Weekly Detection Rule (YARA and Snort) Information – Week 5, January 2025
The following is the information on Yara and Snort rules (week 5, January 2025) collected and shared by the AhnLab TIP service. 8 YARA Rules Detection name Description Source PK_DHL_Tracking Phishing Kit impersonating DHL https://github.com/t4d/PhishingKit-Yara-Rules PK_ESL_sigmadev Phishing Kit impersonating ESL Federal Credit Union https://github.com/t4d/PhishingKit-Yara-Rules PK_Nexi_mobile Phishing Kit impersonating Nexi (Nexi
Android Malware & Security Issue 4st Week of January, 2025
ASEC Blog publishes “Android Malware & Security Issue 4st Week of January, 2025”
Ransom & Dark Web Issues Week 4, January 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 4, January 2025 Data from OOO OOO Enterprise, a US IT infrastructure solutions developer, is being sold on BreachForums. Funksec ransomware has targeted a new victim, South Korean networking equipment manufacturer OOO. OOO, a Japanese theme
RID Hijacking Technique Utilized by Andariel Attack Group
AhnLab SEcurity intelligence Center (ASEC) has identified the Andariel attack group using a malicious file to perform an RID Hijacking attack during the breach process. RID Hijacking is an attack technique that involves modifying the Relative Identifier (RID) value of an account with restricted privileges, such as a regular
Weekly Detection Rule (YARA and Snort) Information – Week 4, January 2025
The following is the information on Yara and Snort rules (week 4, January 2025) collected and shared by the AhnLab TIP service. 7 YARA Rules Detection name Description Source PK_SumUp_pseller Phishing Kit impersonating SumUp https://github.com/t4d/PhishingKit-Yara-Rules PK_SwissPass_z3ci_2 Phishing Kit impersonating SwissPass.ch https://github.com/t4d/PhishingKit-Yara-Rules PK_PayPal_0x Phishing Kit impersonating Paypal https://github.com/t4d/PhishingKit-Yara-Rules PK_IndonesiaBaikId_malay Phishing Kit
Android Malware & Security Issue 3st Week of January, 2025
ASEC Blog publishes “Android Malware & Security Issue 3st Week of January, 2025”
Ransom & Dark Web Issues Week 3, January 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 3, January 2025 Access to a major South Korean grocery retailer is being sold on XSS. 59 global companies listed as new victims of Cl0p ransomware. Ransomware gangs Funksec and FSociety announce a collaborative partnership.
Weekly Detection Rule (YARA and Snort) Information – Week 3, January 2025
The following is the information on Yara and Snort rules (week 3, January 2025) collected and shared by the AhnLab TIP service. 5 YARA Rules Detection name Description Source PK_BancaTransilvania_bt24 Phishing Kit impersonating Banca Transilvania https://github.com/t4d/PhishingKit-Yara-Rules PK_DHL_wespam Phishing Kit impersonating DHL https://github.com/t4d/PhishingKit-Yara-Rules PK_IdahoCentralCU_prohqcker Phishing Kit impersonating Idaho Central Credit Union
Warning Against ModiLoader (DBatLoader) Spreading via MS Windows CAB Header Batch File (*.cmd)
In December 2024, AhnLab SEcurity intelligence Center (ASEC) identified the distribution of malware using MS Windows CAB header batch file (*.cmd) with AhnLab’s email honeypot. The malware known as ModiLoader (DBatLoader) was being distributed through purchase orders (PO). The difference from the past cases is that while the current
DigitalPulse Proxyware Being Distributed Through Ad Pages
AhnLab SEcurity intelligence Center (ASEC) has recently confirmed that proxyware is being installed through advertisement pages of freeware software sites. The proxyware that is ultimately installed is signed with a Netlink Connect certificate, but according to the AhnLab analysis, it is identical to the DigitalPulse proxyware that was abused in
