주간 탐지 룰(YARA, Snort) 정보 – 2024년 12월 3주차
AhnLab TIP 서비스에서 수집한, 공개된 YARA, Snort룰(2024년 12월 3주) 정보입니다.
- 6 YARA Rules
|
탐지명 |
설명 |
출처 |
|---|---|---|
| EXPL_Cleo_Exploitation_Log_Indicators_Dec24 | Cleo 익스플로잇 로그 탐지 | https://github.com/Neo23x0/signature-base |
| EXPL_Cleo_Exploitation_PS1_Indicators_Dec24 | Cleo 익스플로잇 Powershell 스크립트 탐지 | https://github.com/Neo23x0/signature-base |
| SUSP_EXPL_JAR_Indicators_Dec24 | 의심스러운 JAR 익스플로잇 탐지 | https://github.com/Neo23x0/signature-base |
| EXPL_Cleo_Exploitation_XML_Indicators_Dec24 | Cleo 익스플로잇 XML 탐지 | https://github.com/Neo23x0/signature-base |
| EXPL_Cleo_Exploitation_JAVA_Payloads_Dec24_1_1 | Cleo 익스플로잇 JAVA 페이로드 탐지 | https://github.com/Neo23x0/signature-base |
| EXPL_Cleo_Exploitation_JAVA_Payloads_Dec24_2 | Cleo 익스플로잇 JAVA 페이로드 탐지 | https://github.com/Neo23x0/signature-base |
- 25 Snort Rules
|
탐지명 |
설명 |
출처 |
|---|---|---|
| ET TROJAN Retdoor CnC Checkin | Retdoor C2연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN QuickResponseC2 Default Tasking Struct | QuickReponse C2 기본 작업 구조 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN QuickResponseC2 Default Response Struct | QuickReponse C2 기본 응답 구조 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN PeakLight/Emmenhtal Loader Payload Delivery Template Observed | PeakLight/Emmenhtal Loader 페이로드 전달 템플릿 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN PeakLight/Emmenhtal Loader Payload Delivery WebPage Observed | PeakLight/Emmenhtal Loader 페이로드 전달 웹페이지 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Cleo MFT Arbitrary File Write (CVE-2024-50623) | Cleo MFT 임의 파일 쓰기(CVE-2024-50623) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Cleo MFT Arbitrary File Read (CVE-2024-50623) | Cleo MFT 임의 파일 읽기(CVE-2024-50623) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET CURRENT_EVENTS Generic Office365 Phish Landing Page (2024-12-12) | Office365 피싱 랜딩 페이지 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Github Enterprise S3 OIDC Command Injection Attempt (CVE-2024-0507) | Github Enterprise S3 OIDC 커맨드 인젝션 시도(CVE-2024-0507) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Github Enterprise Unsafe Reflection Information Leak Attempt (CVE-2024-0200) | Github Enterprise 정보 유출 시도 (CVE-2024-0200) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN XiebroC2 CnC Activity KeepAlive M1 (Outbound) | Xiebro C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN XiebroC2 CnC Activity KeepAlive M2 (Outbound) | Xiebro C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN XiebroC2 CnC Activity KeepAlive M3 (Outbound) | Xiebro C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN XiebroC2 CnC Activity KeepAlive M1 (Inbound) | Xiebro C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN XiebroC2 CnC Activity KeepAlive M2 (Inbound) | Xiebro C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN XiebroC2 CnC Activity KeepAlive M3 (Inbound) | Xiebro C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN XiebroC2 CnC Activity SendInfo M1 (Outbound) | Xiebro C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN XiebroC2 CnC Activity SendInfo M2 (Outbound) | Xiebro C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN XiebroC2 CnC Activity SendInfo M3 (Outbound) | Xiebro C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN XiebroC2 CnC Activity, Disconnect M1 (Outbound) | Xiebro C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN XiebroC2 CnC Activity Disconnect M2 (Outbound) | Xiebro C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN XiebroC2 CnC Activity, Disconnect M3 (Outbound) | Xiebro C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN XiebroC2 CnC Activity List Process M1 (Outbound) | Xiebro C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN XiebroC2 CnC Activity List Process M2 (Outbound) | Xiebro C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN XiebroC2 CnC Activity List Process M3 (Outbound) | Xiebro C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
