주간 탐지 룰(YARA, Snort) 정보 – 2024년 8월 2주차

AhnLab TIP 서비스에서 수집한, 공개된 YARA, Snort룰(2024년 8월 2주) 정보입니다.

탐지명	설명	출처
PK_DocuSign_dong	DocuSign을 사칭한 Phishing Kit 탐지	https://github.com/t4d/PhishingKit-Yara-Rules
PK_GECU_z118	GECU Credit Union(신용협동조합)을 사칭한 Phishing Kit 탐지	https://github.com/t4d/PhishingKit-Yara-Rules
PK_GarantiBBVA_Turkey	터키 Garanti BBVA 은행을 사칭한 Phishing Kit 탐지	https://github.com/t4d/PhishingKit-Yara-Rules
PK_Netflix_ug3yo	넷플릭스를 사칭한 Phishing Kit 탐지	https://github.com/t4d/PhishingKit-Yara-Rules
PK_Wallets_imp	Wallet 공급 사업자를 사칭한 Phishing Kit 탐지	https://github.com/t4d/PhishingKit-Yara-Rules
ByteCode_MSIL_Backdoor_NjRAT	NjRAT 백도어 탐지	https://github.com/reversinglabs/reversinglabs-yara-rules
Linux_Trojan_ChinaZ	ChinaZ 악성코드 탐지	https://github.com/reversinglabs/reversinglabs-yara-rules

탐지명	설명	출처
ET TROJAN EncryptHub Stealer Host Details Exfil via Telegram (POST)	EncryptHub Stealer 의 텔레그램을 통한 데이터 유출 패킷 탐지	https://rules.emergingthreatspro.com/open/
ET TROJAN 9002 RAT CnC Activity (POST)	9002 RAT C2 연결 패킷 탐지	https://rules.emergingthreatspro.com/open/
ET TROJAN PshellBkdr C2 Traffic Known Authorization Bearer in HTTP Request (POST)	PshellBkdr C2 연결 패킷 탐지	https://rules.emergingthreatspro.com/open/
ET TROJAN Specula Framework CnC Activity (POST)	Specula Framework C2 연결 패킷 탐지	https://rules.emergingthreatspro.com/open/
ET TROJAN Specula Framework CnC Activity (GET)	Specula Framework C2 연결 패킷 탐지	https://rules.emergingthreatspro.com/open/
ET TROJAN CHM Stealer CnC Host Profile Exfil (POST)	CHM Stealer C2 연결 패킷 탐지	https://rules.emergingthreatspro.com/open/
ET TROJAN Crimson RAT CnC Activity (Inbound) M1	Crimson RAT C2 연결 패킷 탐지	https://rules.emergingthreatspro.com/open/
ET TROJAN Crimson RAT CnC Activity (Inbound) M2	Crimson RAT C2 연결 패킷 탐지	https://rules.emergingthreatspro.com/open/
ET TROJAN Crimson RAT CnC Victim Details Exfil	Crimson RAT C2 연결 패킷 탐지	https://rules.emergingthreatspro.com/open/
ET TROJAN APT SideWinder CnC Domain in DNS Lookup	SideWinder APT C2 도메인 DNS Lookup 패킷 탐지	https://rules.emergingthreatspro.com/open/