악성코드 Networks

주간 탐지 룰(YARA, Snort) 정보 – 2024년 10월 2주차

  • 10월 09 2024
주간 탐지 룰(YARA, Snort) 정보 – 2024년 10월 2주차

AhnLab TIP 서비스에서 수집한, 공개된 YARA, Snort룰(2024년 10월 2주) 정보입니다.

  • 6 YARA Rules
탐지명 설명 출처
Py_Fuscate_Obfuscation Py-Fuscate 를 통해 난독화된 Python 스크립트 탐지 https://github.com/The-DFIR-Report/Yara-Rules
PK_Aruba_corona Aruba S.p.A.(이탈리아 호스팅 업체)를 사칭한 Phishing Kit 탐지 https://github.com/t4d/PhishingKit-Yara-Rules
PK_BRI_tarip Bank Rakyat Indonesia(인도네시아 은행)를 사칭한 Phishing Kit 탐지 https://github.com/t4d/PhishingKit-Yara-Rules
PK_Facebook_sykrit Facebook을 사칭한 Phishing Kit 탐지 https://github.com/t4d/PhishingKit-Yara-Rules
PK_Gmail_westgirl Gmail을 사칭한 Phishing Kit 탐지 https://github.com/t4d/PhishingKit-Yara-Rules
PK_Shopify_rd1979 Shopify(캐나다 전자상거래 플랫폼)을 사칭한 Phishing Kit 탐지 https://github.com/t4d/PhishingKit-Yara-Rules
  • 29 Snort Rules
탐지명 설명 출처
ET WEB_SPECIFIC_APPS Apache CloudStack SAML Authentication Bypass (CVE-2024-41107) Apache CloudStack SAML 인증 우회(CVE-2024-41107) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache HugeGraph Gremlin SecurityManager Reflection Filter Bypass (CVE-2024-27348) Apache HugeGraph Gremlin SecurityManager Reflection 필터 우회(CVE-2024-27348) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS PRTG Network Monitor Information Disclosure Attempt (CVE-2020-11547) PRTG Network Monitor 정보 유출 시도 (CVE-2020-11547) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Mitel Micollab Directory Traversal Attempt (CVE-2020-11798) Mitel Micollab Directory Traversal 시도 (CVE-2020-11798) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET EXPLOIT Zimbra postjournal RCE Attempt Inbound (CVE-2024-45519) Zimbra postjournal 원격 코드 실행 시도(CVE-2024-45519) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET TROJAN NamelessC2 SSL/TLS Certificate Observed NamelessC2 SSL/TLS 인증서 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache OFBiz Remote Code Execution via Path Confusion (CVE-2024-32113) Apache OFBiz 원격 코드 실행(CVE-2024-32113) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache OFBiz Server-Side Request Forgery (CVE-2024-45195) Apache OFBiz 서버 요청 위조(CVE-2024-45195) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Supermicro BMC IPMI Buffer Overflow (CVE-2024-36435) Supermicro BMC IPMI 버퍼 오버플로우(CVE-2024-36435) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET EXPLOIT Microsoft Office Spoofing to HTTP Redirect Inbound (CVE-2024-38200) Microsoft Office HTTP Redirect 를 통한 스푸핑 시도(CVE-2024-38200) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Zoho ManageEngine OpManager Directory Traversal Attempt (CVE-2020-12116) Zoho ManageEngine OpManager Directory Traversal 시도 (CVE-2020-12116) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Wavlink WN530H4 live_api.cgi ip Parameter Command Injection Attempt (CVE-2020-12124) Wavlink WN530H4 live_api.cgi ip 파라미터 코드 인젝션 시도(CVE-2020-12124) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Clobber API XMLRPC Template Injection (CVE-2021-40323) Clobber API XMLRPC Template 인젝션(CVE-2021-40323) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Clobber API XMLRPC Arbitrary File Upload (CVE-2021-40324) Clobber API XMLRPC 임의 파일 업로드(CVE-2021-40324) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET TROJAN Observed Malicious SSL Cert (Subject contains CN=c2server) 악성 SSL 인증서(Subject contains CN=c2server-2-2server) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET TROJAN Observed Malicious SSL Cert (Issuer contains CN=c2server) 악성 SSL 인증서(Issuer contains CN=c2server-2-2server) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Progress Flowmon OS Command Injection in Service:Pdfs:Confluence Module (CVE-2024-2389) Progress Flowmon OS 커멘드 인젝션 (CVE-2024-2389) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS CraftCMS Remote Code Execution via ConditionsController Object Creation (CVE-2023-41892) CraftCMS 원격 코드 실행(CVE-2023-41892) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Fortra FileCatalyst Workflow 5.x Arbitrary File Upload (CVE-2024-25153) Fortra FileCatalyst Workflow 임의 파일 업로드(CVE-2024-25153) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Ivanti EPM SQL Injection (CVE-2024-29824) Ivanti EPM SQL 인젝션(CVE-2024-29824) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET TROJAN NamelessC2 Implant Terminal Checkin NamelessC2 Implant 터미널 체크인 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache 2.4.0 -> 2.4.55 HTTP Smuggling Attempt M1 (CVE-2023-25690) Apache 2.4.0 -> 2.4.55 HTTP Smuggling 시도 (CVE-2023-25690) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache 2.4.0 -> 2.4.55 HTTP Smuggling Attempt M2 (CVE-2023-25690) Apache 2.4.0 -> 2.4.55 HTTP Smuggling 시도 (CVE-2023-25691) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache 2.4.0 -> 2.4.55 HTTP Smuggling Attempt M3 (CVE-2023-25690) Apache 2.4.0 -> 2.4.55 HTTP Smuggling 시도 (CVE-2023-25692) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache 2.4.0 -> 2.4.55 HTTP Smuggling Attempt M4 (CVE-2023-25690) Apache 2.4.0 -> 2.4.55 HTTP Smuggling 시도 (CVE-2023-25693) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache 2.4.0 -> 2.4.55 HTTP Smuggling Attempt M5 (CVE-2023-25690) Apache 2.4.0 -> 2.4.55 HTTP Smuggling 시도 (CVE-2023-25694) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache 2.4.0 -> 2.4.55 HTTP Smuggling Attempt M6 (CVE-2023-25690) Apache 2.4.0 -> 2.4.55 HTTP Smuggling 시도 (CVE-2023-25695) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache 2.4.0 -> 2.4.55 HTTP Smuggling Attempt M7 (CVE-2023-25690) Apache 2.4.0 -> 2.4.55 HTTP Smuggling 시도 (CVE-2023-25696) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET EXPLOIT glibc iconv Abitrary File Read RCE (CVE-2024-2961) glibc iconv 임의 파일 읽기 원격 코드 실행(CVE-2024-2961) 패킷 탐지 https://rules.emergingthreatspro.com/open/

2024-10_ASEC_Notes_2.yar

2024-10_ASEC_Notes_2_snort.rules
Previous Post

Next Post