주간 탐지 룰(YARA, Snort) 정보 – 2025년 1월 2주차
AhnLab TIP 서비스에서 수집한, 공개된 YARA, Snort룰(2025년 1월 2주) 정보입니다.
- 0 YARA Rules
- 10 Snort Rules
|
탐지명 |
설명 |
출처 |
|---|---|---|
| ET TROJAN Observed Malicious User-Agent (UNK_FlappyBird) | 악성 User-Agent (UNK_FlappyBird) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET SCAN ELF/Mirai Variant UDP (Inbound) M1 | Mirai 변종 UDP 유입 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET SCAN ELF/Mirai Variant UDP (Inbound) M2 | Mirai 변종 UDP 유입 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Earth Minotaur MOONSHINE Exploit Kit URI Struct Detected | Earth Minotaur MOOSHINE 익스플로잇킷 URI 구조 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Ducktail CnC Activity – Begin Download Command (POST) | DuckTail C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Ducktail Host Profile Exfiltration (POST) | DuckTail Host Profile 유출 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET CURRENT_EVENTS Darcula Landing Page 2024-01-03 | Darcula 랜딩 페이지 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Ducktail CnC Activity – UAC Bypass Confirmation (POST) | Ducktail C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Ducktail CnC Activity – Task Running Confirmation (POST) | Ducktail C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Ducktail CnC Checkin (GET) | Ducktail C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
