시그니처 리스트, Signature List
번호날짜ID시그니처 (Total Ruleset: 27,111개)
10,1112015/01/20 2012776  ET DELETED Suspicious IAT LdrLoadDll - Undocumented Low Level API to Load DLL; [1
10,1102015/01/20 2012775  ET DELETED Suspicious IAT ModifyExecuteProtectionSupport - Undocumented API to Modify DEP; [1
10,1092015/01/20 2012774  ET DELETED Suspicious IAT NoExecuteAddFileOptOutList - Undocumented API to Add Executable to DEP Exception List; [1
10,1082015/01/20 2012773  ET DELETED Suspicious IAT NtResumeThread - Undocumented API Which Can be Used to Resume Thread Injection; [1
10,1072015/01/20 2012772  ET DELETED Suspicious IAT NtQueueApcThread - Undocumented API Which Can be Used for Thread Injection/Downloading; [1
10,1062015/01/20 2012771  ET DELETED Suspicious IAT SetSfcFileException - Undocumented API Which Can be Used for Disabling Windows File Protections; [1
10,1052015/01/20 2012770  ET DELETED Suspicious IAT ZwWriteVirtualMemory - Undocumented API Which Can be Used for CnC Functionality; [1
10,1042015/01/20 2012769  ET DELETED Suspicious IAT ZwSetSystemInformation - Undocumented API Which Can be Used for Rootkit Functionality; [1
10,1032015/01/20 2012768  ET TROJAN Suspicious IAT ZwProtectVirtualMemory - Undocumented API Which Can be Used for Rootkit Functionality; [1
10,1022015/01/20 2012767  ET TROJAN Suspicious IAT HttpAddRequestHeader - Can Be Used For HTTP CnC; [1
10,1012015/01/20 2012766  ET DELETED Suspicious IAT GetComputerName; [1
10,1002015/01/20 2012765  ET DELETED Suspicious IAT GetStartupInfo; [1
10,0992015/01/20 2012764  ET DELETED Suspicious IAT NtQueryInformationProcess Possibly Checking for Debugger; [1
10,0982015/01/20 2012763  ET DELETED Suspicious IAT Checking for Debugger; [1
10,0972015/01/20 2012762  ET USER_AGENTS Suspicious user agent (asd);  
10,0962015/01/20 2012761  ET USER_AGENTS Suspicious user agent (mdms);  
10,0952015/01/20 2012760  ET WEB_SPECIFIC_APPS Cisco Unified Communications Manager xmldirectorylist.jsp SQL Injection Attempt; [1
10,0942015/01/20 2012758  ET INFO DYNAMIC_DNS Query to *.dyndns. Domain;  
10,0932015/01/20 2012757  ET USER_AGENTS suspicious user agent string (CholTBAgent);  
10,0922015/01/20 2012756  ET WEB_CLIENT Windows Help and Support Center XSS Attempt;  
10,0912015/01/20 2012755  ET SCAN Possible SQLMAP Scan; [1,2
10,0902015/01/20 2012754  ET SCAN Possible SQLMAP Scan; [1,2
10,0892015/01/20 2012753  ET MALWARE Possible FakeAV Binary Download;  
10,0882015/01/20 2012752  ET DELETED Vertex Trojan UA (VERTEXNET);  
10,0872015/01/20 2012751  ET USER_AGENTS suspicious user agent string (changhuatong);  
10,0862015/01/20 2012750  ET WEB_SPECIFIC_APPS OrangeHRM path Parameter Local File Inclusion Attempt; [1
10,0852015/01/20 2012749  ET WEB_SPECIFIC_APPS phpRS id parameter UPDATE SET SQL Injection Attempt; [1
10,0842015/01/20 2012748  ET WEB_SPECIFIC_APPS phpRS id parameter INSERT INTO SQL Injection Attempt; [1
10,0832015/01/20 2012747  ET WEB_SPECIFIC_APPS phpRS id parameter UNION SELECT SQL Injection Attempt; [1
10,0822015/01/20 2012746  ET WEB_SPECIFIC_APPS phpRS id parameter DELETE FROM SQL Injection Attempt; [1
10,0812015/01/20 2012745  ET WEB_SPECIFIC_APPS phpRS id parameter SELECT FROM SQL Injection Attempt; [1
10,0802015/01/20 2012744  ET WEB_SPECIFIC_APPS Publishing Technology id Parameter Blind SQL Injection Attempt; [1
10,0792015/01/20 2012743  ET WEB_SPECIFIC_APPS SaurusCMS captcha_image.php script Remote File inclusion Attempt; [1
10,0782015/01/20 2012742  ET ACTIVEX Gesytec ElonFmt ActiveX Component Format String Function Call; [1
10,0772015/01/20 2012741  ET ACTIVEX Gesytec ElonFmt ActiveX Component GetItem1 member Buffer Overflow Attempt; [1
10,0762015/01/20 2012740  ET USER_AGENTS Backdoor.Win32.Vertexbot.A User-Agent (VERTEXNET); [1
10,0752015/01/20 2012739  ET WORM Rimecud Worm checkin; [1
10,0742015/01/20 2012738  ET INFO DYNAMIC_DNS Query to 3322.net Domain *.8866.org; [1,2,3
10,0732015/01/20 2012737  ET POLICY HTTP Request to a *.cw.cm domain;  
10,0722015/01/20 2012736  ET TROJAN Trojan-GameThief.Win32.OnLineGames.bnye Checkin; [1
10,0712015/01/20 2012735  ET POLICY Babylon User-Agent (Translation App Observed in PPI MALWARE); [1
10,0702015/01/20 2012734  ET USER_AGENTS Suspicious User-Agent String (AskPartnerCobranding);  
10,0692015/01/20 2012732  ET CURRENT_EVENTS Unknown .ru Exploit Redirect Page;  
10,0682015/01/20 2012731  ET CURRENT_EVENTS Likely Redirector to Exploit Page /in/rdrct/rckt/?;  
10,0672015/01/20 2012730  ET TROJAN Known Hostile Domain ilo.brenz.pl Lookup;  
10,0662015/01/20 2012729  ET TROJAN Known Hostile Domain .ntkrnlpa.info Lookup;  
10,0652015/01/20 2012728  ET TROJAN Known Hostile Domain citi-bank.ru Lookup;  
10,0642015/01/20 2012727  ET TROJAN BestAntivirus2011 Fake AV reporting;  
10,0632015/01/20 2012726  ET SCAN OpenVAS User-Agent Inbound; [1
10,0622015/01/20 2012725  ET TROJAN Win32/FakeSysdef Rogue AV Checkin; [1,2,3
< 341  342  343  344  345  346  347  348  349  350 >
GigaVPN & GigaIPS is based MikroTik, Suricata and EmergingThreats.
Copyright ⓒ 2010 . All Rights Reserved.