시그니처 리스트, Signature List
번호날짜ID시그니처 (Total Ruleset: 27,111개)
12,1112015/01/20 2014923  ET CURRENT_EVENTS DRIVEBY Incognito Landing Page Received applet and flowbit;  
12,1102015/01/20 2014922  ET CURRENT_EVENTS DRIVEBY Incognito Landing Page Requested .php?showtopic=6digit;  
12,1092015/01/20 2014921  ET CURRENT_EVENTS Blackhole Landing Try Prototype Catch Jun 18 2012;  
12,1082015/01/20 2014920  ET POLICY Microsoft Online Storage Client Hello TLSv1 Possible SkyDrive (2); [1
12,1072015/01/20 2014919  ET POLICY Microsoft Online Storage Client Hello TLSv1 Possible SkyDrive (1); [1
12,1062015/01/20 2014918  ET DELETED Blackhole Java Exploit request to Half.jar;  
12,1052015/01/20 2014917  ET CURRENT_EVENTS RedKit - Landing Page Received - applet and flowbit;  
12,1042015/01/20 2014916  ET CURRENT_EVENTS RedKit - Landing Page Requested - 8Digit.html;  
12,1032015/01/20 2014915  ET CURRENT_EVENTS NuclearPack - Landing Page Received - applet archive=32CharHex;  
12,1022015/01/20 2014914  ET CURRENT_EVENTS NuclearPack - PDF Naming Algorithm;  
12,1012015/01/20 2014913  ET CURRENT_EVENTS NuclearPack - JAR Naming Algorithm;  
12,1002015/01/20 2014912  ET CURRENT_EVENTS Unknown - Java Request - gt 60char hex-ascii;  
12,0992015/01/20 2014911  ET WEB_CLIENT Microsoft Internet Explorer SameID Use-After-Free;  
12,0982015/01/20 2014910  ET SQL MySQL mysql.user Dump (Used in Metasploit Auth-Bypass Module);  
12,0972015/01/20 2014909  ET CURRENT_EVENTS Blackhole obfuscated Java EXE Download by Vulnerable Version - Likely Driveby;  
12,0962015/01/20 2014908  ET CURRENT_EVENTS Initial Blackhole Landing - Verizon Balance Due Jun 15 2012;  
12,0952015/01/20 2014907  ET CURRENT_EVENTS Initial Blackhole Landing - UPS Number Loading.. Jun 15 2012;  
12,0942015/01/20 2014906  ET INFO .exe File requested over FTP;  
12,0932015/01/20 2014905  ET WEB_SPECIFIC_APPS Joomla com_ckforms controller parameter Local File Inclusion Attempt; [1
12,0922015/01/20 2014904  ET WEB_SPECIFIC_APPS WordPress Sharebar plugin status parameter Cross-Site Scripting Attempt; [1
12,0912015/01/20 2014903  ET ACTIVEX Possible Camera Stream Client Possible ActiveX Control SetDirectory Method Access Buffer Overflow 2; [1
12,0902015/01/20 2014902  ET ACTIVEX Possible Camera Stream Client Possible ActiveX Control SetDirectory Method Access Buffer Overflow; [1
12,0892015/01/20 2014901  ET WEB_SPECIFIC_APPS WordPress 2 Click Social Media Buttons plugin xing-url parameter Cross-Site Scripting Attempt; [1
12,0882015/01/20 2014900  ET WEB_SPECIFIC_APPS WordPress 2 Click Social Media Buttons plugin pinterest-url parameter Cross-Site Scripting Attempt; [1
12,0872015/01/20 2014899  ET WEB_SPECIFIC_APPS Wordpress Plugin Tinymce Thumbnail Gallery href parameter Remote File Disclosure Attempt; [1
12,0862015/01/20 2014898  ET WEB_SPECIFIC_APPS Joomla com_mscomment controller parameter Local File Inclusion Attempt; [1
12,0852015/01/20 2014897  ET WEB_SPECIFIC_APPS Joomla com_jmsfileseller view parameter Local File Inclusion Attempt; [1
12,0842015/01/20 2014896  ET ACTIVEX Possible IBM Lotus iNotes Upload Module possible ActiveX Control Attachment_Times Method Access Buffer Overflow Attempt; [1
12,0832015/01/20 2014895  ET CURRENT_EVENTS RedKit - Landing Page Received - applet and code;  
12,0822015/01/20 2014894  ET CURRENT_EVENTS RedKit - Landing Page Received - applet and 5digit jar;  
12,0812015/01/20 2014893  ET SCAN critical.io Scan; [1
12,0802015/01/20 2014892  ET CURRENT_EVENTS RedKit - Jar File Naming Algorithm;  
12,0792015/01/20 2014891  ET CURRENT_EVENTS RedKit - Java Exploit Requested - 5 digit jar;  
12,0782015/01/20 2014890  ET WEB_SERVER Possible attempt to enumerate MS SQL Server version; [1
12,0772015/01/20 2014888  ET CURRENT_EVENTS Blackhole Try Prototype Catch June 11 2012;  
12,0762015/01/20 2014887  ET TROJAN W32/Bakcorox.A ProxyBot CnC Server Connection; [1
12,0752015/01/20 2014886  ET WEB_SERVER IIS INDEX_ALLOCATION Auth Bypass Attempt; [1
12,0742015/01/20 2014885  ET CURRENT_EVENTS SutraTDS (enema) used in Blackhole campaigns;  
12,0732015/01/20 2014884  ET CURRENT_EVENTS Request to malicious SutraTDS - lonly= in cookie;  
12,0722015/01/20 2014883  ET WEB_SPECIFIC_APPS Joomla com_jvb_bridge Itemid Parameter Remote File inclusion Attempt; [1
12,0712015/01/20 2014882  ET WEB_SPECIFIC_APPS Joomla com_catalogue controller parameter Local File Inclusion Attempt; [1
12,0702015/01/20 2014881  ET WEB_SPECIFIC_APPS WordPress Mingle Forum groupid parameter Cross-Site Scripting Attempt; [1
12,0692015/01/20 2014880  ET WEB_SPECIFIC_APPS Wordpress wp-livephp plugin wp-live.php Cross-Site Scripting Attempt; [1
12,0682015/01/20 2014879  ET WEB_SPECIFIC_APPS Joomla com_jradio controller parameter Local File Inclusion Attempt; [1
12,0672015/01/20 2014878  ET WEB_SPECIFIC_APPS Joomla com_jeauto view parameter Local File Inclusion Attempt; [1
12,0662015/01/20 2014877  ET ACTIVEX Possible NET-i viewer ActiveX Control ConnectDDNS Method Access Code Execution Vulnerability 2; [1
12,0652015/01/20 2014876  ET ACTIVEX Possible NET-i viewer ActiveX Control ConnectDDNS Method Access Code Execution Vulnerability; [1
12,0642015/01/20 2014875  ET ACTIVEX Possible NET-i viewer ActiveX Control BackupToAvi Method Access Buffer Overflow 2; [1
12,0632015/01/20 2014874  ET ACTIVEX Possible NET-i viewer ActiveX Control BackupToAvi Method Access Buffer Overflow; [1
12,0622015/01/20 2014873  ET CURRENT_EVENTS Obfuscated Javascript redirecting to Blackhole June 7 2012;  
< 301  302  303  304  305  306  307  308  309  310 >
GigaVPN & GigaIPS is based MikroTik, Suricata and EmergingThreats.
Copyright ⓒ 2010 . All Rights Reserved.