Malware Networks

Weekly Detection Rule (YARA and Snort) Information – Week 5, October 2024

The following is the information on Yara and Snort rules (week 5, October 2024) collected and shared by the AhnLab TIP service.

Detection name	Description	Source
PK_EDD_prncpal	Phishing Kit impersonating Employment Development Department California (EDD)	https://github.com/t4d/PhishingKit-Yara-Rules
PK_Eika_oio	Phishing Kit impersonating Eika Bank	https://github.com/t4d/PhishingKit-Yara-Rules
PK_Huntington_code0t17	Phishing Kit impersonating Huntington bank	https://github.com/t4d/PhishingKit-Yara-Rules
PK_LeBonCoin_2022	Phishing Kit impersonating Le Bon Coin	https://github.com/t4d/PhishingKit-Yara-Rules
PK_Netflix_prohqcker	Phishing Kit impersonating Netflix	https://github.com/t4d/PhishingKit-Yara-Rules

Detection name	Source
ET TROJAN ClickFix Fake Browser Update Page Inbound M2	https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Grafana Post-Authentication DuckDB SQL Injection (CVE-2024-9264)	https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache ShardingSphere ElasticJob-UI Privilege Escalation Attempt (CVE-2022-22733)	https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache ShardingSphere ElasticJob-UI Privilege Escalation – Successful Attempt (CVE-2022-22733)	https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Zyxel USG/Zywall Authentication Bypass Attempt (CVE-2022-0342)	https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Rejetto HTTP File Server Template Injection (CVE-2024-23692)	https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Splunk Enterprise < 9.1.2 XML Injection (CVE-2023-46214)	https://rules.emergingthreatspro.com/open/
ET TROJAN ZharkBOT CnC Activity (GET) M1	https://rules.emergingthreatspro.com/open/
ET TROJAN ZharkBOT CnC Activity (GET) M2	https://rules.emergingthreatspro.com/open/
ET TROJAN Mints.Loader CnC Activity (GET)	https://rules.emergingthreatspro.com/open/