Weekly Detection Rule (YARA and Snort) Information – Week 4, July 2024
The following is the information on Yara and Snort rules (week 4, July 2024) collected and shared by the AhnLab TIP service.
- 0 YARA Rules
- 10 Snort Rules
| Detection name | Source |
| ET TROJAN Vidar Stealer Form Exfil | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Patchwork APT Victim Registration | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Patchwork APT CnC Activity (starget) | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Patchwork APT Host Details Exfil | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Patchwork APT CnC Activity (uuiddsd) | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Patchwork APT CnC Activity (umnome) | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Patchwork APT Malformed HTTP Request | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Patchwork APT Malformed HTTP Request CnC Response | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Win32/saolei CnC Host Checkin | https://rules.emergingthreatspro.com/open/ |
| ET ATTACK_RESPONSE Covenant .NET Framework SSL/TLS Certificate Observed | https://rules.emergingthreatspro.com/open/ |
Detailed rule files are attached.
