HugeGraph-Server Security Update Advisory
Overview We have released a security update to address a vulnerability in HugeGraph-Server. Users of...
Play Ransomware Attack Cases Detected by AhnLab EDR
Play ransomware, also known as Balloonfly or PlayCrypt, was first identified in June 2022 and has reportedly attacked over 300 organizations worldwide since then. A notable characteristic of the ransomware, which remains actively in use, is its addition of the “.PLAY” extension to files following encryption. Like other ransomware threat
Ransom & Dark Web Issues Week 1, January 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 1, January 2025 Customer information data from a South Korean children’s bookstore has been leaked on BreachForums. RDP access credentials for a South Korean internet-only bank are being sold on BreachForums. Source code from South Korea’s
Weekly Detection Rule (YARA and Snort) Information – Week 1, January 2025
The following is the information on Yara and Snort rules (week 1, January 2025) collected and shared by the AhnLab TIP service. 0 YARA Rules 5 Snort Rules Detection name Source ET TROJAN Observed ClickFix Powershell Delivery Page Inbound https://rules.emergingthreatspro.com/open/ ET TROJAN Win32/Unk.Coinminer Checkin https://rules.emergingthreatspro.com/open/ ET TROJAN W32/BitCoinMiner.MultiThreat Getblocktemplate Protocol
December 29, 2024
December 29, 2024 Hash 106ba397d57b997dfb5729ca18976e05b 27663e0d8ee2e6e28eb2803cdf037bde9 3e254ebb1ad831c79896678e01162287f URL 1http[:]//52575815-38-20200406120634[.]webstarterz[.]com/wSh0v9LdbDMrnEs[.]exe 2https[:]//fashionyellow561[.]weebly[.]com/ 3http[:]//alfolw[.]dk/[email%C3%83%C2%83%C3%82%C2%83%C3%83%C2%82%C3%82%C2%83%C3%83%C2%83%C3%82%C2%82%C3%83%C2%82%C3%82%C2%83%C3%83%C2%83%C3%82%C2%83%C3%83%C2%82%C3%82%C2%82%C3%83%C2%83%C3%82%C2%82%C3%83%C2%82%C3%82%C2%83%C3%83%C2%83%C3%82%C2%83%C3%83%C2%82%C3%82%C2%83%C3%83%C2%83%C3%82%C2%82%C3%83%C2%82%C3%82%C2%82%C3%83%C2%83%C3%82%C2%83%C3%83%C2%82%C3%82%C2%82%C3%83%C2%83%C3%82%C2%82%C3%83%C2%82%C3%82%C2%82protected][.]zip IP 1191[.]252[.]5[.]175 2175[.]197[.]99[.]143 3159[.]65[.]93[.]40...
December 28, 2024
December 28, 2024 Hash 12642c695763663499f1301870a39f840 2e222be35ccf32215c1cdbabbf1c01f0f 373d87cb493bc60c62944adde0df9b501 URL 1https[:]//nznra[.]weebly[.]com/blog/objectdock-plus-cracked 2https[:]//garrywide[.]weebly[.]com/magic-bullet-looks-premiere[.]html 3https[:]//paintskyey[.]weebly[.]com/blog/contract-vanzare-cumparare-auto-germania-pdf IP 1104[.]167[.]25[.]220 2123[.]140[.]114[.]196 3185[.]197[.]249[.]19...
Amazon Redshift Driver Security Update Advisory
Overview We have released a security update to address a vulnerability in the Apache...
Apache Product Security Update Advisory
Overview We have released a security update to address a vulnerability in Apache products. Users...
Android Malware & Security Issue 4st Week of December, 2024
ASEC Blog publishes “Android Malware & Security Issue 4st Week of December, 2024”
December 27, 2024
December 27, 2024 Hash 1dae79672bbeddefcfbe41b5104852337 21ab2548e89e865f83bce578b8aff8512 393aed94fef922d429c6770e80c9fb65a URL 1https[:]//triptrip[.]melody-wave[.]shop/re2[.]mp4 2http[:]//myups[.]biz/bbb 3http[:]//nqwjmb[.]biz/nfn IP 1164[.]92[.]198[.]80 245[.]56[.]109[.]58 31[.]34[.]239[.]180...
