주간 탐지 룰(YARA, Snort) 정보 – 2024년 6월 3주차
AhnLab TIP 서비스에서 수집한, 공개된 YARA, Snort룰(2024년 6월 3주) 정보입니다.
- YARA룰 10건
| 탐지명 | 설명 | 출처 |
| PK_DBS_baglan | DBS bank를 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_NatWest_admin | NatWest bank를 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_Postbank_buff | PostBank를 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_RAM_otp | RAM.co.za(운송업)를 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_Telstra_flow | Telstra를 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_Chase_Xbaltiv2 | Chase bank를 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_KeyBank_otp | KeyBank를 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_NavyFederal_Hemsworth | Navy Federal Credit Union(군인 및 가족 대상 서비스 제공 은행)을 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_Spotify_antics | Spotify를 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_SwissPass_blackforce | SwissPass를 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
- Snort룰 42건
| 탐지명 | 설명 | 출처 |
| ET EXPLOIT PHP-Live-Chat Get Shell Attempt Inbound | PHP-Live-Chat 관리자 계정 생성 시도 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET EXPLOIT Hongjing eHR Showmedia.jsp SQL Injection Inbound | Hongjin eHR SQL Injection 시도 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET EXPLOIT NextGen Mirth Connect <4.4.1 RCE Attempt (CVE-2023-43208) | NextGen Mirth Connect RCE 취약점 익스플로잇 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN ClearFlake CnC Activity Outbound (source_id) | ClearFlake C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN ClearFlake CnC Checkin (POST) | ClearFlake C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET INFO Suspicious Header Name In HTTP Request (U) | HTTP Request 내 의심스러운 헤더 네임 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET CURRENT_EVENTS Telegram QR Code Login Landing Page 2024-06-10 | 텔레그램 QR 로그인 랜딩 페이지 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET CURRENT_EVENTS UEFA EURO 2024 Survey Landing Page 2024-06-11 | UEFA EURO 2024 서베이 랜딩 페이지 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET EXPLOIT UFIDA PLM getWorkGroups Unauthorized Information Access Attempt | UFIDA PLM getWorkGroups 비인가 접근 시도 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET EXPLOIT Zhibang International ERP System SQL Injection Attempt | Zhibang International ERP SQL Injection 시도 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET EXPLOIT ZhongCheng Kexin Ticket Management System SQLi Attempt | ZhongCheng Kexin Ticket 관리 시스템 SQL Injection 시도 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET EXPLOIT JEPaaS Development Platform File Upload Authentication Bypass | JEPaas Development Platform 파일 업로드 인증 우회 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET EXPLOIT Possible Telerik Deserialization Attempt – POST to Vulnerable Path with Specific Extension (CVE-2024-1800) | Telerik CVE-2024-1800 취약점 Exploit 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET EXPLOIT Possible Telerik Auth Bypass Attempt – Account Creation from External Host (CVE-2024-4358) | Telerik CVE-2024-4358 취약점 Exploit 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SERVER Possible SQL Injection (varchar2) in HTTP Request Body | SQl Injection 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SERVER Possible SQL Injection CHAR() in HTTP Request Body M1 | SQl Injection 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SERVER Possible SQL Injection CHAR() in HTTP Request Body M2 | SQl Injection 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SERVER Possible SQL Injection CHR() in HTTP Request Body M1 | SQl Injection 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SERVER Possible SQL Injection CHR() in HTTP Request Body M2 | SQl Injection 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SERVER Possible SQL Injection sp_configure in HTTP Request Body | SQl Injection 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SERVER Possible SQL Injection DELETE FROM in HTTP Request Body | SQl Injection 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SERVER Possible SQL Injection INSERT INTO in HTTP Request Body | SQl Injection 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SERVER Possible SQL Injection SELECT FROM in HTTP Request Body | SQl Injection 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SERVER Possible SQL Injection (varchar) in HTTP Request Body | SQl Injection 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body | SQl Injection 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SERVER Possible SQL Injection (declare) in HTTP Request Body | SQl Injection 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SERVER Possible SQL Injection INTO OUTFILE in HTTP Request Body | SQl Injection 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SERVER Possible SQL Injection Obfuscated by REVERSE function in HTTP Request Body | SQl Injection 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SERVER Possible SQL Injection SELECT CONCAT in HTTP Request Body | SQl Injection 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SERVER Possible SQL Injection SELECT CAST in HTTP Request Body | SQl Injection 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SERVER Possible SQL Injection UNION SELECT in HTTP Request Body | SQl Injection 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SERVER Possible SQL Injection SELECT CAST in HTTP URI | SQl Injection 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SERVER Possible SQL Injection WAITFOR DELAY in HTTP URI | SQl Injection 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SERVER Possible SQL injection WAITFOR DELAY in HTTP Request Body | SQl Injection 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET CURRENT_EVENTS Generic Survey Credential Phish Landing Page 2024-06-11 | Credential 피싱 랜딩 페이지 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET CURRENT_EVENTS Generic Survey Credential Phish Landing Page 2024-06-12 | Credential 피싱 랜딩 페이지 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET EXPLOIT Dahua DSS Security Management Platform Attempted Privilege Escalation | Dahua DSS Security Management Plafrom 권한 상승 시도 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET EXPLOIT Telecommunications Gateway Configuration Management System Unauthenticated File Upload | Telecommunications Gateway Configuration Management System 비인가 파일 업로드 시도 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Apache OFBiz Directory Traversal Remote Code Execution Attempt (CVE-2024-36104) | Apache OFBiz RCE 취약점(CVE-2024-36104)시도 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN [ANY.RUN] Gh0stRAT.Gen Server Response (SweetSpecter) | Gh0stRat 서버 응답 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET CURRENT_EVENTS Generic Credential Phish Landing Page 2024-06-13 | Credential 피싱 랜딩 페이지 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Win64/TrojanDownloader.Agent.AUO User Agent | 다운로더 User Agent 탐지 | https://rules.emergingthreatspro.com/open/ |
상세 룰 파일은 첨부파일로 제공됩니다.
