시그니처 리스트, Signature List
번호날짜ID시그니처 (Total Ruleset: 27,111개)
25,2612017/10/12 2024833  ET POLICY Observed IP Lookup Domain (l2 .io in TLS SNI);  
25,2602017/10/12 2024836  ET CURRENT_EVENTS SUSPICIOUS DOC Download from commonly abused file share site;  
25,2592017/10/12 2024829  ET INFO Download of Embedded OpenType (EOT) File flowbit set; [1
25,2582017/10/10 2024822  ET TROJAN CCleaner Backdoor DGA Jul 2018; [1
25,2572017/10/10 2024824  ET TROJAN CCleaner Backdoor DGA Sep 2018; [1
25,2562017/10/10 2024820  ET TROJAN CCleaner Backdoor DGA May 2018; [1
25,2552017/10/10 2024821  ET TROJAN CCleaner Backdoor DGA Jun 2018; [1
25,2542017/10/10 2024826  ET TROJAN CCleaner Backdoor DGA Nov 2018; [1
25,2532017/10/10 2024825  ET TROJAN CCleaner Backdoor DGA Oct 2018; [1
25,2522017/10/10 2024819  ET TROJAN CCleaner Backdoor DGA Apr 2018; [1
25,2512017/10/10 2024823  ET TROJAN CCleaner Backdoor DGA Aug 2018; [1
25,2502017/10/10 2024828  ET CURRENT_EVENTS Observed DNS Query to Browser Coinminer (crypto-loot[.]com);  
25,2492017/10/10 2024827  ET TROJAN CCleaner Backdoor DGA Dec 2018; [1
25,2482017/10/10 2024818  ET TROJAN CCleaner Backdoor DGA Mar 2018; [1
25,2472017/10/10 2024817  ET TROJAN CCleaner Backdoor DGA Feb 2018; [1
25,2462017/10/10 2024816  ET TROJAN CCleaner Backdoor DGA Jan 2018; [1
25,2452017/10/07 2023043  ET CURRENT_EVENTS Successful Apple Suspended Account Phish M2 Aug 09 2016;  
25,2442017/10/07 2024814  ET EXPLOIT Likely Struts S2-053-CVE-2017-12611 Exploit Attempt M1;  
25,2432017/10/07 2024815  ET EXPLOIT Likely Struts S2-053-CVE-2017-12611 Exploit Attempt M2;  
25,2422017/10/07 2023042  ET CURRENT_EVENTS Successful Apple Suspended Account Phish M1 Aug 09 2016;  
25,2412017/10/06 2405130  ET CNC Shadowserver Reported CnC Server Port 65267 Group 1; [1,2
25,2402017/10/06 2024808  ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP Upload Bypass Attempt;  
25,2392017/10/06 2024807  ET CURRENT_EVENTS Possible Facebook Phishing Landing - Title over non SSL;  
25,2382017/10/06 2024813  ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP Upload Bypass Attempt;  
25,2372017/10/06 2024804  ET TROJAN Lazarus Decafett DNS Lookup 2; [1
25,2362017/10/06 2024811  ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP Upload Bypass Attempt;  
25,2352017/10/06 2024812  ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP Upload Bypass Attempt;  
25,2342017/10/06 2024805  ET TROJAN Lazarus Decafett DNS Lookup 3; [1
25,2332017/10/06 2024806  ET TROJAN Lazarus Decafett DNS Lookup 4; [1
25,2322017/10/06 2024809  ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP Upload Bypass Attempt;  
25,2312017/10/06 2024810  ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP Upload Bypass Attempt;  
25,2302017/10/06 2024803  ET TROJAN Lazarus Decafett DNS Lookup 1; [1
25,2292017/10/05 2405129  ET CNC Shadowserver Reported CnC Server Port 65267 Group 1; [1,2
25,2282017/10/05 2405126  ET CNC Shadowserver Reported CnC Server Port 47221 Group 1; [1,2
25,2272017/10/05 2405128  ET CNC Shadowserver Reported CnC Server Port 54321 Group 1; [1,2
25,2262017/10/05 2405127  ET CNC Shadowserver Reported CnC Server Port 51987 Group 1; [1,2
25,2252017/10/05 2024795  ET CURRENT_EVENTS Possible Scotiabank Phishing Landing - Title over non SSL;  
25,2242017/10/05 2024798  ET CURRENT_EVENTS Possible BMO Bank of Montreal Phishing Landing - Title over non SSL;  
25,2232017/10/05 2024802  ET CURRENT_EVENTS Successful Santander Phish M2 Oct 04 2017;  
25,2222017/10/05 2024801  ET CURRENT_EVENTS Successful Santander Phish M3 Oct 04 2017;  
25,2212017/10/05 2024797  ET CURRENT_EVENTS Possible CIBC Phishing Landing - Title over non SSL;  
25,2202017/10/05 2024796  ET CURRENT_EVENTS Possible Desjardins Phishing Landing - Title over non SSL;  
25,2192017/10/05 2024799  ET CURRENT_EVENTS Phishing Landing Oct 04 2017;  
25,2182017/10/05 2024794  ET MALWARE Java.Deathbot Requesting Proxies;  
25,2172017/10/05 2024800  ET CURRENT_EVENTS Successful Santander Phish M1 Oct 04 2017;  
25,2162017/10/05 2024793  ET MALWARE [PTsecurity] DeathBot.Java (Minecraft Spambot);  
25,2152017/10/04 2405121  ET CNC Shadowserver Reported CnC Server Port 40669 Group 1; [1,2
25,2142017/10/04 2405119  ET CNC Shadowserver Reported CnC Server Port 32768 Group 1; [1,2
25,2132017/10/04 2405123  ET CNC Shadowserver Reported CnC Server Port 51987 Group 1; [1,2
25,2122017/10/04 2405124  ET CNC Shadowserver Reported CnC Server Port 54321 Group 1; [1,2
< 31  32  33  34  35  36  37  38  39  40 >
GigaVPN & GigaIPS is based MikroTik, Suricata and EmergingThreats.
Copyright ⓒ 2010 . All Rights Reserved.