시그니처 리스트, Signature List
번호날짜ID시그니처 (Total Ruleset: 27,111개)
14,7112015/01/20 2017608  ET WEB_SERVER PHP WebShell Embedded In JPG (INBOUND); [1
14,7102015/01/20 2017607  ET WEB_SERVER PHP WebShell Embedded In GIF (INBOUND); [1
14,7092015/01/20 2017606  ET WEB_SERVER PHP WebShell Embedded In PNG (OUTBOUND); [1
14,7082015/01/20 2017605  ET WEB_SERVER PHP WebShell Embedded In JPG (OUTBOUND); [1
14,7072015/01/20 2017604  ET WEB_SERVER PHP WebShell Embedded In GIF (OUTBOUND); [1
14,7062015/01/20 2017603  ET CURRENT_EVENTS Magnitude EK (formerly Popads) Java Exploit 32-32 byte hex java payload request Oct 16 2013;  
14,7052015/01/20 2017602  ET CURRENT_EVENTS Magnitude EK - Landing Page - Java ClassID and 32/32 archive Oct 16 2013;  
14,7042015/01/20 2017601  ET CURRENT_EVENTS Nuclear EK CVE-2013-2551 IE Exploit URI Struct;  
14,7032015/01/20 2017600  ET TROJAN W32.Nemim Checkin; [1
14,7022015/01/20 2017599  ET TROJAN Backdoor.Egobot Checkin; [1
14,7012015/01/20 2017598  ET TROJAN Possible Kelihos.F EXE Download Common Structure;  
14,7002015/01/20 2017597  ET CURRENT_EVENTS Neutrino XORed pluginDetect 2;  
14,6992015/01/20 2017596  ET CURRENT_EVENTS Neutrino XORed pluginDetect 1;  
14,6982015/01/20 2017595  ET CURRENT_EVENTS Possible Neutrino Java Payload Download Oct 15 2013;  
14,6972015/01/20 2017594  ET CURRENT_EVENTS Possible Neutrino Java Exploit Download Oct 15 2013;  
14,6962015/01/20 2017593  ET CURRENT_EVENTS Neutrino EK Landing URI Format Oct 15 2013;  
14,6952015/01/20 2017592  ET CURRENT_EVENTS Unknown Malvertising Related EK Redirect Oct 14 2013; [1
14,6942015/01/20 2017591  ET CURRENT_EVENTS Unknown Malvertising Related EK Landing Oct 14 2013; [1
14,6932015/01/20 2017590  ET CURRENT_EVENTS D-LINK Router Backdoor via Specific UA; [1
14,6922015/01/20 2017589  ET CURRENT_EVENTS Unknown EK Initial Payload Internet Connectivity Check; [1
14,6912015/01/20 2017588  ET MOBILE_MALWARE Android/Opfake.A Country CnC Beacon; [1
14,6902015/01/20 2017587  ET MOBILE_MALWARE Android/Opfake.A GetTask CnC Beacon; [1
14,6892015/01/20 2017586  ET TROJAN Possible W32/KanKan Update officeaddinupdate.xml Request; [1
14,6882015/01/20 2017585  ET TROJAN Possible W32/KanKan tools.ini Request; [1
14,6872015/01/20 2017584  ET TROJAN CryptoLocker Ransomware check-in;  
14,6862015/01/20 2017583  ET TROJAN CryptoLocker EXE Download;  
14,6852015/01/20 2017582  ET TROJAN Citadel Activity POST;  
14,6842015/01/20 2017580  ET CURRENT_EVENTS DotkaChef Payload October 09;  
14,6832015/01/20 2017579  ET CURRENT_EVENTS SUSPICIOUS Possible Secondary Indicator of Java Exploit (Artifact Observed mostly in EKs/a few mis-configured apps);  
14,6822015/01/20 2017578  ET CURRENT_EVENTS Fake MS Security Update EK (Payload Download);  
14,6812015/01/20 2017577  ET CURRENT_EVENTS Fiesta EK Landing Oct 09 2013;  
14,6802015/01/20 2017576  ET CURRENT_EVENTS Styx EK jply.html;  
14,6792015/01/20 2017575  ET WEB_SPECIFIC_APPS Possible VBulletin Unauthorized Admin Account Creation; [1
14,6782015/01/20 2017574  ET WEB_SPECIFIC_APPS Possible JBoss/JMX EJBInvokerServlet RCE Using Marshalled Object; [1
14,6772015/01/20 2017573  ET WEB_SPECIFIC_APPS Possible JBoss/JMX InvokerServlet RCE Using Marshalled Object; [1
14,6762015/01/20 2017572  ET WEB_CLIENT Possible Microsoft Internet Explorer Use-After-Free CVE-2013-3897;  
14,6752015/01/20 2017571  ET CURRENT_EVENTS Angler EK Payload Download;  
14,6742015/01/20 2017570  ET CURRENT_EVENTS Angler EK Exploit Download;  
14,6732015/01/20 2017569  ET CURRENT_EVENTS Angler EK Landing Page;  
14,6722015/01/20 2017568  ET CURRENT_EVENTS Possible Metasploit Java CVE-2013-2465 Class Name Sub Algo; [1,2
14,6712015/01/20 2017567  ET CURRENT_EVENTS FiestaEK js-redirect;  
14,6702015/01/20 2017566  ET INFO Obfuscated fromCharCode;  
14,6692015/01/20 2017565  ET INFO Obfuscated fromCharCode;  
14,6682015/01/20 2017564  ET CURRENT_EVENTS Unknown EK Landing; [1,2
14,6672015/01/20 2017563  ET CURRENT_EVENTS Possible Java CVE-2013-2465 Based on PoC; [1,2
14,6662015/01/20 2017562  ET CURRENT_EVENTS Sweet Orange Landing with Applet Oct 4 2013;  
14,6652015/01/20 2017561  ET MALWARE W32/Wajam.Adware Successful Install;  
14,6642015/01/20 2017560  ET WEB_SPECIFIC_APPS Possible WHMCS SQLi AES_ENCRYPT at start of value; [1
14,6632015/01/20 2017559  ET TROJAN SSH Connection on 443 - Mevade Banner;  
14,6622015/01/20 2017558  ET TROJAN Mevade Checkin;  
< 241  242  243  244  245  246  247  248  249  250 >
GigaVPN & GigaIPS is based MikroTik, Suricata and EmergingThreats.
Copyright ⓒ 2010 . All Rights Reserved.