Malware Networks

Weekly Detection Rule (YARA and Snort) Information – Week 1, September 2024

  • Sep 04 2024
Weekly Detection Rule (YARA and Snort) Information – Week 1, September 2024

The following is the information on Yara and Snort rules (week 1, September 2024) collected and shared by the AhnLab TIP service.

  • 7 YARA Rules
Detection name Description Source
PK_BanquePostale_sicilien : Banque Postale Phishing Kit impersonating la Banque Postale https://github.com/t4d/PhishingKit-Yara-Rules
PK_Binance_uysnx : Binance Phishing Kit impersonating Binance https://github.com/t4d/PhishingKit-Yara-Rules
PK_DHL_x911 : DHL Phishing Kit impersonating DHL https://github.com/t4d/PhishingKit-Yara-Rules
PK_PayPal_drfxnd : Paypal Phishing Kit impersonating Paypal https://github.com/t4d/PhishingKit-Yara-Rules
PK_WellsFargo_yochi : WellsFargo Phishing Kit impersonating Wells Fargo https://github.com/t4d/PhishingKit-Yara-Rules
WEBSHELL_JAVA_VersaMem_JAR_Aug24_1 Detects VersaMem Java webshell samples (as used by Volt Typhoon) https://github.com/Neo23x0/signature-base
WEBSHELL_JAVA_VersaMem_JAR_Aug24_2 Detects VersaMem Java webshell samples (as used by Volt Typhoon) https://github.com/Neo23x0/signature-base
  • 27 Snort Rules

 

Detection name Source
ET TROJAN Possible Cthulu Stealer URI Struct M1 https://rules.emergingthreatspro.com/open/
ET TROJAN SystemBC CnC Beacon https://rules.emergingthreatspro.com/open/
ET TROJAN Possible Cthulu Stealer URI Struct M2 https://rules.emergingthreatspro.com/open/
ET TROJAN Gamaredon CnC Checkin (POST) https://rules.emergingthreatspro.com/open/
ET TROJAN Rodmacer Stealer Data Exfiltration Attempt https://rules.emergingthreatspro.com/open/
ET TROJAN VersaMem Webshell Authentication Attempt M1 https://rules.emergingthreatspro.com/open/
ET TROJAN VersaMem Webshell Authentication Attempt M2 https://rules.emergingthreatspro.com/open/
ET TROJAN VersaMem Webshell Authentication Attempt M3 https://rules.emergingthreatspro.com/open/
ET CURRENT_EVENTS PigButcher Credential Phish Landing Page M1 2024-08-05 https://rules.emergingthreatspro.com/open/
ET CURRENT_EVENTS PigButcher Credential Phish Landing Page M2 2024-08-05 https://rules.emergingthreatspro.com/open/
ET CURRENT_EVENTS PigButcher Credential Phish Landing Page M3 2024-08-05 https://rules.emergingthreatspro.com/open/
ET CURRENT_EVENTS PigButcher Credential Phish Landing Page M4 2024-08-05 https://rules.emergingthreatspro.com/open/
ET CURRENT_EVENTS PigButcher Credential Phish Landing Page M5 2024-08-05 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS AVTECH IP Camera LED Brightness Parameter Command Injection Attempt (CVE-2024-7029) https://rules.emergingthreatspro.com/open/
ET TROJAN TA452 Trojan CnC Checkin M1 https://rules.emergingthreatspro.com/open/
ET TROJAN TA452 Trojan CnC Checkin M2 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Fortra FileCatalyst Workflow Insecure HSQLDB Default Credentials https://rules.emergingthreatspro.com/open/
ET TROJAN Lumma Stealer Related Fake Captcha Page Inbound M1 https://rules.emergingthreatspro.com/open/
ET TROJAN Lumma Stealer Related Fake Captcha Page Inbound M2 https://rules.emergingthreatspro.com/open/
ET TROJAN Godzilla Webshell Interaction Attempt https://rules.emergingthreatspro.com/open/
ET TROJAN Lumma Stealer Related Fake Captcha URI Structure M1 https://rules.emergingthreatspro.com/open/
ET TROJAN Lumma Stealer Related Fake Captcha URI Structure M2 https://rules.emergingthreatspro.com/open/
ET TROJAN Lumma Stealer Related Fake Captcha URI Structure M3 https://rules.emergingthreatspro.com/open/
ET TROJAN Lumma Stealer Related Fake Captcha URI Structure M4 https://rules.emergingthreatspro.com/open/
ET TROJAN [ANY.RUN] Diamotrix Clipper Wallet Request (User-Agent) https://rules.emergingthreatspro.com/open/
ET TROJAN [ANY.RUN] Diamotrix Clipper Wallet Request URI Observed (POST) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Aruba 501 Authenticated RCE via Ping Command https://rules.emergingthreatspro.com/open/

 

2024-09_ASEC_Notes_1.rules

2024-09_ASEC_Notes_1.yar
Previous Post

Next Post