시그니처 리스트, Signature List
번호날짜ID시그니처 (Total Ruleset: 27,111개)
15,0612015/01/20 2017966  ET DOS Likely NTP DDoS In Progress MON_LIST Response to Non-Ephemeral Port IMPL 0x03; [1,2
15,0602015/01/20 2017965  ET DOS Likely NTP DDoS In Progress MON_LIST Response to Non-Ephemeral Port IMPL 0x02; [1,2
15,0592015/01/20 2017964  ET TROJAN Kishop.A checkin;  
15,0582015/01/20 2017963  ET CURRENT_EVENTS Possible Neutrino/Fiesta SilverLight Exploit Jan 13 2014 DLL Naming Convention;  
15,0572015/01/20 2017962  ET TROJAN PE EXE or DLL Windows file download disguised as ASCII;  
15,0562015/01/20 2017961  ET DELETED PE EXE or DLL Windows file download disguised as ASCII - SET;  
15,0552015/01/20 2017960  ET POLICY Bitcoin Mining Server Stratum Protocol HTTP Header; [1
15,0542015/01/20 2017959  ET TROJAN W32/Mevade.Variant CnC POST; [1,2
15,0532015/01/20 2017958  ET CURRENT_EVENTS Possible Neutrino EK SilverLight Exploit Jan 11 2014;  
15,0522015/01/20 2017957  ET CURRENT_EVENTS GoonEK Landing Jan 10 2014;  
15,0512015/01/20 2017956  ET CURRENT_EVENTS Angler EK Landing Jan 10 2014 3;  
15,0502015/01/20 2017955  ET CURRENT_EVENTS Angler EK Landing Jan 10 2014 2;  
15,0492015/01/20 2017954  ET CURRENT_EVENTS Angler EK Landing Jan 10 2014 1;  
15,0482015/01/20 2017953  ET CURRENT_EVENTS Angler EK Landing Jan 10 2014;  
15,0472015/01/20 2017952  ET WEB_SERVER ATTACKER WebShell - PHP Offender - POST Command;  
15,0462015/01/20 2017951  ET WEB_SERVER ATTACKER WebShell - PHP Offender - Title;  
15,0452015/01/20 2017950  ET SCAN FOCA uri; [1
15,0442015/01/20 2017949  ET USER_AGENTS FOCA User-Agent; [1
15,0432015/01/20 2017948  ET TROJAN LDPinch Checkin Post;  
15,0422015/01/20 2017947  ET DELETED Possible Styx Kein Landing URI Struct;  
15,0412015/01/20 2017946  ET TROJAN Agent.BAAB Checkin; [1
15,0402015/01/20 2017945  ET MALWARE Adware.PUQD Checkin; [1
15,0392015/01/20 2017944  ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 14; [1,2
15,0382015/01/20 2017943  ET TROJAN Zbot Variant SSL cert for erjentronem.ru;  
15,0372015/01/20 2017942  ET TROJAN Zbot Variant SSL cert for anlogtewron.ru;  
15,0362015/01/20 2017941  ET TROJAN Zbot Variant SSL cert for dewart.ru;  
15,0352015/01/20 2017940  ET TROJAN Zbot Variant SSL cert for whoismama.ru;  
15,0342015/01/20 2017938  ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 13; [1,2
15,0332015/01/20 2017937  ET TROJAN Fake/Short Google Search Appliance UA Win32/Ranbyus and Others; [1
15,0322015/01/20 2017936  ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 12; [1,2
15,0312015/01/20 2017935  ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 12 SET; [1,2
15,0302015/01/20 2017934  ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 11; [1,2
15,0292015/01/20 2017933  ET POLICY TraceMyIP IP lookup;  
15,0282015/01/20 2017931  ET CURRENT_EVENTS DRIVEBY Redirection - Injection - Modified Edwards Packer Script;  
15,0272015/01/20 2017930  ET TROJAN Trojan Generic - POST To gate.php with no referer;  
15,0262015/01/20 2017929  ET POLICY bridges.torproject.org over TLS with SNI; [1
15,0252015/01/20 2017928  ET POLICY check.torproject.org IP lookup/Tor Usage check over TLS with SNI;  
15,0242015/01/20 2017927  ET POLICY check.torproject.org IP lookup/Tor Usage check over HTTP;  
15,0232015/01/20 2017926  ET POLICY DNS lookup for check.torproject.org IP lookup/Tor Usage check;  
15,0222015/01/20 2017925  ET POLICY DNS lookup for bridges.torproject.org IP lookup/Tor Usage check; [1
15,0212015/01/20 2017924  ET EXPLOIT MMCS service (Big Endian); [1
15,0202015/01/20 2017923  ET EXPLOIT MMCS service (Little Endian); [1
15,0192015/01/20 2017922  ET TROJAN Win32.Morix.B checkin;  
15,0182015/01/20 2017921  ET DOS Possible NTP DDoS Multiple MON_LIST Seq 0 Response Spanning Multiple Packets IMPL 0x03; [1
15,0172015/01/20 2017920  ET DOS Possible NTP DDoS Multiple MON_LIST Seq 0 Response Spanning Multiple Packets IMPL 0x02; [1
15,0162015/01/20 2017919  ET DOS Possible NTP DDoS Inbound Frequent Un-Authed MON_LIST Requests IMPL 0x03; [1
15,0152015/01/20 2017918  ET DOS Possible NTP DDoS Inbound Frequent Un-Authed MON_LIST Requests IMPL 0x02; [1
15,0142015/01/20 2017917  ET TROJAN W32/Ferret DDOS Bot CnC Beacon 2; [1
15,0132015/01/20 2017916  ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 10; [1,2
15,0122015/01/20 2017915  ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 9; [1,2
< 241  242  243  244  245  246  247  248  249  250 >
GigaVPN & GigaIPS is based MikroTik, Suricata and EmergingThreats.
Copyright ⓒ 2010 . All Rights Reserved.