Networks

The following is the information on Yara and Snort rules (week 5, August 2024) collected and shared by the AhnLab TIP service. 14 YARA Rules Detection name Description Source PK_Chase_prohqcker Phishing Kit impersonating Chase bank https://github.com/t4d/PhishingKit-Yara-Rules PK_Colissimo_blackforce Phishing Kit impersonating Colissimo https://github.com/t4d/PhishingKit-Yara-Rules PK_IDME_prohqcker Phishing Kit impersonating ID.me https://github.com/t4d/PhishingKit-Yara-Rules PK_LCL_2024 Phishing

The following is the information on Yara and Snort rules (week 4, August 2024) collected and shared by the AhnLab TIP service. 6 YARA Rule Detection name Description Source MAL_Driver_Gentilkiwibenjamindelpy_Mimidrv_Mimidrvmimikatz_AAF0 Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header – mimidrv.sys https://github.com/Neo23x0/signature-base MAL_Driver_Gentilkiwibenjamindelpy_Mimidrv_Mimidrvmimikatz_DDF4 Detects malicious

The following is the information on Yara and Snort rules (week 3, August 2024) collected and shared by the AhnLab TIP service. 7 YARA Rules Detection name Description Source PK_Cetelem_vara Phishing Kit impersonating Cetelem https://github.com/t4d/PhishingKit-Yara-Rules PK_Netflix_es Phishing Kit impersonating Netflix https://github.com/t4d/PhishingKit-Yara-Rules PK_WeTransfer_venza Phishing Kit impersonating WeTransfer https://github.com/t4d/PhishingKit-Yara-Rules PK_WhatsApp_arpantek Phishing Kit

The following is the information on Yara and Snort rules (week 2, August 2024) collected and shared by the AhnLab TIP service. 7 YARA Rules Detection name Description Source PK_DocuSign_dong Phishing Kit impersonating DocuSign https://github.com/t4d/PhishingKit-Yara-Rules PK_GECU_z118 Phishing Kit impersonating GECU Credit Union https://github.com/t4d/PhishingKit-Yara-Rules PK_GarantiBBVA_Turkey Phishing Kit impersonating Garanti BBVA Turkey

The following is the information on Yara and Snort rules (week 1, August 2024) collected and shared by the AhnLab TIP service. 26 YARA Rules Detection name Description Source PK_A1_webmail Phishing Kit impersonating A1.net webmail https://github.com/t4d/PhishingKit-Yara-Rules PK_CitiBank_imgamerzchoices Phishing Kit impersonating Citi Bank https://github.com/t4d/PhishingKit-Yara-Rules PK_ING_alexronyy Phishing Kit impersonating ING bank https://github.com/t4d/PhishingKit-Yara-Rules

The following is the information on Yara and Snort rules (week 4, July 2024) collected and shared by the AhnLab TIP service. 0 YARA Rules 10 Snort Rules Detection name Source ET TROJAN Vidar Stealer Form Exfil https://rules.emergingthreatspro.com/open/ ET TROJAN Patchwork APT Victim Registration https://rules.emergingthreatspro.com/open/ ET TROJAN Patchwork APT CnC

The following is the information on Yara and Snort rules (week 3, July 2024) collected and shared by the AhnLab TIP service. 14 YARA Rules Detection name Description Source PK_Coinbase_haxornomercy Phishing Kit impersonating Coinbase https://github.com/t4d/PhishingKit-Yara-Rules PK_Netflix_access Phishing Kit impersonating Netflix https://github.com/t4d/PhishingKit-Yara-Rules PK_RedstoneFCU_forge Phishing Kit impersonating Redstone Federal Credit Union https://github.com/t4d/PhishingKit-Yara-Rules

The following is the information on Yara and Snort rules (week 2, July 2024) collected and shared by the AhnLab TIP service. 0 YARA Rule 11 Snort Rules Detection name Description Source ET TROJAN Poseidon Stealer Data Exfiltration Attempt Detects a packet attempting Poseidon Stealer data exfiltration https://rules.emergingthreatspro.com/open/ ET TROJAN TA427

The following is the information on Yara and Snort rules (week 1, July 2024) collected and shared by the AhnLab TIP service. 10 YARA Rules Detection name Description Source PK_BRI_sadapan Detects a phishing kit impersonating Bank Rakyat Indonesia (bank) https://github.com/t4d/PhishingKit-Yara-Rules PK_GlobalSources_sogo Detects a phishing kit impersonating GlobalSources (B2B media company)