Report - github.com/YARAHQ/yara-forge/releases/download/20240324/yara-forge-rules-full.zip

Report Overview

Submitted URL
github.com/YARAHQ/yara-forge/releases/download/20240324/yara-forge-rules-full.zip
IP
140.82.121.3
ASN
#36459 GITHUB
Submitted
2024-03-28 19:26:20
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1025

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
github.com	1423	2007-10-09	2016-07-13	2024-03-24	535 B	4.0 kB	140.82.121.3
objects.githubusercontent.com	134060	2014-02-06	2021-11-01	2024-03-28	1.0 kB	3.6 MB	185.199.109.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
objects.githubusercontent.com/github-production-release-asset-2e65be/711268411/cfbb9c85-58d3-4c78-a4b9-96e498ca23c7?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240328%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240328T192502Z&X-Amz-Expires=300&X-Amz-Signature=967bddb61f2143a1c7f0d08f39d01e570aa4df718f97cf724675aeab6029f589&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=711268411&response-content-disposition=attachment%3B%20filename%3Dyara-forge-rules-full.zip&response-content-type=application%2Foctet-stream
IP
185.199.109.133
ASN
#54113 FASTLY

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
3.6 MB (3634228 bytes)
Hash
c44f3a330c92ddafea8d40f52670ec4e
acb1332410ebf8626d75db32815b5be51f5a6cc8
09f46a1fa84e7a26de7e64f6f28c13202dd2a3031c1e1963da82a27cce3d3af8

Archive (1)

Filename

Md5

File type

yara-rules-full.yar

8643632a780602e680fe9b4a7e7c057c

ASCII text, with very long lines (887)

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects Turla Agent.BTZ
Public Nextron YARA rules	malware	Find generic data potentially relating to AP15 tools
Public Nextron YARA rules	malware	HyperBro Stage 3 C2 path and user agent detection - also tested in memory
Public Nextron YARA rules	malware	Rule to detect Drovorub-server, Drovorub-agent, or Drovorub-client based
Public Nextron YARA rules	malware	Auto-generated rule
Public Nextron YARA rules	malware	A loader for the CobaltStrike malware family, which ultimately takes the first and second bytes of an embedded file, and flips them prior to executing the resulting payload.
Public Nextron YARA rules	malware	The FRESHFIRE malware family. The malware acts as a downloader, pulling down an encrypted snippet of code from a remote source, executing it, and deleting it from the remote server.
Public Nextron YARA rules	malware	Detects BoomBox malware as described in APT29 NOBELIUM report
Public Nextron YARA rules	malware	Detects stageless loader as used by APT29 / NOBELIUM
Public Nextron YARA rules	malware	North Korean origin malware which uses a custom Google App for c2 communications.
Public Nextron YARA rules	malware	Detects Speculoos Backdoor used by APT41
Public Nextron YARA rules	malware	Detetcs a tool used in the Australian Parliament House network compromise
Public Nextron YARA rules	malware	Detetcs a tool used in the Australian Parliament House network compromise
Public Nextron YARA rules	malware	Detetcs a tool used in the Australian Parliament House network compromise
Public Nextron YARA rules	malware	Custome SSH backdoor based on python and paramiko - file server.py
Public Nextron YARA rules	malware	Casper French Espionage Malware - String Match in File - http://goo.gl/VRJNLo
Public Nextron YARA rules	malware	Casper French Espionage Malware - System Info Output - http://goo.gl/VRJNLo
Public Nextron YARA rules	malware	Detects malware from the Proofpoint CN APT ZeroT incident
Public Nextron YARA rules	malware	Detects malware from the Proofpoint CN APT ZeroT incident
Public Nextron YARA rules	malware	Chinese APT by Proofpoint ZeroT RAT - file Mcutil.dll
Public Nextron YARA rules	malware	Detects Red Delta samples
Public Nextron YARA rules	malware	Detects Red Delta samples
Public Nextron YARA rules	malware	Identifies strings used in Cobalt Strike Beacon DLL
Public Nextron YARA rules	malware	Detects unmodified CobaltStrike beacon DLL
Public Nextron YARA rules	malware	Detects Codoso APT CustomTCP Malware
Public Nextron YARA rules	malware	Detects Codoso APT Gh0st Malware
Public Nextron YARA rules	malware	Detects Codoso APT Gh0st Malware
Public Nextron YARA rules	malware	Detects Codoso APT PGV PVID Malware
Public Nextron YARA rules	malware	Detects a malware sysdll.exe from the Rocket Kitten APT
Public Nextron YARA rules	malware	Detects trojan from APT report named http.exe
Public Nextron YARA rules	malware	Detects a malicious PotPlayer.dll
Public Nextron YARA rules	malware	Hack Deep Panda - lot1.tmp-pwdump
Public Nextron YARA rules	malware	Hack Deep Panda - htran-exe
Public Nextron YARA rules	malware	Detects DTRACK malware
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file create_dns_injection.py
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file screamingplow.sh
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file MixText.py
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file tunnel_state_reader
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file payload.py
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file eligiblecandidate.py
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file BUSURPER-2211-724.exe
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file networkProfiler_orderScans.sh
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file epicbanana_2.1.0.1.py
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file sniffer_xml2pcap
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file BananaAid
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file config_jp1_UA.pl
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file userscript.FW
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file BUSURPER-3001-724.exe
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file workit.py
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file tinyhttp_setup.sh
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file EPBA.script
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file jetplow.sh
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file extrabacon_1.1.0.1.py
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file sploit.py
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file uninstallPBD.bat
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file BICECREAM-2140
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file BFLEA-2201.exe
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file StoreFc.py
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file BBALL_E28F6-2201.exe
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - from files BARPUNCH-3110, BPICKER-3100
Public Nextron YARA rules	malware	EQGRP Toolset Firewall
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - from files pandarock_v1.11.1.1.bin, pit
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - from files BananaUsurper-2120, writeJetPlow-2130
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - from files BLIAR-2110, BLIQUER-2230, BLIQUER-3030, BLIQUER-3120
Public Nextron YARA rules	malware	EQGRP Toolset Firewall
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - from files BLIAR-2110, BLIQUER-2230
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - from files sploit.py, sploit.py
Public Nextron YARA rules	malware	EQGRP Toolset Firewall
Public Nextron YARA rules	malware	EQGRP Toolset Firewall
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - from files ssh.py, telnet.py
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - Callback addresses
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - Extrabacon exploit output
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - Unique strings
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file elgingamble
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file cmsd
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file ebbshave.v5
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file eggbasket
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file sambal
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file cmsex
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file DUL
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file slugger2
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file jackpop
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file epoxyresin.v1.0.0.1
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file estesfox
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- from files scanner, scanner.v2.1.2
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- from files ghost_sparc, ghost_x86
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- from files jparsescan, parsescan
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7
Public Nextron YARA rules	malware	Detects EquationGroup Tool - April Leak
Public Nextron YARA rules	malware	Detects EquationGroup Tool - April Leak
Public Nextron YARA rules	malware	Detects EquationGroup Tool - April Leak
Public Nextron YARA rules	malware	Detects EquationGroup Tool - April Leak
Public Nextron YARA rules	malware	This rule is UNTESTED against a large dataset and is for hunting purposes only.
Public Nextron YARA rules	malware	Detects malware Redosdru - file systemHome.exe
Public Nextron YARA rules	malware	Detects a string found in memory of malware cedt370r(3).exe
Public Nextron YARA rules	malware	Detects strings from FIN7 report in August 2018
Public Nextron YARA rules	malware	Detects Word Dropper from Proofpoint FIN7 Report
Public Nextron YARA rules	malware	Detects FourElementSword Malware
Public Nextron YARA rules	malware	Detects FourElementSword Malware
Public Nextron YARA rules	malware	String from the ShodowBroker Files Screenshots - Dec 2016
Public Nextron YARA rules	malware	Auto-generated rule - file violetspirit.README
Public Nextron YARA rules	malware	Auto-generated rule - file gr.notes
Public Nextron YARA rules	malware	Auto-generated rule - file user.tool.yellowspirit.COMMON
Public Nextron YARA rules	malware	Auto-generated rule - file opscript.se
Public Nextron YARA rules	malware	Auto-generated rule - file user.tool.epichero.COMMON
Public Nextron YARA rules	malware	Auto-generated rule - file user.tool.elatedmonkey
Public Nextron YARA rules	malware	Auto-generated rule - file user.tool.dubmoat.COMMON
Public Nextron YARA rules	malware	Auto-generated rule - file strifeworld.1
Public Nextron YARA rules	malware	Auto-generated rule - file user.tool.pork.COMMON
Public Nextron YARA rules	malware	Auto-generated rule - file user.tool.ebbisland.COMMON
Public Nextron YARA rules	malware	Auto-generated rule - file user.tool.elgingamble.COMMON
Public Nextron YARA rules	malware	Auto-generated rule - file README.cup.NOPEN
Public Nextron YARA rules	malware	Auto-generated rule - file oneshot.example
Public Nextron YARA rules	malware	Auto-generated rule - file user.tool.earlyshovel.COMMON
Public Nextron YARA rules	malware	Auto-generated rule - file user.tool.envisioncollision.COMMON
Public Nextron YARA rules	malware	Auto-generated rule
Public Nextron YARA rules	malware	Auto-generated rule - from files user.tool.orleansstride.COMMON, user.tool.curserazor.COMMON
Public Nextron YARA rules	malware	Auto-generated rule
Public Nextron YARA rules	malware	Auto-generated rule - from files violetspirit.README, violetspirit.README
Public Nextron YARA rules	malware	Detects Gh0st RAT mentioned in Cylance' Ghost Dragon Report
Public Nextron YARA rules	malware	Detects Gh0st RAT mentioned in Cylance' Ghost Dragon Report
Public Nextron YARA rules	malware	Detects ISMDoor Backdoor
Public Nextron YARA rules	malware	X-Agent/CHOPSTICK Implant by APT28
Public Nextron YARA rules	malware	BlackEnergy / Voodoo Bear Implant by APT28
Public Nextron YARA rules	malware	Unidentified Implant by APT29
Public Nextron YARA rules	malware	Detects forensic artefacts found in HAFNIUM intrusions
Public Nextron YARA rules	malware	Detects PowerCat hacktool
Public Nextron YARA rules	malware	Detects PowerShell Oneliner in Nishang's repository
Public Nextron YARA rules	malware	variation on reGeorgtunnel
Public Nextron YARA rules	malware	The SPORTSBALL webshell allows attackers to upload files or execute commands on the system.
Public Nextron YARA rules	malware	Detects CVE-2021-27065 Webshellz
Public Nextron YARA rules	malware	Detects Chopper like ASPX Webshells
Public Nextron YARA rules	malware	Detects Chopper like ASPX Webshells
Public Nextron YARA rules	malware	Detects forensic artefacts found in HAFNIUM intrusions exploiting CVE-2021-27065
Public Nextron YARA rules	malware	Detects forensic artefacts showing cleanup activity found in HAFNIUM intrusions exploiting
Public Nextron YARA rules	malware	Detects suspicious log entries that indicate requests as described in reports on HAFNIUM activity
Public Nextron YARA rules	malware	Detects Tofu Trojan
Public Nextron YARA rules	malware	detection for Hellsing implants
Public Nextron YARA rules	malware	Detects Industroyer related custom port scaner output file
Public Nextron YARA rules	malware	Detects Industroyer related malware
Public Nextron YARA rules	malware	Detects IronGate APT Malware - Step7ProSim DLL
Public Nextron YARA rules	malware	Iron Panda malware DnsTunClient - file named.exe
Public Nextron YARA rules	malware	Iron Panda Malware Htran
Public Nextron YARA rules	malware	ASPXSpy detection. It might be used by other fraudsters
Public Nextron YARA rules	malware	Iron Tiger Tool - wmi.vbs detection
Public Nextron YARA rules	malware	Keylogger - generic rule for a Chinese variant
Public Nextron YARA rules	malware	Detects LinaDoor Linux Rootkit
Public Nextron YARA rules	malware	Detects Pupy RAT
Public Nextron YARA rules	malware	Detects DLLs loaded by shellcode loader (6ce5b6b4cdd6290d396465a1624d489c7afd2259a4d69b73c6b0ba0e5ad4e4ad) (relation to Lazarus group)
Public Nextron YARA rules	malware	Detects suspicios ELF files with sections as described in malicious iLO Board analysis by AmnPardaz in December 2021
Public Nextron YARA rules	malware	Malware sample mentioned in Microcin technical report by Kaspersky
Public Nextron YARA rules	malware	CommentCrew Malware MiniASP APT
Public Nextron YARA rules	malware	Detects ShimRat and the ShimRat loader
Public Nextron YARA rules	malware	Detects ShimRatReporter
Public Nextron YARA rules	malware	Rule to detect Moonlight Maze sniffer tools
Public Nextron YARA rules	malware	Rule to detect Moonlight Maze 'de' and 'deg' tunnel tool
Public Nextron YARA rules	malware	Rule to detect Moonlight Maze 'cle' log cleaning tool
Public Nextron YARA rules	malware	Rule to detect Moonlight Maze 'xk' keylogger
Public Nextron YARA rules	malware	Detetcs the Nanocore RAT and similar malware
Public Nextron YARA rules	malware	Detetcs the Nanocore RAT
Public Nextron YARA rules	malware	Detects user function string from NCSC report
Public Nextron YARA rules	malware	Detects malicious batch file from NCSC report
Public Nextron YARA rules	malware	Detects malicious batch file from NCSC report
Public Nextron YARA rules	malware	Detects RDP brute forcer from NCSC report
Public Nextron YARA rules	malware	Detects Z Webshell from NCSC report
Public Nextron YARA rules	malware	Ruby loader seen loading the ROKRAT malware family.
Public Nextron YARA rules	malware	Detects strings found in POOLRAT malware
Public Nextron YARA rules	malware	Detects Oilrig malware samples
Public Nextron YARA rules	malware	Detects OilRig malware
Public Nextron YARA rules	malware	Detects APT34 PowerShell malware
Public Nextron YARA rules	malware	Detects APT34 PowerShell malware
Public Nextron YARA rules	malware	Detects ONHAT Proxy - Htran like SOCKS hack tool used by Chinese APT groups
Public Nextron YARA rules	malware	Keylogger used by attackers in Operation Cleaver
Public Nextron YARA rules	malware	ARP cache poisoner used by attackers in Operation Cleaver
Public Nextron YARA rules	malware	Shell Creator used by attackers in Operation Cleaver to create ASPX web shells
Public Nextron YARA rules	malware	Malware or hack tool used by attackers in Operation Cleaver
Public Nextron YARA rules	malware	Malware or hack tool used by attackers in Operation Cleaver
Public Nextron YARA rules	malware	Tiny Bot used by attackers in Operation Cleaver
Public Nextron YARA rules	malware	Keywords used by attackers in Operation Cleaver
Public Nextron YARA rules	malware	Hack tool used by attackers in Operation Cleaver
Public Nextron YARA rules	malware	Backdoor used by attackers in Operation Cleaver
Public Nextron YARA rules	malware	Backdoor used by attackers in Operation Cleaver
Public Nextron YARA rules	malware	Mimikatz Wrapper used by attackers in Operation Cleaver
Public Nextron YARA rules	malware	Parviz tool used by attackers in Operation Cleaver
Public Nextron YARA rules	malware	Hack tool used by attackers in Operation Cleaver
Public Nextron YARA rules	malware	Mimikatz wrapper used by attackers in Operation Cleaver
Public Nextron YARA rules	malware	CCProxy config known from Operation Cleaver
Public Nextron YARA rules	malware	Detects malware from Operation Cloud Hopper
Public Nextron YARA rules	malware	Malware related to Operation Cloud Hopper - Page 25
Public Nextron YARA rules	malware	Tools related to Operation Cloud Hopper
Public Nextron YARA rules	malware	Strings from CSharp version of Agent
Public Nextron YARA rules	malware	Strings from PowerShell dropper of CSharp version of Agent
Public Nextron YARA rules	malware	Piece of Base64 encoded data from Agent CSharp version
Public Nextron YARA rules	malware	Strings from Python version of Agent
Public Nextron YARA rules	malware	Piece of Base64 encoded data from Agent Python version
Public Nextron YARA rules	malware	Strings from Python keylogger
Public Nextron YARA rules	malware	Strings from the CSharp version of XServer
Public Nextron YARA rules	malware	Piece of Base64 encoded data from the XServer PowerShell dropper
Public Nextron YARA rules	malware	Strings from the PowerShell dropper of XServer
Public Nextron YARA rules	malware	Process injector/launcher
Public Nextron YARA rules	malware	Timeliner utility
Public Nextron YARA rules	malware	Checkadmin utility
Public Nextron YARA rules	malware	Python getos utility
Public Nextron YARA rules	malware	Strings from the information grabber VBS
Public Nextron YARA rules	malware	Strings from the console.jsp webshell
Public Nextron YARA rules	malware	Strings from the ver.jsp webshell
Public Nextron YARA rules	malware	Generic strings from webinfo.war webshells
Public Nextron YARA rules	malware	PassCV Malware mentioned in Cylance Report
Public Nextron YARA rules	malware	Detects PoisonIvy RAT sample set
Public Nextron YARA rules	malware	Detects Poseidon Group Malware
Public Nextron YARA rules	malware	Detects
Public Nextron YARA rules	malware	Detects scripts (mostly LUA) from Project Sauron report by Kaspersky
Public Nextron YARA rules	malware	Detects Dsniff hack tool
Public Nextron YARA rules	malware	Detects strings from arping module - Project Sauron report by Kaspersky
Public Nextron YARA rules	malware	Detects strings from kblogi module - Project Sauron report by Kaspersky
Public Nextron YARA rules	malware	Detects strings from basex module - Project Sauron report by Kaspersky
Public Nextron YARA rules	malware	Detects strings from dext module - Project Sauron report by Kaspersky
Public Nextron YARA rules	malware	Detects PROMETHIUM and NEODYMIUM malware
Public Nextron YARA rules	malware	Detects PROMETHIUM and NEODYMIUM malware
Public Nextron YARA rules	malware	Detects an APT malware related to PutterPanda
Public Nextron YARA rules	malware	Detects all QuarksPWDump versions
Public Nextron YARA rules	malware	Detects Quasar RAT
Public Nextron YARA rules	malware	Detects indicators found in DarkBit ransomware
Public Nextron YARA rules	malware	Detects malware from Rehashed RAT incident
Public Nextron YARA rules	malware	Detects RevengeRAT malware
Public Nextron YARA rules	malware	Sakula malware - strings after unpacking (memory rule)
Public Nextron YARA rules	malware	Detects an archive file created by P.A.S. for download operation
Public Nextron YARA rules	malware	Detects SQL dump file created by P.A.S. webshell
Public Nextron YARA rules	malware	Detects the encryption key for the configuration file used by Exaramel malware as seen in sample e1ff72[...]
Public Nextron YARA rules	malware	Detects the specific name of the configuration file in Exaramel malware as seen in sample e1ff72[...]
Public Nextron YARA rules	malware	Detects path of the unix socket created to prevent concurrent executions in Exaramel malware
Public Nextron YARA rules	malware	Detects names of the tasks received from the CC server in Exaramel malware
Public Nextron YARA rules	malware	Detects Strings used by Exaramel malware
Public Nextron YARA rules	malware	Detects shell script used by Sandworm in attack against Exim mail server
Public Nextron YARA rules	malware	Detects Sandworm Python loader
Public Nextron YARA rules	malware	Scanbox Chinese Deep Panda APT Malware http://goo.gl/MUUfjv and http://goo.gl/WXUQcP
Public Nextron YARA rules	malware	A malicious Chrome browser extention used by the SharpTongue threat actor to steal mail data from a victim
Public Nextron YARA rules	malware	Detects a
Public Nextron YARA rules	malware	Detects malware sample mentioned in the Silence report on Securelist
Public Nextron YARA rules	malware	Detects Sofacy Fysbis Linux Backdoor
Public Nextron YARA rules	malware	Detects webshell access mentioned in FireEye's SUNBURST report
Public Nextron YARA rules	malware	STUXSHOP_config
Public Nextron YARA rules	malware	inveigh pen testing tools & related artifacts
Public Nextron YARA rules	malware	Detects TeleBots malware - IntercepterNG
Public Nextron YARA rules	malware	Detects Liudoor daemon backdoor
Public Nextron YARA rules	malware	Detects Turla malware (based on sample used in the RUAG APT case)
Public Nextron YARA rules	malware	Detects malware used in the RUAG APT case
Public Nextron YARA rules	malware	Detects Turla malware (based on sample used in the RUAG APT case)
Public Nextron YARA rules	malware	Rule for detection of Nautilus related strings
Public Nextron YARA rules	malware	Detects artefacts found in Hermetic Wiper malware related intrusions
Public Nextron YARA rules	malware	Detects scheduled task pattern found in Hermetic Wiper malware related intrusions
Public Nextron YARA rules	malware	Detects SombRAT samples from UNC2447 campaign
Public Nextron YARA rules	malware	Detects WARPRISM PowerShell samples from UNC2447 campaign
Public Nextron YARA rules	malware	Detects DEWMODE webshells
Public Nextron YARA rules	malware	Detects malware by Chinese APT PLA Unit 78020 - Generic Rule - Chong
Public Nextron YARA rules	malware	Strings identifying the core REDLEAVES RAT in its deobfuscated state
Public Nextron YARA rules	malware	Detects specific RedLeaves and PlugX binaries
Public Nextron YARA rules	malware	Symantec Waterbug Attack - Trojan.Wipbot 2014 Down.dll component
Public Nextron YARA rules	malware	Detects powershell script used in Operation Wilted Tulip
Public Nextron YARA rules	malware	Detects a Windows scheduled task as used in Operation Wilted Tulip
Public Nextron YARA rules	malware	Detects hack tool used in Operation Wilted Tulip - Windows Tasks
Public Nextron YARA rules	malware	Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip
Public Nextron YARA rules	malware	Detects PlugX Malware Samples from June 2016
Public Nextron YARA rules	malware	Winnti sample - file NlaifSvc.dll
Public Nextron YARA rules	malware	Detects a operation Woolen-Goldfish sample - http://goo.gl/NpJpVZ
Public Nextron YARA rules	malware	Detects a operation Woolen-Goldfish sample - http://goo.gl/NpJpVZ
Public Nextron YARA rules	malware	Detects a ZxShell - CN threat group
Public Nextron YARA rules	malware	BernhardPOS Credit Card dumping tool
Public Nextron YARA rules	malware	Bluenoroff POS malware - hkp.dll
Public Nextron YARA rules	malware	Find documents saved from the same potential Cobalt Gang PDF template
Public Nextron YARA rules	malware	Triggers on strings of known DearCry samples
Public Nextron YARA rules	malware	Detects unpacked SystemBC module as used by Emotet in March 2022
Public Nextron YARA rules	malware	Detects EternalRocks Malware - file taskhost.exe
Public Nextron YARA rules	malware	Detects Fireball malware - file clearlog.dll
Public Nextron YARA rules	malware	2021 loader for Bokbot / Icedid core (license.dat)
Public Nextron YARA rules	malware	Match protocol, process injects and windows exploit present in KINS dropper
Public Nextron YARA rules	malware	Detects Darkside Ransomware
Public Nextron YARA rules	malware	Detects suspicious log lines produeced during the exploitation of ADSelfService vulnerability CVE-2021-40539
Public Nextron YARA rules	malware	Detects suspicious log lines produeced during the exploitation of ADSelfService vulnerability CVE-2021-40539
Public Nextron YARA rules	malware	Detects exploitation attempts against Confluence servers abusing a RCE reported as CVE-2021-26084
Public Nextron YARA rules	malware	Detects exceptions found in server logs that indicate an exploitation attempt of CVE-2021-44228
Public Nextron YARA rules	malware	Detects error messages related to JDNI usage in log files that can indicate a Log4Shell / Log4j exploitation
Public Nextron YARA rules	malware	Detects indicators of exploitation of ManageEngine vulnerability as described by Horizon3
Public Nextron YARA rules	malware	Detects webshells dropped by DropHell malware
Public Nextron YARA rules	malware	Detects indicators found after SpringCore exploitation attempts and in the POC script
Public Nextron YARA rules	malware	Detects ProxyToken CVE-2021-33766 exploitation attempts on an unpatched system
Public Nextron YARA rules	malware	Detects payload as seen in PoC code to exploit Workspace ONE Access freemarker server-side template injection CVE-2022-22954
Public Nextron YARA rules	malware	Detects forensic artefacts indicating successful exploitation of F5 BIG IP appliances as reported by NCCGroup
Public Nextron YARA rules	malware	Detects signs of exploitation of GitLab CE CVE-2021-22205
Public Nextron YARA rules	malware	Detects payloads used in Shitrix exploitation CVE-2019-19781
Public Nextron YARA rules	malware	Detection for Dimorf ransomeware
Public Nextron YARA rules	malware	Detects CobaltStrike payloads
Public Nextron YARA rules	malware	Detects CobaltStrike payloads
Public Nextron YARA rules	malware	Detects Empire component - file Get-SecurityPackages.ps1
Public Nextron YARA rules	malware	Detects Empire component - file Invoke-PowerDump.ps1
Public Nextron YARA rules	malware	Detects Empire component - file Invoke-ShellcodeMSIL.ps1
Public Nextron YARA rules	malware	Detects Empire component - file Invoke-SmbScanner.ps1
Public Nextron YARA rules	malware	Detects Empire component - file Invoke-EgressCheck.ps1
Public Nextron YARA rules	malware	Detects Empire component - file Invoke-PostExfil.ps1
Public Nextron YARA rules	malware	Detects Empire component - file Invoke-SMBAutoBrute.ps1
Public Nextron YARA rules	malware	Detects Empire component - file Get-Keystrokes.ps1
Public Nextron YARA rules	malware	Detects Empire component - file Invoke-DllInjection.ps1
Public Nextron YARA rules	malware	Detects Empire component - file KeePassConfig.ps1
Public Nextron YARA rules	malware	Detects Empire component
Public Nextron YARA rules	malware	Detects Empire component - from files PowerUp.ps1, PowerUp.ps1
Public Nextron YARA rules	malware	Detects Empire component
Public Nextron YARA rules	malware	Detects Empire component - from files KeePassConfig.ps1, KeePassConfig.ps1
Public Nextron YARA rules	malware	Detects Empire component - from files Invoke-Portscan.ps1, Invoke-Portscan.ps1
Public Nextron YARA rules	malware	Detects Empire component - from files Invoke-CredentialInjection.ps1, Invoke-Mimikatz.ps1
Public Nextron YARA rules	malware	Detects Empire component - from files Invoke-DCSync.ps1, Invoke-PSInject.ps1, Invoke-ReflectivePEInjection.ps1
Public Nextron YARA rules	malware	This rule is looking for B64 offsets of LazyNetToJscriptLoader which is a namespace specific to the internal version of the GadgetToJScript tooling.
Public Nextron YARA rules	malware	HackTool_MSIL_SharPersist_2
Public Nextron YARA rules	malware	CredTheft_MSIL_ADPassHunt_2
Public Nextron YARA rules	malware	Identifies GoRat malware in memory based on strings.
Public Nextron YARA rules	malware	APT_Builder_PY_REDFLARE_2
Public Nextron YARA rules	malware	Detects FireEye's Python Redflar
Public Nextron YARA rules	malware	Cobalt Strike's resources/template.py signature for versions v3.3 to v4.x
Public Nextron YARA rules	malware	Cobalt Strike's resources/template.x64.ps1, resources/template.hint.x64.ps1 and resources/template.hint.x32.ps1 from v3.0 to v4.x except 3.12 and 3.13
Public Nextron YARA rules	malware	Detects CactusTorch Hacktool
Public Nextron YARA rules	malware	Detects URL mentioned in report on compromised Github repositories in August 2022
Public Nextron YARA rules	malware	Detects HawkEye Keylogger Reborn
Public Nextron YARA rules	malware	Detects Venom - a library that meant to perform evasive communication using stolen browser socket
Public Nextron YARA rules	malware	Compiled Impacket Tools
Public Nextron YARA rules	malware	Detects Invoke-Mimikatz String
Public Nextron YARA rules	malware	Detects Invoke-WmiExec or Invoke-SmbExec
Public Nextron YARA rules	malware	Auto-generated rule - file kerberoast.py
Public Nextron YARA rules	malware	Detects Khepri C2 framework beacons
Public Nextron YARA rules	malware	Detects Reflective DLL Loader
Public Nextron YARA rules	malware	Detects Reflective DLL Loader - suspicious - Possible FP could be program crack
Public Nextron YARA rules	malware	Detects Reflective DLL Loader
Public Nextron YARA rules	malware	Detects PowerShell AMSI Bypass
Public Nextron YARA rules	malware	Detects MSHTA Bypass
Public Nextron YARA rules	malware	Detects a suspicious Javascript Run command
Public Nextron YARA rules	malware	VT Research QA uploaded malware - file vqgk.dll
Public Nextron YARA rules	malware	Detects Merlin agent
Public Nextron YARA rules	malware	Detects a Metasploit Loader by RSMudge - file loader.exe
Public Nextron YARA rules	malware	Metasploit Payloads - file msf-psh.vba
Public Nextron YARA rules	malware	Metasploit Payloads - file msf-exe.vba
Public Nextron YARA rules	malware	Metasploit Payloads - file msf.psh
Public Nextron YARA rules	malware	Metasploit Payloads - file msf.aspx
Public Nextron YARA rules	malware	Metasploit Payloads - file msf-cmd.ps1
Public Nextron YARA rules	malware	Metasploit Payloads - file msf-ref.ps1
Public Nextron YARA rules	malware	PowerShell with PE Reflective Injection
Public Nextron YARA rules	malware	Detects a log file generated by malicious hack tool mimikatz
Public Nextron YARA rules	malware	Detects Mimikittenz - file Invoke-mimikittenz.ps1
Public Nextron YARA rules	malware	Detects Mimipenguin Password Extractor - Linux
Public Nextron YARA rules	malware	Bella MacOS/OSX backdoor
Public Nextron YARA rules	malware	p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedPowerCat.cs
Public Nextron YARA rules	malware	p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedPotato.cs
Public Nextron YARA rules	malware	p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedExploits.cs
Public Nextron YARA rules	malware	p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedBinaries.cs
Public Nextron YARA rules	malware	p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedAmsiBypass.cs
Public Nextron YARA rules	malware	p0wnedShell Runspace Post Exploitation Toolkit - from files p0wnedShell.cs, p0wnedShell.cs
Public Nextron YARA rules	malware	Detects characteristics of suspicious file names or double extensions often found in phishing mail attachments
Public Nextron YARA rules	malware	Detects Pirpi Backdoor - and other malware (generic rule)
Public Nextron YARA rules	malware	Detects Pirpi Backdoor
Public Nextron YARA rules	malware	Detects hack tool PowerShdll
Public Nextron YARA rules	malware	Detects PowerShell ISESteroids obfuscation
Public Nextron YARA rules	malware	Auto-generated rule - file Invoke-Shellcode.ps1
Public Nextron YARA rules	malware	Auto-generated rule - file Invoke-Mimikatz.ps1
Public Nextron YARA rules	malware	Auto-generated rule - file Invoke-RelfectivePEInjection.ps1
Public Nextron YARA rules	malware	Auto-generated rule - file Persistence.ps1
Public Nextron YARA rules	malware	Auto-generated rule - from files Invoke-Mimikatz.ps1, Invoke-RelfectivePEInjection.ps1
Public Nextron YARA rules	malware	Auto-generated rule - from files Inveigh-BruteForce.ps1
Public Nextron YARA rules	malware	Auto-generated rule - from files Persistence.ps1
Public Nextron YARA rules	malware	Auto-generated rule - from files Inveigh-BruteForce.ps1
Public Nextron YARA rules	malware	Detects Base64 encoded PS1 Shellcode
Public Nextron YARA rules	malware	Osiris Device Guard Bypass - file Invoke-OSiRis.ps1
Public Nextron YARA rules	malware	Detects Pupy backdoor
Public Nextron YARA rules	malware	Detects Adzok RAT
Public Nextron YARA rules	malware	Detects Ap0calypse RAT
Public Nextron YARA rules	malware	Detects BlackShades RAT
Public Nextron YARA rules	malware	Detects BlueBanana RAT
Public Nextron YARA rules	malware	Detects Bozok RAT
Public Nextron YARA rules	malware	Detects ClientMesh RAT
Public Nextron YARA rules	malware	Detects DarkComet RAT
Public Nextron YARA rules	malware	Detects DarkRAT
Public Nextron YARA rules	malware	Detects JavaDropper RAT
Public Nextron YARA rules	malware	Detects LostDoor RAT
Public Nextron YARA rules	malware	Detects Paradox RAT
Public Nextron YARA rules	malware	Detects QRAT
Public Nextron YARA rules	malware	Detects ShadowTech RAT
Public Nextron YARA rules	malware	Detects Sub7Nation RAT
Public Nextron YARA rules	malware	Detects Vertex RAT
Public Nextron YARA rules	malware	Detects Adwind RAT
Public Nextron YARA rules	malware	Detects unrecom RAT
Public Nextron YARA rules	malware	Detects Red Sails Hacktool - Python
Public Nextron YARA rules	malware	Detects code which uses the python lib sectools
Public Nextron YARA rules	malware	Detects an executable that has been encoded with base64 twice
Public Nextron YARA rules	malware	Detects suspicious UTF16 and Base64 encoded PowerShell code that starts with a $ sign and a single char variable
Public Nextron YARA rules	malware	Detects a suspicious
Public Nextron YARA rules	malware	Detects a suspicious command line with netsh and the portproxy command
Public Nextron YARA rules	malware	Detects method to disable ETW in ENV vars before executing a program
Public Nextron YARA rules	malware	Detects a tool that can be used for privilege escalation - file gp3finder_v4.0.exe
Public Nextron YARA rules	malware	Detects a tool that can be used for privilege escalation - file folderperm.ps1
Public Nextron YARA rules	malware	Detects simple Windows shell - file s3.exe
Public Nextron YARA rules	malware	Detects simple Windows shell - file s1.exe
Public Nextron YARA rules	malware	Detects simple Windows shell - from files keygen.exe, s1.exe, s2.exe, s3.exe, s4.exe
Public Nextron YARA rules	malware	Detects simple Windows shell - from files s3.exe, s4.exe
Public Nextron YARA rules	malware	Auto-generated rule - file WMImplant.ps1
Public Nextron YARA rules	malware	Ysoserial Payloads - file Spring1.bin
Public Nextron YARA rules	malware	Ysoserial Payloads
Public Nextron YARA rules	malware	Ysoserial Payloads - from files JavassistWeld1.bin, JBossInterceptors.bin
Public Nextron YARA rules	malware	NTML Hash Dump output file - John/LC format
Public Nextron YARA rules	malware	Detects payload generated by exe2hex
Public Nextron YARA rules	malware	Detects NatBypass tool (also used by APT41)
Public Nextron YARA rules	malware	Detects a suspicious TeamViewer log entry stating that the remote systems had a Chinese keyboard layout
Public Nextron YARA rules	malware	Detects a suspicious TeamViewer log entry stating that the remote systems had a Russian keyboard layout
Public Nextron YARA rules	malware	Detects SALTWATER malware used in Barracuda ESG exploitations (CVE-2023-2868)
Public Nextron YARA rules	malware	Detects BPFDoor malware
Public Nextron YARA rules	malware	Detects BPFDoor implants used by Chinese actor Red Menshen
Public Nextron YARA rules	malware	Detects BPFDoor/Tricephalic Hellkeeper passive implant
Public Nextron YARA rules	malware	Detects LockBit ransomware samples for Linux and macOS
Public Nextron YARA rules	malware	Detects indicators found in LockBit ransomware log files
Public Nextron YARA rules	malware	Detects forensic artifacts found in LockBit intrusions
Public Nextron YARA rules	malware	Detects script used in ransomware attacks exploiting and encrypting ESXi servers - file encrypt.sh
Public Nextron YARA rules	malware	Detects ransomware exploiting and encrypting ESXi servers
Public Nextron YARA rules	malware	Detects Python backdoor found on ESXi servers
Public Nextron YARA rules	malware	Rule to detect the EquationLaser malware
Public Nextron YARA rules	malware	EquationDrug - HDD/SSD firmware operation - nls_933w.dll
Public Nextron YARA rules	malware	FiveEyes QUERTY Malware - file 20123_cmdDef.xml
Public Nextron YARA rules	malware	FiveEyes QUERTY Malware - file 20123.xml
Public Nextron YARA rules	malware	FiveEyes QUERTY Malware - file 20120_cmdDef.xml
Public Nextron YARA rules	malware	FiveEyes QUERTY Malware - file 20121_cmdDef.xml
Public Nextron YARA rules	malware	Malware Sample - maybe Regin related
Public Nextron YARA rules	malware	Windows Credential Editor
Public Nextron YARA rules	malware	Detects Amplia Security Tool like Windows Credential Editor
Public Nextron YARA rules	malware	PwDump 6 variant
Public Nextron YARA rules	malware	PScan - Port Scanner
Public Nextron YARA rules	malware	Hacktool
Public Nextron YARA rules	malware	This signature detects the Fierce2 domain scanner
Public Nextron YARA rules	malware	This signature detects the Ncrack brute force tool
Public Nextron YARA rules	malware	This signature detects the SQLMap SQL injection tool
Public Nextron YARA rules	malware	Auto-generated rule on file PortScanner.exe
Public Nextron YARA rules	malware	Auto-generated rule on file NetBIOS Name Scanner.exe
Public Nextron YARA rules	malware	Auto-generated rule on file ipscan.exe
Public Nextron YARA rules	malware	Auto-generated rule on file IP Stealing Utilities.exe
Public Nextron YARA rules	malware	Auto-generated rule on file PortRacer.exe
Public Nextron YARA rules	malware	Auto-generated rule on file scanarator.exe
Public Nextron YARA rules	malware	Auto-generated rule on file =Bitchin Threads=.exe
Public Nextron YARA rules	malware	Auto-generated rule on file portscan.exe
Public Nextron YARA rules	malware	Auto-generated rule on file ProPort.exe
Public Nextron YARA rules	malware	Auto-generated rule on file StealthWasp's Basic PortScanner v1.2.exe
Public Nextron YARA rules	malware	Auto-generated rule on file BluesPortScan.exe
Public Nextron YARA rules	malware	Auto-generated rule on file iis.exe
Public Nextron YARA rules	malware	Auto-generated rule on file ipscan.exe
Public Nextron YARA rules	malware	Auto-generated rule on file Loader.exe
Public Nextron YARA rules	malware	Detects the backdoor Beastdoor
Public Nextron YARA rules	malware	Detects a Powershell version of the Netcat network hacking tool
Public Nextron YARA rules	malware	Detects a chinese Portscanner named MilkT
Public Nextron YARA rules	malware	Modified (packed) version of Windows Credential Editor
Public Nextron YARA rules	malware	iKAT hack tools set agent - file ikat.exe
Public Nextron YARA rules	malware	Tool to hide unhide the windows startbar from command line - iKAT hack tools - file startbar.exe
Public Nextron YARA rules	malware	Auto-generated rule - file BypassUac2.zip
Public Nextron YARA rules	malware	APT Malware - Proxy
Public Nextron YARA rules	malware	Disclosed hacktool set - file nc.exe
Public Nextron YARA rules	malware	Disclosed hacktool set - file cs.exe
Public Nextron YARA rules	malware	Disclosed hacktool set - file sql.exe
Public Nextron YARA rules	malware	Disclosed hacktool set - file 445TOOL.rar
Public Nextron YARA rules	malware	Disclosed hacktool set - file s.exe
Public Nextron YARA rules	malware	Disclosed hacktool set - file Burst.rar
Public Nextron YARA rules	malware	Disclosed hacktool set - file GOGOGO.bat
Public Nextron YARA rules	malware	Disclosed hacktool set - file pass.txt
Public Nextron YARA rules	malware	Disclosed hacktool set - file JoHor_Posts_Killer.exe
Public Nextron YARA rules	malware	Disclosed hacktool set - file Start.bat - DoS tool
Public Nextron YARA rules	malware	Disclosed hacktool set - file Blast.bat
Public Nextron YARA rules	malware	PoS Scammer Toolbox - http://goo.gl/xiIphp - file VUBrute.exe
Public Nextron YARA rules	malware	PoS Scammer Toolbox - http://goo.gl/xiIphp - file config.ini
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file listip.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file ArtTrayHookDll.dll
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file EditServer.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file letmein.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file token.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file webget.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file ASPack Chinese.ini
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file EditKeyLogReadMe.txt
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file readme.txt
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file EditKeyLog.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file PassSniffer.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file InjectT.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file Jc.WinEggDrop Shell.txt
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file TBack.DLL
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file Inject.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file sqlcmd.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file 2323.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file CleanIISLog.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file sqlcheck.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file RunAsEx.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file splitjoin.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file InstGina.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file findoor.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file InjectT.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file gina.dll
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file xsniff.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file fscan.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - from files FsHttp.exe, FsPop.exe, FsSniffer.exe
Public Nextron YARA rules	malware	Remote Admin Tool used by APT group Anunak (ru) - file AA_v3.4.exe and AA_v3.5.exe
Public Nextron YARA rules	malware	Linux hack tools - file scanssh
Public Nextron YARA rules	malware	Linux hack tools - file pscan2
Public Nextron YARA rules	malware	Linux hack tools - file a
Public Nextron YARA rules	malware	Linux hack tools - file mass
Public Nextron YARA rules	malware	Detects a Chinese hacktool from a disclosed toolset - from files XScanLib.dll, XScanLib.dll, XScanLib.dll
Public Nextron YARA rules	malware	Detects a Chinese hacktool from a disclosed toolset - file PipeCmd.exe
Public Nextron YARA rules	malware	Detects a Chinese hacktool from a disclosed toolset - file sqlr.exe
Public Nextron YARA rules	malware	Detects VSSown.vbs script - used to export shadow copy elements like NTDS to take away and crack elsewhere
Public Nextron YARA rules	malware	Network domain enumeration tool - often used by attackers - file Nv.exe
Public Nextron YARA rules	malware	Network domain enumeration tool output - often used by attackers - file filename.txt
Public Nextron YARA rules	malware	Detects Linux Port Scanner Shark
Public Nextron YARA rules	malware	Detects dnscat2 - from files dnscat, dnscat2.exe
Public Nextron YARA rules	malware	Detects Windows Credential Editor (WCE) in memory (and also on disk)
Public Nextron YARA rules	malware	Detects a tool used by APT groups - file pstgdump.exe
Public Nextron YARA rules	malware	Detects a tool used by APT groups
Public Nextron YARA rules	malware	Detects a tool used by APT groups - file fgexec.exe
Public Nextron YARA rules	malware	Detects a tool used by APT groups - from files cachedump.exe, cachedump64.exe
Public Nextron YARA rules	malware	Detects a tool used by APT groups - file PwDump.exe
Public Nextron YARA rules	malware	Detects an XML that executes Mimikatz on an endpoint via MSBuild
Public Nextron YARA rules	malware	Detects POC code from disclosed 0day hacktool set
Public Nextron YARA rules	malware	Detects a process injection utility that can be used ofr good and bad purposes
Public Nextron YARA rules	malware	Detects Lazagne PW Dumper
Public Nextron YARA rules	malware	Detects susupicious bash command
Public Nextron YARA rules	malware	Detects Lazagne password extractor hacktool
Public Nextron YARA rules	malware	Detects NoPowerShell hack tool
Public Nextron YARA rules	malware	Web Shell - file iMHaPFtp.php
Public Nextron YARA rules	malware	Web Shell - file guo.php
Public Nextron YARA rules	malware	Web Shell - file redcod.php
Public Nextron YARA rules	malware	Web Shell - file server.php
Public Nextron YARA rules	malware	Web Shell - file cihshell_fix.php
Public Nextron YARA rules	malware	Web Shell - file up.php
Public Nextron YARA rules	malware	Web Shell - file EFSO_2.asp
Public Nextron YARA rules	malware	Web Shell - file up.jsp
Public Nextron YARA rules	malware	Web Shell - file Server Variables.asp
Public Nextron YARA rules	malware	Web Shell - file ice.php
Public Nextron YARA rules	malware	Web Shell - file phpspy2010.php
Public Nextron YARA rules	malware	Web Shell - file ice.asp
Public Nextron YARA rules	malware	Web Shell - file 404.asp
Public Nextron YARA rules	malware	Web Shell - file webshell-cnseay02-1.php
Public Nextron YARA rules	malware	Web Shell - file fbi.php
Public Nextron YARA rules	malware	Web Shell - file B374k.php
Public Nextron YARA rules	malware	Web Shell - file list.php
Public Nextron YARA rules	malware	Web Shell - file 404.php
Public Nextron YARA rules	malware	Web Shell - file aspydrv.asp
Public Nextron YARA rules	malware	Web Shell - file Dx.php
Public Nextron YARA rules	malware	Web Shell - file MySQL Web Interface Version 0.8.php
Public Nextron YARA rules	malware	Web Shell - file odd.php
Public Nextron YARA rules	malware	Web Shell - file idc.php
Public Nextron YARA rules	malware	Web Shell - file 404.php
Public Nextron YARA rules	malware	Web Shell - file webshell-cnseay-x.php
Public Nextron YARA rules	malware	Web Shell - file up.asp
Public Nextron YARA rules	malware	Web Shell - file odd.php
Public Nextron YARA rules	malware	Web Shell - file k81.jsp
Public Nextron YARA rules	malware	Web Shell - file cmdjsp.jsp
Public Nextron YARA rules	malware	Web Shell - file Java Shell.jsp
Public Nextron YARA rules	malware	Web Shell - file r57142.php
Public Nextron YARA rules	malware	Web Shell - file simple-backdoor.php
Public Nextron YARA rules	malware	Web Shell - file cmd.php
Public Nextron YARA rules	malware	Web Shell - file co.php
Public Nextron YARA rules	malware	Web Shell - file 150.php
Public Nextron YARA rules	malware	Web Shell - file c37.php
Public Nextron YARA rules	malware	Web Shell - file b37.php
Public Nextron YARA rules	malware	Web Shell - file bug (1).php
Public Nextron YARA rules	malware	Web Shell - from files ghost_source.php, icesword.php, silic.php
Public Nextron YARA rules	malware	Web Shell
Public Nextron YARA rules	malware	Web Shell
Public Nextron YARA rules	malware	Web Shell - from files jsp-reverse.jsp, jsp-reverse.jsp, jspbd.jsp
Public Nextron YARA rules	malware	Web Shell
Public Nextron YARA rules	malware	Web Shell - from files itsec.php, PHPJackal.php, itsecteam_shell.php, jHn.php
Public Nextron YARA rules	malware	Web Shell
Public Nextron YARA rules	malware	Web Shell
Public Nextron YARA rules	malware	Web Shell - from files 000.jsp, 403.jsp, c5.jsp, config.jsp, myxx.jsp, queryDong.jsp, spyjsp2010.jsp, zend.jsp
Public Nextron YARA rules	malware	Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php
Public Nextron YARA rules	malware	Web Shell
Public Nextron YARA rules	malware	Web Shell - from files phpspy_2005_full.php, phpspy_2005_lite.php, phpspy_2006.php, PHPSPY.php
Public Nextron YARA rules	malware	Web Shell
Public Nextron YARA rules	malware	Web Shell - from files r57shell127.php, r57_kartal.php, r57.php
Public Nextron YARA rules	malware	Web shells - generated from file con2.asp
Public Nextron YARA rules	malware	Web shells - generated from file Expdoor.com ASP.asp
Public Nextron YARA rules	malware	Web shells - generated from file php2.php
Public Nextron YARA rules	malware	Web shells - generated from file bypass-iisuser-p.asp
Public Nextron YARA rules	malware	Web shells - generated from file 404super.php
Public Nextron YARA rules	malware	Web shells - generated from file JSP.jsp
Public Nextron YARA rules	malware	Web shells - generated from file webshell-123.php
Public Nextron YARA rules	malware	Web shells - generated from file dev_core.php
Public Nextron YARA rules	malware	Web shells - generated from file pHp.php
Public Nextron YARA rules	malware	Web shells - generated from file pppp.php
Public Nextron YARA rules	malware	Web shells - generated from file code.php
Public Nextron YARA rules	malware	Web shells - generated from file xxxx.php
Public Nextron YARA rules	malware	Web shells - generated from file PHP1.php
Public Nextron YARA rules	malware	Web shells - generated from file asp1.asp
Public Nextron YARA rules	malware	Web shells - generated from file php6.php
Public Nextron YARA rules	malware	Web shells - generated from file GetPostpHp.php
Public Nextron YARA rules	malware	Web shells - generated from file php5.php
Public Nextron YARA rules	malware	Web shells - generated from file PHP.php
Public Nextron YARA rules	malware	Web shells - generated from file Asp.asp
Public Nextron YARA rules	malware	Semi-Auto-generated - file perlbot.pl.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file php-backdoor.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file shankar.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Casus15.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file small.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file shellbot.pl.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file fuckphpshell.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file ngh.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file jsp-reverse.jsp.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Tool.asp.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file NT Addy.asp.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file phvayvv.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file r57shell.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file rst_sql.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file wh_bindshell.py.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file lurm_safemod_on.cgi.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file c99madshell_v2.0.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file w3d.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file WinX Shell.html.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Dx.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file csh.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file pHpINJ.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file 2008.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file ak74shell.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Rem View.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Java Shell.js.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file STNC.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file aZRaiLPhp v1.0.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file zacosmall.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file CmdAsp.asp.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file simple-backdoor.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file mysql_shell.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Dive Shell 1.0 - Emperor Hacking Team.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Asmodeus v0.1.pl.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Reader.asp.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file phpshell17.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file SimShell 1.0 - Simorgh Security MGZ.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file jspshall.jsp.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file rootshell.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file connectback2.pl.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file wso.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file backdoor1.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file elmaliseker.asp.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file s72 Shell v1.1 Coding.html.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file kacak.asp.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file PHP Backdoor Connect.pl.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Antichat Socks5 Server.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Antichat Shell v1.3.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file cyberlords_sql.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Ayyildiz Tim -AYT- Shell v 2.1 Biz.html.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file EFSO_2.asp.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file lamashell.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Ajax_PHP Command Shell.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file JspWebshell 1.2.jsp.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Sincap.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Phyton Shell.py.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file sh.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file phpjackal.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file sql.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file cgi-python.py.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file ru24_post_sh.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file telnetd.pl.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file php-include-w-shell.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file shell.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file telnet.cgi.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file ironshell.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file backdoorfr.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file aspydrv.asp.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file cmdjsp.jsp.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file h4ntu shell [powered by tsoi].txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Ajan.asp.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file PHANTASMA.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file MySQL Web Interface Version 0.8.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - from files nst.php.php.txt, img.php.php.txt, nstview.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - from files network.php.php.txt, xinfo.php.php.txt, nfm.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated
Public Nextron YARA rules	malware	Semi-Auto-generated - from files w.php.php.txt, wacking.php.php.txt, SpecialShell_99.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - from files r577.php.php.txt, SnIpEr_SA Shell.php.txt, r57.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - from files wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt, c100.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - from files r577.php.php.txt, r57.php.php.txt, r57 Shell.php.php.txt, spy.php.php.txt, s.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - from files multiple_php_webshells
Public Nextron YARA rules	malware	Semi-Auto-generated - from files w.php.php.txt, c99madshell_v2.1.php.php.txt, wacking.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated
Public Nextron YARA rules	malware	Semi-Auto-generated - from files nst.php.php.txt, cybershell.php.php.txt, img.php.php.txt, nstview.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated
Public Nextron YARA rules	malware	Semi-Auto-generated - from files r577.php.php.txt, r57.php.php.txt, spy.php.php.txt, s.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated
Public Nextron YARA rules	malware	Looks like a webshell cloaked as GIF - http://goo.gl/xFvioC
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file dC3_Security_Crew_Shell_PRiV.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file simattacker.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file DTool Pro.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file ironshell.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file b374k-mini-shell-php.php.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file Sincap 1.0.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file b374k.php.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file h4ntu shell [powered by tsoi].php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file MyShell.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file pws.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file reader.asp.php.txt
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file php-backdoor.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file pHpINJ.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file NGH.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file matamu.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file ru24_post_sh.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file hiddens shell v1.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file c99_locus7s.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file safe0ver.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file kral.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file cgitelnet.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file NTDaddy v1.9.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file lamashell.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file Simple_PHP_backdoor_by_DK.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file CmdAsp.asp.php.txt
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file NCC-Shell.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file README.md
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file backupsql.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file AK-74 Security Team Web Shell Beta Version.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file cpanel.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file 529.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file qsd-php-backdoor.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file Ayyildiz Tim -AYT- Shell v 2.1 Biz.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file Gamma Web Shell.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file WinX Shell.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file php-include-w-shell.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file PhpSpy Ver 2006.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file myshell.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file lolipop.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file simple_cmd.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file go-shell.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file aZRaiLPhp v1.0.php
Public Nextron YARA rules	malware	Webshells Github Archive - file zehir4
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file zehir4.asp.php.txt
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file lostDC.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file CasuS 1.5.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - from files Ajax_PHP Command Shell.php, Ajax_PHP_Command_Shell.php, soldierofallah.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - from files Small Web Shell by ZaCo.php, small.php, zaco.php, zacosmall.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - from files Dive Shell 1.0
Public Nextron YARA rules	malware	PHP Webshells Github Archive - from files CrystalShell v.1.php, erne.php, stres.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - from files findsock.c, php-findsock-shell.php, php-reverse-shell.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive
Public Nextron YARA rules	malware	Webshells Auto-generated - file Injectt.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file ssh.php
Public Nextron YARA rules	malware	Webshells Auto-generated - file Client.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file ZXshell.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file RkNTLoad.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file binder2.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file orice2.php
Public Nextron YARA rules	malware	Webshells Auto-generated - file sendmail.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file zehir4.asp
Public Nextron YARA rules	malware	Webshells Auto-generated - file hkshell.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file DarkSpy105.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file EditServer.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file reader.asp
Public Nextron YARA rules	malware	Webshells Auto-generated - file svchostdll.dll
Public Nextron YARA rules	malware	Webshells Auto-generated - file server.asp
Public Nextron YARA rules	malware	Webshells Auto-generated - file vanquish.dll
Public Nextron YARA rules	malware	Webshells Auto-generated - file Client.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file Simple_PHP_BackDooR.php
Public Nextron YARA rules	malware	Webshells Auto-generated - file hkrmv.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file phpft.php
Public Nextron YARA rules	malware	Webshells Auto-generated - file bdcli100.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file rdrbs084.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file 2005.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file casus15.php
Public Nextron YARA rules	malware	Webshells Auto-generated - file installer.cmd
Public Nextron YARA rules	malware	Webshells Auto-generated - file elmaliseker.asp
Public Nextron YARA rules	malware	Webshells Auto-generated - file resolve.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file Fport.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file upload.asp
Public Nextron YARA rules	malware	Webshells Auto-generated - file PasswordReminder.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file RkNT.dll
Public Nextron YARA rules	malware	Webshells Auto-generated - file dbgntboot.dll
Public Nextron YARA rules	malware	Webshells Auto-generated - file shell.php
Public Nextron YARA rules	malware	Webshells Auto-generated - file rdrbs100.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file Mithril.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file hkdoordll.dll
Public Nextron YARA rules	malware	Webshells Auto-generated - file dllTest.dll
Public Nextron YARA rules	malware	Webshells Auto-generated - file dbgiis6cli.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file cress.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file usr.php
Public Nextron YARA rules	malware	Webshells Auto-generated - file phpinj.php
Public Nextron YARA rules	malware	Webshells Auto-generated - file db.asp
Public Nextron YARA rules	malware	Webshells Auto-generated - file EditServer.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file by064cli.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file dllTest.dll
Public Nextron YARA rules	malware	Webshells Auto-generated - file connector.asp
Public Nextron YARA rules	malware	Webshells Auto-generated - file HideRun.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file PHP_Shell_v1.7.php
Public Nextron YARA rules	malware	Webshells Auto-generated - file save.asp
Public Nextron YARA rules	malware	Webshells Auto-generated - file screencap.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file zxrecv.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file deploy.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file by063cli.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file asp.asp
Public Nextron YARA rules	malware	Webshells Auto-generated - file ntboot.dll
Public Nextron YARA rules	malware	Webshells Auto-generated - file xwhois.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file vanquish.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file nc.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file Server.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file 2006.asp
Public Nextron YARA rules	malware	Webshells Auto-generated - file HDConfig.exe
Public Nextron YARA rules	malware	Webshell and Exploit Code in relation with APT against Honk Kong protesters
Public Nextron YARA rules	malware	Detects a web shell that downloads content from pastebin.com http://goo.gl/7dbyZs
Public Nextron YARA rules	malware	Detects a web shell
Public Nextron YARA rules	malware	Detects a simple cloaked PHP web shell
Public Nextron YARA rules	malware	Detects properties file of Confluence Questions plugin with static user name and password (backdoor) CVE-2022-26138
Public Nextron YARA rules	malware	Detects JQuery File Upload vulnerability CVE-2018-9206
Public Nextron YARA rules	malware	Detects a potential compromise indicator found in MOVEit Transfer logs
Public Nextron YARA rules	malware	Detects a potential compromise indicator found in MOVEit Transfer logs
Public Nextron YARA rules	malware	Detects a potential compromise indicator found in MOVEit DMZ Web API logs
Public Nextron YARA rules	malware	Detects logs generated after a successful exploitation using the PoC code against CVE-2022-41040 and CVE-2022-41082 (aka ProxyNotShell) in Microsoft Exchange servers
Trellix Threat Reasearch YARA rules	malware	Filter for 2nd stage malware used in VPNfilter attack
Trellix Threat Reasearch YARA rules	malware	Monero mining software
Trellix Threat Reasearch YARA rules	malware	CTB_Locker
Trellix Threat Reasearch YARA rules	malware	Detect GPGQwerty ransomware
Trellix Threat Reasearch YARA rules	malware	Rule to detect the Kraken Cryptor Ransomware
Trellix Threat Reasearch YARA rules	malware	rule to detect Linux variant of the Hello Kitty Ransomware
Trellix Threat Reasearch YARA rules	malware	Rule to detect Mount Locker ransomware
Trellix Threat Reasearch YARA rules	malware	Credentials Stealing Attack
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
YARAhub by abuse.ch	malware	Detect basics of ItsSoEasy Ransomware (Itssoeasy-A)
YARAhub by abuse.ch	malware	Lucasstealer
YARAhub by abuse.ch	malware	Detects QBOT HTML smuggling variants
YARAhub by abuse.ch	malware	RABBITHUNT_cls
YARAhub by abuse.ch	malware	Detects the ESXiArgs Ransomware encryption python script
YARAhub by abuse.ch	malware	yarahub_win_remcos_rat_unpacked_aug_2023
Public InfoSec YARA rules	malware	Identifies Adfind, a Command line Active Directory query tool.
Public InfoSec YARA rules	malware	Identifies Aurora Stealer.
Public InfoSec YARA rules	malware	Identifies AveMaria aka WarZone RAT.
Public InfoSec YARA rules	malware	Identifies CryLock aka Cryakl ransomware.
Public InfoSec YARA rules	malware	Identifies Darkside ransomware.
Public InfoSec YARA rules	malware	Identifies Hidden Windows driver, used by malware such as PurpleFox.
Public InfoSec YARA rules	malware	Identifies IcedID (stage 1 and 2, initial loaders).
Public InfoSec YARA rules	malware	Identifies Impacket, a collection of Python classes for working with network protocols.
Public InfoSec YARA rules	malware	Identifies LaZagne, credentials recovery project.
Public InfoSec YARA rules	malware	Identifies Maze ransomware in memory or unpacked.
Public InfoSec YARA rules	malware	Identifies Parallax RAT.
Public InfoSec YARA rules	malware	Identifies Pysa aka Mespinoza ransomware.
Public InfoSec YARA rules	malware	Identifies RagnarLocker ransomware unpacked or in memory.
Public InfoSec YARA rules	malware	Identifies SystemBC RAT, decrypted config.
Public InfoSec YARA rules	malware	Identifies Windows Credentials Editor (WCE), post-exploitation tool.
Public InfoSec YARA rules	malware	Identifies Zeppelin ransomware and variants (Buran, Vega etc.)
CAPEv2 YARA detection rules	malware	Detecting HTML strings used by Agent Tesla malware
CAPEv2 YARA detection rules	malware	AgenetTesla Type 2 Keylogger payload
CAPEv2 YARA detection rules	malware	AgentTeslaV3 infostealer payload
CAPEv2 YARA detection rules	malware	Cobalt Strike Beacon Payload
CAPEv2 YARA detection rules	malware	TrickBot Payload
CAPEv2 YARA detection rules	malware	Detects TrickBot Banking module permaDll
Elastic Security YARA Rules	malware	Linux.Backdoor.Fontonlake
Elastic Security YARA Rules	malware	Linux.Backdoor.Tinyshell
Elastic Security YARA Rules	malware	Linux.Exploit.CVE-2021-3156
Elastic Security YARA Rules	malware	Linux.Exploit.CVE-2021-3156
Elastic Security YARA Rules	malware	Linux.Exploit.CVE-2021-3490
Elastic Security YARA Rules	malware	Linux.Exploit.CVE-2021-4034
Elastic Security YARA Rules	malware	Linux.Exploit.CVE-2022-0847
Elastic Security YARA Rules	malware	Linux.Exploit.Log4j
Elastic Security YARA Rules	malware	Linux.Hacktool.Fontonlake
Elastic Security YARA Rules	malware	Linux.Hacktool.Wipelog
Elastic Security YARA Rules	malware	Linux.Proxy.Frp
Elastic Security YARA Rules	malware	Linux.Rootkit.Fontonlake
Elastic Security YARA Rules	malware	Linux.Trojan.BPFDoor
Elastic Security YARA Rules	malware	Linux.Trojan.BPFDoor
Elastic Security YARA Rules	malware	Linux.Trojan.BPFDoor
Elastic Security YARA Rules	malware	Linux.Trojan.BPFDoor
Elastic Security YARA Rules	malware	Linux.Trojan.BPFDoor
Elastic Security YARA Rules	malware	Linux.Trojan.Mirai
Elastic Security YARA Rules	malware	Linux.Trojan.Mirai
Elastic Security YARA Rules	malware	Linux.Trojan.Orbit
Elastic Security YARA Rules	malware	MacOS.Backdoor.Fakeflashlxk
Elastic Security YARA Rules	malware	MacOS.Backdoor.Kagent
Elastic Security YARA Rules	malware	MacOS.Backdoor.Keyboardrecord
Elastic Security YARA Rules	malware	MacOS.Backdoor.Useragent
Elastic Security YARA Rules	malware	MacOS.Cryptominer.Generic
Elastic Security YARA Rules	malware	MacOS.Cryptominer.Xmrig
Elastic Security YARA Rules	malware	MacOS.Exploit.Log4j
Elastic Security YARA Rules	malware	MacOS.Hacktool.Bifrost
Elastic Security YARA Rules	malware	MacOS.Hacktool.Swiftbelt
Elastic Security YARA Rules	malware	MacOS.Trojan.Eggshell
Elastic Security YARA Rules	malware	MacOS.Trojan.Electrorat
Elastic Security YARA Rules	malware	MacOS.Trojan.Metasploit
Elastic Security YARA Rules	malware	MacOS.Trojan.Metasploit
Elastic Security YARA Rules	malware	MacOS.Trojan.Metasploit
Elastic Security YARA Rules	malware	MacOS.Trojan.RustBucket
Elastic Security YARA Rules	malware	MacOS.Trojan.Thiefquest
Elastic Security YARA Rules	malware	Macos.Hacktool.JokerSpy
Elastic Security YARA Rules	malware	Multi.Ransomware.Luna
Elastic Security YARA Rules	malware	Multi.Trojan.Coreimpact
Elastic Security YARA Rules	malware	Multi.Trojan.Sliver
Elastic Security YARA Rules	malware	Multi.Trojan.Sliver
Elastic Security YARA Rules	malware	Windows.Backdoor.TeamViewer
Elastic Security YARA Rules	malware	Windows.Exploit.Dcom
Elastic Security YARA Rules	malware	Windows.Exploit.Log4j
Elastic Security YARA Rules	malware	Windows.Hacktool.AskCreds
Elastic Security YARA Rules	malware	Windows.Hacktool.DarkLoadLibrary
Elastic Security YARA Rules	malware	Windows.Hacktool.Mimikatz
Elastic Security YARA Rules	malware	Windows.Hacktool.Rubeus
Elastic Security YARA Rules	malware	Windows.Hacktool.SafetyKatz
Elastic Security YARA Rules	malware	Windows.Hacktool.Seatbelt
Elastic Security YARA Rules	malware	Windows.Hacktool.Sharpersist
Elastic Security YARA Rules	malware	Windows.Hacktool.SharpAppLocker
Elastic Security YARA Rules	malware	Windows.Hacktool.SharpChromium
Elastic Security YARA Rules	malware	Windows.Hacktool.SharpDump
Elastic Security YARA Rules	malware	Windows.Hacktool.SharpHound
Elastic Security YARA Rules	malware	Windows.Hacktool.SharpLAPS
Elastic Security YARA Rules	malware	Windows.Hacktool.SharpMove
Elastic Security YARA Rules	malware	Windows.Hacktool.SharpRDP
Elastic Security YARA Rules	malware	Windows.Hacktool.SharpShares
Elastic Security YARA Rules	malware	Windows.Hacktool.SharpStay
Elastic Security YARA Rules	malware	Windows.Hacktool.SharpUp
Elastic Security YARA Rules	malware	Windows.Hacktool.SharpView
Elastic Security YARA Rules	malware	Windows.Hacktool.SharpWMI
Elastic Security YARA Rules	malware	Windows.Hacktool.WinPEAS-ng
Elastic Security YARA Rules	malware	Windows.Hacktool.WinPEAS-ng
Elastic Security YARA Rules	malware	Windows.Hacktool.WinPEAS-ng
Elastic Security YARA Rules	malware	Windows.Hacktool.WinPEAS-ng
Elastic Security YARA Rules	malware	Windows.Hacktool.WinPEAS-ng
Elastic Security YARA Rules	malware	Windows.Hacktool.WinPEAS-ng
Elastic Security YARA Rules	malware	Windows.Hacktool.WinPEAS-ng
Elastic Security YARA Rules	malware	Windows.Hacktool.WinPEAS-ng
Elastic Security YARA Rules	malware	Windows.Hacktool.WinPEAS-ng
Elastic Security YARA Rules	malware	Windows.Hacktool.WinPEAS-ng
Elastic Security YARA Rules	malware	Windows.Hacktool.WinPEAS-ng
Elastic Security YARA Rules	malware	Windows.Hacktool.WinPEAS-ng
Elastic Security YARA Rules	malware	Windows.PUP.MediaArena
Elastic Security YARA Rules	malware	Windows.Ransomware.Bitpaymer
Elastic Security YARA Rules	malware	Windows.Ransomware.BlackBasta
Elastic Security YARA Rules	malware	Windows.Ransomware.Clop
Elastic Security YARA Rules	malware	Windows.Ransomware.Dharma
Elastic Security YARA Rules	malware	Windows.Ransomware.Egregor
Elastic Security YARA Rules	malware	Windows.Ransomware.Generic
Elastic Security YARA Rules	malware	Windows.Ransomware.Helloxd
Elastic Security YARA Rules	malware	Windows.Ransomware.Hive
Elastic Security YARA Rules	malware	Windows.Ransomware.Hive
Elastic Security YARA Rules	malware	Windows.Ransomware.Ragnarok
Elastic Security YARA Rules	malware	Windows.Ransomware.Ragnarok
Elastic Security YARA Rules	malware	Windows.Ransomware.Ragnarok
Elastic Security YARA Rules	malware	Windows.Ransomware.Snake
Elastic Security YARA Rules	malware	Windows.Ransomware.Thanos
Elastic Security YARA Rules	malware	Windows.Trojan.AgentTesla
Elastic Security YARA Rules	malware	Windows.Trojan.Backoff
Elastic Security YARA Rules	malware	Windows.Trojan.Bandook
Elastic Security YARA Rules	malware	Windows.Trojan.Behinder
Elastic Security YARA Rules	malware	Windows.Trojan.Bitrat
Elastic Security YARA Rules	malware	Windows.Trojan.BruteRatel
Elastic Security YARA Rules	malware	Windows.Trojan.Bughatch
Elastic Security YARA Rules	malware	Windows.Trojan.Carberp
Elastic Security YARA Rules	malware	Windows.Trojan.CobaltStrike
Elastic Security YARA Rules	malware	Windows.Trojan.CobaltStrike
Elastic Security YARA Rules	malware	Windows.Trojan.CobaltStrike
Elastic Security YARA Rules	malware	Windows.Trojan.CobaltStrike
Elastic Security YARA Rules	malware	Windows.Trojan.CobaltStrike
Elastic Security YARA Rules	malware	Windows.Trojan.CobaltStrike
Elastic Security YARA Rules	malware	Windows.Trojan.CobaltStrike
Elastic Security YARA Rules	malware	Windows.Trojan.CobaltStrike
Elastic Security YARA Rules	malware	Windows.Trojan.CobaltStrike
Elastic Security YARA Rules	malware	Windows.Trojan.CobaltStrike
Elastic Security YARA Rules	malware	Windows.Trojan.CobaltStrike
Elastic Security YARA Rules	malware	Windows.Trojan.CobaltStrike
Elastic Security YARA Rules	malware	Windows.Trojan.CobaltStrike
Elastic Security YARA Rules	malware	Windows.Trojan.CobaltStrike
Elastic Security YARA Rules	malware	Windows.Trojan.CobaltStrike
Elastic Security YARA Rules	malware	Windows.Trojan.CobaltStrike
Elastic Security YARA Rules	malware	Windows.Trojan.CobaltStrike
Elastic Security YARA Rules	malware	Windows.Trojan.CobaltStrike
Elastic Security YARA Rules	malware	Windows.Trojan.CobaltStrike
Elastic Security YARA Rules	malware	Windows.Trojan.CobaltStrike
Elastic Security YARA Rules	malware	Windows.Trojan.CobaltStrike
Elastic Security YARA Rules	malware	Windows.Trojan.CobaltStrike
Elastic Security YARA Rules	malware	Windows.Trojan.CyberGate
Elastic Security YARA Rules	malware	Windows.Trojan.DCRat
Elastic Security YARA Rules	malware	Windows.Trojan.Darkcomet
Elastic Security YARA Rules	malware	Windows.Trojan.DoorMe
Elastic Security YARA Rules	malware	Windows.Trojan.DoubleBack
Elastic Security YARA Rules	malware	Windows.Trojan.DownTown
Elastic Security YARA Rules	malware	Windows.Trojan.Dridex
Elastic Security YARA Rules	malware	Windows.Trojan.Generic
Elastic Security YARA Rules	malware	Windows.Trojan.Gh0st
Elastic Security YARA Rules	malware	Windows.Trojan.Gozi
Elastic Security YARA Rules	malware	Windows.Trojan.Guloader
Elastic Security YARA Rules	malware	Windows.Trojan.Hancitor
Elastic Security YARA Rules	malware	Windows.Trojan.Hawkeye
Elastic Security YARA Rules	malware	Windows.Trojan.IcedID
Elastic Security YARA Rules	malware	Windows.Trojan.IcedID
Elastic Security YARA Rules	malware	Windows.Trojan.Jupyter
Elastic Security YARA Rules	malware	Windows.Trojan.Kronos
Elastic Security YARA Rules	malware	Windows.Trojan.Lokibot
Elastic Security YARA Rules	malware	Windows.Trojan.Metasploit
Elastic Security YARA Rules	malware	Windows.Trojan.Nanocore
Elastic Security YARA Rules	malware	Windows.Trojan.NapListener
Elastic Security YARA Rules	malware	Windows.Trojan.Netwire
Elastic Security YARA Rules	malware	Windows.Trojan.Netwire
Elastic Security YARA Rules	malware	Windows.Trojan.OnlyLogger
Elastic Security YARA Rules	malware	Windows.Trojan.Pandastealer
Elastic Security YARA Rules	malware	Windows.Trojan.Parallax
Elastic Security YARA Rules	malware	Windows.Trojan.Pingpull
Elastic Security YARA Rules	malware	Windows.Trojan.PoshC2
Elastic Security YARA Rules	malware	Windows.Trojan.PowerSeal
Elastic Security YARA Rules	malware	Windows.Trojan.Qbot
Elastic Security YARA Rules	malware	Windows.Trojan.RedLineStealer
Elastic Security YARA Rules	malware	Windows.Trojan.RedLineStealer
Elastic Security YARA Rules	malware	Windows.Trojan.Remcos
Elastic Security YARA Rules	malware	Windows.Trojan.Revcoderat
Elastic Security YARA Rules	malware	Windows.Trojan.SVCReady
Elastic Security YARA Rules	malware	Windows.Trojan.ShadowPad
Elastic Security YARA Rules	malware	Windows.Trojan.ShadowPad
Elastic Security YARA Rules	malware	Windows.Trojan.SnakeKeylogger
Elastic Security YARA Rules	malware	Windows.Trojan.Squirrelwaffle
Elastic Security YARA Rules	malware	Windows.Trojan.SysJoker
Elastic Security YARA Rules	malware	Windows.Trojan.SysJoker
Elastic Security YARA Rules	malware	Windows.Trojan.Sythe
Elastic Security YARA Rules	malware	Windows.Trojan.Trickbot
Elastic Security YARA Rules	malware	Windows.Trojan.Trickbot
Elastic Security YARA Rules	malware	Windows.Trojan.Trickbot
Elastic Security YARA Rules	malware	Windows.Trojan.Trickbot
Elastic Security YARA Rules	malware	Windows.Trojan.Trickbot
Elastic Security YARA Rules	malware	Windows.Trojan.Trickbot
Elastic Security YARA Rules	malware	Windows.Trojan.Trickbot
Elastic Security YARA Rules	malware	Windows.Trojan.Trickbot
Elastic Security YARA Rules	malware	Windows.Trojan.Trickbot
Elastic Security YARA Rules	malware	Windows.Trojan.Trickbot
Elastic Security YARA Rules	malware	Windows.Trojan.Trickbot
Elastic Security YARA Rules	malware	Windows.Trojan.Trickbot
Elastic Security YARA Rules	malware	Windows.Trojan.Xworm
Google GCTI YARA rules	malware	Cobalt Strike's resources/template.py signature for versions v3.3 to v4.x
Google GCTI YARA rules	malware	Cobalt Strike's resources/template.x64.ps1, resources/template.hint.x64.ps1 and resources/template.hint.x32.ps1 from v3.0 to v4.x except 3.12 and 3.13

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	github.com/YARAHQ/yara-forge/releases/download/20240324/yara-forge-rules-full.zip	140.82.121.3	302 Found	0 B
URL User Request GET HTTP/2 github.com/YARAHQ/yara-forge/releases/download/20240324/yara-forge-rules-full.zip IP 140.82.121.3:443 ASN #36459 GITHUB Certificate IssuerSectigo Limited Subjectgithub.com FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0 ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /YARAHQ/yara-forge/releases/download/20240324/yara-forge-rules-full.zip HTTP/1.1 Host: github.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 302 Found server: GitHub.com date: Thu, 28 Mar 2024 19:25:02 GMT content-type: text/html; charset=utf-8 vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/711268411/cfbb9c85-58d3-4c78-a4b9-96e498ca23c7?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240328%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240328T192502Z&X-Amz-Expires=300&X-Amz-Signature=967bddb61f2143a1c7f0d08f39d01e570aa4df718f97cf724675aeab6029f589&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=711268411&response-content-disposition=attachment%3B%20filename%3Dyara-forge-rules-full.zip&response-content-type=application%2Foctet-stream cache-control: no-cache strict-transport-security: max-age=31536000; includeSubdomains; preload x-frame-options: deny x-content-type-options: nosniff x-xss-protection: 0 referrer-policy: no-referrer-when-downgrade content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com .actions.githubusercontent.com wss://.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ content-length: 0 x-github-request-id: F0F9:369FA7:1816A99:184E17C:6605C418 X-Firefox-Spdy: h2

	objects.githubusercontent.com/github-production-release-asset-2e65be/711268411/cfbb9c85-58d3-4c78-a4b9-96e498ca23c7?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240328%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240328T192502Z&X-Amz-Expires=300&X-Amz-Signature=967bddb61f2143a1c7f0d08f39d01e570aa4df718f97cf724675aeab6029f589&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=711268411&response-content-disposition=attachment%3B%20filename%3Dyara-forge-rules-full.zip&response-content-type=application%2Foctet-stream	185.199.109.133	200 OK	3.6 MB
URL User Request GET HTTP/2 objects.githubusercontent.com/github-production-release-asset-2e65be/711268411/cfbb9c85-58d3-4c78-a4b9-96e498ca23c7?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240328%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240328T192502Z&X-Amz-Expires=300&X-Amz-Signature=967bddb61f2143a1c7f0d08f39d01e570aa4df718f97cf724675aeab6029f589&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=711268411&response-content-disposition=attachment%3B%20filename%3Dyara-forge-rules-full.zip&response-content-type=application%2Foctet-stream IP 185.199.109.133:443 ASN #54113 FASTLY Certificate IssuerDigiCert Inc Subject.github.io Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28 ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT File type Zip archive data, at least v1.0 to extract, compression method=store Size 3.6 MB (3634228 bytes) Hash c44f3a330c92ddafea8d40f52670ec4e acb1332410ebf8626d75db32815b5be51f5a6cc8 09f46a1fa84e7a26de7e64f6f28c13202dd2a3031c1e1963da82a27cce3d3af8 HTTP Headers GET /github-production-release-asset-2e65be/711268411/cfbb9c85-58d3-4c78-a4b9-96e498ca23c7?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240328%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240328T192502Z&X-Amz-Expires=300&X-Amz-Signature=967bddb61f2143a1c7f0d08f39d01e570aa4df718f97cf724675aeab6029f589&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=711268411&response-content-disposition=attachment%3B%20filename%3Dyara-forge-rules-full.zip&response-content-type=application%2Foctet-stream HTTP/1.1 Host: objects.githubusercontent.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK content-type: application/octet-stream content-md5: xE86MwyS3a/qjUD1JnDsTg== last-modified: Sun, 24 Mar 2024 02:01:12 GMT etag: "0x8DC4BA64841E31B" server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: c7906960-a01e-006e-2992-7db47a000000 x-ms-version: 2020-10-02 x-ms-creation-time: Sun, 24 Mar 2024 02:01:12 GMT x-ms-lease-status: unlocked x-ms-lease-state: available x-ms-blob-type: BlockBlob content-disposition: attachment; filename=yara-forge-rules-full.zip x-ms-server-encrypted: true via: 1.1 varnish, 1.1 varnish accept-ranges: bytes date: Thu, 28 Mar 2024 19:25:12 GMT age: 10 x-served-by: cache-iad-kcgs7200179-IAD, cache-hel1410033-HEL x-cache: HIT, HIT x-cache-hits: 101, 1 x-timer: S1711653912.330151,VS0,VE461 content-length: 3634228 X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (1)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers