Networks

The following is the information on Yara and Snort rules (week 4, March 2025) collected and shared by the AhnLab TIP service. 10 YARA Rules Detection name Description Source PK_Alibaba_whizkossy Phishing Kit impersonating Alibaba https://github.com/t4d/PhishingKit-Yara-Rules PK_Caixa_db Phishing Kit impersonating Caixa Bank https://github.com/t4d/PhishingKit-Yara-Rules PK_MBHBank_takare Phishing Kit impersonating MBH Bank from Hungary

The following is the information on Yara and Snort rules (week 3, March 2025) collected and shared by the AhnLab TIP service. 0 YARA Rules 17 Snort Rules Detection name Source ET WEB_SPECIFIC_APPS D-Tale Filter Query Command Injection Attempt (CVE-2025-0655) https://rules.emergingthreatspro.com/open/ ET EXPLOIT [CORELIGHT] – CVE-2025-27218 Sitecore unsafe deserialization attempt

The following is the information on Yara and Snort rules (week 2, March 2025) collected and shared by the AhnLab TIP service. 5 YARA Rules Detection name Description Source PK_Generic_RD127 Phishing Kit – RD127 – Generic email credentials stealer https://github.com/t4d/PhishingKit-Yara-Rules PK_LIDL_ninja Phishing Kit impersonating LIDL https://github.com/t4d/PhishingKit-Yara-Rules PK_MTBank_yochi2 Phishing Kit impersonating

The following is the information on Yara and Snort rules (week 1, March 2025) collected and shared by the AhnLab TIP service. 1 YARA Rules Detection name Description Source sig_27244_metasploit_hta_stager file UsySLX1n.hta https://github.com/The-DFIR-Report/Yara-Rules 23 Snort Rules Detection name Source ET WEB_SPECIFIC_APPS Paessler PRTG Notification Command Injection Attempt (CVE-2018-9276) https://rules.emergingthreatspro.com/open/ ET

The following is the information on Yara and Snort rules (week 3, February 2025) collected and shared by the AhnLab TIP service. 5 YARA Rules Detection name Description Source MAL_BACKORDER_LOADER_WIN_Go_Jan23 Detects the BACKORDER loader compiled in GO which download and executes a second stage payload from a remote server. https://github.com/Neo23x0/signature-base

The following is the information on Yara and Snort rules (week 1, February 2025) collected and shared by the AhnLab TIP service. 14 YARA Rules Detection name Description Source PK_Ameli_sunrise22 Phishing Kit impersonating Ameli.fr/Carte vitale https://github.com/t4d/PhishingKit-Yara-Rules PK_Aramex_panel Phishing Kit impersonating Aramex https://github.com/t4d/PhishingKit-Yara-Rules PK_Doctolib_js Phishing Kit impersonating Doctolib https://github.com/t4d/PhishingKit-Yara-Rules PK_Email_CN Phishing

The following is the information on Yara and Snort rules (week 5, January 2025) collected and shared by the AhnLab TIP service. 8 YARA Rules Detection name Description Source PK_DHL_Tracking Phishing Kit impersonating DHL https://github.com/t4d/PhishingKit-Yara-Rules PK_ESL_sigmadev Phishing Kit impersonating ESL Federal Credit Union https://github.com/t4d/PhishingKit-Yara-Rules PK_Nexi_mobile Phishing Kit impersonating Nexi (Nexi

The following is the information on Yara and Snort rules (week 4, January 2025) collected and shared by the AhnLab TIP service. 7 YARA Rules Detection name Description Source PK_SumUp_pseller Phishing Kit impersonating SumUp https://github.com/t4d/PhishingKit-Yara-Rules PK_SwissPass_z3ci_2 Phishing Kit impersonating SwissPass.ch https://github.com/t4d/PhishingKit-Yara-Rules PK_PayPal_0x Phishing Kit impersonating Paypal https://github.com/t4d/PhishingKit-Yara-Rules PK_IndonesiaBaikId_malay Phishing Kit