주간 탐지 룰(YARA, Snort) 정보 – 2024년 9월 4주차
AhnLab TIP 서비스에서 수집한, 공개된 YARA, Snort룰(2024년 9월 4주) 정보입니다.
- 5 YARA Rules
| 탐지명 | 설명 | 출처 |
|---|---|---|
| PK_Bit_dnjwan | bitpay.co.il (이스라엘 결제 서비스)을 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_GovCA_krepto | Canadian Government (CRA)(캐나다 국세청)를 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_Square_RD971_2 | Square (금융 서비스)를 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_SwissPass_zoro | SwissPass (스위스 대중교통 카드)를 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_USPS_vensuxv | USPS (미국 우편서비스)를 사칭한 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
- 24 Snort Rules
| 탐지명 | 설명 | 출처 |
|---|---|---|
| ET TROJAN PS1/ExfiltracaoBot CnC Checkin | PS1/ExfiltracaoBot C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN PS1/ExfiltracaoBot CnC Command Inbound (ZIP_FILE) | PS1/ExfiltracaoBot C2 명령 유입 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN PS1/ExfiltracaoBot CnC Response (INFO_RECEIVED) | PS1/ExfiltracaoBot C2 응답 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Win32/Mesquito Loader Related Activity (GET) | Win32/Mesquito 로더 연관 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Zyxel NAS CGI Command Injection (CVE-2024-29972) | Zyxel NAS 커맨드 인젝션 취약점(CVE-2024-29972) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Zyxel NAS Unauthorized Command Injection in setCookie Parameter (CVE-2024-29973) | Zyxel NAS 커맨드 인젝션 취약점(CVE-2024-29973) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Zyxel NAS CGI Remote Code Execution via Configuration Upload (CVE-2024-29974) | Zyxel NAS 원격 코드 실행 취약점(CVE-2024-29974) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Zyxel NAS Privilege Escalation and Information Disclosure (CVE-2024-29976) | Zyxel NAS 권한상승 취약점(CVE-2024-29976) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Progress WhatsUp Gold GetFileWithoutZip Unauthenticated Remote Code Execution Attempt M1 – Payload Delivery (CVE-2024-4885) | WhatsUp Gold 원격 코드 실행 시도 취약점(CVE-2024-4885) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Progress WhatsUp Gold SetAdminPassword Privilege Escalation (CVE-2024-5009) | WhatsUp Gold 권한 상승 취약점(CVE-2024-5009) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Progress WhatsUp Gold GetFileWithoutZip Unauthenticated Remote Code Execution Attempt M2 – Outbound Admin Session Attempt (CVE-2024-4885) | WhatsUp Gold 원격 코드 실행 시도 취약점(CVE-2024-4885) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Progress WhatsUp Gold Pre-Auth WriteDataFile Directory Traversal RCE (CVE-2024-4883) | WhatsUp Gold Directory Traversal RCE 취약점(CVE-2024-4883) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN PeakLight/Emmenhtal Loader Payload Request | PeakLight/Emmenhtal 로더 페이로드 요청 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Progress WhatsUp Gold GetFileWithoutZip Unauthenticated Remote Code Execution Attempt M3 – Payload Retrieval Attempt (CVE-2024-4885) | WhatsUp Gold 원격 코드 실행 시도 취약점(CVE-2024-4885) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Hoverfly Arbitrary File Read via Traversal Attempt Inbound (CVE-2024-45388) | Hoverfly Traversal 을 이용한 File Read 취약점(CVE-2024-45388) 시도 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Progress WhatsUp Gold Pre-Auth Password Encrypt Primitive (CVE-2024-6670) | WhatsUp Gold 암호화된 패스워드 검색 취약점(CVE-2024-6670) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Progress WhatsUp Gold HasErrors SQL Injection Authentication Bypass (CVE-2024-6670) | WhatsUp Gold SQL Injection 인증 우회 취약점(CVE-2024-6670) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Ivanti Cloud Service Appliance Authenticated Command Injection (CVE-2024-8190) | Ivanti Cloud Service 커맨드 인젝션 취약점(CVE-2024-8190) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS WebIQ 2.15.9 Directory Traversal Attempt (CVE-2024-8752) | WebIQ Directory Traversal 취약점(CVE-2024-8752) 시도 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Zabbix Server Blind SQL Injection via clientip Parameter (CVE-2024-22120) | Zabbix Server Blind SQL Injection 취약점(CVE-2024-22120) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Unknown Info Stealer URI Structure | 인포스틸러 URI 구조 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS WordPress LiteSpeed Cache Plugin debug.log Access Attempt (CVE-2024-44000) | WordPress LiteSpeed Cache 플러그인 debug.log 접근 시도(CVE-2024-44000) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Cisco Smart Licensing Utility customer-cslu-lib-log.log Access Attempt (CVE-2024-20440) | Cisco Smart Licensing Utility customer-cslu-lib-log.log파일 접근 시도(CVE-2024-20440) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET CURRENT_EVENTS Suspected Generic Credential Phish Landing Page (2024-09-20) | 계정 탈취 피싱 랜딩 페이지 접근 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
