The following is the information on Yara and Snort rules (week 3, August 2024) collected and shared by the AhnLab TIP service.
- 7 YARA Rule
Detection name | Description | Source |
---|---|---|
PK_Cetelem_vara | Phishing Kit impersonating Cetelem | https://github.com/t4d/PhishingKit-Yara-Rules |
PK_Netflix_es | Phishing Kit impersonating Netflix | https://github.com/t4d/PhishingKit-Yara-Rules |
PK_WeTransfer_venza | Phishing Kit impersonating WeTransfer | https://github.com/t4d/PhishingKit-Yara-Rules |
PK_WhatsApp_arpantek | Phishing Kit impersonating WhatsApp | https://github.com/t4d/PhishingKit-Yara-Rules |
PK_impots_gouv_fr_waker2 | Phishing Kit impersonating impots.gouv.fr | https://github.com/t4d/PhishingKit-Yara-Rules |
- 10 Snort Rules
Detection name | Source |
---|---|
ET TROJAN Malvertising Loader User-Agent Observed (Magic Browser) | https://rules.emergingthreatspro.com/open/ |
ET TROJAN MOONSTONE SLEET APT Payload Delivery Attempt | https://rules.emergingthreatspro.com/open/ |
ET WEB_SPECIFIC_APPS Apache OFBiz Pre-Auth Remote Code Execution Attempt (CVE-2024-38856) | https://rules.emergingthreatspro.com/open/ |
ET TROJAN DeerStealer CnC Activity M1 | https://rules.emergingthreatspro.com/open/ |
ET TROJAN DeerStealer CnC Activity M2 | https://rules.emergingthreatspro.com/open/ |
ET TROJAN DeerStealer Telegram Bot Response | https://rules.emergingthreatspro.com/open/ |
ET TROJAN TA399/Sidewinder APT CnC Server Response | https://rules.emergingthreatspro.com/open/ |
ET TROJAN Microsoft Word HTTP Request for .rtf Payload | https://rules.emergingthreatspro.com/open/ |
ET TROJAN Microsoft Outlook Requesting .rtf | https://rules.emergingthreatspro.com/open/ |
ET TROJAN Possible TA399/SideWinder Related Empty .rtf Inbound | https://rules.emergingthreatspro.com/open/ |
2024-08_ASEC_Notes_3_snort.rules
Article Link: Weekly Detection Rule (YARA and Snort) Information – Week 3, August 2024 – ASEC