六方云知识库

2019年01月04日IPS特征库升级公告

2019年01月11日 19:53

漏洞/病毒名

特征摘要

特征说明

 

Ransomware.Win32.Gandcrab variant network share encryption attack attempt

Gandcrab勒索软件变种局域网共享加密攻击尝试

这些特征均提取自实验室捕捉到的最新恶意软件或漏洞利用脚本,通过分析攻击流量,针对攻击模式提取通杀率较高的特征!

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

这些特征均提取自实验室捕捉到的最新恶意软件或漏洞利用脚本,通过分析攻击流量,针对攻击模式提取通杀率较高的特征!

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

这些特征均提取自实验室捕捉到的最新恶意软件或漏洞利用脚本,通过分析攻击流量,针对攻击模式提取通杀率较高的特征!

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

这些特征均提取自实验室捕捉到的最新恶意软件或漏洞利用脚本,通过分析攻击流量,针对攻击模式提取通杀率较高的特征!

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

这些特征均提取自实验室捕捉到的最新恶意软件或漏洞利用脚本,通过分析攻击流量,针对攻击模式提取通杀率较高的特征!

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

这些特征均提取自实验室捕捉到的最新恶意软件或漏洞利用脚本,通过分析攻击流量,针对攻击模式提取通杀率较高的特征!

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

这些特征均提取自实验室捕捉到的最新恶意软件或漏洞利用脚本,通过分析攻击流量,针对攻击模式提取通杀率较高的特征!

 

DanaBot banking trojan attack detected!

DanaBot银行木马攻击检测

Unix.Trojan.Agent variant download attempt

Unix系统木马下载尝试检测

Win.Downloader.DDECmdExec attack detected!

微软Office DDE下载者攻击检测

Win.Downloader.DDECmdExec attack detected!

微软Office DDE下载者攻击检测

Win.Downloader.DDECmdExec attack detected!

微软Office DDE下载者攻击检测

Unix.Miner.Xbash variant dropped bash script detected!

跨平台的勒索挖矿病毒Xbash释放脚本检测

Unix.Miner.Xbash variant dropped bash script detected!

跨平台的勒索挖矿病毒Xbash释放脚本检测

HTA script hidden window execution attempt detection!

HTA脚本病毒隐藏窗口执行检测

Portable Executable containing CoinHive download attempt detected!

网页嵌入式挖矿脚本CoinHive检测

GPON exploit attack detected!

基于CVE-2018-10561GPON漏洞利用攻击检测

Win.Ransomware.Satan payload download detected!

Satan勒索软件攻击检测

DNS request for known malware domain toknowall.com - Unix.Trojan.Vpnfilter

物联网恶意软件VPNFilter恶意域名检测

Win.Ransomware.SynAck download attempt detected!

SynAck勒索软件攻击检测

VBscript downloader detected

VBScript恶意下载者脚本检测

Win.Ransomware.Thanatos ransomware inbound download attempt

Thanatos勒索软件攻击检测

Win.Trojan.Ursnif variant download attempt

Ursnif银行木马变种检测

Win.Ransomware.Samsam propagation via SMB transfer attempt

Samsam勒索软件攻击检测

Win.Ransomware.Samsam propagation via SMB2 transfer attempt

Samsam勒索软件攻击检测

Win.Ransomware.Kristina encryption over SMB attempt

Kristina勒索软件攻击检测

Win.Ransomware.Kristina encryption over SMB attempt

Kristina勒索软件攻击检测

Win.Ransomware.BadRabbit propagation via SVCCTL remote service attempt

BadRabbit勒索软件检测

Win.Ransomware.BadRabbit propagation via SMB2 transfer attempt

BadRabbit勒索软件检测

Win.Ransomware.BadRabbit propagation via SMB transfer attempt

BadRabbit勒索软件检测

Win.Ransomware.BadRabbit propagation via SMB2 transfer attempt

BadRabbit勒索软件检测

Win.Ransomware.BadRabbit propagation via SMB transfer attempt

BadRabbit勒索软件检测

Win.Trojan.Nemucod file download

Nemucod勒索软件检测

Win.Malware.Emotet variant lateral propagation

Emotet银行木马横向传播检测

Win.Malware.Emotet variant lateral propagation

Emotet银行木马横向传播检测

Win.Ransomware.Sorebrect download attempt

无文件型Sorebrect勒索软件检测

Win.Ransomware.Apocalypse download attempt

Apocalypse勒索软件检测

Win.Trojan.Retefe variant malicious certificate installation page

Retefe银行木马恶意证书安装检测

Fake Delta Ticket HTTP Response phishing attack

基于伪造的HTTP响应的钓鱼攻击检测

Win.Trojan.Agent E-FAX phishing attempt

基于E-FAX传真群发系统的钓鱼攻击检测

malicious iframe injection redirect attempt

恶意iframe注入重定向攻击检测

Java FileDialog heap buffer overflow attempt

Java堆缓冲区溢出攻击检测

multi-hop iframe campaign client-side exploit attempt

基于CVE-2011-3402的恶意iframe攻击检测

multi-hop iframe campaign client-side exploit attempt

基于CVE-2011-3402的恶意iframe攻击检测

Fake Adobe Flash Player update warning enticing clicks to malware payload

伪装Adobe Flash Player更新的恶意软件检测

Fake Adobe Flash Player malware binary requested

伪装Adobe Flash Player更新的恶意软件检测

Win.Trojan.Miniflame download attempt

Miniflame木马下载尝试检测

Win.Trojan.MiniFlame C&C command response attempt

Miniflame木马C&C通信检测

Fake delivery information phishing attack

假冒送货信息的网络钓鱼攻击检测

DNS data exfiltration attempt

DNS数据过滤(泄露)检测

VBScript potential executable write attemp

网页感染型病毒检测

Linux.Backdoor.Starysu variant inbound connection

Linux后门Starysu变种内连访问检测

Linux.Backdoor.Starysu variant inbound connection

Linux后门Starysu变种内连访问检测

AlienSpy RAT outbound connection

AlienSpy远程控制木马外联访问检测

AlienSpy RAT outbound connection

AlienSpy远程控制木马外联访问检测

Backdoor.Perl.Shellbot outbound communication attempt

Shellbot僵尸网络外联访问检测

phpMyAdmin server_sync.php backdoor access attempt

基于phpMyAdmin的后门检测

Linux.Malware.Torii variant malicious file download

Linux僵尸网络Torii检测

Unix.Worm.Hakai outbound connection

物联网僵尸网络Hakai外连访问检测

Win.Malware.Ramnit outbound REGISTER_BOT beacon

Ramnit僵尸网络外联访问检测

Unix.Trojan.Vpnfilter plugin variant connection attempt

物联网僵尸网络VPNFilter变种通信检测

Win.Ransomware.Viro variant outbound connection

Viro僵尸网络外联通信检测

Win.Trojan.PyLocky outbound connection attempt

PyLocky勒索软件通信检测

Js.Downloader.Cryptojacking miner download attempt

JS挖矿脚本检测


IPS-20190106-1.1.0.zip (需解压后升级)

more

手机扫码打开

logo