Weekly Detection Rule (YARA and Snort) Information – Week 3, August 2024

The following is the information on Yara and Snort rules (week 3, August 2024) collected and shared by the AhnLab TIP service.

  • 7 YARA Rule
Detection name Description Source
PK_Cetelem_vara Phishing Kit impersonating Cetelem https://github.com/t4d/PhishingKit-Yara-Rules
PK_Netflix_es Phishing Kit impersonating Netflix https://github.com/t4d/PhishingKit-Yara-Rules
PK_WeTransfer_venza Phishing Kit impersonating WeTransfer https://github.com/t4d/PhishingKit-Yara-Rules
PK_WhatsApp_arpantek Phishing Kit impersonating WhatsApp https://github.com/t4d/PhishingKit-Yara-Rules
PK_impots_gouv_fr_waker2 Phishing Kit impersonating impots.gouv.fr https://github.com/t4d/PhishingKit-Yara-Rules
  • 10 Snort Rules
Detection name Source
ET TROJAN Malvertising Loader User-Agent Observed (Magic Browser) https://rules.emergingthreatspro.com/open/
ET TROJAN MOONSTONE SLEET APT Payload Delivery Attempt https://rules.emergingthreatspro.com/open/
ET WEB_SPECIFIC_APPS Apache OFBiz Pre-Auth Remote Code Execution Attempt (CVE-2024-38856) https://rules.emergingthreatspro.com/open/
ET TROJAN DeerStealer CnC Activity M1 https://rules.emergingthreatspro.com/open/
ET TROJAN DeerStealer CnC Activity M2 https://rules.emergingthreatspro.com/open/
ET TROJAN DeerStealer Telegram Bot Response https://rules.emergingthreatspro.com/open/
ET TROJAN TA399/Sidewinder APT CnC Server Response https://rules.emergingthreatspro.com/open/
ET TROJAN Microsoft Word HTTP Request for .rtf Payload https://rules.emergingthreatspro.com/open/
ET TROJAN Microsoft Outlook Requesting .rtf https://rules.emergingthreatspro.com/open/
ET TROJAN Possible TA399/SideWinder Related Empty .rtf Inbound https://rules.emergingthreatspro.com/open/

2024-08_ASEC_Notes_3_snort.rules

2024-08_ASEC_Notes_3.yar

Article Link: Weekly Detection Rule (YARA and Snort) Information – Week 3, August 2024 – ASEC