Weekly Detection Rule (YARA and Snort) Information – Week 2, June 2024
The following is the information on Yara and Snort rules (week 2, June 2024) collected and shared by the AhnLab TIP service.
- 5 YARA Rules
| Detection Name | Description | Source |
| PK_AdobePDF_nayfercrax | Detects a phishing kit impersonating Adobe PDF Online | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_BankOfAmerica_xsmayer | Detects a phishing kit impersonating Bank Of America | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_Ionos_keyword | Detects a phishing kit impersonating Ionos (German hosting provider) | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_MyGovAU_prohqcker2 | Detects a phishing kit impersonating Australian myGov | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_SocieteGenerale_fnetwork | Detects a phishing kit impersonating Societe Generale (French financial service group) | https://github.com/t4d/PhishingKit-Yara-Rules |
- 8 Snort Rules
| Detection Name | Description | Source |
| ET TROJAN Win32/Imposter 360 Internet Protection Activity (GET) | Detects a network packet impersonating 360 Internet Protection | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Spyder Loader CnC Checkin | Detects Spyder Loader C2 connection packet | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN UNC1151 Payload Retrieval Attempt | Detects UNC1151 payload query attempt | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Silverfox Payload Retrieval Attempt | Detects Silverfox payload query attempt | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Win32/OfferCore Checkin M1 | Detects OfferCore C2 connection packet | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Win32/OfferCore Checkin M2 | Detects OfferCore C2 connection packet | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN HTTP Request to URL Ending in Payload .bin | Detects /payload{0,5}.bin conection packet | https://rules.emergingthreatspro.com/open/ |
| ET EXPLOIT HikVision iSecure Center RCE Attempt Inbound | Detects HikVision iSecure Center RCE exploit packet | https://rules.emergingthreatspro.com/open/ |
Detaile rule files are attached.
