시그니처 리스트, Signature List
번호날짜ID시그니처 (Total Ruleset: 27,111개)
13,0612015/01/20 2015912  ET CURRENT_EVENTS Remax - Gmail Creds;  
13,0602015/01/20 2015911  ET CURRENT_EVENTS Remax - Yahoo Creds;  
13,0592015/01/20 2015910  ET CURRENT_EVENTS Remax - AOL Creds;  
13,0582015/01/20 2015909  ET CURRENT_EVENTS - BoA - Creds Phished;  
13,0572015/01/20 2015908  ET CURRENT_EVENTS BoA - PII Phished;  
13,0562015/01/20 2015907  ET CURRENT_EVENTS BoA -Account Phished;  
13,0552015/01/20 2015906  ET CURRENT_EVENTS WSO - WebShell Activity - POST structure;  
13,0542015/01/20 2015905  ET CURRENT_EVENTS WSO - WebShell Activity - WSO Title;  
13,0532015/01/20 2015904  ET TROJAN Win32/Kuluoz.B CnC 3; [1
13,0522015/01/20 2015903  ET TROJAN Win32/Kuluoz.B CnC 2; [1
13,0512015/01/20 2015902  ET TROJAN Win32/Kuluoz.B CnC; [1
13,0502015/01/20 2015901  ET CURRENT_EVENTS Magnitude EK (formerly Popads) - Landing Page - Java ClassID and 32HexChar.jar;  
13,0492015/01/20 2015900  ET INFO Suspicious Windows NT version 3 User-Agent;  
13,0482015/01/20 2015899  ET INFO Suspicious Windows NT version 2 User-Agent;  
13,0472015/01/20 2015898  ET INFO Suspicious Windows NT version 1 User-Agent;  
13,0462015/01/20 2015897  ET CURRENT_EVENTS Possible TDS Exploit Kit /flow redirect at .ru domain;  
13,0452015/01/20 2015896  ET TROJAN Andromeda Check-in Response;  
13,0442015/01/20 2015895  ET TROJAN Unknown_comee.pl - POST with stpfu in http_client_body;  
13,0432015/01/20 2015894  ET TROJAN Unknown FakeAV - /get/*.crp;  
13,0422015/01/20 2015893  ET CURRENT_EVENTS CoolEK - PDF Exploit - pdf_old.php;  
13,0412015/01/20 2015892  ET CURRENT_EVENTS CoolEK - PDF Exploit - pdf_new.php;  
13,0402015/01/20 2015891  ET CURRENT_EVENTS CoolEK - Landing Page - Title;  
13,0392015/01/20 2015890  ET CURRENT_EVENTS CoolEK - Landing Page - FlashExploit;  
13,0382015/01/20 2015889  ET DELETED SofosFO/NeoSploit possible second stage landing page (1);  
13,0372015/01/20 2015888  ET CURRENT_EVENTS Magnitude EK (formerly Popads) Java Exploit Kit 32 byte hex with trailing digit java payload request;  
13,0362015/01/20 2015887  ET WEB_CLIENT Possible exploitation of CVE-2012-5076 by an exploit kit Nov 13 2012;  
13,0352015/01/20 2015886  ET CURRENT_EVENTS CirtXPack - No Java URI - /a.Test;  
13,0342015/01/20 2015885  ET CURRENT_EVENTS CritXPack - No Java URI - Dot.class;  
13,0332015/01/20 2015884  ET CURRENT_EVENTS CritXPack Landing Page;  
13,0322015/01/20 2015883  ET CURRENT_EVENTS Java Exploit Campaign SetAttribute Java Applet; [1
13,0312015/01/20 2015882  ET CURRENT_EVENTS KaiXin Exploit Kit Landing Page parseInt Javascript Replace; [1
13,0302015/01/20 2015881  ET CURRENT_EVENTS KaiXin Exploit Kit Landing Page NOP String; [1
13,0292015/01/20 2015878  ET POLICY Maxmind geoip check to /app/geoip.js;  
13,0282015/01/20 2015877  ET CURRENT_EVENTS Blackhole 16/32-hex/a-z.php Landing Page URI;  
13,0272015/01/20 2015876  ET CURRENT_EVENTS SofosFO Jar file 09 Nov 12;  
13,0262015/01/20 2015875  ET TROJAN DNS Query Known Reveton Domain whatwillber.com;  
13,0252015/01/20 2015874  ET TROJAN Known Reveton Domain HTTP whatwillber.com;  
13,0242015/01/20 2015873  ET CURRENT_EVENTS Cool Exploit Kit Requesting Payload;  
13,0232015/01/20 2015872  ET CURRENT_EVENTS Blackhole request for Payload;  
13,0222015/01/20 2015871  ET CURRENT_EVENTS Blackhole request for file containing Java payload URIs (3);  
13,0212015/01/20 2015870  ET TROJAN Backdoor.ADDNEW (DarKDdoser) CnC 3; [1
13,0202015/01/20 2015869  ET TROJAN Backdoor.ADDNEW (DarKDdoser) CnC 2; [1
13,0192015/01/20 2015868  ET TROJAN Backdoor.ADDNEW (DarKDdoser) CnC 1; [1
13,0182015/01/20 2015867  ET CURRENT_EVENTS Sophos PDF Standard Encryption Key Length Buffer Overflow;  
13,0172015/01/20 2015866  ET CURRENT_EVENTS Sophos PDF Standard Encryption Key Length Buffer Overflow;  
13,0162015/01/20 2015865  ET CURRENT_EVENTS Self-Singed SSL Cert Used in Conjunction with Neosploit;  
13,0152015/01/20 2015864  ET DELETED Blackhole 2.0 PDF GET request; [1
13,0142015/01/20 2015863  ET CURRENT_EVENTS Blackhole request for file containing Java payload URIs (2);  
13,0132015/01/20 2015862  ET TROJAN Potentially Unwanted Program RebateInformerSetup.exe Download Reporting; [1
13,0122015/01/20 2015861  ET TROJAN System Progressive Detection FakeAV (AMD);  
< 281  282  283  284  285  286  287  288  289  290 >
GigaVPN & GigaIPS is based MikroTik, Suricata and EmergingThreats.
Copyright ⓒ 2010 . All Rights Reserved.