#ahnlab — Public Fediverse posts

Binary Managed Object File (BMOF) Distributing XMRig CoinMiner

This analysis explores the use of Binary Managed Object Files (BMOFs) in distributing XMRig CoinMiner. BMOFs, compiled versions of Managed Object Files, are not inherently malicious but can be exploited due to their ability to execute scripts. The report details how threat actors utilize BMOFs with Permanent Event Subscription for malware persistence. It describes an attack case attributed to BondNet, where malicious BMOFs are created and executed through mofcomp.exe after compromising SQL servers. The process involves deleting the hosts file, creating guest accounts, downloading VBE files, configuring RDP connections, and executing XMRig CoinMiner. The malware is detectable by AhnLab MDS under specific signatures in sandbox environments.

Pulse ID: 66ea8e94a8ad8301bfc0f6c0
Pulse Link: https://otx.alienvault.com/pulse/66ea8e94a8ad8301bfc0f6c0
Pulse Author: AlienVault
Created: 2024-09-18 08:25:56

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AhnLab #CoinMiner #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #RDP #SQL #bot #AlienVault

South Korean Researchers Observe Remcos RAT Distributed Through Fake Shipping Lures https://thecyberexpress.com/remcos-rat-malicious-uuencoding-uue-shipping/ #TheCyberExpressNews #CybersecurityNews #RemcosRATmalware #TheCyberExpress #FirewallDaily #cybersecurity #Cyberattack #UUEncoding #RemcosRAT #malware #AhnLab #UUE

South Korean Researchers Observe Remcos RAT Distributed Through Fake Shipping Lures https://thecyberexpress.com/remcos-rat-malicious-uuencoding-uue-shipping/ #TheCyberExpressNews #CybersecurityNews #RemcosRATmalware #TheCyberExpress #FirewallDaily #cybersecurity #Cyberattack #UUEncoding #RemcosRAT #malware #AhnLab #UUE

South Korean Researchers Observe Remcos RAT Distributed Through Fake Shipping Lures https://thecyberexpress.com/remcos-rat-malicious-uuencoding-uue-shipping/ #TheCyberExpressNews #CybersecurityNews #RemcosRATmalware #TheCyberExpress #FirewallDaily #cybersecurity #Cyberattack #UUEncoding #RemcosRAT #malware #AhnLab #UUE

South Korean Researchers Observe Remcos RAT Distributed Through Fake Shipping Lures https://thecyberexpress.com/remcos-rat-malicious-uuencoding-uue-shipping/ #TheCyberExpressNews #CybersecurityNews #RemcosRATmalware #TheCyberExpress #FirewallDaily #cybersecurity #Cyberattack #UUEncoding #RemcosRAT #malware #AhnLab #UUE

Researchers Warn About Phishing Emails That Trick Users Into Pasting Malicious Commands https://thecyberexpress.com/researchers-caution-against-phishing-paste/ #TheCyberExpressNews #CybersecurityNews #PhishingTechnique #phishingcampaign #TheCyberExpress #FirewallDaily #cybersecurity #Cyberattack #PasteandRun #Phishing #AhnLab #Ctrl+V

Researchers Warn About Phishing Emails That Trick Users Into Pasting Malicious Commands https://thecyberexpress.com/researchers-caution-against-phishing-paste/ #TheCyberExpressNews #CybersecurityNews #PhishingTechnique #phishingcampaign #TheCyberExpress #FirewallDaily #cybersecurity #Cyberattack #PasteandRun #Phishing #AhnLab #Ctrl+V

Researchers Warn About Phishing Emails That Trick Users Into Pasting Malicious Commands https://thecyberexpress.com/researchers-caution-against-phishing-paste/ #TheCyberExpressNews #CybersecurityNews #PhishingTechnique #phishingcampaign #TheCyberExpress #FirewallDaily #cybersecurity #Cyberattack #PasteandRun #Phishing #AhnLab #Ctrl+V

Researchers Warn About Phishing Emails That Trick Users Into Pasting Malicious Commands https://thecyberexpress.com/researchers-caution-against-phishing-paste/ #TheCyberExpressNews #CybersecurityNews #PhishingTechnique #phishingcampaign #TheCyberExpress #FirewallDaily #cybersecurity #Cyberattack #PasteandRun #Phishing #AhnLab #Ctrl+V

z0Miner Exploits Korean Web Servers to Attack WebLogic Server

AhnLab Security intelligence Center (ASEC) has discovered numerous instances of threat actors attacking vulnerable Korean servers. This post examines a recent case in which the 'z0Miner' threat actor targeted Korean WebLogic servers. The actor has a history of distributing miners against vulnerable servers and is known for exploiting WebLogic server vulnerabilities.

Pulse ID: 65eb43b73126f426dbb1e92b
Pulse Link: https://otx.alienvault.com/pulse/65eb43b73126f426dbb1e92b
Pulse Author: AlienVault
Created: 2024-03-08 16:58:30

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#OTX #OpenThreatExchange #InfoSec #bot #CyberSecurity #AhnLab #ASEC #AlienVault

WogRAT Malware Exploits aNotepad

AhnLab Security intelligence Center (ASEC) has recently discovered the distribution of backdoor malware via aNotepad, a free online notepad platform. The malware, classified as WogRAT, supports both Windows and Linux systems. It has been used in attacks since late 2022, often disguised as legitimate software. WogRAT sends data to a command and control server, and can execute commands, upload/download files, etc. The Linux version connects to a Tiny Shell server to receive commands.

Pulse ID: 65e88e7ae77b71e99ddb944e
Pulse Link: https://otx.alienvault.com/pulse/65e88e7ae77b71e99ddb944e
Pulse Author: AlienVault
Created: 2024-03-06 15:40:42

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#OTX #OpenThreatExchange #InfoSec #bot #CyberSecurity #Malware #BackDoor #Linux #Windows #RAT #AhnLab #ASEC #AlienVault

Fileless Revenge RAT Malware

AhnLab SEcurity intelligence Center (ASEC) recently discovered the distribution of Revenge RAT malware that had been developed based on legitimate tools. It appears that the attackers have used tools such as ‘smtp-validator’ and ‘Email To Sms’. At the time of execution, the malware creates and runs both a legitimate tool and a malicious file, making it difficult for users to realize that a malicious activity has occurred.

Pulse ID: 65cc8f2baf18018d9e3b51ee
Pulse Link: https://otx.alienvault.com/pulse/65cc8f2baf18018d9e3b51ee
Pulse Author: AlienVault
Created: 2024-02-14 10:00:11

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#OTX #OpenThreatExchange #InfoSec #bot #CyberSecurity #Malware #RAT #AhnLab #Email #ASEC #AlienVault

Trigona Ransomware Threat Actor Uses Mimic Ransomware

A new case of Trigona ransomware installing Mimic ransomware has been detected by AhnLab SEcurity intelligence Center, and it is believed to be the same attacker responsible for previous attacks.

Pulse ID: 65bcc56a0c2cff1bf11ba75a
Pulse Link: https://otx.alienvault.com/pulse/65bcc56a0c2cff1bf11ba75a
Pulse Author: AlienVault
Created: 2024-02-02 10:35:21

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#OTX #OpenThreatExchange #InfoSec #bot #CyberSecurity #RansomWare #AhnLab #Mimic #AlienVault

Report from #AhnLab indicates a new cryptocurrency miner is attacking Linux servers https://www.linux-magazine.com/Online/News/Linux-Machines-with-Poorly-Secured-SSH-Servers-are-Under-Attack #Linux #security #crypto #SSH #server #malware #DDOSbot #CoinMiner #ASEC

Report from #AhnLab indicates a new cryptocurrency miner is attacking Linux servers https://www.linux-magazine.com/Online/News/Linux-Machines-with-Poorly-Secured-SSH-Servers-are-Under-Attack #Linux #security #crypto #SSH #server #malware #DDOSbot #CoinMiner #ASEC

Report from #AhnLab indicates a new cryptocurrency miner is attacking Linux servers https://www.linux-magazine.com/Online/News/Linux-Machines-with-Poorly-Secured-SSH-Servers-are-Under-Attack #Linux #security #crypto #SSH #server #malware #DDOSbot #CoinMiner #ASEC

Report from #AhnLab indicates a new cryptocurrency miner is attacking Linux servers https://www.linux-magazine.com/Online/News/Linux-Machines-with-Poorly-Secured-SSH-Servers-are-Under-Attack #Linux #security #crypto #SSH #server #malware #DDOSbot #CoinMiner #ASEC

Report from #AhnLab indicates a new cryptocurrency miner is attacking Linux servers https://www.linux-magazine.com/Online/News/Linux-Machines-with-Poorly-Secured-SSH-Servers-are-Under-Attack #Linux #security #crypto #SSH #server #malware #DDOSbot #CoinMiner #ASEC

Apache ActiveMQ Vulnerability (CVE-2023-46604) Continuously Being Exploited in Attacks

In November 2023, AhnLab Security Emergency response Center (ASEC) published a blog post titled “Circumstances of the Andariel Group Exploiting an Apache ActiveMQ Vulnerability (CVE-2023-46604)” which covered cases of the Andariel threat group exploiting the CVE-2023-46604 vulnerability to install malware. Since then, the Apache ActiveMQ vulnerability (CVE-2023-46604) has continued to be exploited by various threat actors.

Pulse ID: 6585720528f4e1dd0336c0d1
Pulse Link: https://otx.alienvault.com/pulse/6585720528f4e1dd0336c0d1
Pulse Author: AlienVault
Created: 2023-12-22 11:24:53

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#OTX #OpenThreatExchange #InfoSec #bot #CyberSecurity #Malware #Apache #Vulnerability #ActiveMQ #AhnLab #Andariel #AndarielGroup #AlienVault

Circumstances of an Attack Exploiting an Asset Management Program (Andariel Group)

The Andariel group has been distributing malware via an attack using an asset management program, according to an analysis by AhnLab's ASEC team.

Pulse ID: 655e254bda9c2bd236bc188f
Pulse Link: https://otx.alienvault.com/pulse/655e254bda9c2bd236bc188f
Pulse Author: AlienVault
Created: 2023-11-22 15:59:06

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#OTX #OpenThreatExchange #InfoSec #bot #CyberSecurity #Malware #AhnLab #AlienVault

Cryptojacking Attack Campaign Against Apache Web Servers Using Cobalt Strike

An attack on web servers that are poorly managed has been identified by AhnLab Security Emergency Response Center (ASEC), a South Korea-based security agency.

Pulse ID: 655e17bd280ae5a6d043b267
Pulse Link: https://otx.alienvault.com/pulse/655e17bd280ae5a6d043b267
Pulse Author: AlienVault
Created: 2023-11-22 15:01:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#OTX #OpenThreatExchange #InfoSec #bot #CyberSecurity #SouthKorea #Apache #CobaltStrike #CryptoJacking #AhnLab #AlienVault

"👾 HiddenGh0st Malware: A Silent Menace to MS-SQL Servers 🖥️"

The HiddenGh0st malware, a variant of the notorious Gh0st RAT, has been wreaking havoc on MS-SQL servers. Developed by the C. Rufus Security Team from China, this malware has evolved, now deploying an open-source rootkit named Hidden to ensure its stealth and persistence on infected systems. The malware is distributed in a packed state to evade detection, and once unpacked, it communicates with its C&C server, receiving commands to execute various malicious activities. It's capable of keylogging, stealing account credentials via Mimikatz, and even enabling remote desktop for further exploitation. The primary targets appear to be Chinese users, given the malware's specific focus on QQ Messenger data exfiltration. The detailed analysis by AhnLab's ASEC provides a deep dive into its nefarious functionalities and the threat it poses to poorly managed MS-SQL servers.

Source: ASEC Blog

Tags: #HiddenGh0st #Gh0stRAT #MSSQL #Cybersecurity #MalwareAnalysis #Rootkit #ChineseCyberThreats #InfoSec #AhnLab 🇨🇳🔐🖥️

"👾 HiddenGh0st Malware: A Silent Menace to MS-SQL Servers 🖥️"

The HiddenGh0st malware, a variant of the notorious Gh0st RAT, has been wreaking havoc on MS-SQL servers. Developed by the C. Rufus Security Team from China, this malware has evolved, now deploying an open-source rootkit named Hidden to ensure its stealth and persistence on infected systems. The malware is distributed in a packed state to evade detection, and once unpacked, it communicates with its C&C server, receiving commands to execute various malicious activities. It's capable of keylogging, stealing account credentials via Mimikatz, and even enabling remote desktop for further exploitation. The primary targets appear to be Chinese users, given the malware's specific focus on QQ Messenger data exfiltration. The detailed analysis by AhnLab's ASEC provides a deep dive into its nefarious functionalities and the threat it poses to poorly managed MS-SQL servers.

Source: ASEC Blog

Tags: #HiddenGh0st #Gh0stRAT #MSSQL #Cybersecurity #MalwareAnalysis #Rootkit #ChineseCyberThreats #InfoSec #AhnLab 🇨🇳🔐🖥️

"👾 HiddenGh0st Malware: A Silent Menace to MS-SQL Servers 🖥️"

The HiddenGh0st malware, a variant of the notorious Gh0st RAT, has been wreaking havoc on MS-SQL servers. Developed by the C. Rufus Security Team from China, this malware has evolved, now deploying an open-source rootkit named Hidden to ensure its stealth and persistence on infected systems. The malware is distributed in a packed state to evade detection, and once unpacked, it communicates with its C&C server, receiving commands to execute various malicious activities. It's capable of keylogging, stealing account credentials via Mimikatz, and even enabling remote desktop for further exploitation. The primary targets appear to be Chinese users, given the malware's specific focus on QQ Messenger data exfiltration. The detailed analysis by AhnLab's ASEC provides a deep dive into its nefarious functionalities and the threat it poses to poorly managed MS-SQL servers.

Source: ASEC Blog

Tags: #HiddenGh0st #Gh0stRAT #MSSQL #Cybersecurity #MalwareAnalysis #Rootkit #ChineseCyberThreats #InfoSec #AhnLab 🇨🇳🔐🖥️

"👾 HiddenGh0st Malware: A Silent Menace to MS-SQL Servers 🖥️"

The HiddenGh0st malware, a variant of the notorious Gh0st RAT, has been wreaking havoc on MS-SQL servers. Developed by the C. Rufus Security Team from China, this malware has evolved, now deploying an open-source rootkit named Hidden to ensure its stealth and persistence on infected systems. The malware is distributed in a packed state to evade detection, and once unpacked, it communicates with its C&C server, receiving commands to execute various malicious activities. It's capable of keylogging, stealing account credentials via Mimikatz, and even enabling remote desktop for further exploitation. The primary targets appear to be Chinese users, given the malware's specific focus on QQ Messenger data exfiltration. The detailed analysis by AhnLab's ASEC provides a deep dive into its nefarious functionalities and the threat it poses to poorly managed MS-SQL servers.

Source: ASEC Blog

Tags: #HiddenGh0st #Gh0stRAT #MSSQL #Cybersecurity #MalwareAnalysis #Rootkit #ChineseCyberThreats #InfoSec #AhnLab 🇨🇳🔐🖥️

"👾 HiddenGh0st Malware: A Silent Menace to MS-SQL Servers 🖥️"

The HiddenGh0st malware, a variant of the notorious Gh0st RAT, has been wreaking havoc on MS-SQL servers. Developed by the C. Rufus Security Team from China, this malware has evolved, now deploying an open-source rootkit named Hidden to ensure its stealth and persistence on infected systems. The malware is distributed in a packed state to evade detection, and once unpacked, it communicates with its C&C server, receiving commands to execute various malicious activities. It's capable of keylogging, stealing account credentials via Mimikatz, and even enabling remote desktop for further exploitation. The primary targets appear to be Chinese users, given the malware's specific focus on QQ Messenger data exfiltration. The detailed analysis by AhnLab's ASEC provides a deep dive into its nefarious functionalities and the threat it poses to poorly managed MS-SQL servers.

Source: ASEC Blog

Tags: #HiddenGh0st #Gh0stRAT #MSSQL #Cybersecurity #MalwareAnalysis #Rootkit #ChineseCyberThreats #InfoSec #AhnLab 🇨🇳🔐🖥️

Interesting article on how information stealers make a profit from #AhnLab: https://asec.ahnlab.com/en/45150/

Interesting article on how information stealers make a profit from #AhnLab: https://asec.ahnlab.com/en/45150/

Interesting article on how information stealers make a profit from #AhnLab: https://asec.ahnlab.com/en/45150/

Interesting article on how information stealers make a profit from #AhnLab: https://asec.ahnlab.com/en/45150/

Interesting article on how information stealers make a profit from #AhnLab: https://asec.ahnlab.com/en/45150/

📬 Exchange Server hat Löcher wie ein Schweizer Käse
#Hacking #AhnLab #ExchangeServer #Lockbit #PiotrBazydlo #WebShell #ZeroDayInitiative #ZeroDaySchwachstellen https://tarnkappe.info/artikel/hacking/exchange-server-hat-loecher-wie-ein-schweizer-kaese-257781.html

📬 Exchange Server hat Löcher wie ein Schweizer Käse
#Hacking #AhnLab #ExchangeServer #Lockbit #PiotrBazydlo #WebShell #ZeroDayInitiative #ZeroDaySchwachstellen https://tarnkappe.info/artikel/hacking/exchange-server-hat-loecher-wie-ein-schweizer-kaese-257781.html

📬 Exchange Server hat Löcher wie ein Schweizer Käse
#Hacking #AhnLab #ExchangeServer #Lockbit #PiotrBazydlo #WebShell #ZeroDayInitiative #ZeroDaySchwachstellen https://tarnkappe.info/artikel/hacking/exchange-server-hat-loecher-wie-ein-schweizer-kaese-257781.html