Search cyberveille.decio.ch

Analysis of TargetCompany's Attacks Against MS-SQL Servers (Mallox, BlueSky Ransomware)

While monitoring attacks targeting MS-SQL servers, AhnLab SEcurity intelligence Center (ASEC) recently identified cases of the TargetCompany ransomware group installing the Mallox ransomware. The TargetCompany ransomware group primarily targets improperly managed MS-SQL servers to install the Mallox ransomware. While these attacks have been ongoing for several years, here we will outline the correlation between the newly identified malware and previous attack cases involving the distribution of the Tor2Mine CoinMiner and BlueSky ransomware.

#asec.ahnlab #EN #2024 #MS-SQL #servers #CoinMiner #BlueSky #ransomware #analysis

·asec.ahnlab.com·May 3, 2024

Analysis of TargetCompany's Attacks Against MS-SQL Servers (Mallox, BlueSky Ransomware)

Malicious Batch File (*.bat) Disguised as a Document Viewer Being Distributed (Kimsuky)

AhnLab Security Emergency response Center (ASEC) has confirmed the distribution of malware in the form of a batch file (*.bat). This malware is designed to download various scripts based on the anti-malware process, including AhnLab products, installed in the user’s environment. Based on the function names used by the malware and the downloaded URL parameters, it is suspected to have been distributed by the Kimsuky group.

#asec.ahnlab #malware #analysis #batch #file #.bat #Kimsuky #Document #Viewer

·asec.ahnlab.com·Jul 31, 2023

Malicious Batch File (*.bat) Disguised as a Document Viewer Being Distributed (Kimsuky)

Sliver Malware With BYOVD Distributed Through Sunlogin Vulnerability Exploitations - ASEC BLOG

Sliver is an open-source penetration testing tool developed in the Go programming language. Cobalt Strike and Metasploit are major examples of penetration testing tools used by many threat actors, and various attack cases involving these tools have been covered here on the ASEC blog. Recently, there have been cases of threat actors using Sliver in addition to Cobalt Strike and Metasploit. The ASEC (AhnLab Security Emergency response Center) analysis team is monitoring attacks against systems with either unpatched vulnerabilities or misconfigured settings. During this process, we have recently discovered a Sliver backdoor being installed through what is presumed to be vulnerability exploitation on certain software. Not only did threat actors use the Sliver backdoor, but they also used the BYOVD (Bring Your Own Vulnerable Driver) malware to incapacitate security products and install reverse shells.

#asec.ahnlab #EN #2023 #Sliver #Sunlogin #analysis

·asec.ahnlab.com·Feb 7, 2023

Sliver Malware With BYOVD Distributed Through Sunlogin Vulnerability Exploitations - ASEC BLOG

Sliver is an open-source penetration testing tool developed in the Go programming language. Cobalt Strike and Metasploit are major examples of penetration testing tools used by many threat actors, and various attack cases involving these tools have been covered here on the ASEC blog. Recently, there have been cases of threat actors using Sliver in addition to Cobalt Strike and Metasploit. The ASEC (AhnLab Security Emergency response Center) analysis team is monitoring attacks against systems with either unpatched vulnerabilities or misconfigured settings. During this process, we have recently discovered a Sliver backdoor being installed through what is presumed to be vulnerability exploitation on certain software. Not only did threat actors use the Sliver backdoor, but they also used the BYOVD (Bring Your Own Vulnerable Driver) malware to incapacitate security products and install reverse shells.

#asec.ahnlab #EN #2023 #Sliver #Sunlogin #analysis

·asec.ahnlab.com·Feb 7, 2023

Sliver Malware With BYOVD Distributed Through Sunlogin Vulnerability Exploitations - ASEC BLOG