주간 탐지 룰(YARA, Snort) 정보 – 2025년 3월 2주차
AhnLab TIP 서비스에서 수집한, 공개된 YARA, Snort룰(2025년 3월 2주) 정보입니다.
- 5 YARA Rules
|
탐지명 |
설명 |
출처 |
|---|---|---|
| PK_Generic_RD127 | 일반적인 메일 자격 증명 스틸러 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_LIDL_ninja | LIDL(독일 식료품점) 을 사칭하는 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_MTBank_yochi2 | M&T Bank를 사칭하는 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_SpareBank_perso | SpareBank를 사칭하는 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
| PK_TrustWallet_next | TrustWallet을 사칭하는 Phishing Kit 탐지 | https://github.com/t4d/PhishingKit-Yara-Rules |
- 23 Snort Rules
|
탐지명 |
설명 |
출처 |
|---|---|---|
| ET WEB_SPECIFIC_APPS Naviko Unauthenticated Arbitrary File Read (CVE-2024-48248) | Naviko 비인가 임의 파일 읽기 (CVE-2024-48248) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Jenkins Chained Exploits CVE-2018-1000861 and CVE-2019-1003000 M3 | Jenkins Chained Exploits CVE-2018-1000861, CVE-2019-1003000) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Screenshot Exfiltration via Discord Webhook (POST) | Discord Webhooh 을 통한 Screenshot 유출 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN BeaverTail CnC Activity (POST) M1 | BeaverTail CnC 활동 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN BeaverTail CnC Activity (POST) M2 | BeaverTail CnC 활동 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN InvisibleFerret CnC Activity (GET) M4 | InvisibleFerret CnC 활동 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Win32/SocGholish GhostWeaver Backdoor Activity (PowerShell BOINC Download Request) | Win32/SocGholish GhostWeaver 백도어 활동 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN InvisibleFerret CnC Activity (GET) M5 | InvisibleFerret CnC 활동 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN InvisibleFerret CnC Activity (GET) M6 | InvisibleFerret CnC 활동 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Hitachi Vantara Pentaho Business Analytics Server Authorization Bypass and Remote Code Execution Attempt (CVE-2022-43769, 2022-43939) | Hitachi Vantara Pentaho Business Analytics Server 인증 우회 및 원격 코드 실행 시도 (CVE-2022-43769, CVE-2022-43939) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN InvisibleFerret CnC Activity (POST) M1 | InvisibleFerret CnC 활동 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN OtterCookie Host Profile Exfil | OtterCookie Host Profile 유출 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN OtterCookie CnC Command Inbound (whour) | OtterCookie CnC 커맨드 유입 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN OtterCookie File Exfiltration | OtterCookie 파일 유출 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN OtterCookie Victim Command Execution Confirmation To CnC Server | OtterCookie 피해자 커맨드 실행 확인 CnC 서버 전송 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN OtterCookie Payload Request | OtterCookie 페이로드 요청 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN AsyncRAT Installer Payload Request | AsyncRAT Installer 페이로드 요청 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN AsyncRAT Victim Checkin | AsyncRAT 피해자 체크인 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Cisco ASA/FTD Memory Leak Attempt (CVE-2020-3259) | Cisco ASA/FTD Memory Leak 시도 (CVE-2020-3259) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET ATTACK_RESPONSE ClickFix MSHTA Command Inbound | ClickFix MSHTA 커맨드 유입 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Observed POST to ClickFix Style URI M1 | ClickFix 스타일 URI POST 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET ATTACK_RESPONSE ClickFix CnC Response (Click Logged Successfully) | ClickFix CnC 응답 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Observed GET to ClickFix Style URI M1 | ClickFix 스타일 URI GET 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
