Weekly Detection Rule (YARA and Snort) Information – Week 3, January 2025
The following is the information on Yara and Snort rules (week 3, January 2025) collected and shared by the AhnLab TIP service.
- 5 YARA Rules
|
Detection name |
Description |
Source |
|---|---|---|
| PK_BancaTransilvania_bt24 | Phishing Kit impersonating Banca Transilvania | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_DHL_wespam | Phishing Kit impersonating DHL | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_IdahoCentralCU_prohqcker | Phishing Kit impersonating Idaho Central Credit Union | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_Binance_kr3pto | Phishing Kit impersonating Binance | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_CPF_lead | Phishing Kit impersonating MonCompteFormation(Gov. FR) | https://github.com/t4d/PhishingKit-Yara-Rules |
- 18 Snort Rules
|
Detection name |
Source |
|---|---|
| ET TROJAN Telemiris CnC Checkin | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN ShadowROOT RAT Malicious SSL Cert Serial Observed M1 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN ShadowROOT RAT Malicious SSL Cert Serial Observed M2 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN ShadowROOT RAT Malicious SSL Cert Subject Observed (GGliberium44) | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN GammaLoad CnC Activity (GET) | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN ShadowROOT RAT Malicious SSL Certificate Issuer Observed (GGliberium44) | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Sheet RAT CnC Checkin | https://rules.emergingthreatspro.com/open/ |
| ET EXPLOIT Microsoft LDAP Referral Response Inbound (CVE-2024-49113) | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN CryptBot CnC Checkin | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN CryptBot Data Exfiltration Attempt | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Kerio Control CRLF Injection via dest Parameter (CVE-2024-52875) | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Kerio Control HTTP Response Splitting (CVE-2024-52875) | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Konni APT CnC Checkin (GET) | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Ivanti Connect Secure Host Checker Recon (CVE-2025-0282) | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN PHASEJAM Web Shell Activity Observed M1 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN PHASEJAM Web Shell Activity Observed M2 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS [Perch Security] Nagios XI Web SSH Terminal sshterm Cross-Site Scripting (CVE-2021-25299) | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Roundcube rcube_washtml.php SVG Cross-Site Scripting (CVE-2023-5631) | https://rules.emergingthreatspro.com/open/ |
