Weekly Detection Rule (YARA and Snort) Information – Week 3, September 2024
The following is the information on Yara and Snort rules (week 3, September 2024) collected and shared by the AhnLab TIP service.
- 5 YARA Rules
| Detection name | Description | Source |
|---|---|---|
| PK_AdobePDF_dotloop | Phishing Kit impersonating Adobe PDF Online | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_Bancontact_hem | Phishing Kit impersonating Bancontact | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_DHL_blackforce | Phishing Kit impersonating DHL | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_PayPal_de | Phishing Kit impersonating Paypal | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_USPS_torsion | Phishing Kit impersonating USPS | https://github.com/t4d/PhishingKit-Yara-Rules |
- 6 Snort Rules
| Detection name | Source |
|---|---|
| ET WEB_SPECIFIC_APPS Geoserver Unsafe jxpath Evaluation RCE Attempt M1 (CVE-2024-36401) | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Geoserver Unsafe jxpath Evaluation RCE Attempt M2 (CVE-2024-36401) | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Geoserver Unsafe jxpath Evaluation RCE Attempt M3 (CVE-2024-36401) | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Geoserver Unsafe jxpath Evaluation RCE Attempt M4 (CVE-2024-36401) | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Geoserver Unsafe jxpath Evaluation RCE Attempt M5 (CVE-2024-36401) | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Fake Captcha Page Containing Powershell Inbound | https://rules.emergingthreatspro.com/open/ |
