주간 탐지 룰(YARA, Snort) 정보 – 2025년 3월 3주차
AhnLab TIP 서비스에서 수집한, 공개된 YARA, Snort룰(2025년 3월 3주) 정보입니다.
- 0 YARA Rules
- 17 Snort Rules
|
탐지명 |
설명 |
출처 |
|---|---|---|
| ET WEB_SPECIFIC_APPS D-Tale Filter Query Command Injection Attempt (CVE-2025-0655) | D-Tale Filter Query 커맨드 인젝션(CVE-2025-0655) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET EXPLOIT [CORELIGHT] – CVE-2025-27218 Sitecore unsafe deserialization attempt | [CORELIGHT] – CVE-2025-27218 Sitecode 안전하지 않은 역직렬화 시도 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Apache Camel Message Header Injection (CVE-2025-27636) | Apache Camel Message Header 인젝션(CVE-2025-27636) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS DocsGPT Remote Code Execution Attempt (CVE-2025-0868) | DocsGPT 원격 코드 실행 시도(CVE-2025-0868) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Cockpit Authenticated Arbitrary PHP File Upload (CVE-2025-1025) | Cockpit 인증된 임의 파일 업로드(CVE-2025-1025) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS KLog Server Directory Traversal Attempt (CVE-2025-1035) | KLog Server 경로 탐색 시도(CVE-2025-1035) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) | PHP-CGI OS 커맨드 인젝션(soft hyphen) (CVE-2024-4577) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Apache Tomcat Path Equivalence (CVE-2025-24813) | Apache Tomcat 경로 동등성(CVE-2025-24813) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN Observed DNS Query to Rasuq Force Domain | Rasuq Force 도메인 DNS 쿼리 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS GLPI Pre-auth SQL Injection (CVE-2025-24799) | GLPI 사전 인증 SQL 인젝션(CVE-2025-24799) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET CURRENT_EVENTS TA453 Google Drive Lookalike (drives .googles. * .site) | TA453 Google Drive 사칭 (drives .googles. * . site) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET CURRENT_EVENTS TA453 Google Drive Lookalike (drives .googles. * .site) | TA453 Google Drive 사칭 (drives .googles. * . site) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET WEB_SPECIFIC_APPS Apache Camel Message Header Injection in URI (CVE-2025-29891) | Apache Camel Message Header 인젝션 (CVE-2025-29891) 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN TINYSHELL impad Variant Encrypted Auth Token | TINYSHELL impad 변종 암호화된 인증 토큰 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN TINYSHELL impad Variant Command Packet | TINYSHELL impad 변종 커맨드 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN TINYSHELL irad Variant ICMP Inbound (uSarguuS62bKRA0J) | TINYSHELL irad 변동 ICMP 유입 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
| ET TROJAN TINYSHELL irad Variant ICMP Inbound (1spCq0BMbJwCoeZn) | TINYSHELL irad 변동 ICMP 유입 패킷 탐지 | https://rules.emergingthreatspro.com/open/ |
