NOD 2 Posted June 21, 2017 Share Posted June 21, 2017 (edited) Is ESET detecting malware below? https://www.virustotal.com/ko/file/145b4c8192695940541307772ef9315ae99e33a52381378cae608f4341373720/analysis/ https://www.virustotal.com/ko/file/57470e4980b001f049d6bdeef1eedb42060ac1d627bdeefd4ba61c4e1404a020/analysis/ https://www.virustotal.com/ko/file/f3ec8db8b1f52eba733478fbd28debde40650b004b5881f31d6deb3dce6eeada/analysis/ https://www.threatminer.org/av.php?q=Exploit.HWP.BodyText.ParaText.Gen This is the malware of this format. hxxp://www.hancom.com/global/product/productWindowsMain.do?gnb0=3&gnb1=4 Edited June 21, 2017 by NOD Link to comment Share on other sites More sharing options...
NOD 2 Posted June 22, 2017 Author Share Posted June 22, 2017 (edited) Exploit.HWP.Agent https://www.virustotal.com/ko/file/7d163e36f47ec56c9fe08d758a0770f1778fa30af68f39aac80441a3f037761e/analysis/ https://www.virustotal.com/ko/file/9b7766b0f7e4b61da87d7283cf65aa2614c2a468024dee980a28ee52ad87cdab/analysis/ This malware was found in December 2014, and recently re-scanned, but not detected. https://www.virustotal.com/ko/file/226b3e4f4f3c48ab33e4759da1c025fc79d61aad04c4f761c0c2107bd51ff703/analysis/ https://www.threatminer.org/av.php?q=Exploit.HWP.Agent Edited June 22, 2017 by NOD Link to comment Share on other sites More sharing options...
itman 1,748 Posted June 23, 2017 Share Posted June 23, 2017 I wouldn't be concerned about this malware unless you reside in South Korea. It's a targeted attack by North Korea against South Korean interests. Also MW Word, etc. only supports the 1997 ver. of HWP attachments. Any newer vers. of HWP are not supported: Note: Microsoft Office, OpenOffice, and LibreOffice can open HWP files only if they were created with Hangul '97 - newer versions of the .HWP file cannot be opened with these applications. Ref.: https://www.lifewire.com/hwp-file-2621713 Link to comment Share on other sites More sharing options...
NOD 2 Posted June 23, 2017 Author Share Posted June 23, 2017 (edited) 1 hour ago, itman said: I wouldn't be concerned about this malware unless you reside in South Korea. It's a targeted attack by North Korea against South Korean interests. Also MW Word, etc. only supports the 1997 ver. of HWP attachments. Any newer vers. of HWP are not supported: Note: Microsoft Office, OpenOffice, and LibreOffice can open HWP files only if they were created with Hangul '97 - newer versions of the .HWP file cannot be opened with these applications. Ref.: https://www.lifewire.com/hwp-file-2621713 I agree. This malicious code is a malicious code to attack Korea. However, ESET is a global group. ESET is doing business in Korea. If so, HWP malware should be analyzed and detected. And Korea is using Hangul products in addition to MS Office. So HWP file protection is required. If you do not protect it, Koreans will not use ESET products. I want ESET to be the most famous antivirus product in Korea. So this is to write this article. Edited June 23, 2017 by NOD Link to comment Share on other sites More sharing options...
Recommended Posts