Yara Rule - 2024 년에 생성 된 의심스러운 ScreenConnect 사용자를 감지하지만 로그인 없이는 Connectwise ScreenConnect (23.9.8 이전 버전) 취약점의 악용 징후가 될 수 있습니다. 관련 IOC 3개 발견
Yara 정의.
Neo23x0
Yara Rule - Detects suspicious ScreenConnect user created in 2024 but without any login, which could be a sign of exploitation of the ConnectWise ScreenConnect (versions prior to 23.9.8) vulnerability that allows an Authentication Bypass
Yara definition.
https://github.com/Neo23x0/signature-base/commit/8e14358f45d9d231d80ff751f1fadc4d19e5bed4