주간 탐지 룰(YARA, Snort) 정보 – 2024년 7월 1주차
AhnLab TIP 서비스에서 수집한, 공개된 YARA, Snort룰(2024년 7월 1주) 정보입니다.
- YARA룰 10건
| 탐지명 | 설명 | 출처 |
| PK_BRI_sadapan | Bank Rakyat Indonesia(은행)를 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_GlobalSources_sogo | GlobalSources(B2B 미디어회사)를 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_NBTbank_packaging | NBTbank(미국 금융기관) 를 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_SocieteGenerale_prestoworld | Societe Generale(프랑스 금융그룹)을 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_TruityCU_prohqcker | TruityCU(금융서비스)를 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_Ameli_querty | Ameli.fr(건강보험) 를 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_BROU_syn4pse | BROU(금융서비스)를 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_BSI_saldo | Bank Syariah Indonesia(은행) 를 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_DLExpressGlobal_tracker | DL Express(물류회사)를 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_Evri_sigmadevs | Evri(물류회사)를 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
- Snort룰 29건
| 탐지명 | 설명 | 출처 |
| ET TROJAN Mint Stealer CnC Checkin | Mint Stealer C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Mint Stealer CnC Server Response | Mint Stealer C2 서버 응답 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Mint Stealer Data Exfiltration Attempt | Mint Stealer 데이터 유출 시도 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Mint Stealer Data Exfiltration Server Response | Mint Stealer 데이터 유출 서버 응답 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Mint Stealer Injection Request | Mint Stealer injection 요청 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Mint Stealer Injection Server Response | Mint Stealer injection 서버 응답 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Generic DDoS Kit Checkin (POST) M1 | DDos Kit 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET CURRENT_EVENTS MyGovAU Credential Phish Landing Page 2024-06-24 | MyGovAu Phishing 랜딩 페이지 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET CURRENT_EVENTS Successful Generic Credential Phishing 2024-06-24 | Credential Phishing 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN WordPress Social Warfare Plugin Attempted Admin User Creation | WordPress Social Warfare 플러그인 Admin 계정 생성 시도 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN WordPress Social Warfare Plugin Exploit C2 Connect Request (POST) | WordPress Social Warfare 플러그인 C2 연결 시도 익스플로잇 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN WordPress Social Warfare Plugin Exploit Payload URI in GET Request | WordPress Social Warfare 플러그인 Exploit 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS ShowDoc File Upload Vulnerability | ShowDoc 파일 업로드 취약점 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Fanwei eMobile File Upload Vulnerability | Fanwei Emobile 파일 업로드 취약점 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN WordPress Social Warfare Plugin Exploit Payload Impression Request | WordPress Social Warfare 플러그인 Exploit 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN WordPress Social Warfare Plugin Exploit CMS Users Exfil M1 | WordPress Social Warfare 플러그인 Exploit 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN WordPress Social Warfare Plugin Exploit CMS Users Exfil M2 | WordPress Social Warfare 플러그인 Exploit 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN WordPress Social Warfare Plugin Exploit CMS Users Exfil M3 | WordPress Social Warfare 플러그인 Exploit 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET EXPLOIT MoveIT Transfer SFTP Authentication Bypass Attempt Inbound M0 (CVE-2024-5806) | MoveT Transfer SFTP 인증 우회 시도 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET EXPLOIT MoveIT Transfer SFTP Authentication Bypass Attempt Inbound M1 (CVE-2024-5806) | MoveT Transfer SFTP 인증 우회 시도 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Polyfill Malicious Redirect Attempt M1 | Polyfill 악성 리디렉트 시도 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Polyfill Malicious Redirect Attempt M2 | Polyfill 악성 리디렉트 시도 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Polyfill Malicious Redirect Attempt M3 | Polyfill 악성 리디렉트 시도 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Possible Sniffthem/Tnaket User-Agent Observed M1 | Sniffthem/Tnaket User-Agent 확인 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Possible Sniffthem/Tnaket User-Agent Observed M2 | Sniffthem/Tnaket User-Agent 확인 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Possible Sniffthem/Tnaket User-Agent Observed M3 | Sniffthem/Tnaket User-Agent 확인 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET EXPLOIT Kingdee Cloud Star Deserialization Vulnerability | Kingdee Cloud Star 취약점 Exploit 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Koadic RC4 Encrypted Payload Inbound M1 | Koadic RC4 암호화 페이로드 유입 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Koadic RC4 Encrypted Payload Inbound M2 | Koadic RC4 암호화 페이로드 유입 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
상세 룰 파일은 첨부파일로 제공됩니다.
