주간 탐지 룰(YARA, Snort) 정보 – 2025년 3월 1주차
AhnLab TIP 서비스에서 수집한, 공개된 YARA, Snort룰(2025년 3월 1주) 정보입니다.
- 1 YARA Rules
|
탐지명 |
설명 |
출처 |
|---|---|---|
| sig_27244_metasploit_hta_stager | UsySLX1n.hta 파일 탐지 | https://github.com/The-DFIR-Report/Yara-Rules |
- 23 Snort Rules
|
탐지명 |
설명 |
출처 |
|---|---|---|
| ET WEB_SPECIFIC_APPS Paessler PRTG Notification Command Injection Attempt (CVE-2018-9276) | Paessler PRTG Notification 커맨드 인젝션 시도(CVE-2018-9276) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET EXPLOIT Exim SQLite (DBM) Injection (CVE-2025-26794) | Exim SQLite (DBM) 인젝션(CVE-2025-26794) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Divulge Stealer CnC Checkin | Divulge Stealer C2 체크인 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Divulge Stealer Data Exfiltration Attempt | Divulge Stealer 데이터 유출 시도 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET CURRENT_EVENTS Darcula Credential Phish Socket Response 2025-02-27 | Darcula Credential Phishing 소켓 응답 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET CURRENT_EVENTS Darcula Credential Phish Landing Page M1 2025-02-27 | Darcula Credential Phishing 랜딩페이지 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET CURRENT_EVENTS Darcula Credential Phish Landing Page M2 2025-02-27 | Darcula Credential Phishing 랜딩페이지 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS ServiceNow Command Injection Attempt (CVE-2024-5217,2024-4879) M1 | ServiceNow 커맨드 인젝션 시도(CVE-2024-5217,2024-4879) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS ServiceNow Command Injection Attempt (CVE-2024-5217,2024-4879) M2 | ServiceNow 커맨드 인젝션 시도(CVE-2024-5217,2024-4879) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS ServiceNow Command Injection Attempt (CVE-2024-5217,2024-4879) M3 | ServiceNow 커맨드 인젝션 시도(CVE-2024-5217,2024-4879) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS ServiceNow Command Injection Attempt (CVE-2024-5217,2024-4879) M4 | ServiceNow 커맨드 인젝션 시도(CVE-2024-5217,2024-4879) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Cisco Small Business Router RV Series Command Injection (CVE-2023-20118) M1 | Cisco Small Business Router RV Series 커맨드 인젝션(CVE-2023-20118) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Cisco Small Business Router RV Series Command Injection (CVE-2023-20118) M2 | Cisco Small Business Router RV Series 커맨드 인젝션(CVE-2023-20118) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Cisco Small Business Router RV Series Command Injection (CVE-2023-20128) | Cisco Small Business Router RV Series 커맨드 인젝션(CVE-2023-20128) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS MITRE Caldera Remote Code Execution (CVE-2025-27364) | MITRE Caldera 원격 코드 실행(CVE-2025-27364) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Observed Malicious SSL Cert Associated with PolarEdge Botnet M1 | PolarEdge 봇넷과 관련된 악성 SSL 인증서 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Observed Malicious SSL Cert Associated with PolarEdge Botnet M2 | PolarEdge 봇넷과 관련된 악성 SSL 인증서 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Observed Malicious SSL Cert Associated with PolarEdge Botnet M3 | PolarEdge 봇넷과 관련된 악성 SSL 인증서 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Observed Malicious SSL Cert Associated with PolarEdge Botnet M4 | PolarEdge 봇넷과 관련된 악성 SSL 인증서 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN PolarEdge Webshell Installation attempt | PolarEdge 웹쉘 설치 시도 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN PolarEdge Webshell Activity | PolarEdge 웹쉘 활동 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN PolarEdge TLS Backdoor Installation Attempt | PolarEdge TLS 백도어 설치 시도 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN PolarEdge CnC Checkin | PolarEdge C2 체크인 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
