Weekly Detection Rule (YARA and Snort) Information – Week 1, November 2024
The following is the information on Yara and Snort rules (week 1, November 2024) collected and shared by the AhnLab TIP service. 0 YARA Rules 12 Snort Rules Detection name Source ET WEB_SPECIFIC_APPS PFsense Stored Cross-Site Scripting (CVE-2024-46538) https://rules.emergingthreatspro.com/open/ ET ATTACK_RESPONSE Observed ClickFix Powershell Delivery Page (Portuguese) https://rules.emergingthreatspro.com/open/ ET ATTACK_RESPONSE
Weekly Detection Rule (YARA and Snort) Information – Week 5, October 2024
The following is the information on Yara and Snort rules (week 5, October 2024) collected and shared by the AhnLab TIP service. 5 YARA Rules Detection name Description Source PK_EDD_prncpal Phishing Kit impersonating Employment Development Department California (EDD) https://github.com/t4d/PhishingKit-Yara-Rules PK_Eika_oio Phishing Kit impersonating Eika Bank https://github.com/t4d/PhishingKit-Yara-Rules PK_Huntington_code0t17 Phishing Kit impersonating
Weekly Detection Rule (YARA and Snort) Information – Week 4, October 2024
The following is the information on Yara and Snort rules (week 4, October 2024) collected and shared by the AhnLab TIP service. 0 YARA Rules 8 Snort Rules Detection name Source ET CURRENT_EVENTS Javascript Browser Fingerprinting POST Request https://rules.emergingthreatspro.com/open/ ET TROJAN Suspected PrivateLoader CnC Checkin – Server Response https://rules.emergingthreatspro.com/open/ ET
Weekly Detection Rule (YARA and Snort) Information – Week 3, October 2024
The following is the information on Yara and Snort rules (week 3, October 2024) collected and shared by the AhnLab TIP service. 3 YARA Rules Detection name Description Source MAL_RANSOM_INC_Aug24 Detects INC ransomware and it’s variants like Lynx https://github.com/Neo23x0/signature-base3 MAL_EXPL_Perfctl_Oct24 Detects exploits used in relation with Perfctl malware campaigns https://github.com/Neo23x0/signature-base3
Weekly Detection Rule (YARA and Snort) Information – Week 2, October 2024
The following is the information on Yara and Snort rules (week 2, October 2024) collected and shared by the AhnLab TIP service. 6 YARA Rules Detection name Description Source Py_Fuscate_Obfuscation Detects Python scripts which could have been obfuscated through Py-Fuscate https://github.com/The-DFIR-Report/Yara-Rules PK_Aruba_corona Phishing Kit impersonating Aruba S.p.A. https://github.com/t4d/PhishingKit-Yara-Rules PK_BRI_tarip Phishing
Weekly Detection Rule (YARA and Snort) Information – Week 1, October 2024
The following is the information on Yara and Snort rules (week 1, October 2024) collected and shared by the AhnLab TIP service. 6 YARA Rules Detection name Description Source SUSP_EXPL_LNX_CUPS_CVE_2024_47177_Sep24 Detects suspicious FoomaticRIPCommandLine command in printer config, which could be used to exploit CUPS CVE-2024-47177 https://github.com/Neo23x0/signature-base PK_Aruba_ar06 Phishing Kit impersonating
Weekly Detection Rule (YARA and Snort) Information – Week 4, September 2024
The following is the information on Yara and Snort rules (week 4, September 2024) collected and shared by the AhnLab TIP service. 5 YARA Rule Detection name Description Source PK_Bit_dnjwan Phishing Kit impersonating bitpay.co.il https://github.com/t4d/PhishingKit-Yara-Rules PK_GovCA_krepto Phishing Kit impersonating Canadian Government (CRA) https://github.com/t4d/PhishingKit-Yara-Rules PK_Square_RD971_2 Phishing Kit impersonating Square https://github.com/t4d/PhishingKit-Yara-Rules PK_SwissPass_zoro
Weekly Detection Rule (YARA and Snort) Information – Week 3, September 2024
The following is the information on Yara and Snort rules (week 3, September 2024) collected and shared by the AhnLab TIP service. 5 YARA Rules Detection name Description Source PK_AdobePDF_dotloop Phishing Kit impersonating Adobe PDF Online https://github.com/t4d/PhishingKit-Yara-Rules PK_Bancontact_hem Phishing Kit impersonating Bancontact https://github.com/t4d/PhishingKit-Yara-Rules PK_DHL_blackforce Phishing Kit impersonating DHL https://github.com/t4d/PhishingKit-Yara-Rules PK_PayPal_de
Weekly Detection Rule (YARA and Snort) Information – Week 2, September 2024
The following is the information on Yara and Snort rules (Week 2, September 2024 ) collected and shared by the AhnLab TIP service. 5 YARA Rules Detection name Description Source PK_antai_inun Phishing Kit impersonating French ANTAI (amendes) portal https://github.com/t4d/PhishingKit-Yara-Rules PK_Kraken_ankletee Phishing Kit impersonating Kraken https://github.com/t4d/PhishingKit-Yara-Rules PK_O365_spamfather2 Phishing Kit impersonating
Weekly Detection Rule (YARA and Snort) Information – Week 1, September 2024
The following is the information on Yara and Snort rules (week 1, September 2024) collected and shared by the AhnLab TIP service. 7 YARA Rules Detection name Description Source PK_BanquePostale_sicilien : Banque Postale Phishing Kit impersonating la Banque Postale https://github.com/t4d/PhishingKit-Yara-Rules PK_Binance_uysnx : Binance Phishing Kit impersonating Binance https://github.com/t4d/PhishingKit-Yara-Rules PK_DHL_x911 :
