Networks

The following is the information on Yara and Snort rules (week 3, January 2025) collected and shared by the AhnLab TIP service. 5 YARA Rules Detection name Description Source PK_BancaTransilvania_bt24 Phishing Kit impersonating Banca Transilvania https://github.com/t4d/PhishingKit-Yara-Rules PK_DHL_wespam Phishing Kit impersonating DHL https://github.com/t4d/PhishingKit-Yara-Rules PK_IdahoCentralCU_prohqcker Phishing Kit impersonating Idaho Central Credit Union

The following is the information on Yara and Snort rules (week 4, December 2024) collected and shared by the AhnLab TIP service. 5 YARA Rules Detection name Description Source PK_BankID_poko Phishing Kit impersonating BankID https://github.com/t4d/PhishingKit-Yara-Rules PK_DisneyPlus_blackforce Phishing Kit impersonating Disney Plus https://github.com/t4d/PhishingKit-Yara-Rules PK_O365_itna1337 Phishing Kit impersonating Office 365 https://github.com/t4d/PhishingKit-Yara-Rules PK_BanquePostale_z0n51_2

The following is the information on Yara and Snort rules (week 3, December 2024) collected and shared by the AhnLab TIP service. 6 YARA Rules Detection name Description Source EXPL_Cleo_Exploitation_Log_Indicators_Dec24 Detects indicators found in logs during and after Cleo software exploitation (as reported by Huntress in December 2024) https://github.com/Neo23x0/signature-base EXPL_Cleo_Exploitation_PS1_Indicators_Dec24

The following is the information on Yara and Snort rules (week 2, December 2024) collected and shared by the AhnLab TIP service. 8 YARA Rules Detection name Description Source VeeamHax exe – file VeeamHax.exe https://github.com/The-DFIR-Report/Yara-Rules PK_Elster_darknet Phishing Kit impersonating Elster tax office (DE) https://github.com/t4d/PhishingKit-Yara-Rules PK_Nickel_memoryerror Phishing Kit impersonating Nickel https://github.com/t4d/PhishingKit-Yara-Rules

The following is the information on Yara and Snort rules (week 1, December 2024) collected and shared by the AhnLab TIP service. 0 YARA Rules 3 Snort Rules Detection name Source ET EXPLOIT Linksys E1500/E2500 Remote Command Execution 3 https://rules.emergingthreatspro.com/open/ ET WEB_SPECIFIC_APPS SonicWall NetExtender for Windows EPC Client Update RCE

The following is the information on Yara and Snort rules (week 4, November 2024) collected and shared by the AhnLab TIP service. 5 YARA Rules Detection name Description Source PK_Amazon_hitman Phishing Kit impersonating Amazon https://github.com/t4d/PhishingKit-Yara-Rules PK_Nedbank_sql Phishing Kit impersonating Nedbank https://github.com/t4d/PhishingKit-Yara-Rules PK_Barclays_offshore Phishing Kit impersonating Barclays https://github.com/t4d/PhishingKit-Yara-Rules PK_OneDrive_awake Phishing Kit

The following is the information on Yara and Snort rules (week 3, November 2024) collected and shared by the AhnLab TIP service. 1 YARA Rules Detection name Description Source MAL_ELF_Xlogin_Nov24_1 Detects xlogin backdoor samples https://github.com/Neo23x0/signature-base 4 Snort Rules Detection name Source ET WEB_SPECIFIC_APPS Symphony PHP Symfony Profiler Environment Manipulation (CVE-2024-50340)

The following is the information on Yara and Snort rules (week 2, November 2024) collected and shared by the AhnLab TIP service. 3 YARA Rules Detection name Description Source MAL_Sophos_XG_Pygmy_Goat_AES_Key Detects Pygmy Goat – a native x86-32 ELF shared object that was discovered on Sophos XG firewall devices, providing backdoor