Weekly Detection Rule (YARA and Snort) Information – Week 3, November 2024
The following is the information on Yara and Snort rules (week 3, November 2024) collected and shared by the AhnLab TIP service.
- 1 YARA Rules
| Detection name | Description | Source |
|---|---|---|
| MAL_ELF_Xlogin_Nov24_1 | Detects xlogin backdoor samples | https://github.com/Neo23x0/signature-base |
- 4 Snort Rules
| Detection name | Source |
|---|---|
| ET WEB_SPECIFIC_APPS Symphony PHP Symfony Profiler Environment Manipulation (CVE-2024-50340) | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Citrix Session Recording Remote Code Execution (CVE-2024-8069) | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Mura CMS SQL Injection via processAsyncObject API Method (CVE-2024-32640) | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS NGINX UI Authenticated Remote Command Execution in logrotate (CVE-2024-49368) | https://rules.emergingthreatspro.com/open/ |
