번호 | 날짜 | ID | 시그니처 (Total Ruleset: 27,111개) |
10,111 | 2015/01/20 | 2012776 | ET DELETED Suspicious IAT LdrLoadDll - Undocumented Low Level API to Load DLL; [1] |
10,110 | 2015/01/20 | 2012775 | ET DELETED Suspicious IAT ModifyExecuteProtectionSupport - Undocumented API to Modify DEP; [1] |
10,109 | 2015/01/20 | 2012774 | ET DELETED Suspicious IAT NoExecuteAddFileOptOutList - Undocumented API to Add Executable to DEP Exception List; [1] |
10,108 | 2015/01/20 | 2012773 | ET DELETED Suspicious IAT NtResumeThread - Undocumented API Which Can be Used to Resume Thread Injection; [1] |
10,107 | 2015/01/20 | 2012772 | ET DELETED Suspicious IAT NtQueueApcThread - Undocumented API Which Can be Used for Thread Injection/Downloading; [1] |
10,106 | 2015/01/20 | 2012771 | ET DELETED Suspicious IAT SetSfcFileException - Undocumented API Which Can be Used for Disabling Windows File Protections; [1] |
10,105 | 2015/01/20 | 2012770 | ET DELETED Suspicious IAT ZwWriteVirtualMemory - Undocumented API Which Can be Used for CnC Functionality; [1] |
10,104 | 2015/01/20 | 2012769 | ET DELETED Suspicious IAT ZwSetSystemInformation - Undocumented API Which Can be Used for Rootkit Functionality; [1] |
10,103 | 2015/01/20 | 2012768 | ET TROJAN Suspicious IAT ZwProtectVirtualMemory - Undocumented API Which Can be Used for Rootkit Functionality; [1] |
10,102 | 2015/01/20 | 2012767 | ET TROJAN Suspicious IAT HttpAddRequestHeader - Can Be Used For HTTP CnC; [1] |
10,101 | 2015/01/20 | 2012766 | ET DELETED Suspicious IAT GetComputerName; [1] |
10,100 | 2015/01/20 | 2012765 | ET DELETED Suspicious IAT GetStartupInfo; [1] |
10,099 | 2015/01/20 | 2012764 | ET DELETED Suspicious IAT NtQueryInformationProcess Possibly Checking for Debugger; [1] |
10,098 | 2015/01/20 | 2012763 | ET DELETED Suspicious IAT Checking for Debugger; [1] |
10,097 | 2015/01/20 | 2012762 | ET USER_AGENTS Suspicious user agent (asd); |
10,096 | 2015/01/20 | 2012761 | ET USER_AGENTS Suspicious user agent (mdms); |
10,095 | 2015/01/20 | 2012760 | ET WEB_SPECIFIC_APPS Cisco Unified Communications Manager xmldirectorylist.jsp SQL Injection Attempt; [1] |
10,094 | 2015/01/20 | 2012758 | ET INFO DYNAMIC_DNS Query to *.dyndns. Domain; |
10,093 | 2015/01/20 | 2012757 | ET USER_AGENTS suspicious user agent string (CholTBAgent); |
10,092 | 2015/01/20 | 2012756 | ET WEB_CLIENT Windows Help and Support Center XSS Attempt; |
10,091 | 2015/01/20 | 2012755 | ET SCAN Possible SQLMAP Scan; [1,2] |
10,090 | 2015/01/20 | 2012754 | ET SCAN Possible SQLMAP Scan; [1,2] |
10,089 | 2015/01/20 | 2012753 | ET MALWARE Possible FakeAV Binary Download; |
10,088 | 2015/01/20 | 2012752 | ET DELETED Vertex Trojan UA (VERTEXNET); |
10,087 | 2015/01/20 | 2012751 | ET USER_AGENTS suspicious user agent string (changhuatong); |
10,086 | 2015/01/20 | 2012750 | ET WEB_SPECIFIC_APPS OrangeHRM path Parameter Local File Inclusion Attempt; [1] |
10,085 | 2015/01/20 | 2012749 | ET WEB_SPECIFIC_APPS phpRS id parameter UPDATE SET SQL Injection Attempt; [1] |
10,084 | 2015/01/20 | 2012748 | ET WEB_SPECIFIC_APPS phpRS id parameter INSERT INTO SQL Injection Attempt; [1] |
10,083 | 2015/01/20 | 2012747 | ET WEB_SPECIFIC_APPS phpRS id parameter UNION SELECT SQL Injection Attempt; [1] |
10,082 | 2015/01/20 | 2012746 | ET WEB_SPECIFIC_APPS phpRS id parameter DELETE FROM SQL Injection Attempt; [1] |
10,081 | 2015/01/20 | 2012745 | ET WEB_SPECIFIC_APPS phpRS id parameter SELECT FROM SQL Injection Attempt; [1] |
10,080 | 2015/01/20 | 2012744 | ET WEB_SPECIFIC_APPS Publishing Technology id Parameter Blind SQL Injection Attempt; [1] |
10,079 | 2015/01/20 | 2012743 | ET WEB_SPECIFIC_APPS SaurusCMS captcha_image.php script Remote File inclusion Attempt; [1] |
10,078 | 2015/01/20 | 2012742 | ET ACTIVEX Gesytec ElonFmt ActiveX Component Format String Function Call; [1] |
10,077 | 2015/01/20 | 2012741 | ET ACTIVEX Gesytec ElonFmt ActiveX Component GetItem1 member Buffer Overflow Attempt; [1] |
10,076 | 2015/01/20 | 2012740 | ET USER_AGENTS Backdoor.Win32.Vertexbot.A User-Agent (VERTEXNET); [1] |
10,075 | 2015/01/20 | 2012739 | ET WORM Rimecud Worm checkin; [1] |
10,074 | 2015/01/20 | 2012738 | ET INFO DYNAMIC_DNS Query to 3322.net Domain *.8866.org; [1,2,3] |
10,073 | 2015/01/20 | 2012737 | ET POLICY HTTP Request to a *.cw.cm domain; |
10,072 | 2015/01/20 | 2012736 | ET TROJAN Trojan-GameThief.Win32.OnLineGames.bnye Checkin; [1] |
10,071 | 2015/01/20 | 2012735 | ET POLICY Babylon User-Agent (Translation App Observed in PPI MALWARE); [1] |
10,070 | 2015/01/20 | 2012734 | ET USER_AGENTS Suspicious User-Agent String (AskPartnerCobranding); |
10,069 | 2015/01/20 | 2012732 | ET CURRENT_EVENTS Unknown .ru Exploit Redirect Page; |
10,068 | 2015/01/20 | 2012731 | ET CURRENT_EVENTS Likely Redirector to Exploit Page /in/rdrct/rckt/?; |
10,067 | 2015/01/20 | 2012730 | ET TROJAN Known Hostile Domain ilo.brenz.pl Lookup; |
10,066 | 2015/01/20 | 2012729 | ET TROJAN Known Hostile Domain .ntkrnlpa.info Lookup; |
10,065 | 2015/01/20 | 2012728 | ET TROJAN Known Hostile Domain citi-bank.ru Lookup; |
10,064 | 2015/01/20 | 2012727 | ET TROJAN BestAntivirus2011 Fake AV reporting; |
10,063 | 2015/01/20 | 2012726 | ET SCAN OpenVAS User-Agent Inbound; [1] |
10,062 | 2015/01/20 | 2012725 | ET TROJAN Win32/FakeSysdef Rogue AV Checkin; [1,2,3] |
< 341 342 343 344 345 346 347 348 349 350 > |