시그니처 리스트, Signature List
번호날짜ID시그니처 (Total Ruleset: 27,111개)
14,5112015/01/20 2017406  ET CURRENT_EVENTS Rawin EK Java /victoria.jar;  
14,5102015/01/20 2017405  ET CURRENT_EVENTS Sweet Orange Landing with Applet Aug 30 2013;  
14,5092015/01/20 2017404  ET WORM W32/Njw0rm CnC Beacon; [1
14,5082015/01/20 2017403  ET WEB_SERVER WebShell Generic eval of convert_uudecode;  
14,5072015/01/20 2017402  ET WEB_SERVER WebShell Generic eval of gzuncompress;  
14,5062015/01/20 2017401  ET WEB_SERVER WebShell Generic eval of str_rot13;  
14,5052015/01/20 2017400  ET WEB_SERVER WebShell Generic eval of gzinflate;  
14,5042015/01/20 2017399  ET WEB_SERVER WebShell Generic eval of base64_decode;  
14,5032015/01/20 2017398  ET POLICY Internal Host Retrieving External IP via icanhazip.com - Possible Infection;  
14,5022015/01/20 2017397  ET DOS Apple CoreText Exploit Specific string; [1
14,5012015/01/20 2017396  ET CURRENT_EVENTS CoolEK Landing Aug 29 2013;  
14,5002015/01/20 2017395  ET TROJAN Likely Bot Nick in IRC ([country|so version|CPU]);  
14,4992015/01/20 2017394  ET WEB_SERVER WebShell - ASPyder - File Upload - Response;  
14,4982015/01/20 2017393  ET WEB_SERVER WebShell - ASPyder -File Upload - POST Structure;  
14,4972015/01/20 2017392  ET WEB_SERVER WebShell - ASPyder - File Browser - POST Structure;  
14,4962015/01/20 2017391  ET WEB_SERVER WebShell - ASPyder - Auth Prompt;  
14,4952015/01/20 2017390  ET WEB_SERVER WebShell - ASPyder - File Browser - Interface;  
14,4942015/01/20 2017389  ET WEB_SERVER WebShell - ASPyder - Auth Creds;  
14,4932015/01/20 2017388  ET CURRENT_EVENTS Possible Sweet Orange Payload Download Aug 28 2013;  
14,4922015/01/20 2017387  ET CURRENT_EVENTS Unknown EK Landing Aug 27 2013;  
14,4912015/01/20 2017386  ET CURRENT_EVENTS Possible APT-12 Related C2; [1
14,4902015/01/20 2017385  ET TROJAN Trojan.Dirtjump Checkin; [1
14,4892015/01/20 2017384  ET TROJAN Drive DDoS Tool byte command received key=okokokjjk; [1
14,4882015/01/20 2017383  ET TROJAN Drive DDoS Tool byte command received key=okokokjjk; [1
14,4872015/01/20 2017382  ET TROJAN Drive DDoS Tool post2 command received key=okokokjjk; [1
14,4862015/01/20 2017381  ET TROJAN Drive DDoS Tool post1 command received key=okokokjjk; [1
14,4852015/01/20 2017380  ET TROJAN Drive DDoS Tool smart command received key=okokokjjk; [1
14,4842015/01/20 2017379  ET TROJAN Drive DDoS Tool long command received key=okokokjjk; [1
14,4832015/01/20 2017378  ET TROJAN Drive DDoS Tool get command received key=okokokjjk; [1
14,4822015/01/20 2017377  ET TROJAN Win64/Vabushky.A Malicious driver download; [1
14,4812015/01/20 2017376  ET CURRENT_EVENTS Possible BHEK Landing URI Format;  
14,4802015/01/20 2017375  ET CURRENT_EVENTS CookieBomb Generic HTML Format;  
14,4792015/01/20 2017374  ET CURRENT_EVENTS CookieBomb Generic PHP Format;  
14,4782015/01/20 2017373  ET CURRENT_EVENTS Possible CookieBomb Generic JavaScript Format;  
14,4772015/01/20 2017372  ET CURRENT_EVENTS Sweet Orange Landing with Applet Aug 26 2013;  
14,4762015/01/20 2017371  ET TROJAN Win32/Neurevt.A checkin;  
14,4752015/01/20 2017370  ET CURRENT_EVENTS AutoIT C&C Check-In 2013-08-23 URL; [1
14,4742015/01/20 2017369  ET TROJAN Bitcoin variant Checkin; [1
14,4732015/01/20 2017368  ET TROJAN Possible Avatar RootKit Yahoo Group Search; [1
14,4722015/01/20 2017367  ET TROJAN Possible Win32/Napolar.A URL Response;  
14,4712015/01/20 2017366  ET WEB_SERVER Coldfusion 9 Auth Bypass CVE-2013-0632; [1
14,4702015/01/20 2017365  ET TROJAN SUSPICIOUS UA (iexplore);  
14,4692015/01/20 2017364  ET CURRENT_EVENTS Blackhole obfuscated base64 key string;  
14,4682015/01/20 2017363  ET INFO InetSim Response from External Source Possible SinkHole;  
14,4672015/01/20 2017362  ET TROJAN Win32/Napolar.A Getting URL;  
14,4662015/01/20 2017361  ET TROJAN PoisonIvy.fishplay Keepalive to CnC; [1
14,4652015/01/20 2017360  ET TROJAN PoisonIvy.XGstone Keepalive to CnC; [1
14,4642015/01/20 2017359  ET TROJAN PoisonIvy.smallfish Keepalive to CnC; [1
14,4632015/01/20 2017358  ET TROJAN PoisonIvy.xiaoxiaohuli Keepalive to CnC; [1
14,4622015/01/20 2017357  ET TROJAN PoisonIvy.wwwst@Admin Keepalive to CnC; [1
< 251  252  253  254  255  256  257  258  259  260 >
GigaVPN & GigaIPS is based MikroTik, Suricata and EmergingThreats.
Copyright ⓒ 2010 . All Rights Reserved.