악성코드 Networks

주간 탐지 룰(YARA, Snort) 정보 – 2024년 11월 4주차

  • 11월 27 2024
주간 탐지 룰(YARA, Snort) 정보 – 2024년 11월 4주차

AhnLab TIP 서비스에서 수집한, 공개된 YARA, Snort룰(2024년 11월 4주) 정보입니다.

  • 5 YARA Rules
탐지명 설명 출처
PK_Amazon_hitman Amazon 을 사칭하는 Phishing Kit 탐지 https://github.com/t4d/PhishingKit-Yara-Rules
PK_Nedbank_sql Nedbank(남아공은행)를 사칭하는 Phishing Kit 탐지 https://github.com/t4d/PhishingKit-Yara-Rules
PK_Barclays_offshore Barclays(영국은행)를 사칭하는 Phishing Kit 탐지 https://github.com/t4d/PhishingKit-Yara-Rules
PK_OneDrive_awake OneDrive를 사칭하는 Phishing Kit 탐지 https://github.com/t4d/PhishingKit-Yara-Rules
PK_Chase_emma Chase(미국은행)를 사칭하는 Phishing Kit 탐지 https://github.com/t4d/PhishingKit-Yara-Rules
  • 18 Snort Rules
탐지명 설명 출처
ET WEB_SPECIFIC_APPS Symphony PHP Symfony Profiler Environment Manipulation (CVE-2024-50340) Symphony PHP Symfony Profiler Environment 조작(CVE-2024-50340) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET EXPLOIT Fortinet FortiManager File Transfer Handle Response Fortinet FortiManager 파일 전송 핸들 응답 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET EXPLOIT Fortinet FortiManager Unauthenticated Remote Code Execution (CVE-2024-47575) M1 Fortinet FortiManager 비인가 원격 코드 실행(CVE-2024-47575) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET EXPLOIT Fortinet FortiManager Unauthenticated Open Server-Side Channel Fortinet FortiManager 비인가 Server-Side 채널 오픈 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET EXPLOIT Fortinet FortiManager Unauthenticated Remote Code Execution (CVE-2024-47575) M2 Fortinet FortiManager 비인가 원격 코드 실행(CVE-2024-47575) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS pyLoad Remote Code Execution via js2py Sandbox Escape (CVE-2024-39205) pyLoad 원격 코드 실행 (CVE-2024-39205) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS WordPress WPLMS Learning Management System Directory Traversal WordPress WPLMS Learning Management Syystem 디렉토리 탐색 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Palo Alto PAN-OS Authentication Bypass (CVE-2024-0012) Palo Alto PAN-OS 인증 우회(CVE-2024-0012) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Palo Alto PAN-OS Command Injection in User Parameter Palo Alto PAN-OS 커맨드 인젝션 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET EXPLOIT Progress Kemp LoadMaster RCE Attempt Inbound (CVE-2024-1212) Progress Kemp LoadMaster 원격 코드 실행 시도 유입(CVE-2024-1212) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Palo Alto Expedition Remote Code Execution (CVE-2024-9463) Palo Alto Expedition 원격 코드 실행(CVE-2024-9463) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET TROJAN Strela Stealer CnC Activity Strela Stealer C2 연결 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Cisco ASA WebVPN Cross-Site Scripting (CVE-2014-2120) Cisco ASA WebCPN CSS 취약점(CVE-2014-2120) 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET TROJAN Snake/Best Private Keylogger CnC Exfil Via Telegram Snake/Best 키로거 텔레그램을 통한 데이터 유출 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET ATTACK_RESPONSE Clickfix Payload Inbound (Portuguese) Clickfix 페이로드 유입 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET TROJAN Clickfix Style Post-Infection CnC Request (GET) Clickfix Style C2 연결 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET TROJAN Glove Stealer C2 Response Glove Stealer C2 응답 패킷 탐지 https://rules.emergingthreatspro.com/open/
ET TROJAN Glove Stealer Data Exfiltration Attempt Glove Stealer 데이터 유출 시도 패킷 탐지 https://rules.emergingthreatspro.com/open/

2024-11_ASEC_Notes_4.yar

2024-11_ASEC_Notes_4_snort.rules
Previous Post

Next Post