시그니처 리스트, Signature List
번호날짜ID시그니처 (Total Ruleset: 27,111개)
11,2112015/01/20 2013978  ET CURRENT_EVENTS Lilupophilupop Injected Script Being Served to Client;  
11,2102015/01/20 2013977  ET TROJAN TDSS DNS Based Internet Connectivity Check;  
11,2092015/01/20 2013976  ET TROJAN Zeus POST Request to CnC - URL agnostic; [1,2
11,2082015/01/20 2013975  ET CURRENT_EVENTS Neosploit Java Exploit Kit request to /? plus hex 32;  
11,2072015/01/20 2013974  ET POLICY Suspicious Invalid HTTP Accept Header of ?;  
11,2062015/01/20 2013972  ET CURRENT_EVENTS Initial Blackhole Landing Loading... Wait Please; [1
11,2052015/01/20 2013971  ET INFO DYNAMIC_DNS Query for Suspicious .dyndns-at-home.com Domain;  
11,2042015/01/20 2013970  ET DNS Query for Suspicious .noip.cn Domain;  
11,2032015/01/20 2013969  ET INFO HTTP Request to a .noip.cn domain;  
11,2022015/01/20 2013968  ET MOBILE_MALWARE Android/KungFu Package Delete Command; [1
11,2012015/01/20 2013967  ET USER_AGENTS Suspicious User-Agent (adlib); [1
11,2002015/01/20 2013966  ET MOBILE_MALWARE Android/Ozotshielder.A Checkin; [1
11,1992015/01/20 2013965  ET MOBILE_MALWARE Android/SndApp.B Sending Device Information; [1
11,1982015/01/20 2013964  ET TROJAN Suspicious UA Mozilla / 4.0;  
11,1972015/01/20 2013963  ET TROJAN Win32.Sality User-Agent (Internet Explorer 5.01);  
11,1962015/01/20 2013962  ET DELETED Possible Exploit Kit Delivering Executable to Client; [1
11,1952015/01/20 2013961  ET DELETED Blackhole Exploit Kit Delivering Java Exploit to Client; [1
11,1942015/01/20 2013960  ET CURRENT_EVENTS Blackhole Exploit Kit Delivering PDF Exploit to Client; [1
11,1932015/01/20 2013959  ET TROJAN Win32.Sality User-Agent (DEBUT.TMP);  
11,1922015/01/20 2013956  ET TROJAN W32/SmartPops Adware Outbound Off-Port MSSQL Communication;  
11,1912015/01/20 2013955  ET CURRENT_EVENTS Jupiter Exploit Kit Landing Page with Malicious Java Applets;  
11,1902015/01/20 2013954  ET TROJAN Win32/Rimecud.A User-Agent (giftz); [1,2
11,1892015/01/20 2013953  ET TROJAN Win32/Rimecud.A User-Agent (counters); [1,2
11,1882015/01/20 2013952  ET TROJAN TR/Rimecud.aksa User-Agent (indy); [1,2
11,1872015/01/20 2013951  ET TROJAN Win32/Rimecud.A User-Agent (needit); [1,2
11,1862015/01/20 2013950  ET CURRENT_EVENTS Blackhole obfuscated Javascript padded charcodes 25;  
11,1852015/01/20 2013949  ET TROJAN PWS.TIBIA Checkin or Data Post 2;  
11,1842015/01/20 2013948  ET TROJAN PWS.TIBIA Checkin or Data Post;  
11,1832015/01/20 2013947  ET TROJAN FakeAV.EGZ Checkin 2;  
11,1822015/01/20 2013946  ET TROJAN FakeAV.EGZ Checkin 1; [1
11,1812015/01/20 2013945  ET WEB_SERVER Weevely PHP backdoor detected (exec() function used); [1
11,1802015/01/20 2013944  ET WEB_SERVER Weevely PHP backdoor detected (perl->system() function used); [1
11,1792015/01/20 2013943  ET WEB_SERVER Weevely PHP backdoor detected (pcntl_exec() function used); [1
11,1782015/01/20 2013942  ET WEB_SERVER Weevely PHP backdoor detected (python_eval() function used); [1
11,1772015/01/20 2013941  ET WEB_SERVER Weevely PHP backdoor detected (popen() function used); [1
11,1762015/01/20 2013940  ET WEB_SERVER Weevely PHP backdoor detected (proc_open() function used); [1
11,1752015/01/20 2013939  ET WEB_SERVER Weevely PHP backdoor detected (shell_exec() function used); [1
11,1742015/01/20 2013938  ET WEB_SERVER Weevely PHP backdoor detected (passthru() function used); [1
11,1732015/01/20 2013937  ET WEB_SERVER Weevely PHP backdoor detected (system() function used); [1
11,1722015/01/20 2013936  ET POLICY SSH banner detected on TCP 443 likely proxy evasion;  
11,1712015/01/20 2013935  ET TROJAN Win32.Zbot.chas/Unruy.H Covert DNS CnC Channel TXT Response;  
11,1702015/01/20 2013934  ET TROJAN Win32.Fareit.A/Pony Downloader Checkin; [1,2,3,4,5,6
11,1692015/01/20 2013933  ET POLICY HTTP traffic on port 443 (CONNECT);  
11,1682015/01/20 2013932  ET POLICY HTTP traffic on port 443 (TRACE);  
11,1672015/01/20 2013931  ET POLICY HTTP traffic on port 443 (DELETE);  
11,1662015/01/20 2013930  ET POLICY HTTP traffic on port 443 (PUT);  
11,1652015/01/20 2013929  ET POLICY HTTP traffic on port 443 (OPTIONS);  
11,1642015/01/20 2013928  ET POLICY HTTP traffic on port 443 (PROPFIND);  
11,1632015/01/20 2013927  ET POLICY HTTP traffic on port 443 (HEAD);  
11,1622015/01/20 2013926  ET POLICY HTTP traffic on port 443 (POST);  
< 311  312  313  314  315  316  317  318  319  320 >
GigaVPN & GigaIPS is based MikroTik, Suricata and EmergingThreats.
Copyright ⓒ 2010 . All Rights Reserved.