주간 탐지 룰(YARA, Snort) 정보 – 2024년 6월 1주차
AhnLab TIP 서비스에서 수집한, 공개된 YARA, Snort룰(2024년 6월 1주) 정보입니다.
- YARA룰 5건
| 탐지명 | 설명 | 출처 |
| PK_BankOfAmerica_akhatar | BackOfAmerica 를 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_BankOfAmerica_xbalti | BackOfAmerica 를 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_Citizens_premierghost | CitizensBank 를 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_Citizens_snickyninja | CitizensBank 를 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_KeyBank_chibouna | KeyBank 를 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
- Snort룰 14건
| 탐지명 | 설명 | 출처 |
| ET TROJAN Suspected TA450 Activity | HTTP를 통해 Powershell 스크립트에 접근하는 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Clipboard Monitor Data Exfiltration Attempt | 클립보드 데이터 유출 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET EXPLOIT Fortinet FortiSIEM Unauthenticated Command Injection CVE-2024-23108 | CVE-2024-23108 취약점 Exploit 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN CrimsonRAT Host Details Exfil | CrimsonRAT C2연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Joomla Improper Access Control to Webservice Endpoints (CVE-2023-23752) | CVE-2023-23752 취약점 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Suspected Smokeloader Payload Related Activity (POST) | Smokeloader Payload 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Async RAT CnC Activity (GET) | Async RAT C2연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Checkpoint Quantum Security Gateway Arbitrary File Read Attempt (CVE-2024-24919) | CVE-2024-24919 취약점 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Justice AV Solutions Viewer Backdoor CnC Checkin (CVE-2024-4978) | CVE-2024-4978 취약점 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Apache Flink Arbitrary File Read Attempt (CVE-2020-17519) | CVE-2020-17519 취약점 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET EXPLOIT Adobe ColdFusion Unauthorized File Access (CVE-2024-20767) | CVE-2024-20767 취약점 Exploit 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET EXPLOIT Fortinet FortiSIEM Unauthenticated Command Injection CVE-2023-34992 | CVE-2023-34992 취약점 Exploit 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Async RAT Payload Request (GET) | Async RAT Payload 요청 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Allasenha/CarnavalHeist RAT CnC Checkin | Allasenha/CarnavalHeist RAT C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
상세 룰 파일은 첨부파일로 제공됩니다.
