奧義智慧團隊第一手調查，挖掘中國國家級駭客利用金融軟體系統漏洞，所引發的一系列高風險攻擊事件

ThreatFabric recently discovered Xenomorph: a newly hatched Banking Trojan.

The ASEC analysis team has recently discovered phishing emails disguised as Microsoft login pages. As shown in the figure below, one of the collected samples is disguised as the company’s voice message to prompt users to click the attached playback file.…

ASEC 분석팀에서는 ASEC 자동 분석 시스템 RAPIT 을 활용하여 알려진 악성코드들에 대한 분류 및 대응을 진행하고 있다. 본 포스팅에서는 2022년 2월 14일 월요일부터 2월 20일 일요일까지 한 주간 수집된 악성코드의 통계를 정리한다. 대분류 상으로는 인포스틸러가 74.5%로 1위를 차지하였으며, 그 다음으로는 RAT (Remote Administration Tool) 악성코드가 17.4%, 뱅킹 악성코드 3.9%, 다운로더 2.1%, 랜섬웨어…

ASEC 분석팀은 어제 (02/22) 오전 매그니베르 랜섬웨어가 기존 윈도우앱(APPX) 형태가 아닌 정상 윈도우 인스톨러(MSI)로 위장하여 유포를 재개한 것을 확인하였다. MSI 확장자로 유포중인 매그니베르의 파일명은 아래와 같이 윈도우 업데이트 파일로 위장하였다. Critical.Update.Win10.0-kb4215776.msi Critical.Update.Win10.0-kb6253668.msi Critical.Update.Win10.0-kb5946410.msi…

安天是引领威胁检测与防御能力发展的网络安全国家队，为客户构建端点防护、流量监测、边界防护、导流捕获、深度分析、应急处置的安全基石

The Sandworm actor, which the United Kingdom and the United States have previously attributed to the Russian GRU, has replaced the exposed VPNFilter malware with a new more advanced framework.

Some code used in the ransomware bear a resemblance to code used in Dridex malware, hinting at a common origin

What really happened to Evil Corp after the OFAC sanctions? Did they cut and run, or are they still operating with impunity?

JFrog discovers 25 open-source npm malicious packages, including one that targets malware authors to hijack stolen Discord tokens. Find out more >

The ASEC analysis team has recently discovered ransomware that is being distributed emails after disguising itself as resumes or copyright-related claims. The malicious emails with such content have been steadily distributed from the past. Unlike previous…

The ASEC analysis team has uploaded a post on February 21st about distribution of Cobalt Strike via unsecured MS-SQL servers. Cobalt Strike Being Distributed to Unsecured MS-SQL Servers As for the current case, the distributed Cobalt Strike had a different…

--- 内置未知威胁分析模型介绍

概述
在系列文章2
[https://blog.netlab.360.com/use_dta_to_illuminate_the_path_of_dns_threat_analysis_2/]
，介绍了如何利用DTA进行一轮完整的未知威胁分析，共有3个步骤：

> 1、提出分析思路，从DNS日志里找到可疑线索
2、确认可疑线索有威胁行为
3、借助DNS日志确认资产被感染


其中，这几个步骤里最为安全分析人员所熟悉的应该是步骤2，毕竟日常工作大家都少不了利用各家威胁情…

This blog is a follow-up to the StrRAT discussed before here in K7Labs blog.  A new variant of StrRAT where […]

Popular games such as “Temple Run” or  “Subway Surfer” were found to be malicious Attackers can use the installed malware as a backdoor in order to gain full control on the victim’s machine Most of the victims are from Sweden, Bulgaria, Russia, Bermuda and…

Ukraine Targeted Attacks Wiper

The ASEC analysis team has discovered the distribution of ColdStealer that appears to be a new type of infostealer. The malware disguises itself as a software download for cracks and tools, a distribution method that was mentioned multiple times in previous…

IcedId is a modular banking Trojan discovered in 2017.

At 360Netlab, we continuously track botnets on a global scale through our BotMon system. In particular, for DDoS-related botnets, we further tap into their C2 communications to enable us really see the details of the attacks. Equipped with this visibility…