The following is the information on Yara and Snort rules (week 4, August 2024) collected and shared by the AhnLab TIP service.
- 6 YARA Rule
| Detection name | Description | Source |
|---|---|---|
| MAL_Driver_Gentilkiwibenjamindelpy_Mimidrv_Mimidrvmimikatz_AAF0 | Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header – mimidrv.sys | https://github.com/Neo23x0/signature-base |
| MAL_Driver_Gentilkiwibenjamindelpy_Mimidrv_Mimidrvmimikatz_DDF4 | Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header – mimidrv.sys | https://github.com/Neo23x0/signature-base |
| MAL_Driver_Gentilkiwibenjamindelpy_Mimidrv_Mimidrvmimikatz_0F58 | Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header – mimidrv.sys | https://github.com/Neo23x0/signature-base |
| MAL_Driver_Gentilkiwibenjamindelpy_Mimidrv_Mimidrvmimikatz_7662 | Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header – mimidrv.sys | https://github.com/Neo23x0/signature-base |
| MAL_Driver_Gentilkiwibenjamindelpy_Mimidrv_Mimidrvmimikatz_14B8 | Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header – mimidrv.sys | https://github.com/Neo23x0/signature-base |
| MAL_Driver_Gentilkiwibenjamindelpy_Mimidrv_Mimidrvmimikatz_41AD | Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header – mimidrv.sys | https://github.com/Neo23x0/signature-base |
- 2 Snort Rules
| Detection name | Source |
|---|---|
| ET TROJAN Quad7777 Botnet – Outbound Login Prompt from Compromised Endpoint | https://rules.emergingthreatspro.com/open/ |
| ET EXPLOIT OpenBMC slpd-lite Language Tag Length Memory Corruption Attempt (CVE-2024-41660) | https://rules.emergingthreatspro.com/open/ |
2024-08_ASEC_Notes_4_snort.rules
Article Link: Weekly Detection Rule (YARA and Snort) Information – Week 4, August 2024 – ASEC