Analysis of an Attack Against HiveOS for Mining Ravencoin
Malware

Analysis of an Attack Against HiveOS for Mining Ravencoin

AhnLab Security intelligence Center (ASEC) is using multiple honeypots to monitor attacks targeting improperly managed Linux servers. Among the prominent honeypots is the SSH service using vulnerable credentials, which is targeted by many DDoS and CoinMiner attackers. While monitoring numerous external attacks, ASEC recently identified an attack targeting HiveOS. The

  • Oct 07 2024
Security Issues in Korean & Global Financial Sector – Malware, Phishing, Deep Web & Dark Web Cases in September 2024
Darkweb Malware Phishing/Scam Trend

Security Issues in Korean & Global Financial Sector – Malware, Phishing, Deep Web & Dark Web Cases in September 2024

This report comprehensively covers actual cyber threats and related security issues that have occurred targeting domestic and foreign financial companies. It includes analysis of malware and phishing cases distributed targeting the financial sector, presents the top 10 major malware targeting the financial sector, and also provides industry statistics on domestic

  • Oct 07 2024
Weekly Detection Rule (YARA and Snort) Information – Week 1, October 2024
Malware Networks

Weekly Detection Rule (YARA and Snort) Information – Week 1, October 2024

The following is the information on Yara and Snort rules (week 1, October 2024) collected and shared by the AhnLab TIP service. 6 YARA Rules Detection name Description Source SUSP_EXPL_LNX_CUPS_CVE_2024_47177_Sep24 Detects suspicious FoomaticRIPCommandLine command in printer config, which could be used to exploit CUPS CVE-2024-47177 https://github.com/Neo23x0/signature-base PK_Aruba_ar06 Phishing Kit impersonating

  • Oct 02 2024
Supply Chain Attacks Targeting Korean Game Companies Using Valid Certificates
Malware

Supply Chain Attacks Targeting Korean Game Companies Using Valid Certificates

While monitoring threats against Korean companies and users, AhnLab SEcurity intelligence Center (ASEC) has recently identified evidence of supply chain attacks targeting Korean game companies. The attack group, identified by AhnLab as Larva-24008, targeted a Korean game security company to insert a malicious routine into the game security module. As

  • Sep 27 2024
Weekly Detection Rule (YARA and Snort) Information – Week 4, September 2024
Malware Networks

Weekly Detection Rule (YARA and Snort) Information – Week 4, September 2024

The following is the information on Yara and Snort rules (week 4, September 2024) collected and shared by the AhnLab TIP service. 5 YARA Rule Detection name Description Source PK_Bit_dnjwan Phishing Kit impersonating bitpay.co.il https://github.com/t4d/PhishingKit-Yara-Rules PK_GovCA_krepto Phishing Kit impersonating Canadian Government (CRA) https://github.com/t4d/PhishingKit-Yara-Rules PK_Square_RD971_2 Phishing Kit impersonating Square https://github.com/t4d/PhishingKit-Yara-Rules PK_SwissPass_zoro

  • Sep 25 2024
Distribution of SectopRAT (ArechClient2) Disguised as Notion Installer
Malware

Distribution of SectopRAT (ArechClient2) Disguised as Notion Installer

Notion is a collaboration tool providing features to manage projects and record them, used by many worldwide. Such popular programs may become targeted by threat actors since attackers can create web pages uploaded with malware strains that pretend to offer legitimate programs.   Users may end up downloading malware when

  • Sep 23 2024
Weekly Detection Rule (YARA and Snort) Information – Week 3, September 2024
Malware Networks

Weekly Detection Rule (YARA and Snort) Information – Week 3, September 2024

The following is the information on Yara and Snort rules (week 3, September 2024) collected and shared by the AhnLab TIP service. 5 YARA Rules Detection name Description Source PK_AdobePDF_dotloop Phishing Kit impersonating Adobe PDF Online https://github.com/t4d/PhishingKit-Yara-Rules PK_Bancontact_hem Phishing Kit impersonating Bancontact https://github.com/t4d/PhishingKit-Yara-Rules PK_DHL_blackforce Phishing Kit impersonating DHL https://github.com/t4d/PhishingKit-Yara-Rules PK_PayPal_de

  • Sep 19 2024
Kimsuky Group’s Malware Disguised as Lecture Request Form (MSC, HWP)
APT Malware

Kimsuky Group’s Malware Disguised as Lecture Request Form (MSC, HWP)

Recently, malware disguised as a lecture request form targeting specific users was identified.  The distributed files include Hangul Word Processor (HWP) documents and files in MSC format, which download additional malicious files. Decoy document files used to disguise as legitimate documents have been found to sometimes contain personal information, suggesting

  • Sep 19 2024
Case of Attack Targeting MS-SQL Servers Abusing GotoHTTP
Malware

Case of Attack Targeting MS-SQL Servers Abusing GotoHTTP

AhnLab SEcurity intelligence Center (ASEC) has been monitoring MS-SQL servers that are being managed inappropriately and recently discovered an attack case abusing GotoHTTP.   1. GotoHTTP   Remote control tools are used to control systems remotely, providing features such as remote desktop and file transfer. AnyDesk, ToDesk, RuDesktop, TeamViewer, and

  • Sep 12 2024
Weekly Detection Rule (YARA and Snort) Information – Week 2, September 2024
Malware Networks

Weekly Detection Rule (YARA and Snort) Information – Week 2, September 2024

The following is the information on Yara and Snort rules (Week 2, September 2024 ) collected and shared by the AhnLab TIP service. 5 YARA Rules   Detection name Description Source PK_antai_inun Phishing Kit impersonating French ANTAI (amendes) portal https://github.com/t4d/PhishingKit-Yara-Rules PK_Kraken_ankletee Phishing Kit impersonating Kraken https://github.com/t4d/PhishingKit-Yara-Rules PK_O365_spamfather2 Phishing Kit impersonating

  • Sep 11 2024