시그니처 리스트, Signature List
번호날짜ID시그니처 (Total Ruleset: 27,111개)
10,6112015/01/20 2013285  ET TROJAN DarkComet-RAT Client Keepalive; [1
10,6102015/01/20 2013284  ET TROJAN DarkComet-RAT server join acknowledgement; [1,2
10,6092015/01/20 2013283  ET TROJAN DarkComet-RAT init connection; [1,2
10,6082015/01/20 2013282  ET WEB_CLIENT Adobe Flash Player Button Remote Code Execution Attempt;  
10,6072015/01/20 2013281  ET WEB_CLIENT Adobe Authplay.dll NewClass Memory Corruption Attempt; [1
10,6062015/01/20 2013280  ET WEB_CLIENT Microsoft Word RTF pFragments Stack Overflow Attempt; [1
10,6052015/01/20 2013279  ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript Heap Spray 41414141; [1
10,6042015/01/20 2013278  ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript NOP SLED; [1
10,6032015/01/20 2013277  ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript Heap Spray 0d0d0d0d; [1
10,6022015/01/20 2013276  ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript Heap Spray 0c0c0c0c; [1
10,6012015/01/20 2013275  ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript Heap Spray 0b0b0b0b; [1
10,6002015/01/20 2013274  ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript Heap Spray 0a0a0a0a; [1
10,5992015/01/20 2013273  ET SHELLCODE Hex Obfuscated JavaScript Heap Spray 41414141; [1
10,5982015/01/20 2013272  ET SHELLCODE Unescape Hex Obfuscated Content;  
10,5972015/01/20 2013271  ET SHELLCODE Hex Obfuscated JavaScript NOP SLED; [1
10,5962015/01/20 2013270  ET SHELLCODE Hex Obfuscated JavaScript Heap Spray 0d0d0d0d; [1
10,5952015/01/20 2013269  ET SHELLCODE Hex Obfuscated JavaScript Heap Spray 0c0c0c0c; [1
10,5942015/01/20 2013268  ET SHELLCODE Hex Obfuscated JavaScript Heap Spray 0b0b0b0b; [1
10,5932015/01/20 2013267  ET SHELLCODE Hex Obfuscated JavaScript Heap Spray 0a0a0a0a; [1
10,5922015/01/20 2013266  ET MOBILE_MALWARE SymbOS/SymGam Receiving SMS Message Template from CnC Server; [1
10,5912015/01/20 2013265  ET MOBILE_MALWARE SymbOS/SymGam CnC Checkin; [1
10,5902015/01/20 2013264  ET SCAN Nessus FTP Scan detected (ftp_writeable_directories.nasl); [1,2
10,5892015/01/20 2013263  ET SCAN Nessus FTP Scan detected (ftp_anonymous.nasl); [1,2
10,5882015/01/20 2013261  ET MOBILE_MALWARE SymbOS/CommDN Downloading Second Stage Malware Binary; [1
10,5872015/01/20 2013260  ET TROJAN Win32/Nekill Checkin; [1
10,5862015/01/20 2013259  ET TROJAN Guagua Trojan Update Checkin;  
10,5852015/01/20 2013258  ET USER_AGENTS Avzhan DDoS Bot User-Agent MyIE; [1,2
10,5842015/01/20 2013256  ET TROJAN Majestic12 User-Agent Request Outbound;  
10,5832015/01/20 2013255  ET POLICY Majestic12 User-Agent Request Inbound;  
10,5822015/01/20 2013254  ET TROJAN Yandexbot Request Outbound;  
10,5812015/01/20 2013253  ET POLICY Yandexbot Request Inbound;  
10,5802015/01/20 2013252  ET WEB_CLIENT Microsoft Internet Explorer Time Element Uninitialized Memory Remote Code Execution Attempt; [1
10,5792015/01/20 2013251  ET WEB_CLIENT Known in Wild Microsoft Internet Explorer Time Element Uninitialized Memory Remote Code Execution Attempt; [1
10,5782015/01/20 2013250  ET WEB_CLIENT Microsoft Word RTF pFragments Stack Buffer Overflow Attempt; [1
10,5772015/01/20 2013249  ET SCAN Vega Web Application Scan; [1,2
10,5762015/01/20 2013248  ET DELETED HTTP Request to a *.uni.cc domain;  
10,5752015/01/20 2013247  ET TROJAN Ruskill/Palevo KCIK IRC Command; [1,2
10,5742015/01/20 2013246  ET TROJAN Ruskill/Palevo CnC PONG; [1,2
10,5732015/01/20 2013245  ET TROJAN Ruskill/Palevo Download Command; [1,2
10,5722015/01/20 2013244  ET CURRENT_EVENTS Known Injected Credit Card Fraud Malvertisement Script; [1
10,5712015/01/20 2013243  ET MALWARE SweetIM Install in Progress;  
10,5702015/01/20 2013242  ET DELETED HTTP Request to a Suspicious *.cu.cc domain;  
10,5692015/01/20 2013241  ET MOBILE_MALWARE Android/GoldDream Uploading Watch Files; [1
10,5682015/01/20 2013240  ET MOBILE_MALWARE Android/GoldDream Task Information Retrieval; [1
10,5672015/01/20 2013238  ET MOBILE_MALWARE Android/GoldDream Infected Device Registration; [1
10,5662015/01/20 2013237  ET CURRENT_EVENTS Obfuscated Javascript Often Used in Drivebys;  
10,5652015/01/20 2013236  ET TROJAN Palevo (OUTBOUND); [1
10,5642015/01/20 2013235  ET SCADA Golden FTP Server PASS Command Remote Buffer Overflow Attempt;  
10,5632015/01/20 2013234  ET WEB_SPECIFIC_APPS ActivDesk cid Parameter Blind SQL Injection Attempt; [1
10,5622015/01/20 2013233  ET ACTIVEX Chilkat Crypt ActiveX Control SaveDecrypted Insecure Method Vulnerability;  
< 331  332  333  334  335  336  337  338  339  340 >
GigaVPN & GigaIPS is based MikroTik, Suricata and EmergingThreats.
Copyright ⓒ 2010 . All Rights Reserved.