Networks

Weekly Detection Rule (YARA and Snort) Information – Week 4, February 2025

Feb 26 2025

Weekly Detection Rule (YARA and Snort) Information – Week 4, February 2025

The following is the information on Yara and Snort rules (week 4, February 2025) collected and shared by the AhnLab TIP service.

0 YARA Rules
19 Snort Rules

Detection name	Source
ET EXPLOIT PostgreSQL psql SQL Injection (CVE-2025-1094)	https://rules.emergingthreatspro.com/open/
ET CURRENT_EVENTS NOTG Phish Landing Page 2025-02-19	https://rules.emergingthreatspro.com/open/
ET CURRENT_EVENTS NOTG Phish Kit Visitor Fingerprinting	https://rules.emergingthreatspro.com/open/
ET EXPLOIT Attempted Unauthenticated Palo Alto Global Protect Administrator Password Change M1	https://rules.emergingthreatspro.com/open/
ET EXPLOIT Attempted Unauthenticated Palo Alto Global Protect Administrator Password Change M2	https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Ivanti EPM Absolute Path Traversal (CVE-2024-13159)	https://rules.emergingthreatspro.com/open/
ET TROJAN HTran/SensLiceld.A response to infected host – Outbound Connection Attempt	https://rules.emergingthreatspro.com/open/
ET TROJAN implant.js Linux Beacon Check-in	https://rules.emergingthreatspro.com/open/
ET TROJAN implant.js Windows Beacon Check-in	https://rules.emergingthreatspro.com/open/
ET TROJAN implant.js CnC Handshake (HS_ACK)	https://rules.emergingthreatspro.com/open/
ET TROJAN implant.js CnC Activity (Client PKT_FETCH for Evil Module)	https://rules.emergingthreatspro.com/open/
ET TROJAN implant.js CnC Activity (Evil Module Sent with DebugMode=ON)	https://rules.emergingthreatspro.com/open/
ET TROJAN implant.js CnC Activity (Evil Module Sent with DebugMode=OFF)	https://rules.emergingthreatspro.com/open/
ET TROJAN implant.js CnC Activity (Evil DBG_CMD_* Sent with DebugMode=ON)	https://rules.emergingthreatspro.com/open/
ET TROJAN implant.js CnC Activity (Evil DBG_CMD_* Sent)	https://rules.emergingthreatspro.com/open/
ET TROJAN implant.js Activity (DBG_RESP_* with DebugMode=ON)	https://rules.emergingthreatspro.com/open/
ET TROJAN implant.js CnC Activity (DBG_RESP_* Sent)	https://rules.emergingthreatspro.com/open/
ET TROJAN implant.js CnC Activity (Evil Module Execution=Success)	https://rules.emergingthreatspro.com/open/
ET TROJAN implant.js CnC Activity (Evil Module Execution=Fail)	https://rules.emergingthreatspro.com/open/

2025-02_ASEC_Notes_4_snort.rules

Previous Post

Android Malware & Security Issue 3st Week of February, 2025

Next Post

Ransom & Dark Web Issues Week 4, February 2025