Distribution of MSC File Exploiting Amazon Service
APT Malware

Distribution of MSC File Exploiting Amazon Service

AhnLab SEcurity intelligence Center (ASEC) has discovered the distribution of malicious MSC file that is exploiting the Amazon service. The MSC extension has XML file format structure, and is executed by Microsoft Management Console (MMC). The number of distribution has increased since the disclosure by the Elastic Security Labs on

  • Aug 21 2024
Weekly Detection Rule (YARA and Snort) Information – Week 4, August 2024
Malware Networks

Weekly Detection Rule (YARA and Snort) Information – Week 4, August 2024

The following is the information on Yara and Snort rules (week 4, August 2024) collected and shared by the AhnLab TIP service. 6 YARA Rule Detection name Description Source MAL_Driver_Gentilkiwibenjamindelpy_Mimidrv_Mimidrvmimikatz_AAF0 Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header – mimidrv.sys https://github.com/Neo23x0/signature-base MAL_Driver_Gentilkiwibenjamindelpy_Mimidrv_Mimidrvmimikatz_DDF4 Detects malicious

  • Aug 21 2024
Weekly Detection Rule (YARA and Snort) Information – Week 3, August 2024
Malware Networks

Weekly Detection Rule (YARA and Snort) Information – Week 3, August 2024

The following is the information on Yara and Snort rules (week 3, August 2024) collected and shared by the AhnLab TIP service. 7 YARA Rules Detection name Description Source PK_Cetelem_vara Phishing Kit impersonating Cetelem https://github.com/t4d/PhishingKit-Yara-Rules PK_Netflix_es Phishing Kit impersonating Netflix https://github.com/t4d/PhishingKit-Yara-Rules PK_WeTransfer_venza Phishing Kit impersonating WeTransfer https://github.com/t4d/PhishingKit-Yara-Rules PK_WhatsApp_arpantek Phishing Kit

  • Aug 14 2024
Threat Trend Report on Ransomware – Ransomware Statistics and Major Issues in July 2024
Darkweb Malware Trend

Threat Trend Report on Ransomware – Ransomware Statistics and Major Issues in July 2024

This report provides statistics on the number of new ransomware samples, targeted systems, and targeted businesses in July 2024, as well as notable ransomware issues in Korea and other countries.  Disclaimer: The number of ransomware samples and targeted systems are based on the detection names designated by AhnLab, and the

  • Aug 07 2024
Weekly Detection Rule (YARA and Snort) Information – Week 2, August 2024
Malware Networks

Weekly Detection Rule (YARA and Snort) Information – Week 2, August 2024

The following is the information on Yara and Snort rules (week 2, August 2024) collected and shared by the AhnLab TIP service. 7 YARA Rules Detection name Description Source PK_DocuSign_dong Phishing Kit impersonating DocuSign https://github.com/t4d/PhishingKit-Yara-Rules PK_GECU_z118 Phishing Kit impersonating GECU Credit Union https://github.com/t4d/PhishingKit-Yara-Rules PK_GarantiBBVA_Turkey Phishing Kit impersonating Garanti BBVA Turkey

  • Aug 07 2024
Security Issues in Korean & Global Financial Sector – Malware, Phishing, Deep Web & Dark Web Cases in July 2024
Darkweb Malware Phishing/Scam Trend

Security Issues in Korean & Global Financial Sector – Malware, Phishing, Deep Web & Dark Web Cases in July 2024

This report comprehensively covers actual cyber threats and related security issues that have occurred targeting domestic and foreign financial companies. It includes analysis of malware and phishing cases distributed targeting the financial sector, presents the top 10 major malware targeting the financial sector, and also provides industry statistics on domestic

  • Aug 05 2024
Weekly Detection Rule (YARA and Snort) Information – Week 1, August 2024
Malware Networks

Weekly Detection Rule (YARA and Snort) Information – Week 1, August 2024

The following is the information on Yara and Snort rules (week 1, August 2024) collected and shared by the AhnLab TIP service. 26 YARA Rules Detection name Description Source PK_A1_webmail Phishing Kit impersonating A1.net webmail https://github.com/t4d/PhishingKit-Yara-Rules PK_CitiBank_imgamerzchoices Phishing Kit impersonating Citi Bank https://github.com/t4d/PhishingKit-Yara-Rules PK_ING_alexronyy Phishing Kit impersonating ING bank https://github.com/t4d/PhishingKit-Yara-Rules

  • Jul 31 2024
Distribution of SnakeKeylogger Malware via Email
Malware

Distribution of SnakeKeylogger Malware via Email

AhnLab SEcurity intelligence Center (ASEC) has recently identified cases where the SnakeKeylogger malware is being distributed via email. SnakeKeylogger is an Infostealer type of malware developed using the .NET language, and it is characterized by its methods of data exfiltration through email, FTP, SMTP, or Telegram. Figure 1. Phishing email

  • Jul 29 2024
LummaC2 Malware Abusing the Game Platform ‘Steam’
Malware

LummaC2 Malware Abusing the Game Platform ‘Steam’

LummaC2 is an Infostealer that is being actively distributed, disguised as illegal programs (e.g. cracks, keygens, and game hacking programs) available from distribution websites, YouTube, and LinkedIn using the SEO poisoning technique. Recently, it has also been distributed via search engine ads, posing as web pages of Notion, Slack, Capcut,

  • Jul 26 2024
Distribution of Xworm Malware as a URL File (Detected by AhnLab EDR)
Malware

Distribution of Xworm Malware as a URL File (Detected by AhnLab EDR)

Phishing, which is a common method used in the malware distribution phase, has been employed for a long time. Phishing emails typically include attachments disguised as invoices, estimates, tax bills, or summonses to trick recipients into running malware. A recent case confirmed by AhnLab SEcurity intelligence Center (ASEC) involves a

  • Jul 25 2024