시그니처 리스트, Signature List
번호날짜ID시그니처 (Total Ruleset: 27,111개)
25,5612017/12/06 2025105  ET INFO DNS Query for Suspicious .ga Domain;  
25,5602017/12/06 2025115  ET CURRENT_EVENTS Possible Successful Generic Phish (set) 2017-12-04;  
25,5592017/12/06 2025113  ET CURRENT_EVENTS Possible Credentials Sent to Suspicious TLD via HTTP GET;  
25,5582017/12/06 2025099  ET CURRENT_EVENTS Possible Successful Generic Phish (set) 2017-12-03;  
25,5572017/12/03 2025096  ET POLICY DNS Query to .onion proxy Domain (onion .casa in DNS Lookup); [1
25,5562017/12/03 2025094  ET MALWARE Win32/Adware.Adposhel.A Checkin 5;  
25,5552017/12/03 2025095  ET POLICY .onion proxy Domain (onion .plus in DNS Lookup); [1
25,5542017/12/03 2025093  ET TROJAN UBoatRAT CnC Check-in; [1
25,5532017/11/30 2025088  ET TROJAN Vawtrak/NeverQuest Posting Data;  
25,5522017/11/30 2025086  ET WEB_CLIENT Microsoft Excel file download - SET 1;  
25,5512017/11/30 2025091  ET WEB_CLIENT Adobe Acrobat PDF Reader use after free JavaScript engine (CVE-2017-16393);  
25,5502017/11/30 2025084  ET WEB_CLIENT Microsoft Rich Text File download with vulnerable ActiveX control flowbit set 3;  
25,5492017/11/30 2025087  ET TROJAN Vawtrak/NeverQuest Posting Data;  
25,5482017/11/30 2025089  ET TROJAN Vawtrak/NeverQuest CnC Beacon;  
25,5472017/11/30 2025083  ET WEB_CLIENT Microsoft Rich Text File download with vulnerable ActiveX control flowbit set 2;  
25,5462017/11/30 2025092  ET USER_AGENTS Suspicious User-Agent (GeneralDownloadApplication);  
25,5452017/11/30 2025090  ET NETBIOS Tree Connect AndX Request IPC$ Unicode;  
25,5442017/11/30 2025082  ET WEB_CLIENT Microsoft Rich Text File download with vulnerable ActiveX control flowbit set 1;  
25,5432017/11/30 2025085  ET WEB_CLIENT Hostile Microsoft Rich Text File (RTF) with corrupted listoverride;  
25,5422017/11/29 2025073  ET TROJAN Patchwork Domain (randreports .org in DNS Lookup); [1
25,5412017/11/29 2025081  ET TROJAN Patchwork Domain (rannd .org in DNS Lookup); [1
25,5402017/11/29 2025078  ET TROJAN Mirai Variant Domain (bigboatreps .pw in DNS Lookup); [1
25,5392017/11/29 2025077  ET TROJAN [PTsecurity] Bladabindi/njRAT (Dd19271927);  
25,5382017/11/29 2025080  ET EXPLOIT Actiontec C1000A backdoor account M1;  
25,5372017/11/29 2025075  ET TROJAN Brazilian Banker SSL Cert;  
25,5362017/11/29 2025071  ET CURRENT_EVENTS Bingo Exploit Kit Landing May 08 2017;  
25,5352017/11/29 2025072  ET TROJAN Patchwork DNS Tunneling (nsn1.winodwsupdates .me); [1
25,5342017/11/29 2025065  ET TROJAN Backdoor.Perl.Shellbot.cd IRC Bot that have DoS/DDoS functions; [1
25,5332017/11/29 2025076  ET TROJAN Brazilian Banker SSL Cert;  
25,5322017/11/29 2025068  ET TROJAN Win32/Ropest.H CnC - INBOUND set;  
25,5312017/11/29 2025079  ET TROJAN Mirai Variant Domain (blacklister .nl in DNS Lookup); [1
25,5302017/11/29 2025066  ET CHAT IRC USER Likely bot with 0 0 colon checkin;  
25,5292017/11/29 2025064  ET CURRENT_EVENTS Possible Neutrino EK Landing Landing URI Struct (fb set);  
25,5282017/11/29 2025074  ET TROJAN [PTsecurity] Bladabindi/njRAT (HAMAD versions);  
25,5272017/11/29 2025070  ET TROJAN Possible Win32/Atraps Receiving Config via Image File (steganography);  
25,5262017/11/29 2025069  ET TROJAN Win32/Ropest.H CnC - INBOUND;  
25,5252017/11/29 2025067  ET CHAT IRC USER Off-port Likely bot with 0 0 colon checkin;  
25,5242017/11/28 2405156  ET CNC Shadowserver Reported CnC Server Port 47221 Group 1; [1,2
25,5232017/11/28 2405157  ET CNC Shadowserver Reported CnC Server Port 51987 Group 1; [1,2
25,5222017/11/28 2405158  ET CNC Shadowserver Reported CnC Server Port 54321 Group 1; [1,2
25,5212017/11/28 2405159  ET CNC Shadowserver Reported CnC Server Port 65267 Group 1; [1,2
25,5202017/11/28 2025062  ET WEB_CLIENT PowerShell call in script 2;  
25,5192017/11/28 2025060  ET WEB_CLIENT Google Chrome Credential Stealing via SCF file Reflected Request; [1
25,5182017/11/28 2025063  ET EXPLOIT Exim4 UAF Attempt (BDAT with non-printable chars); [1
25,5172017/11/28 2025058  ET CURRENT_EVENTS Job314/Neutrino Reboot EK Landing July 07 2016 M7;  
25,5162017/11/28 2025059  ET CURRENT_EVENTS Job314/Neutrino Reboot EK Landing July 07 2016 M8;  
25,5152017/11/28 2025061  ET WEB_CLIENT PowerShell call in script 1;  
25,5142017/11/28 2025057  ET CURRENT_EVENTS Job314/Neutrino Reboot EK Landing July 07 2016 M6;  
25,5132017/11/28 2025048  ET CURRENT_EVENTS Job314/Neutrino Reboot EK Landing June 11 2016 M4 (with URI Primer);  
25,5122017/11/28 2025049  ET CURRENT_EVENTS Job314/Neutrino EK Landing Jul 04 2016 M1;  
< 31  32  33  34  35  36  37  38  39  40 >
GigaVPN & GigaIPS is based MikroTik, Suricata and EmergingThreats.
Copyright ⓒ 2010 . All Rights Reserved.