GigaVPN

시그니처 리스트, Signature List

번호	날짜	ID	시그니처 (Total Ruleset: 27,111개)
13,911	2015/01/20	2016786	ET CURRENT_EVENTS Sakura - Payload Requested;
13,910	2015/01/20	2016785	ET CURRENT_EVENTS Sakura - Java Exploit Recievied;
13,909	2015/01/20	2016784	ET CURRENT_EVENTS Fiesta - Payload - flashplayer11;
13,908	2015/01/20	2016782	ET CURRENT_EVENTS CoolEK Payload Download (8);
13,907	2015/01/20	2016781	ET CURRENT_EVENTS Sakura obfuscated javascript Apr 21 2013;
13,906	2015/01/20	2016780	ET MALWARE Adware.Win32/SProtector.A Client Checkin;
13,905	2015/01/20	2016779	ET CURRENT_EVENTS Fake DHL Kuluoz.B URI;
13,904	2015/01/20	2016778	ET INFO DNS Query to a *.pw domain - Likely Hostile;
13,903	2015/01/20	2016777	ET INFO HTTP Request to a *.pw domain;
13,902	2015/01/20	2016776	ET DELETED Blackhole/Cool plugindetect in octal Apr 18 2013;
13,901	2015/01/20	2016775	ET INFO Generic HTTP EXE Upload Outbound;
13,900	2015/01/20	2016774	ET INFO Generic HTTP EXE Upload Inbound;
13,899	2015/01/20	2016773	ET TROJAN Mutter Backdoor Checkin; [1]
13,898	2015/01/20	2016772	ET TROJAN Win32/Enchanim C2 Client Check-in; [1]
13,897	2015/01/20	2016771	ET TROJAN Win32/Enchanim C2 Injection Download; [1]
13,896	2015/01/20	2016770	ET TROJAN Win32/Enchanim Process List Dump; [1]
13,895	2015/01/20	2016769	ET TROJAN Win32/Enchanim Check-in Response; [1]
13,894	2015/01/20	2016768	ET TROJAN Backdoor.Win32.Dorkbot.AR Join IRC channel; [1]
13,893	2015/01/20	2016767	ET INFO EXE - SCR in PKZip Compressed Data Download;
13,892	2015/01/20	2016766	ET INFO PDF - Acrobat Enumeration - var PDFObject;
13,891	2015/01/20	2016765	ET INFO PDF - Acrobat Enumeration - pdfobject.js;
13,890	2015/01/20	2016764	ET CURRENT_EVENTS SofosFO PDF Payload Download;
13,889	2015/01/20	2016763	ET SCAN Non-Malicious SSH/SSL Scanner on the run; [1,2]
13,888	2015/01/20	2016762	ET WEB_SERVER WebShell - PHPShell - PHPKonsole URI;
13,887	2015/01/20	2016761	ET WEB_SERVER WebShell - PHPShell - Haxplorer URI;
13,886	2015/01/20	2016760	ET WEB_SERVER WebShell - PHPShell - Comment;
13,885	2015/01/20	2016759	ET TROJAN Win32/Redyms.A Checkin;
13,884	2015/01/20	2016758	ET POLICY Bitcoin Mining Extensions Header;
13,883	2015/01/20	2016757	ET TROJAN W32/Nymaim Checkin (2);
13,882	2015/01/20	2016756	ET CURRENT_EVENTS Neutrino EK Plugin-Detect April 12 2013;
13,881	2015/01/20	2016755	ET CURRENT_EVENTS Blackhole 2 Landing Page (9);
13,880	2015/01/20	2016754	ET POLICY Internal Host Retrieving External IP via myip.dnsomatic.com - Possible Infection;
13,879	2015/01/20	2016753	ET CURRENT_EVENTS Possible Neutrino EK Posting Plugin-Detect Data April 12 2013;
13,878	2015/01/20	2016752	ET DELETED W32/Nymaim Checkin;
13,877	2015/01/20	2016751	ET CURRENT_EVENTS RedKit/Sakura/CritX/SafePack/FlashPack applet obfuscated URL Apr 10 2013;
13,876	2015/01/20	2016749	ET TROJAN RansomCrypt Getting Template;
13,875	2015/01/20	2016748	ET TROJAN RansomCrypt Intial Check-in;
13,874	2015/01/20	2016746	ET TROJAN W32/NSISDL.Downloader CnC Server Response;
13,873	2015/01/20	2016744	ET POLICY NSISDL Iplookup.php IPCheck;
13,872	2015/01/20	2016743	ET TROJAN W32/Citadel Conf.bin Download From CnC Server; [1,2]
13,871	2015/01/20	2016742	ET TROJAN Possible W32/Citadel Download From CnC Server Self Referenced /files/ attachment; [1,2]
13,870	2015/01/20	2016741	ET TROJAN W32/Citadel Pro File.php CnC POST; [1,2]
13,869	2015/01/20	2016740	ET TROJAN W32/Citadel Content.php CnC POST; [1,2]
13,868	2015/01/20	2016739	ET TROJAN W32/Citadel File.php CnC POST; [1,2]
13,867	2015/01/20	2016738	ET CURRENT_EVENTS W32/Citadel Infection or Config URL Request; [1,2]
13,866	2015/01/20	2016737	ET CURRENT_EVENTS GonDadEK Kit Jar; [1]
13,865	2015/01/20	2016736	ET CURRENT_EVENTS GonDadEK Java Exploit Requested;
13,864	2015/01/20	2016735	ET CURRENT_EVENTS GonDadEK Java Exploit Requested;
13,863	2015/01/20	2016734	ET CURRENT_EVENTS RedKit applet obfuscated URL Apr 7 2013;
13,862	2015/01/20	2016733	ET CURRENT_EVENTS Sakura encrypted binary (2);
< 261 262 263 264 265 266 267 268 269 270 >