시그니처 리스트, Signature List
번호날짜ID시그니처 (Total Ruleset: 27,111개)
8,5112015/01/20 2010929  ET ACTIVEX Foxit Reader ActiveX control OpenFile method Heap Overflow Attempt; [1,2
8,5102015/01/20 2010928  ET WEB_SPECIFIC_APPS Joomla com_perchagallery Component id Parameter UPDATE SET SQL Injection Attempt; [1,2
8,5092015/01/20 2010927  ET WEB_SPECIFIC_APPS Joomla com_perchagallery Component id Parameter INSERT INTO SQL Injection Attempt; [1,2
8,5082015/01/20 2010926  ET WEB_SPECIFIC_APPS Joomla com_perchagallery Component id Parameter UNION SELECT SQL Injection Attempt; [1,2
8,5072015/01/20 2010925  ET WEB_SPECIFIC_APPS Joomla com_perchagallery Component id Parameter DELETE FROM SQL Injection Attempt; [1,2
8,5062015/01/20 2010924  ET WEB_SPECIFIC_APPS Joomla com_perchagallery Component id Parameter SELECT FROM SQL Injection Attempt; [1,2
8,5052015/01/20 2010923  ET WEB_SPECIFIC_APPS SaurusCMS class.writeexcel_worksheet.inc.php class_path Remote File Inclusion Attempt; [1,2
8,5042015/01/20 2010922  ET WEB_SPECIFIC_APPS SaurusCMS class.writeexcel_workbook.inc.php class_path Remote File Inclusion Attempt; [1,2
8,5032015/01/20 2010921  ET ACTIVEX Ask.com Toolbar askBar.dll ActiveX ShortFormat Buffer Overflow Attempt; [1,2,3
8,5022015/01/20 2010920  ET WEB_SERVER Exploit Suspected PHP Injection Attack (cmd=); [1
8,5012015/01/20 2010919  ET WEB_SERVER HP LaserJet Printer Cross Site Scripting Attempt; [1,2
8,5002015/01/20 2010918  ET DELETED Paymilon-A HTTP POST; [1,2
8,4992015/01/20 2010917  ET TROJAN Arucer DEL FILE Command; [1
8,4982015/01/20 2010916  ET TROJAN Arucer ADD RUN ONCE Command; [1
8,4972015/01/20 2010915  ET TROJAN Arucer YES Command; [1
8,4962015/01/20 2010914  ET TROJAN Arucer FIND FILE Command; [1
8,4952015/01/20 2010913  ET TROJAN Arucer NOP Command; [1
8,4942015/01/20 2010912  ET TROJAN Arucer READ FILE Command; [1
8,4932015/01/20 2010911  ET TROJAN Arucer WRITE FILE command; [1
8,4922015/01/20 2010910  ET TROJAN Arucer DIR Listing; [1
8,4912015/01/20 2010909  ET TROJAN Arucer Command Execution; [1
8,4902015/01/20 2010908  ET MALWARE Mozilla User-Agent (Mozilla/5.0) Inbound Likely Fake; [1
8,4892015/01/20 2010906  ET USER_AGENTS badly formatted User-Agent string (no closing parenthesis); [1
8,4882015/01/20 2010905  ET MALWARE Fake Mozilla UA Outbound (Mozilla/0.xx); [1
8,4872015/01/20 2010904  ET MALWARE Fake Mozilla User-Agent (Mozilla/0.xx) Inbound; [1
8,4862015/01/20 2010903  ET WEB_SPECIFIC_APPS phpMyAdmin Remote Code Execution Proof of Concept (c=); [1,2
8,4852015/01/20 2010902  ET WEB_SPECIFIC_APPS phpMyAdmin Remote Code Execution Proof of Concept (p=); [1,2
8,4842015/01/20 2010901  ET DELETED Potential FakeAV download ASetup_2009.exe variant; [1,2
8,4832015/01/20 2010900  ET WEB_SPECIFIC_APPS phpBB3 possible spammer posting attempts; [1
8,4822015/01/20 2010899  ET WEB_SPECIFIC_APPS phpBB3 multiple login attempts; [1
8,4812015/01/20 2010898  ET WEB_SPECIFIC_APPS phpBB3 registration (Bogus Stage3 GET); [1
8,4802015/01/20 2010897  ET WEB_SPECIFIC_APPS phpBB3 Brute-Force reg attempt (Bad flow 2); [1
8,4792015/01/20 2010896  ET WEB_SPECIFIC_APPS phpBB3 Brute-Force reg attempt (Bad flow 2); [1
8,4782015/01/20 2010895  ET WEB_SPECIFIC_APPS phpBB3 Brute-Force reg attempt (Bad pf_XXXXX); [1
8,4772015/01/20 2010894  ET WEB_SPECIFIC_APPS phpBB3 Brute-Force reg attempt (Bad pf_XXXXX); [1
8,4762015/01/20 2010893  ET WEB_SPECIFIC_APPS phpBB3 registration (Step4 POST); [1
8,4752015/01/20 2010892  ET WEB_SPECIFIC_APPS phpBB3 registration (Step3 GET); [1
8,4742015/01/20 2010891  ET WEB_SPECIFIC_APPS phpBB3 registration (Step2 POST); [1
8,4732015/01/20 2010890  ET WEB_SPECIFIC_APPS phpBB3 registration (Step1 GET); [1
8,4722015/01/20 2010889  ET USER_AGENTS Win32.Tdss User Agent Detected (Mozzila); [1
8,4712015/01/20 2010888  ET TROJAN Generic Downloader checkin (3); [1
8,4702015/01/20 2010886  ET TROJAN BlackEnergy v2.x Plugin Download Request; [1,2
8,4692015/01/20 2010885  ET TROJAN BlackEnergy v2.x HTTP Request with Encrypted Variables; [1,2
8,4682015/01/20 2010884  ET DELETED .pdf File Possibly Containing Basic Hex Obfuscation; [1,2,3
8,4672015/01/20 2010883  ET POLICY PDF File Containing arguments.callee in Cleartext - Likely Hostile; [1,2,3
8,4662015/01/20 2010882  ET POLICY PDF File Containing Javascript;  
8,4652015/01/20 2010881  ET WEB_CLIENT PDF With Unescape Method Defined Possible Hostile Obfuscation Attempt; [1,2,3
8,4642015/01/20 2010880  ET DELETED Possible Hex Obfuscation of Javascript Declaration Within PDF File - Likely Hostile; [1
8,4632015/01/20 2010879  ET DELETED Hex Obfuscated arguments.callee Javascript Method in PDF Possibly Hostile PDF; [1
8,4622015/01/20 2010878  ET EXPLOIT Possible Foxit PDF Reader Authentication Bypass Attempt; [1,2
< 371  372  373  374  375  376  377  378  379  380 >
GigaVPN & GigaIPS is based MikroTik, Suricata and EmergingThreats.
Copyright ⓒ 2010 . All Rights Reserved.