Malware Networks

Weekly Detection Rule (YARA and Snort) Information – Week 2, October 2024

  • Oct 09 2024
Weekly Detection Rule (YARA and Snort) Information – Week 2, October 2024

The following is the information on Yara and Snort rules (week 2, October 2024) collected and shared by the AhnLab TIP service.

  • 6 YARA Rules
Detection name Description Source
Py_Fuscate_Obfuscation Detects Python scripts which could have been obfuscated through Py-Fuscate https://github.com/The-DFIR-Report/Yara-Rules
PK_Aruba_corona Phishing Kit impersonating Aruba S.p.A. https://github.com/t4d/PhishingKit-Yara-Rules
PK_BRI_tarip Phishing Kit impersonating Bank Rakyat Indonesia (BRI) https://github.com/t4d/PhishingKit-Yara-Rules
PK_Facebook_sykrit Phishing Kit impersonating Facebook https://github.com/t4d/PhishingKit-Yara-Rules
PK_Gmail_westgirl Phishing Kit – impersonating GMail https://github.com/t4d/PhishingKit-Yara-Rules
PK_Shopify_rd1979 Phishing Kit impersonating Shopify https://github.com/t4d/PhishingKit-Yara-Rules
  • 29 Snort Rules
Detection name Source
ET WEB_SPECIFIC_APPS Apache CloudStack SAML Authentication Bypass (CVE-2024-41107) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache HugeGraph Gremlin SecurityManager Reflection Filter Bypass (CVE-2024-27348) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS PRTG Network Monitor Information Disclosure Attempt (CVE-2020-11547) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Mitel Micollab Directory Traversal Attempt (CVE-2020-11798) https://rules.emergingthreatspro.com/open/
ET EXPLOIT Zimbra postjournal RCE Attempt Inbound (CVE-2024-45519) https://rules.emergingthreatspro.com/open/
ET TROJAN NamelessC2 SSL/TLS Certificate Observed https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache OFBiz Remote Code Execution via Path Confusion (CVE-2024-32113) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache OFBiz Server-Side Request Forgery (CVE-2024-45195) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Supermicro BMC IPMI Buffer Overflow (CVE-2024-36435) https://rules.emergingthreatspro.com/open/
ET EXPLOIT Microsoft Office Spoofing to HTTP Redirect Inbound (CVE-2024-38200) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Zoho ManageEngine OpManager Directory Traversal Attempt (CVE-2020-12116) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Wavlink WN530H4 live_api.cgi ip Parameter Command Injection Attempt (CVE-2020-12124) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Clobber API XMLRPC Template Injection (CVE-2021-40323) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Clobber API XMLRPC Arbitrary File Upload (CVE-2021-40324) https://rules.emergingthreatspro.com/open/
ET TROJAN Observed Malicious SSL Cert (Subject contains CN=c2server) https://rules.emergingthreatspro.com/open/
ET TROJAN Observed Malicious SSL Cert (Issuer contains CN=c2server) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Progress Flowmon OS Command Injection in Service:Pdfs:Confluence Module (CVE-2024-2389) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS CraftCMS Remote Code Execution via ConditionsController Object Creation (CVE-2023-41892) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Fortra FileCatalyst Workflow 5.x Arbitrary File Upload (CVE-2024-25153) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Ivanti EPM SQL Injection (CVE-2024-29824) https://rules.emergingthreatspro.com/open/
ET TROJAN NamelessC2 Implant Terminal Checkin https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache 2.4.0 -> 2.4.55 HTTP Smuggling Attempt M1 (CVE-2023-25690) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache 2.4.0 -> 2.4.55 HTTP Smuggling Attempt M2 (CVE-2023-25690) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache 2.4.0 -> 2.4.55 HTTP Smuggling Attempt M3 (CVE-2023-25690) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache 2.4.0 -> 2.4.55 HTTP Smuggling Attempt M4 (CVE-2023-25690) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache 2.4.0 -> 2.4.55 HTTP Smuggling Attempt M5 (CVE-2023-25690) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache 2.4.0 -> 2.4.55 HTTP Smuggling Attempt M6 (CVE-2023-25690) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache 2.4.0 -> 2.4.55 HTTP Smuggling Attempt M7 (CVE-2023-25690) https://rules.emergingthreatspro.com/open/
ET EXPLOIT glibc iconv Abitrary File Read RCE (CVE-2024-2961) https://rules.emergingthreatspro.com/open/

2024-10_ASEC_Notes_2.yar

2024-10_ASEC_Notes_2_snort.rules
Previous Post

Next Post