시그니처 리스트, Signature List
번호날짜ID시그니처 (Total Ruleset: 27,111개)
21,2612015/06/15 2021266  ET CURRENT_EVENTS Angler EK Landing URI Struct Jun 11 M2;  
21,2602015/06/15 2021267  ET CURRENT_EVENTS Angler EK Landing URI Struct Jun 11 M3;  
21,2592015/06/14 2021265  ET CURRENT_EVENTS Possible Angler EK Landing URI Struct June 13 M3;  
21,2582015/06/14 2021261  ET TROJAN Win32/Chinad Retrieving Config; [1
21,2572015/06/14 2021263  ET CURRENT_EVENTS Possible Angler EK Landing URI Struct June 13 M1;  
21,2562015/06/14 2021262  ET TROJAN Win32/Chinad Checkin; [1
21,2552015/06/14 2021264  ET CURRENT_EVENTS Possible Angler EK Landing URI Struct June 13 M2;  
21,2542015/06/14 2021260  ET TROJAN Torrentlocker C2 SSL cert;  
21,2532015/06/14 2021259  ET TROJAN Win32/Agent.WVW CnC Beacon 3;  
21,2522015/06/13 2021258  ET CURRENT_EVENTS Fake AV Phone Scam Landing June 11 2015 M3;  
21,2512015/06/13 2021255  ET CURRENT_EVENTS Fake AV Phone Scam Landing June 11 2015 M1;  
21,2502015/06/13 2021250  ET POLICY Possible External IP Lookup ip.webmasterhome.cn;  
21,2492015/06/13 2021257  ET TROJAN Win32/Agent.WVW CnC Beacon 1;  
21,2482015/06/13 2021246  ET TROJAN Win32/Gatak.DR Activity;  
21,2472015/06/13 2021256  ET CURRENT_EVENTS Fake AV Phone Scam Landing June 11 2015 M2;  
21,2462015/06/13 2021254  ET TROJAN Cryptolocker C2 Domain in SNI; [1
21,2452015/06/13 2021252  ET TROJAN CryptoLocker .onion Proxy Domain (zbqxpjfvltb6d62m); [1
21,2442015/06/13 2021248  ET CURRENT_EVENTS Angler EK Landing URI Struct Jun 11;  
21,2432015/06/13 2021251  ET TROJAN Poweliks Clickfraud CnC M4; [1
21,2422015/06/13 2021253  ET TROJAN Cryptolocker C2 SSL cert serial; [1
21,2412015/06/13 2021247  ET TROJAN Possible Duqu 2.0 Request; [1
21,2402015/06/12 2021244  ET TROJAN Dridex Download June 10 2015;  
21,2392015/06/12 2021245  ET TROJAN Possible Dridex Download URI Struct with no referer;  
21,2382015/06/12 2021241  ET TROJAN Possible Duqu 2.0 Accessing SMB/SMB2 Named Pipe (Unicode) 6; [1
21,2372015/06/12 2021237  ET TROJAN Possible Duqu 2.0 Accessing SMB/SMB2 Named Pipe (Unicode) 2; [1
21,2362015/06/12 2021242  ET TROJAN Possible Duqu 2.0 Accessing backdoor over 443; [1
21,2352015/06/12 2021243  ET TROJAN Possible Duqu 2.0 Accessing SMB/SMB2 backdoor; [1
21,2342015/06/12 2021238  ET TROJAN Possible Duqu 2.0 Accessing SMB/SMB2 Named Pipe (Unicode) 3; [1
21,2332015/06/12 2021239  ET TROJAN Possible Duqu 2.0 Accessing SMB/SMB2 Named Pipe (Unicode) 4; [1
21,2322015/06/12 2021240  ET TROJAN Possible Duqu 2.0 Accessing SMB/SMB2 Named Pipe (Unicode) 5; [1
21,2312015/06/12 2021232  ET TROJAN Possible Duqu 2.0 Accessing SMB/SMB2 Named Pipe (ASCII) 3; [1
21,2302015/06/12 2021231  ET TROJAN Possible Duqu 2.0 Accessing SMB/SMB2 Named Pipe (ASCII) 2; [1
21,2292015/06/12 2021236  ET TROJAN Possible Duqu 2.0 Accessing SMB/SMB2 Named Pipe (Unicode) 1; [1
21,2282015/06/12 2021235  ET TROJAN Possible Duqu 2.0 Accessing SMB/SMB2 Named Pipe (ASCII) 6; [1
21,2272015/06/12 2021234  ET TROJAN Possible Duqu 2.0 Accessing SMB/SMB2 Named Pipe (ASCII) 5; [1
21,2262015/06/12 2021233  ET TROJAN Possible Duqu 2.0 Accessing SMB/SMB2 Named Pipe (ASCII) 4; [1
21,2252015/06/12 2021229  ET TROJAN Scanbox Sending Host Data; [1
21,2242015/06/12 2021228  ET TROJAN Poweliks Clickfraud CnC M3; [1
21,2232015/06/12 2021230  ET TROJAN Possible Duqu 2.0 Accessing SMB/SMB2 Named Pipe (ASCII) 1; [1
21,2222015/06/12 2021227  ET TROJAN Poweliks Clickfraud CnC M2; [1
21,2212015/06/12 2021226  ET TROJAN Poweliks Clickfraud CnC M1; [1
21,2202015/06/11 2021219  ET CURRENT_EVENTS KaXian Secondary Landing Jun 09 2015;  
21,2192015/06/11 2021221  ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM); [1
21,2182015/06/11 2021223  ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM); [1
21,2172015/06/11 2021220  ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC); [1
21,2162015/06/11 2021224  ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM); [1
21,2152015/06/11 2021222  ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM); [1
21,2142015/06/11 2021217  ET CURRENT_EVENTS Likely Evil JS used in Unknown EK Landing;  
21,2132015/06/11 2021218  ET CURRENT_EVENTS Likely Evil JS used in Unknown EK Landing;  
21,2122015/06/10 2021215  ET TROJAN Win32/Zacom.A Connectivity Check;  
< 111  112  113  114  115  116  117  118  119  120 >
GigaVPN & GigaIPS is based MikroTik, Suricata and EmergingThreats.
Copyright ⓒ 2010 . All Rights Reserved.