January 02, 2025
January 02, 2025 Hash 111b539deef1ab0210a7ad946db4ccf1c 2720577b28a98796125126a09e1e00912 34067cc7b316cfa542fcd1f5536775c8a URL 1http[:]//polreweare[.]weebly[.]com/ 2https[:]//tojawer[.]weebly[.]com/ 3http[:]//43[.]241[.]17[.]143[:]3031/abc98[.]exe IP 18[.]138[.]118[.]241 2105[.]155[.]128[.]169 3209[.]97[.]130[.]38...
Siemens Product Security Update Advisory
Overview We have released a security update to fix vulnerabilities in Siemens products. Users of...
HugeGraph-Server Security Update Advisory
Overview We have released a security update to address a vulnerability in HugeGraph-Server. Users of...
Ransom & Dark Web Issues Week 1, January 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 1, January 2025 Customer information data from a South Korean children’s bookstore has been leaked on BreachForums. RDP access credentials for a South Korean internet-only bank are being sold on BreachForums. Source code from South Korea’s
Weekly Detection Rule (YARA and Snort) Information – Week 1, January 2025
The following is the information on Yara and Snort rules (week 1, January 2025) collected and shared by the AhnLab TIP service. 0 YARA Rules 5 Snort Rules Detection name Source ET TROJAN Observed ClickFix Powershell Delivery Page Inbound https://rules.emergingthreatspro.com/open/ ET TROJAN Win32/Unk.Coinminer Checkin https://rules.emergingthreatspro.com/open/ ET TROJAN W32/BitCoinMiner.MultiThreat Getblocktemplate Protocol
Play Ransomware Attack Cases Detected by AhnLab EDR
Play ransomware, also known as Balloonfly or PlayCrypt, was first identified in June 2022 and has reportedly attacked over 300 organizations worldwide since then. A notable characteristic of the ransomware, which remains actively in use, is its addition of the “.PLAY” extension to files following encryption. Like other ransomware threat
