주간 탐지 룰(YARA, Snort) 정보 – 2025년 1월 3주차
AhnLab TIP 서비스에서 수집한, 공개된 YARA, Snort룰(2025년 1월 3주) 정보입니다.
- 5 YARA Rules
|
탐지명 |
설명 |
출처 |
|---|---|---|
| PK_BancaTransilvania_bt24 | BancaTransilvania(루마니아 은행) 를 사칭하는 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_DHL_wespam | DHL을 사칭하는 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_IdahoCentralCU_prohqcker | Idaho Central Credit Union(미국 신용조합)을 사칭하는 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_Binance_kr3pto | Binance(암호화폐 거래소)를 사칭하는 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_CPF_lead | MonCompteFormation(프랑스 정부 교육서비스)을 사칭하는 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
- 18 Snort Rules
|
탐지명 |
설명 |
출처 |
|---|---|---|
| ET TROJAN Telemiris CnC Checkin | Telemiris C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN ShadowROOT RAT Malicious SSL Cert Serial Observed M1 | ShadowROOT RAT 악성 SSL 인증서 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN ShadowROOT RAT Malicious SSL Cert Serial Observed M2 | ShadowROOT RAT 악성 SSL 인증서 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN ShadowROOT RAT Malicious SSL Cert Subject Observed (GGliberium44) | ShadowROOT RAT 악성 SSL 인증서 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN GammaLoad CnC Activity (GET) | GammaLoad C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN ShadowROOT RAT Malicious SSL Certificate Issuer Observed (GGliberium44) | ShadowROOT RAT 악성 SSL 인증서 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Sheet RAT CnC Checkin | Sheet RAT C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET EXPLOIT Microsoft LDAP Referral Response Inbound (CVE-2024-49113) | Microsoft LDAP 리퍼럴 응답 유입(CVE-2024-49113) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN CryptBot CnC Checkin | CryptBot C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN CryptBot Data Exfiltration Attempt | CryptBot Data 유출 시도 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Kerio Control CRLF Injection via dest Parameter (CVE-2024-52875) | Kerio Control dest 파라미터를 통한 CRLF 인젝션(CVE-2024-52875) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Kerio Control HTTP Response Splitting (CVE-2024-52875) | Kerio Control HTTP 응답 분할(CVE-2024-52875) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Konni APT CnC Checkin (GET) | Konni APT C2 연결 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Ivanti Connect Secure Host Checker Recon (CVE-2025-0282) | Ivanti Connect Secure 호스트 체커 정보 수집(CVE-2025-0282) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN PHASEJAM Web Shell Activity Observed M1 | PHASEJAM Web Shell 활동 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN PHASEJAM Web Shell Activity Observed M2 | PHASEJAM Web Shell 활동 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS [Perch Security] Nagios XI Web SSH Terminal sshterm Cross-Site Scripting (CVE-2021-25299) | Perch Security Nagios XI 웹 SSH 터미널 sshterm 크로스 사이트 스크립팅(CVE-2021-25299) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Roundcube rcube_washtml.php SVG Cross-Site Scripting (CVE-2023-5631) | Roundcube rcube_washtml.php SVG 크로스 사이트 스크립팅(CVE-2023-5631) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
