시그니처 리스트, Signature List
번호날짜ID시그니처 (Total Ruleset: 27,111개)
13,7112015/01/20 2016580  ET CURRENT_EVENTS SUSPICIOUS Java Request to DynDNS Pro Dynamic DNS Domain;  
13,7102015/01/20 2016579  ET TROJAN APT_NGO_wuaclt PDF file; [1
13,7092015/01/20 2016578  ET TROJAN Dorkbot Loader Payload Request;  
13,7082015/01/20 2016577  ET WEB_SERVER WebShell - Romanian Webshell;  
13,7072015/01/20 2016576  ET WEB_SERVER WebShell - MySQL Interface - Server Set Cookie mysql_web_admin*=;  
13,7062015/01/20 2016575  ET WEB_SERVER WebShell - MySQL Interface - Client Cookie mysql_web_admin*=;  
13,7052015/01/20 2016574  ET WEB_SERVER WebShell - MySQL Interface - Database List;  
13,7042015/01/20 2016573  ET TROJAN APT_NGO_wuaclt; [1
13,7032015/01/20 2016572  ET TROJAN APT_NGO_wuaclt C2 Check-in; [1
13,7022015/01/20 2016571  ET DNS APT_NGO_wuaclt C2 Domain hotmal1.com; [1
13,7012015/01/20 2016570  ET DNS APT_NGO_wuaclt C2 Domain micorsofts.com; [1
13,7002015/01/20 2016569  ET DNS APT_NGO_wuaclt C2 Domain micorsofts.net; [1
13,6992015/01/20 2016568  ET TROJAN W32/LetsGo.APT Sleep CnC Beacon; [1
13,6982015/01/20 2016567  ET TROJAN Win32/Urausy.C Checkin 2;  
13,6972015/01/20 2016566  ET CURRENT_EVENTS SNET EK Downloading Payload;  
13,6962015/01/20 2016564  ET CURRENT_EVENTS Blackhole 16-hex/q.php Jar Download;  
13,6952015/01/20 2016563  ET CURRENT_EVENTS Blackhole 16-hex/q.php Landing Page/Java exploit URI;  
13,6942015/01/20 2016562  ET CURRENT_EVENTS Possible Neutrino EK Posting Plugin-Detect Data;  
13,6932015/01/20 2016561  ET DELETED W32/Asprox Spam Module CnC Beacon; [1,2
13,6922015/01/20 2016560  ET CURRENT_EVENTS GonDadEK Plugin Detect March 11 2013; [1
13,6912015/01/20 2016559  ET CURRENT_EVENTS CoolEK Payload Download (7);  
13,6902015/01/20 2016558  ET CURRENT_EVENTS Possible CrimeBoss Generic URL Structure;  
13,6892015/01/20 2016557  ET DELETED Possible FiestaEK CVE-2013-0431 Artifact (4) Mar 07 2013;  
13,6882015/01/20 2016556  ET DELETED Possible FiestaEK CVE-2013-0431 Artifact (3) Mar 07 2013;  
13,6872015/01/20 2016555  ET DELETED Possible FiestaEK CVE-2013-0431 Artifact (2) Mar 07 2013;  
13,6862015/01/20 2016554  ET DELETED Possible FiestaEK CVE-2013-0431 Artifact (1) Mar 07 2013;  
13,6852015/01/20 2016553  ET TROJAN Win32/Urausy.C Checkin;  
13,6842015/01/20 2016552  ET TROJAN W32/Trustezeb.C CnC Beacon; [1,2
13,6832015/01/20 2016551  ET CURRENT_EVENTS Possible Neutrino EK Downloading Jar;  
13,6822015/01/20 2016550  ET TROJAN Win32/Fareit Checkin 2;  
13,6812015/01/20 2016549  ET CURRENT_EVENTS Base64 http argument in applet (Neutrino/Angler);  
13,6802015/01/20 2016548  ET DELETED W32/Ponik.Downloader Randomware Download; [1,2
13,6792015/01/20 2016547  ET CURRENT_EVENTS CoolEK Payload Download (6);  
13,6782015/01/20 2016546  ET MALWARE W32/Eorezo.Adware CnC Beacon; [1
13,6772015/01/20 2016544  ET DELETED Blackhole/Cool plugindetect in octal Mar 6 2013;  
13,6762015/01/20 2016543  ET CURRENT_EVENTS Possible Portal TDS Kit GET (2); [1
13,6752015/01/20 2016542  ET CURRENT_EVENTS Possible Portal TDS Kit GET; [1
13,6742015/01/20 2016541  ET CURRENT_EVENTS SofosFO/GrandSoft landing applet plus class Mar 03 2013;  
13,6732015/01/20 2016540  ET CURRENT_EVENTS SUSPICIOUS JAR Download by Java UA with non JAR EXT matches various EKs;  
13,6722015/01/20 2016539  ET CURRENT_EVENTS Java Download non Jar file;  
13,6712015/01/20 2016538  ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download;  
13,6702015/01/20 2016537  ET INFO GET Minimal HTTP Headers Flowbit Set;  
13,6692015/01/20 2016536  ET TROJAN W32/TrojanSpy.MSIL Fetch Header CnC Beacon; [1
13,6682015/01/20 2016535  ET TROJAN W32/TrojanSpy.MSIL Set Done Day CnC Beacon; [1
13,6672015/01/20 2016534  ET TROJAN W32/TrojanSpy.MSIL Get New MAC CnC Beacon; [1
13,6662015/01/20 2016533  ET TROJAN W32/TrojanSpy.MSIL Fetch Time CnC Beacon; [1
13,6652015/01/20 2016531  ET TROJAN W32/Asprox.FakeAV Affiliate Download Location Response - Likely Pay-Per-Install For W32/Papras.Spy or W32/ZeroAccess; [1
13,6642015/01/20 2016530  ET TROJAN W32/Asprox.FakeAV Affiliate Second Stage Download Location Request; [1
13,6632015/01/20 2016529  ET TROJAN W32/Asprox Passgrub POST CnC Beacon; [1
13,6622015/01/20 2016528  ET TROJAN W32/Asprox CnC Beacon; [1
< 261  262  263  264  265  266  267  268  269  270 >
GigaVPN & GigaIPS is based MikroTik, Suricata and EmergingThreats.
Copyright ⓒ 2010 . All Rights Reserved.