Distribution of Malicious LNK Files to Korean Financial Companies
AhnLab SEcurity intelligence Center (ASEC) has discovered that malicious LNK files are being distributed to Korean financial companies. Caution is advised as attacks using LNK files have been consistently utilized since the past. The recently observed LNK files are believed to be distributed through emails containing a malicious URL. The
Weekly Detection Rule (YARA and Snort) Information – Week 4, July 2024
The following is the information on Yara and Snort rules (week 4, July 2024) collected and shared by the AhnLab TIP service. 0 YARA Rules 10 Snort Rules Detection name Source ET TROJAN Vidar Stealer Form Exfil https://rules.emergingthreatspro.com/open/ ET TROJAN Patchwork APT Victim Registration https://rules.emergingthreatspro.com/open/ ET TROJAN Patchwork APT CnC
Warning Against the Distribution of Malware Disguised as Software Cracks (Disrupts V3 Lite Installation)
AhnLab SEcurity intelligence Center (ASEC) has previously introduced the dangers of malware disguised as crack programs through a post titled “Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.)”. [1] Malware strains disguised as crack programs are primarily distributed through file-sharing platforms, blogs, and torrents, leading
Weekly Detection Rule (YARA and Snort) Information – Week 3, July 2024
The following is the information on Yara and Snort rules (week 3, July 2024) collected and shared by the AhnLab TIP service. 14 YARA Rules Detection name Description Source PK_Coinbase_haxornomercy Phishing Kit impersonating Coinbase https://github.com/t4d/PhishingKit-Yara-Rules PK_Netflix_access Phishing Kit impersonating Netflix https://github.com/t4d/PhishingKit-Yara-Rules PK_RedstoneFCU_forge Phishing Kit impersonating Redstone Federal Credit Union https://github.com/t4d/PhishingKit-Yara-Rules
Private HTS Program Continuously Used in Attacks
AhnLab SEcurity intelligence Center (ASEC) has previously covered a case where Quasar RAT was distributed through private home trading systems (HTS) in the blog post “Quasar RAT Being Distributed by Private HTS Program“. The same threat actor has been continuously distributing malware, and attack cases have been confirmed even recently.
Weekly Detection Rule (YARA and Snort) Information – Week 2, July 2024
The following is the information on Yara and Snort rules (week 2, July 2024) collected and shared by the AhnLab TIP service. 0 YARA Rule 11 Snort Rules Detection name Description Source ET TROJAN Poseidon Stealer Data Exfiltration Attempt Detects a packet attempting Poseidon Stealer data exfiltration https://rules.emergingthreatspro.com/open/ ET TROJAN TA427
June 2024 Major Issues on APT Attacks in South Korea
Overview AhnLab has been using AhnLab Smart Defense (ASD) to monitor advanced persistent threat (APT) attacks against targets in South Korea. This report discusses the categorization and statistics of APT attacks against Korean targets in June 2024 as well as the features of each type. Figure 1. Statistics
Weekly Detection Rule (YARA and Snort) Information – Week 1, July 2024
The following is the information on Yara and Snort rules (week 1, July 2024) collected and shared by the AhnLab TIP service. 10 YARA Rules Detection name Description Source PK_BRI_sadapan Detects a phishing kit impersonating Bank Rakyat Indonesia (bank) https://github.com/t4d/PhishingKit-Yara-Rules PK_GlobalSources_sogo Detects a phishing kit impersonating GlobalSources (B2B media company)
Threat Trend Report on Ransomware – Statistics and Major Issues in June 2024
Objectives and Scope This report provides statistics on the number of new ransomware samples, targeted systems, and targeted businesses in June 2024, as well as notable ransomware issues in Korea and other countries. Other major issues and statistics for ransomware that are not mentioned in the report can be
Security Issues in Korean & Global Financial Sector – Malware, Phishing, Deep Web & Dark Web in June 2024
This report covers security issues related to the domestic and international financial sector. It consists of content confirmed in phishing, malware, and deep web & dark web. – Statistics on Malware Distributed to Financial Sectors – Statistics on Korean Accounts Exfiltrated Via Telegram by Industry MD5 2586ef80415ac670c1b81367efae7b3d 28127336f11129fd4a3af24e421efdb4 2d67fe77b8b1e53d43ddad90aedd08f0
