Weekly Detection Rule (YARA and Snort) Information – Week 2, June 2024
The following is the information on Yara and Snort rules (week 2, June 2024) collected and shared by the AhnLab TIP service. 5 YARA Rules Detection Name Description Source PK_AdobePDF_nayfercrax Detects a phishing kit impersonating Adobe PDF Online https://github.com/t4d/PhishingKit-Yara-Rules PK_BankOfAmerica_xsmayer Detects a phishing kit impersonating Bank Of America https://github.com/t4d/PhishingKit-Yara-Rules PK_Ionos_keyword
Analysis of Attack Case Installing SoftEther VPN on Korean ERP Server
AhnLab SEcurity intelligence Center (ASEC) has recently discovered an attack case where a threat actor attacked the ERP server of a Korean corporation and installed a VPN server. In the initial compromise process, the threat actor attacked the MS-SQL service and later installed a web shell to maintain persistence and
May 2024 Major Issues on APT Attacks in South Korea
Overview AhnLab has been using the company infrastructure to conduct monitoring for Advanced Persistent Threat (APT) attacks against South Korea. This report will cover the types and statistics of APT attacks in Korea during May 2024 as well as features for each type. Figure 1. The May 2024
Threat Trend Report on Ransomware – May 2024 Ransomware Statistics and Major Issues
Objectives and Scope This report provides statistics on new ransomware samples, attacked systems, and targeted businesses in May 2024, as well as notable ransomware issues in Korea and overseas. Other major issues and statistics for ransomware that are not mentioned in the report can be found by searching for
Weekly Detection Rule (YARA and Snort) Information – Week 1, June 2024
The following is the information on Yara and Snort rules (week 1, June 2024) collected and shared by the AhnLab TIP service. 5 YARA Rules Detection Name Description Source PK_BankOfAmerica_akhatar Phishing Kit impersonating Bank Of America https://github.com/t4d/PhishingKit-Yara-Rules PK_BankOfAmerica_xbalti Phishing Kit impersonating Bank Of America https://github.com/t4d/PhishingKit-Yara-Rules PK_Citizens_premierghost Phishing Kit impersonating Citizens
Security Issues in Korean & Global Financial Sector – Malware, Phishing, Deep Web & Dark Web in May 2024
Statistics on Malware Distributed to Financial Sector Statistics on Korean Accounts Exfiltrated Via Telegram by Industry MD5 0880757f5b51656408c82fb711fc6f68 088b74f4e87aebbc195f3f17a857eef9 2fde0e06e525e4bccd440a098048a453 45ed98fba139350af5022567dcb6ff10 5c53639753a4e974294f8860302d8bac
Botnet Installing NiceRAT Malware
1. Overview AhnLab Security intelligence Center (ASEC) confirmed that botnets trending since 2019 have been continuously used to install NiceRAT malware. A botnet is a group of devices infected by malware and controlled by a threat actor. Because threat actors mainly launched DDoS attacks using botnets in the past, Nitol
Bondnet Using Miner Bots as C2
Bondnet first became known to the public in an analysis report published by GuardiCore in 20171 and Bondnet’s backdoor was covered in an analysis report on XMRig miner targeting SQL servers released by DFIR Report in 20222. There has not been any information on the Bondnet threat actor’s activities thereon,
SmallTiger Malware Used in Attacks Against South Korean Businesses (Kimsuky and Andariel)
AhnLab SEcurity intelligence Center (ASEC) is responding to recently discovered cases that are using the SmallTiger malware to attack South Korean businesses. The method of initial access has not yet been identified, but the threat actor distributed SmallTiger into the companies’ systems during the lateral movement phase. South Korean defense
Remcos RAT Distributed as UUEncoding (UUE) File
AhnLab SEcurity intelligence Center (ASEC) recently discovered that Remcos RAT is being distributed via UUEncoding (UUE) files compressed using Power Archiver. The image below shows a phishing email distributing the Remcos RAT downloader. Recipients must be vigilant as phishing emails are disguised as emails about importing/exporting shipments or quotations. 1.
