주간 탐지 룰(YARA, Snort) 정보 – 2024년 12월 4주차
AhnLab TIP 서비스에서 수집한, 공개된 YARA, Snort룰(2024년 12월 4주) 정보입니다.
- 5 YARA Rules
|
탐지명 |
설명 |
출처 |
|---|---|---|
| PK_BankID_poko | BankID(노르웨이 신원확인)를 사칭하는 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_DisneyPlus_blackforce | Disney Plus를 사칭하는 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_O365_itna1337 | Office365를 사칭하는 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_BanquePostale_z0n51_2 | la Banque Postale(프랑스 은행)를 사칭하는 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_antai_inun2 | 프랑스 ANTAI(교통위반 벌금) 포털을 사칭하는 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
- 27 Snort Rules
|
탐지명 |
설명 |
출처 |
|---|---|---|
| ET TROJAN Zloader User-Agent Observed (PresidentPutin) | Zloader User-Agent 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Zloader CnC Activity (POST) | Zloader C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Cleo MFT Arbitrary File Write (CVE-2024-55956) | Cleo MFT 임의 파일 쓰기(CVE-2024-55956) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN XiebroC2 CnC Activity KeepAlive M4 (Outbound) | Xiebro C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN XiebroC2 CnC Activity KeepAlive M4 (Inbound) | Xiebro C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN XiebroC2 CnC Activity SendInfo M4 (Outbound) | Xiebro C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN XiebroC2 CnC Activity Disconnect M4 (Outbound) | Xiebro C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN XiebroC2 CnC Activity List Process M4 (Outbound) | Xiebro C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Apache Struts2 Path Traversal Attempt Inbound M1 (CVE-2024-53677) | Apache Struts2 경로 탐색 시도(CVE-2024-53677) 패킷 유입 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Apache Struts2 Path Traversal Attempt Inbound M2 (CVE-2024-53677) | Apache Struts2 경로 탐색 시도(CVE-2024-53677) 패킷 유입 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Draytek mainfunction.cgi cvmcfgupload Command Injection Attempt (CVE-2020-15415) | Draytek mainfunction.cgi cvmcfgupload 커맨드 인젝션 시도(CVE-2020-15415) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Draytek mainfunction.cgi trustcaupload Command Injection Attempt (CVE-2023-1162) | Draytek mainfunction.cgi trustcaupload 커맨드 인젝션 시도(CVE-2023-1162) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Generic Powershell Loader Using Encryption Routine Inbound | Powershell Loader 암호화 루틴 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Draytek mainfunction.cgi commandTable parameter Command Injection Attempt (CVE-2023-24229) | Draytek mainfunction.cgi commandTable parameter 커맨드 인젝션(CVE-2023-24229) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS NUUO NVRmini upgrade_handle.php uploaddir Command Injection Attempt (CVE-2018-14933) | NUUO NVRmini upgrade_handle.php uploaddir 커맨드 인젝션(CVE-2018-14933) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Draytek mainfunction.cgi doCfgExport option Arbitrary File Read Attempt (CVE-2023-1009) | Draytek mainfunction.cgi doCfgExport option 임의 파일 읽기 시도(CVE-2023-1009) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Draytek mainfunction.cgi getSyslogFile option Arbitrary File Read Attempt (CVE-2023-1163) | Draytek mainfunction.cgi getSyslogFile option 임의 파일 읽기 시도(CVE-2023-1163) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Draytek mainfunction.cgi dumpSyslog option Arbitrary File Deletion Attempt (CVE-2023-6265) | Draytek mainfunction.cgi dumpSyslog option 임의 파일 삭제 시도(CVE-2023-6265) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Fortinet FortiWLM Unauthenticated Command Injection (CVE-2023-34993) | Fortinet FortiWLM 비인가 커맨드 인젝션(CVE-2023-34993) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Fortinet FortiWLM Unauthenticated Limited Arbitrary File Read | Fortinet FortiWLM 비인가 제한된 임의 파일 읽기 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Fortinet FortiWLM Authenticated Command Injection (CVE-2023-48782) | Fortinet FortiWLM 인증된 커맨드 인젝션(CVE-2023-48782) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Fortinet FortiWLM Unauthenticated Arbitrary File Read (CVE-2023-48783) | Fortinet FortiWLM 비인가 임의 파일 읽기(CVE-2023-48783) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Xenorat Default C2 Server Response Inbound | Xenorat 기본 C2 응답 유입 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Xenorat Default Handshake Inbound | Xenorat 기본 핸드셰이크 유입 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET EXPLOIT Fortinet FortiClient EMS SQL Injection (CVE-2023-48788) | Fortinet FortiClient EMS SQL 인젝션 (CVE-2023-48788) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET CURRENT_EVENTS Microsoft Windows Contacts Syslink Control href Attribute Escape (CVE-2022-44666) | Microsoft Windows Contacts Syslink Control href 속성 이스케이프(CVE-2022-44666) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Craft CMS Template Path Injection RCE (CVE-2024-56145) | Craft CMS Template 경로 인젝션 RCE (CVE-2024-56145) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
