시그니처 리스트, Signature List
번호날짜ID시그니처 (Total Ruleset: 27,111개)
12,7112015/01/20 2015531  ET TROJAN DNS Query to RunForestRun DGA Domain 16-alpha.waw.pl; [1,2
12,7102015/01/20 2015530  ET TROJAN HTTP Request to RunForestRun DGA Domain 16-alpha.waw.pl; [1,2
12,7092015/01/20 2015529  ET INFO Googlebot User-Agent Outbound (likely malicious);  
12,7082015/01/20 2015528  ET TROJAN Win32.Agent2.fher Related User-Agent (Microsoft Internet Updater);  
12,7072015/01/20 2015527  ET WEB_SERVER Fake Googlebot UA 2 Inbound; [1,2
12,7062015/01/20 2015526  ET WEB_SERVER Fake Googlebot UA 1 Inbound; [1,2
12,7052015/01/20 2015525  ET DELETED Blackhole try eval prototype string splitting evasion Jul 24 2012;  
12,7042015/01/20 2015524  ET CURRENT_EVENTS c3284d Malware Network Compromised Redirect (comments 3); [1
12,7032015/01/20 2015523  ET TROJAN Pakes2 - Checkin - /test.php;  
12,7022015/01/20 2015522  ET TROJAN Pakes2 - Client Alive;  
12,7012015/01/20 2015521  ET TROJAN Pakes2 - Server Hello;  
12,7002015/01/20 2015520  ET DELETED Blackhole Landing Page Applet Structure;  
12,6992015/01/20 2015519  ET DELETED Blackhole Landing Page Split String Obfuscated Math Floor - July 19th 2012;  
12,6982015/01/20 2015518  ET CURRENT_EVENTS .PHP being served from WP 1-flash-gallery Upload DIR (likely malicious);  
12,6972015/01/20 2015517  ET CURRENT_EVENTS .HTM being served from WP 1-flash-gallery Upload DIR (likely malicious);  
12,6962015/01/20 2015516  ET CURRENT_EVENTS RedKit PluginDetect Rename Saigon;  
12,6952015/01/20 2015515  ET EXPLOIT Potential RoaringBeast ProFTPd Exploit Specific (CHMOD 777); [1,2
12,6942015/01/20 2015514  ET EXPLOIT Potential RoaringBeast ProFTPd Exploit nsswitch.conf Upload; [1,2
12,6932015/01/20 2015513  ET EXPLOIT Potential RoaringBeast ProFTPd Exploit Specific config files upload; [1,2
12,6922015/01/20 2015512  ET TROJAN Urlzone/Bebloh/Bublik Checkin /was/vas.php; [1,2,3,4
12,6912015/01/20 2015511  ET TROJAN ProxyBox - ProxyBotCommand - FORCE_AUTHENTICATION*; [1
12,6902015/01/20 2015510  ET TROJAN ProxyBox - ProxyBotCommand - I_AM; [1
12,6892015/01/20 2015509  ET DELETED ProxyBox - HTTP CnC - proxy_info.php; [1
12,6882015/01/20 2015508  ET TROJAN ProxyBox - HTTP CnC - botinfo.php; [1
12,6872015/01/20 2015506  ET TROJAN ProxyBox - HTTP CnC - get_servers.php; [1
12,6862015/01/20 2015505  ET TROJAN ProxyBox - HTTP CnC - getiplist.php; [1
12,6852015/01/20 2015504  ET TROJAN ProxyBox - HTTP CnC - POST 1-letter.php; [1
12,6842015/01/20 2015503  ET TROJAN ProxyBox - HTTP CnC - .com.tw/check_version.php; [1
12,6832015/01/20 2015502  ET TROJAN ProxyBox -ProxyBotCommand - CHECK_ME; [1
12,6822015/01/20 2015501  ET TROJAN ProxyBox - HTTP CnC - Checkin Response; [1
12,6812015/01/20 2015500  ET POLICY Geo Location IP info online service (geoiptool.com);  
12,6802015/01/20 2015499  ET WEB_SPECIFIC_APPS Wordpress Plugin Newsletter data parameter Local File Inclusion vulnerability; [1
12,6792015/01/20 2015498  ET WEB_SPECIFIC_APPS Joomla com_hello controller parameter Local File Inclusion vulnerability; [1
12,6782015/01/20 2015497  ET WEB_SPECIFIC_APPS WordPress Download Manager cid parameter Cross-Site Scripting Attempt; [1
12,6772015/01/20 2015496  ET WEB_SPECIFIC_APPS WordPress church_admin Plugin id parameter Cross-Site Scripting Attempt; [1
12,6762015/01/20 2015495  ET WEB_SPECIFIC_APPS Web Edition mod parameter Local File Inclusion vulnerability; [1
12,6752015/01/20 2015494  ET WEB_SPECIFIC_APPS Wordpress Plugin PICA Photo Gallery imgname parameter Local File Inclusion Attempt; [1
12,6742015/01/20 2015493  ET ACTIVEX Possible CommuniCrypt Mail SMTP ActiveX AddAttachments Method Access Stack Buffer Overflow; [1
12,6732015/01/20 2015492  ET ACTIVEX Possible CA BrightStor ARCserve Backup ActiveX AddColumn Method Access Buffer Overflow 2; [1
12,6722015/01/20 2015491  ET ACTIVEX Possible CA BrightStor ARCserve Backup ActiveX AddColumn Method Access Buffer Overflow; [1
12,6712015/01/20 2015490  ET ACTIVEX Possible beSTORM ActiveX (WinGraphviz.dll) Remote Heap Overflow; [1
12,6702015/01/20 2015489  ET TROJAN W32/OnlineGame.DaGame Variant CnC Checkin;  
12,6692015/01/20 2015488  ET CURRENT_EVENTS Blackhole Java Exploit Recent Jar (3);  
12,6682015/01/20 2015487  ET CURRENT_EVENTS Blackhole Java Exploit Recent Jar (2);  
12,6672015/01/20 2015486  ET CURRENT_EVENTS Blackhole Java Exploit Recent Jar (1);  
12,6662015/01/20 2015485  ET POLICY TuneIn Internet Radio Usage Detected; [1
12,6652015/01/20 2015484  ET SCAN w3af User-Agent 2;  
12,6642015/01/20 2015483  ET INFO Java .jar request to dotted-quad domain;  
12,6632015/01/20 2015482  ET TROJAN ZeroAccess Outbound udp traffic detected;  
12,6622015/01/20 2015481  ET CURRENT_EVENTS Compromised Wordpress Install Serving Malicious JS; [1
< 281  282  283  284  285  286  287  288  289  290 >
GigaVPN & GigaIPS is based MikroTik, Suricata and EmergingThreats.
Copyright ⓒ 2010 . All Rights Reserved.