시그니처 리스트, Signature List
번호날짜ID시그니처 (Total Ruleset: 27,111개)
11,9112015/01/20 2014720  ET TROJAN W32/Downloader/Agent.dxh.1 Reporting to CnC;  
11,9102015/01/20 2014719  ET TROJAN W32/Simbot.Backdoor Checkin;  
11,9092015/01/20 2014718  ET GAMES Nintendo Wii User-Agent; [1
11,9082015/01/20 2014717  ET WEB_SPECIFIC_APPS WordPress WP Custom Pages url parameter Local File Inclusion Attempt; [1
11,9072015/01/20 2014716  ET WEB_SPECIFIC_APPS Joomla com_joomtouch controller parameter Local File Inclusion Attempt; [1
11,9062015/01/20 2014715  ET WEB_SPECIFIC_APPS Joomla com_obsuggest controller parameter Local File Inclusion Attempt; [1
11,9052015/01/20 2014714  ET ACTIVEX Possible WebEx UCF atucfobj.dll ActiveX NewObject Method Buffer Overflow 2; [1
11,9042015/01/20 2014713  ET ACTIVEX Possible WebEx UCF atucfobj.dll ActiveX NewObject Method Buffer Overflow; [1
11,9032015/01/20 2014712  ET WEB_SPECIFIC_APPS Wordpress WPsc-MijnPress plugin rwflush parameter Cross-Site Scripting Attempt; [1
11,9022015/01/20 2014711  ET WEB_SPECIFIC_APPS maxxweb Cms kategorie parameter Cross-Site Scripting Attempt; [1
11,9012015/01/20 2014710  ET ACTIVEX Possible Samsung NET-i Viewer Active-X SEH Overwrite; [1
11,9002015/01/20 2014709  ET ACTIVEX Possible McAfee Virtual Technician MVT.MVTControl.6300 ActiveX Control GetObject method Remote Code Execution 2; [1
11,8992015/01/20 2014708  ET ACTIVEX Possible McAfee Virtual Technician MVT.MVTControl.6300 ActiveX Control GetObject method Remote Code Execution; [1
11,8982015/01/20 2014707  ET CURRENT_EVENTS Bleeding Life 2 GPLed Exploit Pack payload download;  
11,8972015/01/20 2014706  ET CURRENT_EVENTS Bleeding Life 2 GPLed Exploit Pack payload request (exploit successful!);  
11,8962015/01/20 2014705  ET CURRENT_EVENTS Bleeding Life 2 GPLed Exploit Pack exploit request;  
11,8952015/01/20 2014704  ET WEB_SPECIFIC_APPS PHP-CGI query string parameter vulnerability; [1,2
11,8942015/01/20 2014703  ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Reserved Bit Set - Likely Kazy; [1,2
11,8932015/01/20 2014702  ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 8 through 15 set - Likely Kazy; [1,2
11,8922015/01/20 2014701  ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 6 or 7 set - Likely Kazy; [1,2
11,8912015/01/20 2014700  ET TROJAN W32/Backdoor.BAT.Agent.W User Botnet;  
11,8902015/01/20 2014669  ET DELETED SpyEyeV1.3.48 Data Post to CnC - lol.php; [1
11,8892015/01/20 2014668  ET TROJAN W32/SpyBanker Infection Confirmation Email;  
11,8882015/01/20 2014667  ET MALWARE W32/Dialer.Adultchat Checkin; [1
11,8872015/01/20 2014666  ET CURRENT_EVENTS DRIVEBY Blackhole - Injected Page Leading To Driveby;  
11,8862015/01/20 2014665  ET CURRENT_EVENTS DRIVEBY Generic - Redirection to Kit - BrowserDetect with var stopit;  
11,8852015/01/20 2014664  ET CURRENT_EVENTS Blackhole - Jar File Naming Algorithm;  
11,8842015/01/20 2014663  ET DOS Microsoft Remote Desktop Protocol (RDP) maxChannelIds Negative Integer indef DoS Attempt; [1,2,3,4,5,6
11,8832015/01/20 2014662  ET DOS Microsoft Remote Desktop Protocol (RDP) maxChannelIds Integer indef DoS Attempt; [1,2,3,4,5,6
11,8822015/01/20 2014661  ET CURRENT_EVENTS Blackhole Landing for prototype catch substr;  
11,8812015/01/20 2014660  ET TROJAN Win32/Ponmocup.A Checkin;  
11,8802015/01/20 2014659  ET CURRENT_EVENTS Blackhole Landing Page Obfuscated Please wait Message; [1
11,8792015/01/20 2014658  ET CURRENT_EVENTS Unkown exploit kit payload download;  
11,8782015/01/20 2014657  ET CURRENT_EVENTS Unkown exploit kit pdf download;  
11,8772015/01/20 2014656  ET WEB_SPECIFIC_APPS WordPress Skysa Official submit parameter Cross-Site Scripting Attempt; [1
11,8762015/01/20 2014655  ET WEB_SPECIFIC_APPS Joomla com_some controller Parameter Local File Inclusion Attempt; [1
11,8752015/01/20 2014654  ET WEB_SPECIFIC_APPS Joomla com_videogallery controller parameter Local File Inclusion Attempt; [1
11,8742015/01/20 2014653  ET ACTIVEX Quest Explain Plan Display ActiveX Control SaveToFile Insecure Method Access 2; [1
11,8732015/01/20 2014652  ET ACTIVEX Quest Explain Plan Display ActiveX Control SaveToFile Insecure Method Access; [1
11,8722015/01/20 2014651  ET ACTIVEX Tracker Software pdfSaver ActiveX InitFromRegistry Method Access Potential Buffer Overflow 2; [1
11,8712015/01/20 2014650  ET ACTIVEX Tracker Software pdfSaver ActiveX InitFromRegistry Method Access Potential Buffer Overflow; [1
11,8702015/01/20 2014649  ET ACTIVEX Tracker Software pdfSaver ActiveX StoreInRegistry Method Access Potential Buffer Overflow 2; [1
11,8692015/01/20 2014648  ET ACTIVEX Tracker Software pdfSaver ActiveX StoreInRegistry Method Access Potential Buffer Overflow; [1
11,8682015/01/20 2014647  ET WEB_SPECIFIC_APPS PHP Volunteer Management id parameter Cross-Site Scripting Attempt; [1
11,8672015/01/20 2014646  ET MISC RuggedCom factory account backdoor; [1,2
11,8662015/01/20 2014645  ET INFO RuggedCom Banner with MAC; [1,2
11,8652015/01/20 2014644  ET CURRENT_EVENTS Blackhole - Landing Page Recieved - applet PluginDetect and 10hexchar title;  
11,8642015/01/20 2014643  ET TROJAN ConstructorWin32/Agent.V;  
11,8632015/01/20 2014642  ET DELETED Blackhole Java Exploit request to /Edu.jar;  
11,8622015/01/20 2014641  ET CURRENT_EVENTS Incognito Exploit Kit landing page request to images.php?t=4xxxxxxx;  
< 301  302  303  304  305  306  307  308  309  310 >
GigaVPN & GigaIPS is based MikroTik, Suricata and EmergingThreats.
Copyright ⓒ 2010 . All Rights Reserved.