시그니처 리스트, Signature List
번호날짜ID시그니처 (Total Ruleset: 27,111개)
9,6112015/01/20 2012261  ET WEB_CLIENT Hex Obfuscation of parseInt %u UTF-8 Encoding; [1,2,3
9,6102015/01/20 2012260  ET WEB_CLIENT Hex Obfuscation of parseInt % Encoding; [1,2,3
9,6092015/01/20 2012259  ET SHELLCODE Common %u0c%u0c%u0c%u0c UTF-8 Heap Spray String; [1
9,6082015/01/20 2012258  ET SHELLCODE Common ?? UTF-16 Heap Spray String; [1
9,6072015/01/20 2012257  ET SHELLCODE Common Heap Spray String; [1
9,6062015/01/20 2012256  ET SHELLCODE Common 0c0c0c0c Heap Spray String; [1
9,6052015/01/20 2012255  ET SHELLCODE Common %u0a%u0a%u0a%u0a UTF-8 Heap Spray String; [1
9,6042015/01/20 2012254  ET SHELLCODE Common ?? UTF-16 Heap Spray String; [1
9,6032015/01/20 2012253  ET SHELLCODE Common Heap Spray String; [1
9,6022015/01/20 2012252  ET SHELLCODE Common 0a0a0a0a Heap Spray String; [1
9,6012015/01/20 2012251  ET MOBILE_MALWARE Google Android Device HTTP Request;  
9,6002015/01/20 2012250  ET DELETED Unknown Web Backdoor Keep-Alive;  
9,5992015/01/20 2012249  ET USER_AGENTS Suspicious Win32 User Agent;  
9,5982015/01/20 2012248  ET TROJAN MUROFET/Licat Trojan Checkin Forum; [1,2
9,5972015/01/20 2012247  ET P2P BTWebClient UA uTorrent in use;  
9,5962015/01/20 2012246  ET USER_AGENTS W32/Goolbot.E Checkin UA Detected iamx;  
9,5952015/01/20 2012245  ET WEB_CLIENT Hex Obfuscation of document.write # Encoding; [1,2
9,5942015/01/20 2012244  ET WEB_CLIENT Possible # Encoded Iframe Tag; [1,2,3
9,5932015/01/20 2012243  ET WEB_CLIENT Possible %u UTF-16 Encoded Iframe Tag; [1,2,3
9,5922015/01/20 2012242  ET WEB_CLIENT Possible %u UTF-8 Encoded Iframe Tag; [1,2,3
9,5912015/01/20 2012241  ET WEB_CLIENT Possible % Encoded Iframe Tag; [1,2,3
9,5902015/01/20 2012240  ET TROJAN x0Proto Download Cmd;  
9,5892015/01/20 2012239  ET TROJAN x0Proto Ping;  
9,5882015/01/20 2012238  ET TROJAN x0Proto Pong;  
9,5872015/01/20 2012237  ET TROJAN x0Proto Client Info;  
9,5862015/01/20 2012236  ET TROJAN x0Proto Init;  
9,5852015/01/20 2012235  ET DELETED UPS Spam Inbound Variant 4;  
9,5842015/01/20 2012234  ET ACTIVEX Oracle Document Capture File Overwrite or Buffer Overflow Attempt;  
9,5832015/01/20 2012233  ET ACTIVEX Oracle Document Capture File Overwrite Attempt;  
9,5822015/01/20 2012232  ET ACTIVEX Oracle Document Capture File Deletion Attempt;  
9,5812015/01/20 2012231  ET ACTIVEX Oracle Document Capture Insecure Read Method File Access Attempt;  
9,5802015/01/20 2012230  ET WEB_SERVER Likely Malicious Request for /proc/self/environ;  
9,5792015/01/20 2012229  ET MALWARE Suspicious Chinese Content-Language zh-cn Which May be Malware Related;  
9,5782015/01/20 2012228  ET MALWARE Suspicious Russian Content-Language Ru Which May Be Malware Related;  
9,5772015/01/20 2012227  ET TROJAN FAKEAV Gemini softupdate*.exe download;  
9,5762015/01/20 2012226  ET TROJAN Win32/Banbra Banking Trojan Communication; [1
9,5752015/01/20 2012225  ET TROJAN Spy Banker Outbound Communication Attempt; [1
9,5742015/01/20 2012224  ET TROJAN Winsoft.E Checkin 3; [1,2
9,5732015/01/20 2012223  ET TROJAN Winsoft.E Checkin 2; [1,2
9,5722015/01/20 2012222  ET TROJAN Winsoft.E Checkin 1; [1,2
9,5712015/01/20 2012221  ET USER_AGENTS Malware Related msndown; [1
9,5702015/01/20 2012220  ET WEB_SPECIFIC_APPS B-Cumulus tagcloud-ru.swf Cross Site Scripting Attempt; [1
9,5692015/01/20 2012219  ET WEB_SPECIFIC_APPS BetMore Site Suite mainx_a.php bid Paramter Blind SQL Injection Attempt; [1
9,5682015/01/20 2012218  ET ACTIVEX Possible UserManager SelectServer method Buffer Overflow Attempt; [1
9,5672015/01/20 2012217  ET WEB_SPECIFIC_APPS LetoDMS lang Parameter Local File Inclusion Attempt;  
9,5662015/01/20 2012216  ET WEB_SPECIFIC_APPS B-Cumulus tagcloud.swf Cross Site Scripting Attempt; [1
9,5652015/01/20 2012215  ET WEB_SPECIFIC_APPS Tunngavik CMS id Parameter UPDATE SET SQL Injection Attempt; [1
9,5642015/01/20 2012214  ET WEB_SPECIFIC_APPS Tunngavik CMS id Parameter INSERT INTO SQL Injection Attempt; [1
9,5632015/01/20 2012213  ET WEB_SPECIFIC_APPS Tunngavik CMS id Parameter UNION SELECT SQL Injection Attempt; [1
9,5622015/01/20 2012212  ET WEB_SPECIFIC_APPS Tunngavik CMS id Parameter DELETE FROM SQL Injection Attempt; [1
< 351  352  353  354  355  356  357  358  359  360 >
GigaVPN & GigaIPS is based MikroTik, Suricata and EmergingThreats.
Copyright ⓒ 2010 . All Rights Reserved.