distributed in the Same Method as Cryptbot
CryptBot PseudoManuscrypt