Malware Networks

Weekly Detection Rule (YARA and Snort) Information – Week 1, October 2024

  • Oct 02 2024
Weekly Detection Rule (YARA and Snort) Information – Week 1, October 2024

The following is the information on Yara and Snort rules (week 1, October 2024) collected and shared by the AhnLab TIP service.

  • 6 YARA Rules
Detection name Description Source
SUSP_EXPL_LNX_CUPS_CVE_2024_47177_Sep24 Detects suspicious FoomaticRIPCommandLine command in printer config, which could be used to exploit CUPS CVE-2024-47177 https://github.com/Neo23x0/signature-base
PK_Aruba_ar06 Phishing Kit impersonating Aruba S.p.A. https://github.com/t4d/PhishingKit-Yara-Rules
PK_DHL_x911_2 Phishing Kit impersonating DHL https://github.com/t4d/PhishingKit-Yara-Rules
PK_Netflix_sql Phishing Kit impersonating Netflix https://github.com/t4d/PhishingKit-Yara-Rules
PK_Orange_vito Phishing Kit impersonating Orange https://github.com/t4d/PhishingKit-Yara-Rules
PK_Wix_ronin Phishing Kit impersonating Wise.com https://github.com/t4d/PhishingKit-Yara-Rules
  • 34 Snort Rules
Detection name Source
ET WEB_SERVER Adobe ColdFusion Arbitrary File Read Vulnerability M1 – UUID Leak Via servermanager.cfc getHeartBeat Method (CVE-2024-20767) https://rules.emergingthreatspro.com/open/
ET WEB_SERVER Adobe ColdFusion Arbitrary File Read Vulnerability M3 – Heap Memory Dump Module Unauthorized Memory Dump Attempt (CVE-2024-20767) https://rules.emergingthreatspro.com/open/
ET ATTACK_RESPONSE Fake MS Office Lure Containing Powershell Inbound (M1) https://rules.emergingthreatspro.com/open/
ET ATTACK_RESPONSE Fake MS Office Lure Containing Powershell Inbound (M2) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS CloudPanel Insecure file-manager Cookie Authentication File Creation (CVE-2023-35885) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS CloudPanel Insecure file-manager Cookie Authentication Content Upload (CVE-2023-35885) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS CloudPanel Insecure file-manager Cookie Authentication File Permission Modification (CVE-2023-35885) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Atlassian Confluence Data Center and Server Authenticated RCE (CVE-2024-21683) https://rules.emergingthreatspro.com/open/
ET TROJAN BadSpace/WarmCookie CnC Activity (GET) M2 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Progress Kemp Loadmaster Unauthenticated Command Injection (CVE-2024-1212) https://rules.emergingthreatspro.com/open/
ET CURRENT_EVENTS Parking Penalty Phish Kit Admin Landing Page M1 2024-09-23 https://rules.emergingthreatspro.com/open/
ET CURRENT_EVENTS Parking Penalty Phish Kit Admin Landing Page M2 2024-09-23 https://rules.emergingthreatspro.com/open/
ET CURRENT_EVENTS Parking Penalty Phish Kit Admin Landing Page M3 2024-09-23 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Cisco Smart Licensing Utility API Hardcoded Admin Credentials (CVE-2024-20439) https://rules.emergingthreatspro.com/open/
ET EXPLOIT Cisco Smart Software Manager On-Prem (SSM On-Prem) Unauthenticated Password Change Attempt (CVE-2024-20419) https://rules.emergingthreatspro.com/open/
ET EXPLOIT Cisco Smart Software Manager On-Prem (SSM On-Prem) Successful Unauthenticated Password Change (CVE-2024-20419) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS SolarWinds Web Help Desk Hardcoded Credentials Information Leak (CVE-2024-28987) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Vulnerable aiohttp Server Version Response (CVE-2024-23334) https://rules.emergingthreatspro.com/open/
ET TROJAN Microsoft Office 365 Cred Phish (2024-09-25) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS F5 BIG-IP Next Central Manager OData Injection (CVE-2024-21793) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS W&B Weave Server Arbitrary File Leak (CVE-2024-7340) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS F5 BIG-IP Next Central Manager SQL Injection (CVE-2024-26026) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Ivanti Virtual Traffic Manager (vTM) Authentication Bypass (CVE-2024-7593) https://rules.emergingthreatspro.com/open/
ET EXPLOIT .NET Remoting SoapServerFormatterSink ObjRef Leak (CVE-2024-29059) https://rules.emergingthreatspro.com/open/
ET EXPLOIT .NET Remoting BinaryServerFormatterSink ObjRef Leak (CVE-2024-29059) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache Spark OS Command Injection (CVE-2023-32007) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Adobe Commerce / Magento Pre-Authentication XML Entity Injection (CVE-2024-34102) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Geoserver JT-Jiffle Extension Code Injection (CVE-2022-24816) https://rules.emergingthreatspro.com/open/
ET EXPLOIT Veeam Backup & Replication Cloud Connect RCE Attempt Inbound (CVE-2023-27532) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Totolink CP450 Information Disclosure via product.ini (CVE-2024-7332) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Raisecom MSG Series Gateway Command Injection Attempt (CVE-2024-7120) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS SonicWall SMA1000 Directory Traversal Attempt (CVE-2023-0126) https://rules.emergingthreatspro.com/open/
ET CURRENT_EVENTS Generic Credential Phish Landing Page (jsnom.js) https://rules.emergingthreatspro.com/open/
ET CURRENT_EVENTS Generic Credential Phish Fingerprinting Activity (Base64 Vars Detected &rand=, &sv=, &uid=) https://rules.emergingthreatspro.com/open/

2024-10_ASEC_Notes_1.yar

2024-10_ASEC_Notes_1_snort.rules
Previous Post

Next Post