시그니처 리스트, Signature List
번호날짜ID시그니처 (Total Ruleset: 27,111개)
13,8612015/01/20 2016732  ET TROJAN Revoyem Ransomware Activity; [1
13,8602015/01/20 2016731  ET TROJAN Revoyem Ransomware Check-in; [1
13,8592015/01/20 2016730  ET DELETED Blackhole/Cool plugindetect in octal;  
13,8582015/01/20 2016729  ET CURRENT_EVENTS Reversed Applet Observed in Sakura/Blackhole Landing;  
13,8572015/01/20 2016728  ET TROJAN W32/BaneChant.APT Initial CnC Beacon; [1
13,8562015/01/20 2016727  ET TROJAN W32/BaneChant.APT Data Exfiltration POST to CnC; [1
13,8552015/01/20 2016726  ET CURRENT_EVENTS Potential Fiesta Flash Exploit;  
13,8542015/01/20 2016725  ET CURRENT_EVENTS Blackhole 16-hex/ff.php Jar Download;  
13,8532015/01/20 2016724  ET CURRENT_EVENTS Blackhole 16-hex/ff.php Landing Page/Java exploit URI;  
13,8522015/01/20 2016723  ET CURRENT_EVENTS Blackhole 32-hex/ff.php Jar Download;  
13,8512015/01/20 2016722  ET CURRENT_EVENTS Blackhole 32-hex/ff.php Landing Page/Java exploit URI;  
13,8502015/01/20 2016721  ET CURRENT_EVENTS Possible Sakura Jar Download;  
13,8492015/01/20 2016720  ET DELETED Sakura Jar Download SET;  
13,8482015/01/20 2016719  ET CURRENT_EVENTS BHEK ff.php iframe outbound; [1
13,8472015/01/20 2016718  ET CURRENT_EVENTS BHEK q.php iframe outbound; [1
13,8462015/01/20 2016717  ET CURRENT_EVENTS BHEK ff.php iframe inbound; [1
13,8452015/01/20 2016716  ET CURRENT_EVENTS BHEK q.php iframe inbound; [1
13,8442015/01/20 2016715  ET SHELLCODE Possible Backslash Escaped UTF-16 0c0c Heap Spray;  
13,8432015/01/20 2016714  ET SHELLCODE Possible Backslash Escaped UTF-8 0c0c Heap Spray;  
13,8422015/01/20 2016713  ET CURRENT_EVENTS W32/BaneChant.APT Winword.pkg Redirect; [1
13,8412015/01/20 2016712  ET DELETED Empty HTTP Content Type Server Response - Potential CnC Server;  
13,8402015/01/20 2016711  ET CURRENT_EVENTS DNS Query Targeted Tibetan Android Malware C2 Domain; [1
13,8392015/01/20 2016710  ET TROJAN Zeus User-Agent(z00sAgent);  
13,8382015/01/20 2016709  ET CURRENT_EVENTS CrimeBoss Recent Jar (4);  
13,8372015/01/20 2016708  ET CURRENT_EVENTS CrimeBoss Recent Jar (3);  
13,8362015/01/20 2016707  ET TROJAN Win32/Enchanim Checkin;  
13,8352015/01/20 2016706  ET DELETED SofosFO/NeoSploit possible second stage landing page (1);  
13,8342015/01/20 2016705  ET CURRENT_EVENTS Sweet Orange applet with obfuscated URL April 01 2013;  
13,8332015/01/20 2016704  ET CURRENT_EVENTS Probable Sakura exploit kit landing page obfuscated applet tag Mar 28 2013;  
13,8322015/01/20 2016703  ET CURRENT_EVENTS SUSPICIOUS rundll32.exe in URI;  
13,8312015/01/20 2016702  ET CURRENT_EVENTS SUSPICIOUS csrss.exe in URI;  
13,8302015/01/20 2016701  ET CURRENT_EVENTS SUSPICIOUS smss.exe in URI;  
13,8292015/01/20 2016700  ET CURRENT_EVENTS SUSPICIOUS explorer.exe in URI;  
13,8282015/01/20 2016699  ET CURRENT_EVENTS SUSPICIOUS lsass.exe in URI;  
13,8272015/01/20 2016698  ET CURRENT_EVENTS SUSPICIOUS services.exe in URI;  
13,8262015/01/20 2016697  ET CURRENT_EVENTS SUSPICIOUS winlogon.exe in URI;  
13,8252015/01/20 2016696  ET CURRENT_EVENTS SUSPICIOUS svchost.exe in URI Probable Process Dump/Trojan Download;  
13,8242015/01/20 2016695  ET INFO SUSPICIOUS UA starting with Mozilla/0;  
13,8232015/01/20 2016694  ET INFO SUSPICIOUS UA starting with Mozilla/9;  
13,8222015/01/20 2016693  ET INFO SUSPICIOUS UA starting with Mozilla/8;  
13,8212015/01/20 2016692  ET INFO SUSPICIOUS UA starting with Mozilla/7;  
13,8202015/01/20 2016690  ET TROJAN Kovter Ransomware Check-in; [1
13,8192015/01/20 2016689  ET WEB_SERVER WebShell - MySQL Interface - Auth Prompt;  
13,8182015/01/20 2016688  ET FTP Outbound Java Downloading jar over FTP;  
13,8172015/01/20 2016687  ET FTP Outbound Java Anonymous FTP Login;  
13,8162015/01/20 2016686  ET DELETED Blackhole/Cool plugindetect in octal -7 Mar 30 2013;  
13,8152015/01/20 2016685  ET TROJAN Win32/Delfinject Check-in; [1
13,8142015/01/20 2016684  ET WEB_SERVER WebShell - JSPCMD - Form;  
13,8132015/01/20 2016683  ET WEB_SERVER WebShell Generic - wget http - POST;  
13,8122015/01/20 2016682  ET WEB_SERVER WebShell Generic - reg HKEY_LOCAL_MACHINE;  
< 261  262  263  264  265  266  267  268  269  270 >
GigaVPN & GigaIPS is based MikroTik, Suricata and EmergingThreats.
Copyright ⓒ 2010 . All Rights Reserved.