Malware Networks

Weekly Detection Rule (YARA and Snort) Information – Week 4, November 2024

  • Nov 27 2024
Weekly Detection Rule (YARA and Snort) Information – Week 4, November 2024

The following is the information on Yara and Snort rules (week 4, November 2024) collected and shared by the AhnLab TIP service.

  • 5 YARA Rules
Detection name Description Source
PK_Amazon_hitman Phishing Kit impersonating Amazon https://github.com/t4d/PhishingKit-Yara-Rules
PK_Nedbank_sql Phishing Kit impersonating Nedbank https://github.com/t4d/PhishingKit-Yara-Rules
PK_Barclays_offshore Phishing Kit impersonating Barclays https://github.com/t4d/PhishingKit-Yara-Rules
PK_OneDrive_awake Phishing Kit impersonating OneDrive https://github.com/t4d/PhishingKit-Yara-Rules
PK_Chase_emma Phishing Kit impersonating Chase bank https://github.com/t4d/PhishingKit-Yara-Rules
  • 18 Snort Rules
Detection name Source
ET WEB_SPECIFIC_APPS Symphony PHP Symfony Profiler Environment Manipulation (CVE-2024-50340) https://rules.emergingthreatspro.com/open/
ET EXPLOIT Fortinet FortiManager File Transfer Handle Response https://rules.emergingthreatspro.com/open/
ET EXPLOIT Fortinet FortiManager Unauthenticated Remote Code Execution (CVE-2024-47575) M1 https://rules.emergingthreatspro.com/open/
ET EXPLOIT Fortinet FortiManager Unauthenticated Open Server-Side Channel https://rules.emergingthreatspro.com/open/
ET EXPLOIT Fortinet FortiManager Unauthenticated Remote Code Execution (CVE-2024-47575) M2 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS pyLoad Remote Code Execution via js2py Sandbox Escape (CVE-2024-39205) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS WordPress WPLMS Learning Management System Directory Traversal https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Palo Alto PAN-OS Authentication Bypass (CVE-2024-0012) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Palo Alto PAN-OS Command Injection in User Parameter https://rules.emergingthreatspro.com/open/
ET EXPLOIT Progress Kemp LoadMaster RCE Attempt Inbound (CVE-2024-1212) https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Palo Alto Expedition Remote Code Execution (CVE-2024-9463) https://rules.emergingthreatspro.com/open/
ET TROJAN Strela Stealer CnC Activity https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Cisco ASA WebVPN Cross-Site Scripting (CVE-2014-2120) https://rules.emergingthreatspro.com/open/
ET TROJAN Snake/Best Private Keylogger CnC Exfil Via Telegram https://rules.emergingthreatspro.com/open/
ET ATTACK_RESPONSE Clickfix Payload Inbound (Portuguese) https://rules.emergingthreatspro.com/open/
ET TROJAN Clickfix Style Post-Infection CnC Request (GET) https://rules.emergingthreatspro.com/open/
ET TROJAN Glove Stealer C2 Response https://rules.emergingthreatspro.com/open/
ET TROJAN Glove Stealer Data Exfiltration Attempt https://rules.emergingthreatspro.com/open/

2024-11_ASEC_Notes_4.yar

2024-11_ASEC_Notes_4_snort.rules
Previous Post

Next Post