시그니처 리스트, Signature List
번호날짜ID시그니처 (Total Ruleset: 27,111개)
13,0112015/01/20 2015860  ET TROJAN System Progressive Detection FakeAV (INTEL);  
13,0102015/01/20 2015859  ET CURRENT_EVENTS Metasploit CVE-2012-1723 Attacker.class (Seen in Unknown EK) 11/01/12;  
13,0092015/01/20 2015858  ET CURRENT_EVENTS Sakura/RedKit obfuscated URL;  
13,0082015/01/20 2015857  ET TFTP Outbound TFTP Data Transfer with Cisco config;  
13,0072015/01/20 2015856  ET SNMP Attempt to retrieve Cisco Config via TFTP (CISCO-CONFIG-COPY);  
13,0062015/01/20 2015855  ET TROJAN Georbot checkin;  
13,0052015/01/20 2015854  ET TROJAN Georbot initial checkin;  
13,0042015/01/20 2015853  ET TROJAN Georbot requesting update;  
13,0032015/01/20 2015852  ET DELETED Georgian Targeted Attack - Server Response; [1
13,0022015/01/20 2015851  ET DELETED Georgian Targeted Attack - Client Request; [1
13,0012015/01/20 2015850  ET TROJAN Georgian Targeted Attack - Trojan Checkin; [1
13,0002015/01/20 2015849  ET CURRENT_EVENTS Metasploit CVE-2012-1723 Path (Seen in Unknown EK) 10/29/12;  
12,9992015/01/20 2015848  ET CURRENT_EVENTS Imposter USPS Domain;  
12,9982015/01/20 2015847  ET CURRENT_EVENTS SofosFO/NeoSploit possible second stage landing page;  
12,9972015/01/20 2015846  ET CURRENT_EVENTS NeoSploit Jar with three-letter class names;  
12,9962015/01/20 2015845  ET DELETED pamdql obfuscated javascript __-_ padding;  
12,9952015/01/20 2015844  ET DELETED Blackhole file containing obfuscated Java payload URIs;  
12,9942015/01/20 2015843  ET DELETED Blackhole request for file containing Java payload URIs (1);  
12,9932015/01/20 2015842  ET INFO LLNMR query response to wpad;  
12,9922015/01/20 2015841  ET CURRENT_EVENTS Unknown Exploit Kit Landing Page;  
12,9912015/01/20 2015840  ET CURRENT_EVENTS Unknown Exploit Kit Landing Page;  
12,9902015/01/20 2015837  ET TROJAN SSL Cert Used In Unknown Exploit Kit;  
12,9892015/01/20 2015836  ET CURRENT_EVENTS Blackhole 2.0 Binary Get Request; [1
12,9882015/01/20 2015835  ET TROJAN Smoke Loader C2 Response;  
12,9872015/01/20 2015834  ET TROJAN Citadel API Access Video Controller (Inbound); [1,2
12,9862015/01/20 2015833  ET DELETED Citadel API Access Video Controller (Outbound); [1,2
12,9852015/01/20 2015832  ET TROJAN Citadel API Access Bot Controller (Inbound); [1,2
12,9842015/01/20 2015831  ET TROJAN Citadel API Access Bot Controller (Outbound); [1,2
12,9832015/01/20 2015830  ET TROJAN Citadel API Access VNC Controller (Inbound); [1,2
12,9822015/01/20 2015829  ET TROJAN Citadel API Access VNC Controller (Outbound); [1,2
12,9812015/01/20 2015828  ET TROJAN Citadel API Access IFramer Controller (Inbound); [1,2
12,9802015/01/20 2015827  ET TROJAN Citadel API Access Iframer Controller (Outbound); [1,2
12,9792015/01/20 2015826  ET TROJAN Zeus/Citadel Control Panel Access (Inbound); [1,2
12,9782015/01/20 2015825  ET TROJAN Zeus/Citadel Control Panel Access (Outbound); [1,2
12,9772015/01/20 2015824  ET TROJAN GeckaSeka User-Agent;  
12,9762015/01/20 2015823  ET DELETED Blackhole Java applet with obfuscated URL Oct 19 2012;  
12,9752015/01/20 2015822  ET INFO Suspicious Windows NT version 9 User-Agent;  
12,9742015/01/20 2015821  ET INFO Suspicious Windows NT version 8 User-Agent;  
12,9732015/01/20 2015820  ET INFO Suspicious Windows NT version 7 User-Agent;  
12,9722015/01/20 2015819  ET CURRENT_EVENTS g01pack Exploit Kit .homelinux. Landing Page;  
12,9712015/01/20 2015818  ET CURRENT_EVENTS g01pack Exploit Kit .homeip. Landing Page;  
12,9702015/01/20 2015817  ET CURRENT_EVENTS Blackhole2 Non-Vulnerable Client Fed Fake Flash Executable; [1
12,9692015/01/20 2015816  ET CURRENT_EVENTS CoolEK Font File Download (64-bit Host) Dec 11 2012;  
12,9682015/01/20 2015815  ET CURRENT_EVENTS CoolEK Font File Download (32-bit Host) Dec 11 2012;  
12,9672015/01/20 2015814  ET TROJAN Win32/Fujacks Activity;  
12,9662015/01/20 2015813  ET TROJAN DNS Query Torpig Sinkhole Domain (Possible Infected Host); [1
12,9652015/01/20 2015812  ET CURRENT_EVENTS SofosFO Jar file 10/17/12;  
12,9642015/01/20 2015811  ET WEB_SERVER FaTaLisTiCz_Fx Webshell Detected;  
12,9632015/01/20 2015810  ET WEB_CLIENT Adobe Flash Vuln (CVE-2012-1535 Uncompressed) Exploit Specific;  
12,9622015/01/20 2015809  ET WEB_CLIENT Adobe Flash Vuln (CVE-2012-1535 Uncompressed) Exploit Specific;  
< 281  282  283  284  285  286  287  288  289  290 >
GigaVPN & GigaIPS is based MikroTik, Suricata and EmergingThreats.
Copyright ⓒ 2010 . All Rights Reserved.