Weekly Detection Rule (YARA and Snort) Information – Week 2, January 2025
The following is the information on Yara and Snort rules (week 2, January 2025) collected and shared by the AhnLab TIP service. 0 YARA Rules 10 Snort Rules Detection name Source ET TROJAN Observed Malicious User-Agent (UNK_FlappyBird) https://rules.emergingthreatspro.com/open/ ET SCAN ELF/Mirai Variant UDP (Inbound) M1 https://rules.emergingthreatspro.com/open/ ET SCAN ELF/Mirai Variant
Infostealer LummaC2 Spreading Through Fake CAPTCHA Verification Page
AhnLab SEcurity intelligence Center (ASEC) previously introduced the DarkGate malware which spreads using the paste function in a blog post. Warning Against Phishing Emails Prompting Execution of Commands via Paste (CTRL+V) The distribution method in this case initially involved spreading malware through HTML attachments disguised as MS Word files in
Android Malware & Security Issue 1st Week of January, 2025
ASEC Blog publishes “Android Malware & Security Issue 1st Week of January, 2025”
Ransom & Dark Web Issues Week 1, January 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 1, January 2025 Customer information data from a South Korean children’s bookstore has been leaked on BreachForums. RDP access credentials for a South Korean internet-only bank are being sold on BreachForums. Source code from South Korea’s
Weekly Detection Rule (YARA and Snort) Information – Week 1, January 2025
The following is the information on Yara and Snort rules (week 1, January 2025) collected and shared by the AhnLab TIP service. 0 YARA Rules 5 Snort Rules Detection name Source ET TROJAN Observed ClickFix Powershell Delivery Page Inbound https://rules.emergingthreatspro.com/open/ ET TROJAN Win32/Unk.Coinminer Checkin https://rules.emergingthreatspro.com/open/ ET TROJAN W32/BitCoinMiner.MultiThreat Getblocktemplate Protocol
Play Ransomware Attack Cases Detected by AhnLab EDR
Play ransomware, also known as Balloonfly or PlayCrypt, was first identified in June 2022 and has reportedly attacked over 300 organizations worldwide since then. A notable characteristic of the ransomware, which remains actively in use, is its addition of the “.PLAY” extension to files following encryption. Like other ransomware threat
Android Malware & Security Issue 4st Week of December, 2024
ASEC Blog publishes “Android Malware & Security Issue 4st Week of December, 2024”
Ransom & Dark Web Issues Week 4, December 2024
ASEC Blog publishes Ransom & Dark Web Issues Week 4, December 2024 LockBit ransomware gang: Announces return with the release of version 4.0 despite the arrest of key member Rostislav Panev World’s largest donut brand, posted as a new victim of Play ransomware. Data from
Weekly Detection Rule (YARA and Snort) Information – Week 4, December 2024
The following is the information on Yara and Snort rules (week 4, December 2024) collected and shared by the AhnLab TIP service. 5 YARA Rules Detection name Description Source PK_BankID_poko Phishing Kit impersonating BankID https://github.com/t4d/PhishingKit-Yara-Rules PK_DisneyPlus_blackforce Phishing Kit impersonating Disney Plus https://github.com/t4d/PhishingKit-Yara-Rules PK_O365_itna1337 Phishing Kit impersonating Office 365 https://github.com/t4d/PhishingKit-Yara-Rules PK_BanquePostale_z0n51_2
Analysis of Attack Cases Against Korean Solutions by the Andariel Group (SmallTiger)
The Andariel group has been attacking various software used by South Korean companies since the past [1]. Notably, these include asset management solutions and data loss prevention (DLP) solutions, and vulnerability attack cases have also been identified in various other solutions. Attack cases by the Andariel group are continuing in
