시그니처 리스트, Signature List
번호날짜ID시그니처 (Total Ruleset: 27,111개)
11,1612015/01/20 2013925  ET TROJAN PoisonIvy.Eu4 Keepalive to CnC;  
11,1602015/01/20 2013924  ET TROJAN PoisonIvy.Eu3 Keepalive to CnC;  
11,1592015/01/20 2013923  ET TROJAN PoisonIvy.Eu2 Keepalive to CnC;  
11,1582015/01/20 2013922  ET TROJAN PoisonIvy.Emp Keepalive to CnC; [1
11,1572015/01/20 2013921  ET WEB_SERVER DNS changer cPanel attempt;  
11,1562015/01/20 2013920  ET POLICY external cPanel password change;  
11,1552015/01/20 2013919  ET POLICY external cPanel login;  
11,1542015/01/20 2013918  ET EXPLOIT Possible BSNL Router DNS Change Attempt; [1
11,1532015/01/20 2013917  ET TROJAN Win32/Dofoil.L Checkin; [1,2
11,1522015/01/20 2013916  ET CURRENT_EVENTS Incognito Exploit Kit Java request to showthread.php?t=; [1
11,1512015/01/20 2013914  ET POLICY APT User-Agent to BackTrack Repository; [1
11,1502015/01/20 2013913  ET TROJAN Request for utu.dat Likely Ponmocup checkin; [1
11,1492015/01/20 2013912  ET TROJAN P2P Zeus Response From CnC; [1
11,1482015/01/20 2013911  ET TROJAN P2P Zeus or ZeroAccess Request To CnC; [1,2
11,1472015/01/20 2013910  ET GAMES Second Life setup download; [1,2
11,1462015/01/20 2013909  ET DELETED ZeuS estatements fake transaction page flash warning;  
11,1452015/01/20 2013908  ET DELETED ZeuS estatements mailing campaign landing page;  
11,1442015/01/20 2013907  ET TROJAN ZAccess/Sirefef/MAX /Jorik/Smadow Checkin;  
11,1432015/01/20 2013906  ET DELETED Ghost Click DNSChanger DNS Request (UDP); [1
11,1422015/01/20 2013905  ET TROJAN Suspicious User Agent banderas;  
11,1412015/01/20 2013904  ET TROJAN W32/Rimecud User Agent beat;  
11,1402015/01/20 2013903  ET TROJAN Suspicious User Agent GetFile;  
11,1392015/01/20 2013902  ET TROJAN Win32.BlackControl Retrieving IP Information;  
11,1382015/01/20 2013901  ET TROJAN Suspicious User Agent GeneralDownloadApplication;  
11,1372015/01/20 2013900  ET TROJAN W32/Yaq Checkin;  
11,1362015/01/20 2013899  ET DELETED google.com.br DNS Poisoning redirecting to exploit kit 5; [1,2
11,1352015/01/20 2013898  ET DELETED google.com.br DNS Poisoning redirecting to exploit kit 4; [1,2
11,1342015/01/20 2013897  ET DELETED google.com.br DNS Poisoning redirecting to exploit kit 3; [1,2
11,1332015/01/20 2013896  ET DELETED google.com.br DNS Poisoning redirecting to exploit kit 2; [1,2
11,1322015/01/20 2013895  ET DELETED google.com.br DNS Poisoning redirecting to exploit kit 1; [1,2
11,1312015/01/20 2013894  ET DNS Excessive DNS Responses with 1 or more RR's (100 in 10 seconds) to google.com.br possible Cache Poisoning Attempt; [1,2
11,1302015/01/20 2013893  ET TROJAN Backdoor.Win32.Svlk Client Ping; [1
11,1292015/01/20 2013892  ET TROJAN Backdoor.Win32.Svlk Server Reply; [1
11,1282015/01/20 2013891  ET TROJAN Backdoor.Win32.Svlk Client Checkin; [1
11,1272015/01/20 2013890  ET TROJAN W32/Koobface Variant Initial Checkin;  
11,1262015/01/20 2013889  ET TROJAN Suspicious User-Agent (MediaLabsSiteInstaller);  
11,1252015/01/20 2013888  ET POLICY Cnet App Download and Checkin;  
11,1242015/01/20 2013887  ET TROJAN W32/Fullstuff Initial Checkin;  
11,1232015/01/20 2013886  ET WEB_SPECIFIC_APPS Wordpress disclosure policy plugin Remote File Inclusion Attempt; [1
11,1222015/01/20 2013885  ET WEB_SPECIFIC_APPS 1024 CMS filename Parameter Local File Inclusion Attempt; [1
11,1212015/01/20 2013884  ET TROJAN Suspicious User-Agent (DARecover); [1
11,1202015/01/20 2013883  ET TROJAN Suspicious User-Agent (webfile); [1
11,1192015/01/20 2013882  ET POLICY Norton Update User-Agent (Install Stub); [1
11,1182015/01/20 2013881  ET TROJAN Suspicious User-Agent (NateFinder);  
11,1172015/01/20 2013880  ET TROJAN Suspicious User-Agent (FULLSTUFF); [1
11,1162015/01/20 2013879  ET SCADA PROMOTIC ActiveX Control Insecure method (AddTrend); [1
11,1152015/01/20 2013878  ET SCADA PROMOTIC ActiveX Control Insecure method (SaveCfg); [1
11,1142015/01/20 2013877  ET WEB_SPECIFIC_APPS Joomla techfolio component UPDATE SET SQL Injection Attempt; [1
11,1132015/01/20 2013876  ET WEB_SPECIFIC_APPS Joomla techfolio component INSERT INTO SQL Injection Attempt; [1
11,1122015/01/20 2013875  ET WEB_SPECIFIC_APPS Joomla techfolio component UNION SELECT SQL Injection Attempt; [1
< 311  312  313  314  315  316  317  318  319  320 >
GigaVPN & GigaIPS is based MikroTik, Suricata and EmergingThreats.
Copyright ⓒ 2010 . All Rights Reserved.