Malware Networks

Weekly Detection Rule (YARA and Snort) Information – Week 1, June 2024

  • Jun 05 2024
Weekly Detection Rule (YARA and Snort) Information – Week 1, June 2024

The following is the information on Yara and Snort rules (week 1, June 2024) collected and shared by the AhnLab TIP service.

  • 5 YARA Rules
Detection Name Description Source
PK_BankOfAmerica_akhatar Phishing Kit impersonating Bank Of America https://github.com/t4d/PhishingKit-Yara-Rules
PK_BankOfAmerica_xbalti Phishing Kit impersonating Bank Of America https://github.com/t4d/PhishingKit-Yara-Rules
PK_Citizens_premierghost Phishing Kit impersonating Citizens Bank https://github.com/t4d/PhishingKit-Yara-Rules
PK_Citizens_snickyninja Phishing Kit impersonating Citizens Bank https://github.com/t4d/PhishingKit-Yara-Rules
PK_KeyBank_chibouna Phishing Kit impersonating KeyBank https://github.com/t4d/PhishingKit-Yara-Rules
  • 14 Snort Rules
Detection Name Source
ET TROJAN Suspected TA450 Activity https://rules.emergingthreatspro.com/open/
ET TROJAN Clipboard Monitor Data Exfiltration Attempt https://rules.emergingthreatspro.com/open/
ET EXPLOIT Fortinet FortiSIEM Unauthenticated Command Injection CVE-2024-23108 https://rules.emergingthreatspro.com/open/
ET TROJAN CrimsonRAT Host Details Exfil https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Joomla Improper Access Control to Webservice Endpoints (CVE-2023-23752) https://rules.emergingthreatspro.com/open/
ET TROJAN Suspected Smokeloader Payload Related Activity (POST) https://rules.emergingthreatspro.com/open/
ET TROJAN Async RAT CnC Activity (GET) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Checkpoint Quantum Security Gateway Arbitrary File Read Attempt (CVE-2024-24919) https://rules.emergingthreatspro.com/open/
ET TROJAN Justice AV Solutions Viewer Backdoor CnC Checkin (CVE-2024-4978) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache Flink Arbitrary File Read Attempt (CVE-2020-17519) https://rules.emergingthreatspro.com/open/
ET EXPLOIT Adobe ColdFusion Unauthorized File Access (CVE-2024-20767) https://rules.emergingthreatspro.com/open/
ET EXPLOIT Fortinet FortiSIEM Unauthenticated Command Injection CVE-2023-34992 https://rules.emergingthreatspro.com/open/
ET TROJAN Async RAT Payload Request (GET) https://rules.emergingthreatspro.com/open/
ET TROJAN Allasenha/CarnavalHeist RAT CnC Checkin https://rules.emergingthreatspro.com/open/

Detaile rule files are attached.

2024-06_ASEC_Notes_1_snort.rules

2024-06_ASEC_Notes_1.yar

 
Previous Post

Next Post