Weekly Detection Rule (YARA and Snort) Information – Week 2, January 2025
The following is the information on Yara and Snort rules (week 2, January 2025) collected and shared by the AhnLab TIP service.
- 0 YARA Rules
- 10 Snort Rules
|
Detection name |
Source |
|---|---|
| ET TROJAN Observed Malicious User-Agent (UNK_FlappyBird) | https://rules.emergingthreatspro.com/open/ |
| ET SCAN ELF/Mirai Variant UDP (Inbound) M1 | https://rules.emergingthreatspro.com/open/ |
| ET SCAN ELF/Mirai Variant UDP (Inbound) M2 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Earth Minotaur MOONSHINE Exploit Kit URI Struct Detected | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Ducktail CnC Activity – Begin Download Command (POST) | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Ducktail Host Profile Exfiltration (POST) | https://rules.emergingthreatspro.com/open/ |
| ET CURRENT_EVENTS Darcula Landing Page 2024-01-03 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Ducktail CnC Activity – UAC Bypass Confirmation (POST) | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Ducktail CnC Activity – Task Running Confirmation (POST) | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Ducktail CnC Checkin (GET) | https://rules.emergingthreatspro.com/open/ |