시그니처 리스트, Signature List
번호날짜ID시그니처 (Total Ruleset: 27,111개)
25,3112017/10/20 2024868  ET TROJAN Possible Winnti-related DNS Lookup; [1
25,3102017/10/20 2024874  ET TROJAN Possible Winnti-related DNS Lookup; [1
25,3092017/10/20 2024859  ET TROJAN Possible Winnti-related Destination; [1
25,3082017/10/20 2024876  ET TROJAN Possible Winnti-related Destination; [1
25,3072017/10/20 2024863  ET TROJAN Possible Winnti-related Destination; [1
25,3062017/10/20 2024856  ET TROJAN Possible Winnti-related DNS Lookup; [1
25,3052017/10/20 2024861  ET TROJAN Possible Winnti-related Destination; [1
25,3042017/10/20 2024855  ET TROJAN Possible Winnti-related Destination; [1
25,3032017/10/20 2024854  ET TROJAN Possible Winnti-related DNS Lookup; [1
25,3022017/10/20 2024865  ET TROJAN Possible Winnti-related DNS Lookup; [1
25,3012017/10/20 2024867  ET TROJAN Possible Winnti-related DNS Lookup; [1
25,3002017/10/20 2024853  ET TROJAN Possible Winnti-related Destination; [1
25,2992017/10/20 2024872  ET TROJAN Possible Winnti-related DNS Lookup (google-searching .com); [1
25,2982017/10/20 2024877  ET TROJAN Possible Winnti-related Destination; [1
25,2972017/10/20 2024875  ET TROJAN Possible Winnti-related Destination (google-searching .com); [1
25,2962017/10/20 2024862  ET TROJAN Possible Winnti-related DNS Lookup; [1
25,2952017/10/20 2024870  ET TROJAN Possible Winnti-related DNS Lookup; [1
25,2942017/10/20 2024852  ET TROJAN Possible Winnti-related DNS Lookup; [1
25,2932017/10/20 2024857  ET TROJAN Possible Winnti-related Destination; [1
25,2922017/10/20 2024858  ET TROJAN Possible Winnti-related DNS Lookup; [1
25,2912017/10/20 2024851  ET TROJAN Possible Winnti-related Destination; [1
25,2902017/10/19 2024850  ET CURRENT_EVENTS Successful HMRC Phish Oct 18 2017;  
25,2892017/10/18 2024849  ET TROJAN [PTsecurity] Trojan.JS.Agent.dwz Checkin 1;  
25,2882017/10/18 2024848  ET TROJAN Trojan.JS.Agent.dwz Checkin;  
25,2872017/10/17 2405137  ET CNC Shadowserver Reported CnC Server Port 54321 Group 1; [1,2
25,2862017/10/17 2405138  ET CNC Shadowserver Reported CnC Server Port 65267 Group 1; [1,2
25,2852017/10/17 2024847  ET CURRENT_EVENTS Successful Paypal (FR) Phish Oct 16 2017;  
25,2842017/10/17 2024844  ET CURRENT_EVENTS Tech Support Phone Scam Landing M1 Oct 16 2016;  
25,2832017/10/17 2024846  ET CURRENT_EVENTS Successful Paypal Phish Oct 16 2017;  
25,2822017/10/17 2024845  ET CURRENT_EVENTS Tech Support Phone Scam Landing M2 Oct 16 2016;  
25,2812017/10/17 2024843  ET SCAN struts-pwn User-Agent; [1,2
25,2802017/10/15 2023044  ET CURRENT_EVENTS Apple Suspended Account Phishing Landing Aug 9;  
25,2792017/10/15 2023045  ET CURRENT_EVENTS Excel Online Phishing Landing Aug 09 2016;  
25,2782017/10/15 2024842  ET CURRENT_EVENTS Possible Google Docs Phishing Landing - Title over non SSL;  
25,2772017/10/14 2405136  ET CNC Shadowserver Reported CnC Server Port 65267 Group 1; [1,2
25,2762017/10/14 2405135  ET CNC Shadowserver Reported CnC Server Port 54321 Group 1; [1,2
25,2752017/10/14 2024840  ET TROJAN DNSMessenger Payload (TXT base64 gzip header); [1
25,2742017/10/14 2024841  ET CURRENT_EVENTS Microsoft Tech Support Scam Landing M1 Oct 13 2017;  
25,2732017/10/13 2024838  ET CURRENT_EVENTS Successful Ziraat Bankasi (TK) Phish M1 Oct 12 2017;  
25,2722017/10/13 2024839  ET CURRENT_EVENTS Successful Ziraat Bankasi (TK) Phish M2 Oct 12 2017;  
25,2712017/10/13 2024837  ET TROJAN [PTsecurity] Ursnif Encoded Payload Inbound; [1
25,2702017/10/12 2405132  ET CNC Shadowserver Reported CnC Server Port 51987 Group 1; [1,2
25,2692017/10/12 2405133  ET CNC Shadowserver Reported CnC Server Port 54321 Group 1; [1,2
25,2682017/10/12 2405131  ET CNC Shadowserver Reported CnC Server Port 47221 Group 1; [1,2
25,2672017/10/12 2405134  ET CNC Shadowserver Reported CnC Server Port 65267 Group 1; [1,2
25,2662017/10/12 2024831  ET POLICY Observed IP Lookup Domain (l2 .io in DNS Lookup);  
25,2652017/10/12 2024834  ET CURRENT_EVENTS Possible Paypal Phishing Domain (IT) Oct 10 2017;  
25,2642017/10/12 2024835  ET CURRENT_EVENTS Possible Successful Paypal Phishing Domain (IT) Oct 10 2017;  
25,2632017/10/12 2024832  ET POLICY Observed IP Lookup Domain (formyip .com in TLS SNI);  
25,2622017/10/12 2024830  ET POLICY Observed IP Lookup Domain (formyip .com in DNS Lookup);  
< 31  32  33  34  35  36  37  38  39  40 >
GigaVPN & GigaIPS is based MikroTik, Suricata and EmergingThreats.
Copyright ⓒ 2010 . All Rights Reserved.