Malware Networks

Weekly Detection Rule (YARA and Snort) Information – Week 3, March 2025

Mar 19 2025

Weekly Detection Rule (YARA and Snort) Information – Week 3, March 2025

The following is the information on Yara and Snort rules (week 3, March 2025) collected and shared by the AhnLab TIP service.

0 YARA Rules
17 Snort Rules

Detection name	Source
ET WEB_SPECIFIC_APPS D-Tale Filter Query Command Injection Attempt (CVE-2025-0655)	https://rules.emergingthreatspro.com/open/
ET EXPLOIT [CORELIGHT] – CVE-2025-27218 Sitecore unsafe deserialization attempt	https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache Camel Message Header Injection (CVE-2025-27636)	https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS DocsGPT Remote Code Execution Attempt (CVE-2025-0868)	https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Cockpit Authenticated Arbitrary PHP File Upload (CVE-2025-1025)	https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS KLog Server Directory Traversal Attempt (CVE-2025-1035)	https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577)	https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache Tomcat Path Equivalence (CVE-2025-24813)	https://rules.emergingthreatspro.com/open/
ET TROJAN Observed DNS Query to Rasuq Force Domain	https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS GLPI Pre-auth SQL Injection (CVE-2025-24799)	https://rules.emergingthreatspro.com/open/
ET CURRENT_EVENTS TA453 Google Drive Lookalike (drives .googles. * .site)	https://rules.emergingthreatspro.com/open/
ET CURRENT_EVENTS TA453 Google Drive Lookalike (drives .googles. * .site)	https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache Camel Message Header Injection in URI (CVE-2025-29891)	https://rules.emergingthreatspro.com/open/
ET TROJAN TINYSHELL impad Variant Encrypted Auth Token	https://rules.emergingthreatspro.com/open/
ET TROJAN TINYSHELL impad Variant Command Packet	https://rules.emergingthreatspro.com/open/
ET TROJAN TINYSHELL irad Variant ICMP Inbound (uSarguuS62bKRA0J)	https://rules.emergingthreatspro.com/open/
ET TROJAN TINYSHELL irad Variant ICMP Inbound (1spCq0BMbJwCoeZn)	https://rules.emergingthreatspro.com/open/

2025-03_ASEC_Notes_3_snort.rules

Previous Post

Legacy Driver Exploitation Through Bypassing Certificate Verification

Next Post

Ransom & Dark Web Issues Week 3, March 2025