시그니처 리스트, Signature List
번호날짜ID시그니처 (Total Ruleset: 27,111개)
25,8612018/03/27 2405199  ET CNC Shadowserver Reported CnC Server Port 65267 Group 1; [1,2
25,8602018/03/27 2405198  ET CNC Shadowserver Reported CnC Server Port 64500 Group 1; [1,2
25,8592018/03/27 2025438  ET TROJAN Cobalt Group SSL Certificate Detected;  
25,8582018/03/22 2025437  ET CURRENT_EVENTS [PTsecurity] Grandsoft EK Payload; [1
25,8572018/03/20 2025434  ET TROJAN Observed Sofacy CnC Domain (ndpmedia24 .com in DNS Lookup); [1
25,8562018/03/20 2025435  ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12635); [1
25,8552018/03/20 2025436  ET INFO Suspicious User-Agent (CustomStringHere);  
25,8542018/03/16 2025218  ET CURRENT_EVENTS Malicious Chrome Extension Domain Request (stickies .pro in DNS Lookup); [1
25,8532018/03/15 2025433  ET TROJAN Observed Malicious SSL Cert (Bancos Variant CnC);  
25,8522018/03/14 2025425  ET CURRENT_EVENTS Successful Generic Phish (set) 2018-03-13;  
25,8512018/03/14 2025427  ET EXPLOIT [PT Security] Exim <4.90.1 Base64 Overflow RCE (CVE-2018-6789); [1,2
25,8502018/03/14 2025431  ET TROJAN Arkei Stealer Client Data Upload;  
25,8492018/03/14 2025426  ET EXPLOIT MikroTik RouterOS Chimay Red Remote Code Execution Probe; [1,2
25,8482018/03/14 2025430  ET TROJAN Arkei Stealer Config Download Request;  
25,8472018/03/14 2025429  ET TROJAN Arkei Stealer IP Lookup;  
25,8462018/03/14 2025432  ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12636); [1
25,8452018/03/14 2025428  ET INFO Possible Sandvine PacketLogic Injection; [1
25,8442018/03/13 2405197  ET CNC Shadowserver Reported CnC Server Port 65267 Group 1; [1,2
25,8432018/03/13 2025412  ET TROJAN [PTsecurity] Fake SSL Certificate Observed (Yahoo);  
25,8422018/03/13 2025414  ET TROJAN [PTsecurity] Fake SSL Certificate Observed (Google);  
25,8412018/03/13 2025418  ET CURRENT_EVENTS Chalbhai Phishing Landing 2018-03-12;  
25,8402018/03/13 2025423  ET CURRENT_EVENTS Ourtime Phishing Landing 2018-03-12;  
25,8392018/03/13 2025421  ET CURRENT_EVENTS Upgrade Email Account Phishing Landing 2018-03-12;  
25,8382018/03/13 2025424  ET MALWARE Observed Malicious SSL Cert (OSX/Calender 2 Mining); [1
25,8372018/03/13 2025419  ET CURRENT_EVENTS Successful O2 Phish 2018-03-12;  
25,8362018/03/13 2025420  ET CURRENT_EVENTS Successful Wells Fargo Phish 2018-03-12;  
25,8352018/03/13 2025417  ET CURRENT_EVENTS Successful Generic Phish (set) 2018-03-12;  
25,8342018/03/13 2025415  ET TROJAN [PTsecurity] Fake SSL Certificate Observed (Oracle canada);  
25,8332018/03/13 2025413  ET TROJAN [PTsecurity] Fake SSL Certificate Observed (Oracle America);  
25,8322018/03/13 2025416  ET TROJAN StrongPity APT SSL Certificate Detected; [1
25,8312018/03/13 2025422  ET CURRENT_EVENTS Retrieve Pending Emails Phishing Landing 2018-03-12;  
25,8302018/03/11 2405196  ET CNC Shadowserver Reported CnC Server Port 65267 Group 1; [1,2
25,8292018/03/11 2025411  ET INFO Secondary Flash Request Seen (no alert);  
25,8282018/03/10 2025410  ET CURRENT_EVENTS OneDrive Phishing Landing 2018-03-08;  
25,8272018/03/08 2405195  ET CNC Shadowserver Reported CnC Server Port 65267 Group 1; [1,2
25,8262018/03/08 2025409  ET CURRENT_EVENTS CERTEGO Possible JScript Coming Over SMB v2; [1,2
25,8252018/03/08 2025408  ET TROJAN Win32/Flawed Grace Backdoor CnC Checkin;  
25,8242018/03/06 2405192  ET CNC Shadowserver Reported CnC Server Port 54321 Group 1; [1,2
25,8232018/03/06 2405194  ET CNC Shadowserver Reported CnC Server Port 65267 Group 1; [1,2
25,8222018/03/06 2405193  ET CNC Shadowserver Reported CnC Server Port 64500 Group 1; [1,2
25,8212018/03/06 2025406  ET TROJAN Observed GandCrab Ransomware CnC/IP Check Domain (malwarehunterteam .bit in DNS Lookup);  
25,8202018/03/06 2025407  ET TROJAN Observed GandCrab Ransomware CnC/IP Check Domain (gdcb .bit in DNS Lookup);  
25,8192018/03/06 2025405  ET TROJAN Observed GandCrab Ransomware CnC/IP Check Domain (politiaromana .bit in DNS Lookup);  
25,8182018/03/04 2405191  ET CNC Shadowserver Reported CnC Server Port 65267 Group 1; [1,2
25,8172018/03/04 2025404  ET TROJAN Observed Princess Ransomware Payment Domain (royal25fphqilqft in DNS Lookup);  
25,8162018/03/03 2405190  ET CNC Shadowserver Reported CnC Server Port 65267 Group 1; [1,2
25,8152018/03/03 2025403  ET DOS Possible Memcached DDoS Amplification Inbound; [1
25,8142018/03/03 2025402  ET DOS Possible Memcached DDoS Amplification Response Outbound; [1
25,8132018/03/03 2025401  ET DOS Possible Memcached DDoS Amplification Query (set); [1
25,8122018/03/01 2025400  ET USER_AGENTS APN/Ask Toolbar PUA/PUP User-Agent;  
< 21  22  23  24  25  26  27  28  29  30 >
GigaVPN & GigaIPS is based MikroTik, Suricata and EmergingThreats.
Copyright ⓒ 2010 . All Rights Reserved.