시그니처 리스트, Signature List
번호날짜ID시그니처 (Total Ruleset: 27,111개)
9,0112015/01/20 2011525  ET POLICY OpenSSL Demo Cert Exchange;  
9,0102015/01/20 2011524  ET DELETED Knok.php Shiz or Rohimafo Host Information Submission to CnC Server; [1,2,3,4
9,0092015/01/20 2011523  ET TROJAN Shiz or Rohimafo Reporting Listening Socket to CnC Server; [1,2,3,4
9,0082015/01/20 2011522  ET DELETED Shiz or Rohimafo config loaded; [1,2,3,4
9,0072015/01/20 2011521  ET DELETED Shiz or Rohimafo config download; [1,2,3,4
9,0062015/01/20 2011520  ET TROJAN Knock.php Shiz or Rohimafo CnC Server Contact URL; [1,2,3,4
9,0052015/01/20 2011519  ET WEB_CLIENT Possible Adobe Acrobat Reader Newclass Invalid Pointer Remote Code Execution Attempt; [1
9,0042015/01/20 2011518  ET MALWARE Outbound AlphaServer User-Agent (Powered By 64-Bit Alpha Processor);  
9,0032015/01/20 2011517  ET MALWARE Inbound AlphaServer User-Agent (Powered By 64-Bit Alpha Processor);  
9,0022015/01/20 2011515  ET DELETED Phoenix Exploit Kit - collab.pdf;  
9,0012015/01/20 2011514  ET DELETED Phoenix Exploit Kit - tmp/flash.swf;  
9,0002015/01/20 2011513  ET DELETED Possible Phoenix Exploit Kit - PROPFIND AVI;  
8,9992015/01/20 2011512  ET DOS ntop Basic-Auth DOS outbound; [1,2,3
8,9982015/01/20 2011511  ET DOS ntop Basic-Auth DOS inbound; [1,2,3
8,9972015/01/20 2011510  ET DELETED DRIVEBY Eleonore - landing page;  
8,9962015/01/20 2011509  ET ACTIVEX Possible Novell iPrint Client Browser Plugin ExecuteRequest debug Parameter Stack Overflow Attempt; [1,2
8,9952015/01/20 2011507  ET WEB_CLIENT PDF With Embedded File; [1
8,9942015/01/20 2011506  ET WEB_CLIENT PDF With eval Function - Possibly Hostile; [1
8,9932015/01/20 2011505  ET WEB_CLIENT PDF With Embedded Flash, Possible Remote Code Execution Attempt; [1
8,9922015/01/20 2011504  ET WEB_CLIENT String Replace in PDF File, Likely Hostile; [1
8,9912015/01/20 2011503  ET EXPLOIT Successful Etrust Secure Transaction Platform Identification and Entitlements Server File Disclosure Attempt; [1,2
8,9902015/01/20 2011502  ET EXPLOIT Possible Etrust Secure Transaction Platform Identification and Entitlements Server File Disclosure Attempt; [1,2
8,9892015/01/20 2011501  ET WEB_CLIENT Possible Adobe CoolType Smart INdependent Glyplets - SING - Table uniqueName Stack Buffer Overflow Attempt; [1
8,9882015/01/20 2011500  ET WEB_CLIENT Possible Adobe Acrobat and Reader Pushstring Memory Corruption Attempt; [1
8,9872015/01/20 2011499  ET WEB_CLIENT PDF With Embedded Adobe Shockwave Flash, Possibly Related to Remote Code Execution Attempt; [1
8,9862015/01/20 2011497  ET SCAN Hydra User-Agent; [1
8,9852015/01/20 2011496  ET TROJAN Executable Download named to be FQDN; [1
8,9842015/01/20 2011495  ET TROJAN Executable Download named to be .com FQDN; [1
8,9832015/01/20 2011494  ET WEB_SPECIFIC_APPS OpenX OpenFlashChart Remote Exploit - possible Access to uploaded Files; [1,2,3,4,5,6,7
8,9822015/01/20 2011493  ET WEB_SPECIFIC_APPS OpenX OpenFlashChart Remote Exploit Attempt; [1,2,3,4,5,6,7
8,9812015/01/20 2011492  ET TROJAN Adware.Kraddare Checkin;  
8,9802015/01/20 2011491  ET TROJAN Downloader.Win32.Zlob.bgs Checkin(2); [1
8,9792015/01/20 2011490  ET TROJAN Downloader.Win32.Zlob.bgs Checkin(1); [1
8,9782015/01/20 2011489  ET TROJAN Meredrop/Nusump Checkin; [1,2,3
8,9772015/01/20 2011488  ET FTP Suspicious Quotation Mark Usage in FTP Username; [1
8,9762015/01/20 2011487  ET FTP Suspicious Percentage Symbol Usage in FTP Username; [1
8,9752015/01/20 2011486  ET DELETED Phoenix landing page - valium;  
8,9742015/01/20 2011485  ET WEB_CLIENT RealPlayer FLV Parsing Integer Overflow Attempt; [1,2
8,9732015/01/20 2011484  ET TROJAN IMDDOS Botnet User-Agent i am ddos; [1
8,9722015/01/20 2011483  ET TROJAN IMDDOS Botnet User-Agent YTDDOS; [1
8,9712015/01/20 2011482  ET TROJAN IMDDOS Botnet User-Agent kav; [1
8,9702015/01/20 2011481  ET TROJAN IMDDOS Botnet User-Agent IAMDDOS; [1
8,9692015/01/20 2011480  ET TROJAN IMDDOS Botnet User-Agent STORMDDOS; [1
8,9682015/01/20 2011479  ET DELETED MALVERTISING redirect to exploit kit (unoeuro server);  
8,9672015/01/20 2011478  ET EXPLOIT Possible Microsoft Office Word 2007 sprmCMajority Buffer Overflow Attempt; [1,2
8,9662015/01/20 2011475  ET TROJAN FAKEAV scanner page enocuntered - .hdd_icon;  
8,9652015/01/20 2011474  ET DELETED FakeAV Checkin;  
8,9642015/01/20 2011473  ET TROJAN Antivirus2010 Checkin port 8082; [1,2
8,9632015/01/20 2011472  ET WEB_CLIENT Possible Microsoft Internet Explorer CSS Cross-Origin Theft Attempt; [1,2,3
8,9622015/01/20 2011471  ET TROJAN Daurso Checkin; [1,2,3,4
< 361  362  363  364  365  366  367  368  369  370 >
GigaVPN & GigaIPS is based MikroTik, Suricata and EmergingThreats.
Copyright ⓒ 2010 . All Rights Reserved.