시그니처 리스트, Signature List
번호날짜ID시그니처 (Total Ruleset: 27,111개)
12,2112015/01/20 2015025  ET CURRENT_EVENTS Blackhole Landing Page Eval Variable Obfuscation 1;  
12,2102015/01/20 2015024  ET CURRENT_EVENTS Incognito - Malicious PDF Requested - /getfile.php;  
12,2092015/01/20 2015023  ET WEB_SERVER IIS 8.3 Filename With Wildcard (Possible File/Dir Bruteforce); [1
12,2082015/01/20 2015022  ET TROJAN W32/Zusy Gettime Checkin;  
12,2072015/01/20 2015021  ET TROJAN W32/Numnet.Downloader CnC Checkin 2;  
12,2062015/01/20 2015020  ET TROJAN W32/Numnet.Downloader CnC Checkin 1;  
12,2052015/01/20 2015019  ET TROJAN W32/Icoo CnC Checkin;  
12,2042015/01/20 2015018  ET MALWARE W32/OnlineGames User Agent loadMM;  
12,2032015/01/20 2015017  ET MALWARE W32/OnlineGames Checkin;  
12,2022015/01/20 2015016  ET INFO FTP STOR to External Network;  
12,2012015/01/20 2015015  ET POLICY Download Request to Hotfile.com;  
12,2002015/01/20 2015014  ET CURRENT_EVENTS Blackhole Split String Obfuscation of Eval 3;  
12,1992015/01/20 2015013  ET CURRENT_EVENTS Blackhole Split String Obfuscation of Eval 2;  
12,1982015/01/20 2015012  ET CURRENT_EVENTS Blackhole Split String Obfuscation of Eval 1;  
12,1972015/01/20 2015011  ET CURRENT_EVENTS g01pack exploit pack /mix/ payload;  
12,1962015/01/20 2015010  ET CURRENT_EVENTS g01pack exploit pack /mix/ Java exploit;  
12,1952015/01/20 2015009  ET DELETED SofosFO exploit kit payload download;  
12,1942015/01/20 2015007  ET DELETED SofosFO exploit kit version check;  
12,1932015/01/20 2015006  ET DELETED SofosFO exploit kit jar download;  
12,1922015/01/20 2015005  ET CURRENT_EVENTS Blackhole Java applet with obfuscated URL 3;  
12,1912015/01/20 2015004  ET INFO Compressed Executable SZDD Compress.exe Format Over HTTP; [1,2
12,1902015/01/20 2015003  ET TROJAN Pushbot server response; [1
12,1892015/01/20 2015002  ET TROJAN Pushbot User-Agent; [1
12,1882015/01/20 2015001  ET DELETED Blackhole - Blackhole Java Exploit request to spn.jar;  
12,1872015/01/20 2015000  ET CURRENT_EVENTS NuclearPack Java exploit binary get request;  
12,1862015/01/20 2014999  ET TROJAN Zbot CnC POST /common/timestamps.php;  
12,1852015/01/20 2014998  ET CURRENT_EVENTS Runforestrun Malware Campaign Infected Website Landing Page Obfuscated String JavaScript DGA; [1
12,1842015/01/20 2014997  ET POLICY Pandora Usage; [1
12,1832015/01/20 2014996  ET DOS Microsoft Windows 7 ICMPv6 Router Advertisement Flood; [1
12,1822015/01/20 2014995  ET WEB_SPECIFIC_APPS WordPress jRSS Widget url parameter Local File Inclusion Vulnerability; [1
12,1812015/01/20 2014994  ET WEB_SPECIFIC_APPS Joomla com_profile controller parameter Local File Inclusion Vulnerability; [1
12,1802015/01/20 2014993  ET WEB_SPECIFIC_APPS AdaptCMS sitepath parameter Remote File Inclusion Vulnerability; [1
12,1792015/01/20 2014992  ET ACTIVEX Possible SonciWALL Aventail AuthCredential Format String Exploit; [1
12,1782015/01/20 2014991  ET ACTIVEX Possible SonciWALL Aventail AuthCredential Format String Exploit 2; [1
12,1772015/01/20 2014990  ET WEB_SPECIFIC_APPS WordPress Download Monitor tags parameter Cross-Site Scripting Attempt; [1
12,1762015/01/20 2014989  ET WEB_SPECIFIC_APPS WordPress Download Monitor thumbnail parameter Cross-Site Scripting Attempt; [1
12,1752015/01/20 2014988  ET WEB_SPECIFIC_APPS pliggCMS src parameter Remote File Inclusion Attempt; [1
12,1742015/01/20 2014987  ET WEB_SERVER possible IBM Rational Directory Server (RDS) Help system href Cross Site Scripting Attempt; [1
12,1732015/01/20 2014986  ET WEB_SERVER possible IBM Rational Directory Server (RDS) Help system href browser redirect; [1
12,1722015/01/20 2014985  ET CURRENT_EVENTS Hacked Website Response /*qhk6sa6g1c*/ Jun 25 2012; [1
12,1712015/01/20 2014984  ET CURRENT_EVENTS Hacked Website Response /*km0ae9gr6m*/ Jun 25 2012; [1
12,1702015/01/20 2014983  ET CURRENT_EVENTS Scalaxy Jar file;  
12,1692015/01/20 2014982  ET CURRENT_EVENTS Googlebot UA POST to /uploadify.php; [1
12,1682015/01/20 2014981  ET CURRENT_EVENTS Blackhole Exploit Kit Landing Page Try Renamed Prototype Catch - June 28th 2012; [1
12,1672015/01/20 2014980  ET TROJAN Zbot CnC GET /lost.dat;  
12,1662015/01/20 2014979  ET TROJAN Zbot CnC POST /common/versions.php;  
12,1652015/01/20 2014977  ET DELETED Blackhole - Landing Page Recieved - applet and flowbit;  
12,1642015/01/20 2014976  ET DELETED Blackhole - Landing Page Received - catch and flowbit;  
12,1632015/01/20 2014975  ET DELETED Blackhole - Landing Page Requested - /Home/index.php;  
12,1622015/01/20 2014974  ET DELETED Blackhole - Landing Page Requested - /*.php?*=8HexChar;  
< 291  292  293  294  295  296  297  298  299  300 >
GigaVPN & GigaIPS is based MikroTik, Suricata and EmergingThreats.
Copyright ⓒ 2010 . All Rights Reserved.