Weekly Detection Rule (YARA and Snort) Information – Week 2, July 2024
The following is the information on Yara and Snort rules (week 2, July 2024) collected and shared by the AhnLab TIP service.
- 0 YARA Rule
- 11 Snort Rules
| Detection name | Description | Source |
| ET TROJAN Poseidon Stealer Data Exfiltration Attempt | Detects a packet attempting Poseidon Stealer data exfiltration | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN TA427 Outlook Stealer Loader | Detects Outlook Stealer loader packet | https://rules.emergingthreatspro.com/open/ |
| ET ATTACK_RESPONSE Eval Hex Obfuscated JS Inbound | Detects Eval Hex obfuscation JS incoming packet | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN SilentCryptoMiner Agent Config Inbound | Detects SilentCryptoMiner Agent settings incoming packet | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Observed Malicious SSL/TLS Certificate (UEFA 2024 Phish) | Detects malicious SSL/TLS certificate (UEFA 2024 phishing) packet | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup | Detects Lumma Stealer-related C2 domain packet | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Observed Lumma Stealer Related Domain | Detects Lumma Stealer-related C2 domain packet | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Possible UTG-Q-010 CnC Activity (GET) | Detects UTG-Q-010 C2 connection packet | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN UTG-Q-010 URI Observed in HTTP Request | Detects UTG-Q-010 HTTP request packet | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Observed Malicious UTG-Q-010 Related Certificate Observed (O=IGhnPoQvfb) | Detects UTG-Q-010-related malicious certificate packet | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Win32/Cryptbotv2 CnC Activity (POST) M4 | Detects Cryptbotv2 C2 connection packet | https://rules.emergingthreatspro.com/open/ |
Detailed rule files are attached.
