주간 탐지 룰(YARA, Snort) 정보 – 2025년 2월 2주차
AhnLab TIP 서비스에서 수집한, 공개된 YARA, Snort룰(2025년 2월 2주) 정보입니다.
- 2 YARA Rules
|
탐지명 |
설명 |
출처 |
|---|---|---|
| PK_Binance_nuxt | Binance(암호화폐 거래) 를 사칭하는 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_MondialRelay_traffyque | Mondial Relay(프랑스 국제 택배)를 사칭하는 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
- 20 Snort Rules
|
탐지명 |
설명 |
출처 |
|---|---|---|
| ET POLICY Contec Health CMS8000 Patient Monitor Insecure Default HL7 Protocol Server IP (CVE-2025-0626) | Contec Health CMS8000 환자 모니터 안전하지 않은 기본 HL7 프로토콜 서버 IP(CVE-2025-0626) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET POLICY Contec Health CMS8000 Patient Monitor Insecure Default CMS Protocol Server IP (CVE-2025-0626) | Contec Health CMS8000 환자 모니터 안전하지 않은 기본 CMS 프로토콜 서버 IP(CVE-2025-0626) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS YETI Platform Server-Side Template Injection (CVE-2024-45607) | YETI 플랫폼 서버측 템플릿 인젝션 (CVE-2024-45607) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS SimpleHelp Support Server Unauthenticated Path Traversal (serverconfig.xml) (CVE-2024-57727) | SimpleHelp Support Server 비인가 경로 탐색(serverconfig.xml) (CVE-2024-57727) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Ivanti Endpoint Manager Unauthorized XML External Entity (CVE-2024-37397) | Ivanti Endpoint Manager 비인가 XML 외부 엔터티 (CVE-2024-37397) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS QNAP Viostor server.cgi SPECIFIC_SERVER Parameter Command Injection Attempt (CVE-2023-47565) | QNAP Viostor server.cgi SPECIFIC_SERVER 파라미터 커맨드 인젝션 시도(CVE-2023-47565) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS HPE Insights Remote Support XML External Entity Injection (CVE-2024-53675) | HPE Insights Remote Support XML 외부 엔터티 인젝션(CVE-2024-53675) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Ivanti Avalanche SmartDeviceServer XML External Entity Injection (CVE-2024-38653) | Ivanti Avalanche SmartDeviceServer XML 외부 엔터티 인젝션 (CVE-2024-38653) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS FXC AE1021 Series Router ntp.general.hostname Authenticated Command Injection Attempt (CVE-2023-49897) | FXC AE1021 Series Router ntp.general.hostname 인증된 커맨드 인젝션 시도(CVE-2023-49897) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET CURRENT_EVENTS Tycoon2FA Phishing Kit Style Evasion | Tycoon2FA Phishing Kit 스타일 회피 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET POLICY Plaintext SSH Private Key Outbound over HTTP | Plaintext SSH Private Key HTTP 를 통한 아웃바운드 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS DrayTek Gateway Web Management Interface OS Command Injection (CVE-2024-12987) | DrayTek Gateway Web Management Interface OS 커맨드 인젝션(CVE-2024-12987) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Ivanti EPM Cloud Services Appliance Backdoor Access Attempt (CVE-2021-44529) | Ivanti EPM Cloud Services Appliance Backdoor 접근 시도 (CVE-2021-44529) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Ivanti EPM Cloud Services Appliance Backdoor Response (CVE-2021-44529) | Ivanti EPM Cloud Services Appliance Backdoor 응답(CVE-2021-44529) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS D-Link DIR-605 getcfg.php Authentication Bypass Attempt (CVE-2021-40655) | D-Link DIR-605 getcfg.php 인증 우회 시도(CVE-2021-40655) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Possible Roundcube XSS via Malicious XML Attachment (CVE-2020-13965) | 악성 XML 첨부를 통한 Possible Roundcube XSS(CVE-2020-13965) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Onestart AI Host Profile Checkin (POST) | Onestart AI Host 프로필 체크인 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Onestart AI Program Version Checkin (POST) | OneStart AI 프로그램 버전 체크인 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Winos4.0 Framework CnC Checkin (x32.) | Winos4.0 Framework C2 체크인 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Winos4.0 Framework CnC Login Message CnC Server Response | Winos4.0 Framework C2 로그인 메시지 C2 서버 응답 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
