악성코드 Networks

주간 탐지 룰(YARA, Snort) 정보 – 2024년 10월 1주차

  • 10월 02 2024
주간 탐지 룰(YARA, Snort) 정보 – 2024년 10월 1주차

AhnLab TIP 서비스에서 수집한, 공개된 YARA, Snort룰(2024년 10월 1주) 정보입니다.

  • 6 YARA Rules
탐지명 설명 출처
SUSP_EXPL_LNX_CUPS_CVE_2024_47177_Sep24 CUPS Remote code Execution 취약점(CVE-2024-47177) 탐지 https://github.com/Neo23x0/signature-base
PK_Aruba_ar06 Aruba S.p.A. (이탈리아 웹 호스팅)를 사칭한 Phishing Kit 탐지 https://github.com/t4d/PhishingKit-Yara-Rules
PK_DHL_x911_2 DHL을 사칭한 Phishing Kit 탐지 https://github.com/t4d/PhishingKit-Yara-Rules
PK_Netflix_sql Netflix를 사칭한 Phishing Kit 탐지 https://github.com/t4d/PhishingKit-Yara-Rules
PK_Orange_vito Orange(프랑스 통신회사)를 사칭한 Phishing Kit 탐지 https://github.com/t4d/PhishingKit-Yara-Rules
PK_Wix_ronin Wise.com(국제 송금 서비스 제공 핀테크)를 사칭한 Phishing Kit 탐지 https://github.com/t4d/PhishingKit-Yara-Rules
  • 34 Snort Rules
탐지명 설명 출처
ET WEB_SERVER Adobe ColdFusion Arbitrary File Read Vulnerability M1 – UUID Leak Via servermanager.cfc getHeartBeat Method (CVE-2024-20767) Adobe ColdFusion 임의 파일 읽기 취약점(CVE-2024-20767) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SERVER Adobe ColdFusion Arbitrary File Read Vulnerability M3 – Heap Memory Dump Module Unauthorized Memory Dump Attempt (CVE-2024-20767) Adobe ColdFusion 임의 파일 읽기 취약점(CVE-2024-20767) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET ATTACK_RESPONSE Fake MS Office Lure Containing Powershell Inbound (M1) MS Office 사칭 Powershell 인바운드 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET ATTACK_RESPONSE Fake MS Office Lure Containing Powershell Inbound (M2) MS Office 사칭 Powershell 인바운드 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS CloudPanel Insecure file-manager Cookie Authentication File Creation (CVE-2023-35885) CloudPanel 쿠키 인증 파일 생성 취약점(CVE-2023-35885) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS CloudPanel Insecure file-manager Cookie Authentication Content Upload (CVE-2023-35885) CloudPanel 쿠키 인증 파일 업로드 취약점(CVE-2023-35885) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS CloudPanel Insecure file-manager Cookie Authentication File Permission Modification (CVE-2023-35885) CloudPanel 쿠키 인증 파일 권한수정 취약점(CVE-2023-35885) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Atlassian Confluence Data Center and Server Authenticated RCE (CVE-2024-21683) Atlassian Confluence 데이터 센터 및 서버 인증 RCE 취약점(CVE-2024-21683) 패킷탐지 https://rules.emergingthreatspro.com/open/
ET TROJAN BadSpace/WarmCookie CnC Activity (GET) M2 BadSpace/WarmCookie C2 연결 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Progress Kemp Loadmaster Unauthenticated Command Injection (CVE-2024-1212) Progress Kemp Loadmaster 비인가 명령어 삽입 취약점(CVE-2024-1212) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET CURRENT_EVENTS Parking Penalty Phish Kit Admin Landing Page M1 2024-09-23 주차 벌금 피싱 킷 관리자 랜딩 페이지 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET CURRENT_EVENTS Parking Penalty Phish Kit Admin Landing Page M2 2024-09-23 주차 벌금 피싱 킷 관리자 랜딩 페이지 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET CURRENT_EVENTS Parking Penalty Phish Kit Admin Landing Page M3 2024-09-23 주차 벌금 피싱 킷 관리자 랜딩 페이지 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Cisco Smart Licensing Utility API Hardcoded Admin Credentials (CVE-2024-20439) Cisco Smart Licensing 유틸리티 API의 하드코딩된 관리자 자격 증명 접근(CVE-2024-20439) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET EXPLOIT Cisco Smart Software Manager On-Prem (SSM On-Prem) Unauthenticated Password Change Attempt (CVE-2024-20419) Cisco Smart Software Manager 비인가 패스워드 변경 시도(CVE-2024-20419) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET EXPLOIT Cisco Smart Software Manager On-Prem (SSM On-Prem) Successful Unauthenticated Password Change (CVE-2024-20419) Cisco Smart Software Manager 비인가 패스워드 변경 성공(CVE-2024-20419) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS SolarWinds Web Help Desk Hardcoded Credentials Information Leak (CVE-2024-28987) SolarWinds Web Help 유틸리티 Hardcoded의 하드코딩된 관리자 자격 증명 접근(CVE-2024-28987) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Vulnerable aiohttp Server Version Response (CVE-2024-23334) 취약한 aiohttp Server 버전 응답(CVE-2024-23334) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET TROJAN Microsoft Office 365 Cred Phish (2024-09-25) Microsoft Office 365 자격 증명 피싱 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS F5 BIG-IP Next Central Manager OData Injection (CVE-2024-21793) F5 BIG-IP Next Central Manager OData 인젝션(CVE-2024-21793) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS W&B Weave Server Arbitrary File Leak (CVE-2024-7340) W&B Weave Server 임의 파일 유출(CVE-2024-7340) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS F5 BIG-IP Next Central Manager SQL Injection (CVE-2024-26026) F5 BIG-IP Next Central Manager SQL Injection(CVE-2024-26026) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Ivanti Virtual Traffic Manager (vTM) Authentication Bypass (CVE-2024-7593) Ivanti Virtual Traffic Manager 인증 우회 취약점(CVE-2024-7593) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET EXPLOIT .NET Remoting SoapServerFormatterSink ObjRef Leak (CVE-2024-29059) .NET Remoting SoapServerFormatterSink ObjRef 유출(CVE-2024-29059) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET EXPLOIT .NET Remoting BinaryServerFormatterSink ObjRef Leak (CVE-2024-29059) .NET Remoting BinaryServerFormatterSink ObjRef 유출(CVE-2024-29059) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache Spark OS Command Injection (CVE-2023-32007) Apache Spark OS 커맨드 인젝션 (CVE-2023-32007) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Adobe Commerce / Magento Pre-Authentication XML Entity Injection (CVE-2024-34102) Adobe Commerce / Magento 사전 인증 XML 엔티티 인젝션(CVE-2024-34102) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Geoserver JT-Jiffle Extension Code Injection (CVE-2022-24816) Geoserver JT-Jiffle Extension 코드 인젝션(CVE-2022-24816) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET EXPLOIT Veeam Backup & Replication Cloud Connect RCE Attempt Inbound (CVE-2023-27532) Veeam Backup & Replication Cloud Connnect RCE 시도 (CVE-2023-27532) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Totolink CP450 Information Disclosure via product.ini (CVE-2024-7332) Totolink CP450 product.ini 를 통한 정보 유출(CVE-2024-7332) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Raisecom MSG Series Gateway Command Injection Attempt (CVE-2024-7120) Raisecom MSG 시리즈 게이트웨이 커맨드 인젝션 시도(CVE-2024-7120) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS SonicWall SMA1000 Directory Traversal Attempt (CVE-2023-0126) SonicWall SMA1000 Directory Traversal 시도(CVE-2023-0126) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET CURRENT_EVENTS Generic Credential Phish Landing Page (jsnom.js) 자격 증명 피싱 랜딩 페이지 연결 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET CURRENT_EVENTS Generic Credential Phish Fingerprinting Activity (Base64 Vars Detected &rand=, &sv=, &uid=) 자격 증명 피싱 Fingerprinting 패킷 탐지 https://rules.emergingthreatspro.com/open/

 

2024-10_ASEC_Notes_1.yar

2024-10_ASEC_Notes_1_snort.rules
Previous Post

Next Post