주간 탐지 룰(YARA, Snort) 정보 – 2024년 6월 4주차
AhnLab TIP 서비스에서 수집한, 공개된 YARA, Snort룰(2024년 6월 4주) 정보입니다.
- YARA룰 8건
| 탐지명 | 설명 | 출처 |
| malware_cobaltstrike_workersdevloader | CobaltStrike 로더 탐지 | https://github.com/JPCERTCC/jpcert-yara |
| Kimsuky_downloader_vbs | Kimsuky VBS 파일 다운로더 Powershell 탐지 | https://github.com/JPCERTCC/jpcert-yara |
| Kimsuky_PokDoc_ps1 | Kimsuky 장치 정보 수집 Powershell 탐지 | https://github.com/JPCERTCC/jpcert-yara |
| Kimsuky_InfoKey_ps1 | Kimsuky 키로거 Powershell 탐지 | https://github.com/JPCERTCC/jpcert-yara |
| malware_DOPLUGS | DOPLUGS 탐지 | https://github.com/JPCERTCC/jpcert-yara |
| malware_DOPLUGSLoader | DOPLUGS 로더 탐지 | https://github.com/JPCERTCC/jpcert-yara |
| malware_webrcs_lnk | WEBRCS 실행 LNK 파일 탐지 | https://github.com/JPCERTCC/jpcert-yara |
| malware_webrcs | WEBRCS 탐지 | https://github.com/JPCERTCC/jpcert-yara |
- Snort룰 14건
| 탐지명 | 설명 | 출처 |
| ET EXPLOIT HikVision Arbitrary Directory Traversal Attempt | HikVision 임의파일 읽기 취약점 시도 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Win32/ProcessKiller CnC Initialization M2 | ProcessKiller C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN ClickFix CnC Activity (POST) | CLickFix C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN ClickFix Obfuscated Payload Inbound | ClickFix 난독화 페이로드 유입 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Fickle Stealer C2 Server Tasking | Fickle Stealer C2 연결 해킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Suspected Powershell Empire Activity M1 | Powershell Empire 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Suspected Powershell Empire Activity M2 | Powershell Empire 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Suspected Powershell Empire Activity M3 | Powershell Empire 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN [ANY.RUN] NjRat (tXRAT v.2.3R) Client Sends State Active Window | NjRat 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN [ANY.RUN] NjRat (tXRAT v.2.3R) Server Sends Plugin to Client | NjRat 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN [ANY.RUN] NjRat (tXRAT v.2.3R) Client Sends Check-in Packet | NjRat 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET MOBILE_MALWARE Android Rafel RAT Checkin M2 | Rafael RAT C2연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET MOBILE_MALWARE Android Rafel RAT Checkin M1 | Rafael RAT C2연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET EXPLOIT Solarwinds Serv-U Directory Traversal Attempt Inbound (CVE-2024-28995) | Solawinds CVE-2024-28995 익스플로잇 시도 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
상세 룰 파일은 첨부파일로 제공됩니다.
