![AhnLab_ASEC's tweet photo. AhnLab Security Emergency response Center (ASEC) has recently discovered #CHM malware which is assumed to have been created by #Kimsuky.
It is distributed as an email attachment.
IOC:
726af41024d06df195784ae88f2849e4
C2:
hxxp://mpevalr.ria[.]monster
https://t.co/KjtzBBHgsC https://t.co/Tghddk8GEh](https://pbs.twimg.com/media/FroMjq4aEAAVlZb.jpg)
![AhnLab_ASEC's tweet photo. AhnLab Security Emergency response Center (ASEC) has recently discovered #CHM malware which is assumed to have been created by #Kimsuky.
It is distributed as an email attachment.
IOC:
726af41024d06df195784ae88f2849e4
C2:
hxxp://mpevalr.ria[.]monster
https://t.co/KjtzBBHgsC https://t.co/Tghddk8GEh](https://pbs.twimg.com/media/FroMgLLaIAEfOXC.jpg)
Olivia
Online
Kimsuky Group Using Meterpreter to Attack Web Servers | ASEC has recently discovered the distribution of malware targeting web servers by Kimsuky group; a threat group deemed supported by North Korea. https://t.co/RV7ergaW93 @AhnLab_ASEC
#Trigona #Ransomware Attacking MS-SQL Servers.
Typical attacks that target MS-SQL servers include brute force attacks and dictionary attacks on systems where account credentials are poorly managed.
https://t.co/9D5khh6q5d
#Kimsuky Uses Alternate Data Stream (ADS) to Conceal Malware.
https://t.co/uqM5qmoB96
Who to follow
Aaron Jornet 
@RexorVc0
Threat Researcher at @socradar | Malware Researcher | Threat Hunter | CTI ¦ Former @ElevenPaths @Panda_Security
📖Book: https://t.co/ZmIUPBuNKG
Andrea P
@decoder_it
Security Consultant @semperistech . Independent Security Researcher. Cyclist & Scubadiver. MSRC MVR 2022. "So di non sapere"
Sekoia
@sekoia_io
Sekoia is the European cybersecurity company building the Cyber Operations Platform for the AI era.
#Nevada #Ransomware is being distributed.
b673d92b77489d12779dc1fb5e8f6fdd
".NEVADA" extension
1. Main Features of Nevada Ransomware
2. Nevada Encryption Targets and Exception Conditions
https://t.co/akAMbasTv7
📝AhnLab Threat Intelligence Report
A comprehensive report on monitoring the activities of Kimsuky (FlowerPower, AppleSeed) in 2022
https://t.co/Q35K1uzbEe
https://t.co/9D0RnJ1XQ6
📝AhnLab Threat Intelligence Report
Threat Trend Report on Region-Specific Ransomware
- Localized Ransomware Attacks
- Case Study: South Korea, Taiwan, China, Chile
https://t.co/3zAL1BVvfl
https://t.co/6hux6XN8tn
#AhnLab #Ransomware #Anlaysis
#Mallox #ransomware, which targets vulnerable MS-SQL servers, has been historically distributed at a consistently high rate.
Mallox disguised as a program related to DirectPlay is a file built in .NET file.
📝Analysis:
https://t.co/WeBBCGsUWY
❗MS-SQL Attack
The attacker used not only #CobaltStrike but also #Netcat to gain control over the infected system.
It targets poorly managed MS-SQL servers.
Various other malware were also installed like privilege escalator, infostealer, and proxy tools.
https://t.co/fVtMOz7iLu
According to ASEC the North Korea-linked Lazarus Group has been observed weaponizing flaws in an undisclosed software to breach a financial business entity in South Korea twice within a span of a year. https://t.co/MNRy8rPSmx @TheHackersNews
#iswr #ransomware can be decrypted!!!
iswr ransomware is a variant of #STOP ransomware.
#AhnLab #ASEC offers a free script for decrypting files infected by iswr ransomware.
😆https://t.co/zXNhQMDTST
CHM Malicious File Disguised as Security Email from a Korean Financial Company
#RedEyes
#Scarcruft
https://t.co/fPoOSJyfzp
ASEC has recently discovered the installation of the #PlugX #malware through the Chinese remote control programs #Sunlogin and #Awesun’s remote code execution #vulnerability
https://t.co/UJBbM1bQpm
#Lazarus exploited a zero-day #vulnerability in Korea’s widely used digital signature authentication software. They attacked Korean defense contractors, satellite companies, IT, and media companies. #0day
This report will be translated into English soon.
https://t.co/lsXnxdN6Oj
#Magniber #Ransomware’s Relaunch Technique using Windows Registry 🤐
Registering to be relaunched is a preliminary phase of encryption.
https://t.co/r6z7AOtm9T
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.5M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.3M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.5M followers
Taylor Swift
@taylorswift13
81.3M followers
Lady Gaga
@ladygaga
72.9M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.7M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.8M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.6M followers