Weekly Detection Rule (YARA and Snort) Information – Week 1, November 2024
The following is the information on Yara and Snort rules (week 1, November 2024) collected and shared by the AhnLab TIP service.
- 0 YARA Rules
- 12 Snort Rules
| Detection name | Source |
|---|---|
| ET WEB_SPECIFIC_APPS PFsense Stored Cross-Site Scripting (CVE-2024-46538) | https://rules.emergingthreatspro.com/open/ |
| ET ATTACK_RESPONSE Observed ClickFix Powershell Delivery Page (Portuguese) | https://rules.emergingthreatspro.com/open/ |
| ET ATTACK_RESPONSE Observed ClickFix Powershell Delivery Page Inbound | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS IBM Aspera Faspex Pre-Auth RCE Attempt (CVE-2022-47986) | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Ivanti Cloud Service Appliance Authenticated Command Injection (CVE-2024-9380) | https://rules.emergingthreatspro.com/open/ |
| ET MOBILE_MALWARE Android/TrickMo.Banker POST Request | https://rules.emergingthreatspro.com/open/ |
| ET MOBILE_MALWARE Android/TrickMo.Banker GET Config Request | https://rules.emergingthreatspro.com/open/ |
| ET MOBILE_MALWARE Android/TrickMo.Banker Config Response | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Cyberpanel upgrademysqlstatus Command Injection Attempt (CVE-2024-51567) | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Observed UAC-0050 CnC Activity | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Win32/BlackShadow Activity (GET) M1 | https://rules.emergingthreatspro.com/open/ |
| ET CURRENT_EVENTS BlackShadow Raphael Company Impersonation Form Submission | https://rules.emergingthreatspro.com/open/ |
