시그니처 리스트, Signature List
번호날짜ID시그니처 (Total Ruleset: 27,111개)
10,1612015/01/20 2012827  ET POLICY HTTP Request to a *.vv.cc domain;  
10,1602015/01/20 2012826  ET DNS DNS Query to a Suspicious *.vv.cc domain;  
10,1592015/01/20 2012825  ET WEB_SPECIFIC_APPS CiscoWorks Help Servlet Reflective XSS Attempt; [1
10,1582015/01/20 2012824  ET WEB_SPECIFIC_APPS Cisco Common Services Framework Reflective XSS Attempt; [1
10,1572015/01/20 2012823  ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager clusterName Reflective XSS Attempt; [1
10,1562015/01/20 2012822  ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager eventmon_wrapper.jsp Reflective XSS Attempt; [1
10,1552015/01/20 2012821  ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager eventmon Reflective XSS Attempt; [1
10,1542015/01/20 2012820  ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager deviceInstanceName Reflective XSS Attempt; [1
10,1532015/01/20 2012819  ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager advancedfind.do Reflective XSS Attempt; [1
10,1522015/01/20 2012818  ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager Blind SQL Injection Attempt; [1
10,1512015/01/20 2012817  ET DELETED EXE Using Suspicious IAT NtUnmapViewOfSection Possible Malware Process Hollowing; [1,2
10,1502015/01/20 2012816  ET TROJAN EXE Using Suspicious IAT ZwUnmapViewOfSection Possible Malware Process Hollowing; [1,2
10,1492015/01/20 2012815  ET DELETED FAKEAV Scanner Landing Page (Initializing Virus Protection System...);  
10,1482015/01/20 2012814  ET WEB_CLIENT PDF With Adobe Audition Session File Handling Memory Corruption Attempt; [1,2
10,1472015/01/20 2012813  ET WEB_CLIENT PDF With Adobe Audition Session File Handling Buffer Overflow Flowbit Set; [1,2
10,1462015/01/20 2012812  ET DELETED Known Malicious Facebook Javascript; [1
10,1452015/01/20 2012811  ET DNS DNS Query to a .tk domain - Likely Hostile;  
10,1442015/01/20 2012810  ET POLICY HTTP Request to a *.tk domain;  
10,1432015/01/20 2012809  ET WEB_SPECIFIC_APPS WordPress DB XML dump successful leakage; [1
10,1422015/01/20 2012808  ET WEB_SPECIFIC_APPS WordPress DB XML dump attempted access; [1
10,1412015/01/20 2012807  ET DELETED Possible g01pack Exploit Pack Malicious JAR File Request; [1,2
10,1402015/01/20 2012806  ET WEB_CLIENT QuickTime Remote Exploit (exploit specific); [1
10,1392015/01/20 2012805  ET WEB_SPECIFIC_APPS Automne upload-controler.php Arbitrary File Upload Vulnerability; [1
10,1382015/01/20 2012804  ET MALWARE Possible Windows executable sent ASCII-hex-encoded; [1,2
10,1372015/01/20 2012803  ET TROJAN Delf Alms backdoor checkin;  
10,1362015/01/20 2012802  ET TROJAN Spoofed MSIE 8 User-Agent Likely Ponmocup; [1,2,3
10,1352015/01/20 2012801  ET TROJAN Spoofed MSIE 7 User-Agent Likely Ponmocup; [1,2,3
10,1342015/01/20 2012800  ET TROJAN Ponmocup C2 Sending Data to Controller 2; [1,2,3
10,1332015/01/20 2012799  ET TROJAN Ponmocup C2 Sending Data to Controller 1; [1,2,3,4
10,1322015/01/20 2012797  ET WEB_SPECIFIC_APPS WebAuction lang parameter Cross Site Scripting Attempt; [1
10,1312015/01/20 2012796  ET DELETED Malicious SEO landing in.cgi with URI HTTP_REFERER;  
10,1302015/01/20 2012795  ET WEB_SPECIFIC_APPS Golem Gaming Portal root_path Parameter Remote File inclusion Attempt; [1
10,1292015/01/20 2012794  ET WEB_SPECIFIC_APPS ClanSphere CurrentFolder Parameter Local File Inclusion Attempt;  
10,1282015/01/20 2012793  ET WEB_SPECIFIC_APPS E-Xoopport Samsara Sections module secid Parameter Blind SQL Injection Exploit; [1
10,1272015/01/20 2012792  ET WEB_SPECIFIC_APPS KLINK txtCodiInfo parameter UPDATE SET SQL Injection Attempt; [1
10,1262015/01/20 2012791  ET WEB_SPECIFIC_APPS KLINK txtCodiInfo parameter INSERT INTO SQL Injection Attempt; [1
10,1252015/01/20 2012790  ET WEB_SPECIFIC_APPS KLINK txtCodiInfo parameter UNION SELECT SQL Injection Attempt; [1
10,1242015/01/20 2012789  ET WEB_SPECIFIC_APPS KLINK txtCodiInfo parameter DELETE FROM SQL Injection Attempt; [1
10,1232015/01/20 2012788  ET WEB_SPECIFIC_APPS KLINK txtCodiInfo parameter SELECT FROM SQL Injection Attempt; [1
10,1222015/01/20 2012787  ET SCADA ICONICS WebHMI ActiveX Stack Overflow; [1,2
10,1212015/01/20 2012786  ET TROJAN DNS Query for Possible FakeAV Domain;  
10,1202015/01/20 2012785  ET DELETED Egypack/1.0 User-Agent Likely Malware; [1
10,1192015/01/20 2012784  ET MOBILE_MALWARE SymbOS SuperFairy.D active.txt Missing File HTTP Request; [1
10,1182015/01/20 2012783  ET MOBILE_MALWARE SymbOS SuperFairy.D BackgroundUpdata.ini Missing File HTTP Request; [1
10,1172015/01/20 2012782  ET MOBILE_MALWARE SymbOS SuperFairy.D StartUpdata.ini Missing File HTTP Request; [1
10,1162015/01/20 2012781  ET TROJAN Possible Hiloti DNS Checkin Message explorer_exe; [1
10,1152015/01/20 2012780  ET POLICY Suspicious IAT SetKeyboardState - Can Be Used for Keylogging; [1
10,1142015/01/20 2012779  ET DELETED Suspicious IAT FTP File Interaction; [1
10,1132015/01/20 2012778  ET DELETED Suspicious IAT NamedPipe - May Indicate Reverse Shell/Backdoor Functionality; [1
10,1122015/01/20 2012777  ET POLICY Suspicious IAT EnableExecuteProtectionSupport - Undocumented API to Modify DEP; [1
< 331  332  333  334  335  336  337  338  339  340 >
GigaVPN & GigaIPS is based MikroTik, Suricata and EmergingThreats.
Copyright ⓒ 2010 . All Rights Reserved.