Report Overview
Visitedpublic
2024-03-28 19:26:20
Tags
Submit Tags
URL
github.com/YARAHQ/yara-forge/releases/download/20240324/yara-forge-rules-full.zip
Finishing URL
about:privatebrowsing
IP / ASN
140.82.121.3
Title
about:privatebrowsing
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
0
Host Summary
| Host | Rank | Registered | First Seen | Last Seen | Sent | Received | IP | Fingerprints |
|---|---|---|---|---|---|---|---|---|
github.com | 1423 | 2007-10-09 | 2016-07-13 12:28:22 | 2024-03-24 14:57:11 | 535 B | 4.0 kB | 140.82.121.3 | |
objects.githubusercontent.com | 134060 | 2014-02-06 | 2021-11-01 22:34:29 | 2024-03-28 05:21:49 | 1.0 kB | 3.6 MB |  185.199.109.133 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
No alerts detected
Threat Detection Systems
Public InfoSec YARA rules
No alerts detected
OpenPhish
No alerts detected
PhishTank
No alerts detected
mnemonic secure dns
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
File detected
URL
objects.githubusercontent.com/github-production-release-asset-2e65be/711268411/cfbb9c85-58d3-4c78-a4b9-96e498ca23c7?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240328%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240328T192502Z&X-Amz-Expires=300&X-Amz-Signature=967bddb61f2143a1c7f0d08f39d01e570aa4df718f97cf724675aeab6029f589&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=711268411&response-content-disposition=attachment%3B%20filename%3Dyara-forge-rules-full.zip&response-content-type=application%2Foctet-stream
IP / ASN
185.199.109.133
File Overview
File TypeZip archive data, at least v1.0 to extract, compression method=store
Size3.6 MB (3634228 bytes)
MD5c44f3a330c92ddafea8d40f52670ec4e
SHA1acb1332410ebf8626d75db32815b5be51f5a6cc8
Archive (1)
| Filename | MD5 | File type |
|---|---|---|
| yara-rules-full.yar | 8643632a780602e680fe9b4a7e7c057c | ASCII text, with very long lines (887) |
Detections
| Analyzer | Verdict | Alert |
|---|---|---|
| Public Nextron YARA rules | malware | Detects Turla Agent.BTZ |
| Public Nextron YARA rules | malware | Find generic data potentially relating to AP15 tools |
| Public Nextron YARA rules | malware | HyperBro Stage 3 C2 path and user agent detection - also tested in memory |
| Public Nextron YARA rules | malware | Rule to detect Drovorub-server, Drovorub-agent, or Drovorub-client based |
| Public Nextron YARA rules | malware | Auto-generated rule |
| Public Nextron YARA rules | malware | A loader for the CobaltStrike malware family, which ultimately takes the first and second bytes of an embedded file, and flips them prior to executing the resulting payload. |
| Public Nextron YARA rules | malware | The FRESHFIRE malware family. The malware acts as a downloader, pulling down an encrypted snippet of code from a remote source, executing it, and deleting it from the remote server. |
| Public Nextron YARA rules | malware | Detects BoomBox malware as described in APT29 NOBELIUM report |
| Public Nextron YARA rules | malware | Detects stageless loader as used by APT29 / NOBELIUM |
| Public Nextron YARA rules | malware | North Korean origin malware which uses a custom Google App for c2 communications. |
| Public Nextron YARA rules | malware | Detects Speculoos Backdoor used by APT41 |
| Public Nextron YARA rules | malware | Detetcs a tool used in the Australian Parliament House network compromise |
| Public Nextron YARA rules | malware | Detetcs a tool used in the Australian Parliament House network compromise |
| Public Nextron YARA rules | malware | Detetcs a tool used in the Australian Parliament House network compromise |
| Public Nextron YARA rules | malware | Custome SSH backdoor based on python and paramiko - file server.py |
| Public Nextron YARA rules | malware | Casper French Espionage Malware - String Match in File - http://goo.gl/VRJNLo |
| Public Nextron YARA rules | malware | Casper French Espionage Malware - System Info Output - http://goo.gl/VRJNLo |
| Public Nextron YARA rules | malware | Detects malware from the Proofpoint CN APT ZeroT incident |
| Public Nextron YARA rules | malware | Detects malware from the Proofpoint CN APT ZeroT incident |
| Public Nextron YARA rules | malware | Chinese APT by Proofpoint ZeroT RAT - file Mcutil.dll |
| Public Nextron YARA rules | malware | Detects Red Delta samples |
| Public Nextron YARA rules | malware | Detects Red Delta samples |
| Public Nextron YARA rules | malware | Identifies strings used in Cobalt Strike Beacon DLL |
| Public Nextron YARA rules | malware | Detects unmodified CobaltStrike beacon DLL |
| Public Nextron YARA rules | malware | Detects Codoso APT CustomTCP Malware |
| Public Nextron YARA rules | malware | Detects Codoso APT Gh0st Malware |
| Public Nextron YARA rules | malware | Detects Codoso APT Gh0st Malware |
| Public Nextron YARA rules | malware | Detects Codoso APT PGV PVID Malware |
| Public Nextron YARA rules | malware | Detects a malware sysdll.exe from the Rocket Kitten APT |
| Public Nextron YARA rules | malware | Detects trojan from APT report named http.exe |
| Public Nextron YARA rules | malware | Detects a malicious PotPlayer.dll |
| Public Nextron YARA rules | malware | Hack Deep Panda - lot1.tmp-pwdump |
| Public Nextron YARA rules | malware | Hack Deep Panda - htran-exe |
| Public Nextron YARA rules | malware | Detects DTRACK malware |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file create_dns_injection.py |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file screamingplow.sh |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file MixText.py |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file tunnel_state_reader |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file payload.py |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file eligiblecandidate.py |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file BUSURPER-2211-724.exe |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file networkProfiler_orderScans.sh |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file epicbanana_2.1.0.1.py |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file sniffer_xml2pcap |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file BananaAid |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file config_jp1_UA.pl |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file userscript.FW |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file BUSURPER-3001-724.exe |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file workit.py |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file tinyhttp_setup.sh |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file EPBA.script |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file jetplow.sh |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file extrabacon_1.1.0.1.py |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file sploit.py |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file uninstallPBD.bat |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file BICECREAM-2140 |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file BFLEA-2201.exe |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file StoreFc.py |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file BBALL_E28F6-2201.exe |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - from files BARPUNCH-3110, BPICKER-3100 |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - from files pandarock_v1.11.1.1.bin, pit |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - from files BananaUsurper-2120, writeJetPlow-2130 |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - from files BLIAR-2110, BLIQUER-2230, BLIQUER-3030, BLIQUER-3120 |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - from files BLIAR-2110, BLIQUER-2230 |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - from files sploit.py, sploit.py |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - from files ssh.py, telnet.py |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - Callback addresses |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - Extrabacon exploit output |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - Unique strings |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file elgingamble |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file cmsd |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file ebbshave.v5 |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file eggbasket |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file sambal |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file cmsex |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file DUL |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file slugger2 |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file jackpop |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file epoxyresin.v1.0.0.1 |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file estesfox |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7 |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- from files scanner, scanner.v2.1.2 |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- from files ghost_sparc, ghost_x86 |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- from files jparsescan, parsescan |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7 |
| Public Nextron YARA rules | malware | Detects EquationGroup Tool - April Leak |
| Public Nextron YARA rules | malware | Detects EquationGroup Tool - April Leak |
| Public Nextron YARA rules | malware | Detects EquationGroup Tool - April Leak |
| Public Nextron YARA rules | malware | Detects EquationGroup Tool - April Leak |
| Public Nextron YARA rules | malware | This rule is UNTESTED against a large dataset and is for hunting purposes only. |
| Public Nextron YARA rules | malware | Detects malware Redosdru - file systemHome.exe |
| Public Nextron YARA rules | malware | Detects a string found in memory of malware cedt370r(3).exe |
| Public Nextron YARA rules | malware | Detects strings from FIN7 report in August 2018 |
| Public Nextron YARA rules | malware | Detects Word Dropper from Proofpoint FIN7 Report |
| Public Nextron YARA rules | malware | Detects FourElementSword Malware |
| Public Nextron YARA rules | malware | Detects FourElementSword Malware |
| Public Nextron YARA rules | malware | String from the ShodowBroker Files Screenshots - Dec 2016 |
| Public Nextron YARA rules | malware | Auto-generated rule - file violetspirit.README |
| Public Nextron YARA rules | malware | Auto-generated rule - file gr.notes |
| Public Nextron YARA rules | malware | Auto-generated rule - file user.tool.yellowspirit.COMMON |
| Public Nextron YARA rules | malware | Auto-generated rule - file opscript.se |
| Public Nextron YARA rules | malware | Auto-generated rule - file user.tool.epichero.COMMON |
| Public Nextron YARA rules | malware | Auto-generated rule - file user.tool.elatedmonkey |
| Public Nextron YARA rules | malware | Auto-generated rule - file user.tool.dubmoat.COMMON |
| Public Nextron YARA rules | malware | Auto-generated rule - file strifeworld.1 |
| Public Nextron YARA rules | malware | Auto-generated rule - file user.tool.pork.COMMON |
| Public Nextron YARA rules | malware | Auto-generated rule - file user.tool.ebbisland.COMMON |
| Public Nextron YARA rules | malware | Auto-generated rule - file user.tool.elgingamble.COMMON |
| Public Nextron YARA rules | malware | Auto-generated rule - file README.cup.NOPEN |
| Public Nextron YARA rules | malware | Auto-generated rule - file oneshot.example |
| Public Nextron YARA rules | malware | Auto-generated rule - file user.tool.earlyshovel.COMMON |
| Public Nextron YARA rules | malware | Auto-generated rule - file user.tool.envisioncollision.COMMON |
| Public Nextron YARA rules | malware | Auto-generated rule |
| Public Nextron YARA rules | malware | Auto-generated rule - from files user.tool.orleansstride.COMMON, user.tool.curserazor.COMMON |
| Public Nextron YARA rules | malware | Auto-generated rule |
| Public Nextron YARA rules | malware | Auto-generated rule - from files violetspirit.README, violetspirit.README |
| Public Nextron YARA rules | malware | Detects Gh0st RAT mentioned in Cylance' Ghost Dragon Report |
| Public Nextron YARA rules | malware | Detects Gh0st RAT mentioned in Cylance' Ghost Dragon Report |
| Public Nextron YARA rules | malware | Detects ISMDoor Backdoor |
| Public Nextron YARA rules | malware | X-Agent/CHOPSTICK Implant by APT28 |
| Public Nextron YARA rules | malware | BlackEnergy / Voodoo Bear Implant by APT28 |
| Public Nextron YARA rules | malware | Unidentified Implant by APT29 |
| Public Nextron YARA rules | malware | Detects forensic artefacts found in HAFNIUM intrusions |
| Public Nextron YARA rules | malware | Detects PowerCat hacktool |
| Public Nextron YARA rules | malware | Detects PowerShell Oneliner in Nishang's repository |
| Public Nextron YARA rules | malware | variation on reGeorgtunnel |
| Public Nextron YARA rules | malware | The SPORTSBALL webshell allows attackers to upload files or execute commands on the system. |
| Public Nextron YARA rules | malware | Detects CVE-2021-27065 Webshellz |
| Public Nextron YARA rules | malware | Detects Chopper like ASPX Webshells |
| Public Nextron YARA rules | malware | Detects Chopper like ASPX Webshells |
| Public Nextron YARA rules | malware | Detects forensic artefacts found in HAFNIUM intrusions exploiting CVE-2021-27065 |
| Public Nextron YARA rules | malware | Detects forensic artefacts showing cleanup activity found in HAFNIUM intrusions exploiting |
| Public Nextron YARA rules | malware | Detects suspicious log entries that indicate requests as described in reports on HAFNIUM activity |
| Public Nextron YARA rules | malware | Detects Tofu Trojan |
| Public Nextron YARA rules | malware | detection for Hellsing implants |
| Public Nextron YARA rules | malware | Detects Industroyer related custom port scaner output file |
| Public Nextron YARA rules | malware | Detects Industroyer related malware |
| Public Nextron YARA rules | malware | Detects IronGate APT Malware - Step7ProSim DLL |
| Public Nextron YARA rules | malware | Iron Panda malware DnsTunClient - file named.exe |
| Public Nextron YARA rules | malware | Iron Panda Malware Htran |
| Public Nextron YARA rules | malware | ASPXSpy detection. It might be used by other fraudsters |
| Public Nextron YARA rules | malware | Iron Tiger Tool - wmi.vbs detection |
| Public Nextron YARA rules | malware | Keylogger - generic rule for a Chinese variant |
| Public Nextron YARA rules | malware | Detects LinaDoor Linux Rootkit |
| Public Nextron YARA rules | malware | Detects Pupy RAT |
| Public Nextron YARA rules | malware | Detects DLLs loaded by shellcode loader (6ce5b6b4cdd6290d396465a1624d489c7afd2259a4d69b73c6b0ba0e5ad4e4ad) (relation to Lazarus group) |
| Public Nextron YARA rules | malware | Detects suspicios ELF files with sections as described in malicious iLO Board analysis by AmnPardaz in December 2021 |
| Public Nextron YARA rules | malware | Malware sample mentioned in Microcin technical report by Kaspersky |
| Public Nextron YARA rules | malware | CommentCrew Malware MiniASP APT |
| Public Nextron YARA rules | malware | Detects ShimRat and the ShimRat loader |
| Public Nextron YARA rules | malware | Detects ShimRatReporter |
| Public Nextron YARA rules | malware | Rule to detect Moonlight Maze sniffer tools |
| Public Nextron YARA rules | malware | Rule to detect Moonlight Maze 'de' and 'deg' tunnel tool |
| Public Nextron YARA rules | malware | Rule to detect Moonlight Maze 'cle' log cleaning tool |
| Public Nextron YARA rules | malware | Rule to detect Moonlight Maze 'xk' keylogger |
| Public Nextron YARA rules | malware | Detetcs the Nanocore RAT and similar malware |
| Public Nextron YARA rules | malware | Detetcs the Nanocore RAT |
| Public Nextron YARA rules | malware | Detects user function string from NCSC report |
| Public Nextron YARA rules | malware | Detects malicious batch file from NCSC report |
| Public Nextron YARA rules | malware | Detects malicious batch file from NCSC report |
| Public Nextron YARA rules | malware | Detects RDP brute forcer from NCSC report |
| Public Nextron YARA rules | malware | Detects Z Webshell from NCSC report |
| Public Nextron YARA rules | malware | Ruby loader seen loading the ROKRAT malware family. |
| Public Nextron YARA rules | malware | Detects strings found in POOLRAT malware |
| Public Nextron YARA rules | malware | Detects Oilrig malware samples |
| Public Nextron YARA rules | malware | Detects OilRig malware |
| Public Nextron YARA rules | malware | Detects APT34 PowerShell malware |
| Public Nextron YARA rules | malware | Detects APT34 PowerShell malware |
| Public Nextron YARA rules | malware | Detects ONHAT Proxy - Htran like SOCKS hack tool used by Chinese APT groups |
| Public Nextron YARA rules | malware | Keylogger used by attackers in Operation Cleaver |
| Public Nextron YARA rules | malware | ARP cache poisoner used by attackers in Operation Cleaver |
| Public Nextron YARA rules | malware | Shell Creator used by attackers in Operation Cleaver to create ASPX web shells |
| Public Nextron YARA rules | malware | Malware or hack tool used by attackers in Operation Cleaver |
| Public Nextron YARA rules | malware | Malware or hack tool used by attackers in Operation Cleaver |
| Public Nextron YARA rules | malware | Tiny Bot used by attackers in Operation Cleaver |
| Public Nextron YARA rules | malware | Keywords used by attackers in Operation Cleaver |
| Public Nextron YARA rules | malware | Hack tool used by attackers in Operation Cleaver |
| Public Nextron YARA rules | malware | Backdoor used by attackers in Operation Cleaver |
| Public Nextron YARA rules | malware | Backdoor used by attackers in Operation Cleaver |
| Public Nextron YARA rules | malware | Mimikatz Wrapper used by attackers in Operation Cleaver |
| Public Nextron YARA rules | malware | Parviz tool used by attackers in Operation Cleaver |
| Public Nextron YARA rules | malware | Hack tool used by attackers in Operation Cleaver |
| Public Nextron YARA rules | malware | Mimikatz wrapper used by attackers in Operation Cleaver |
| Public Nextron YARA rules | malware | CCProxy config known from Operation Cleaver |
| Public Nextron YARA rules | malware | Detects malware from Operation Cloud Hopper |
| Public Nextron YARA rules | malware | Malware related to Operation Cloud Hopper - Page 25 |
| Public Nextron YARA rules | malware | Tools related to Operation Cloud Hopper |
| Public Nextron YARA rules | malware | Strings from CSharp version of Agent |
| Public Nextron YARA rules | malware | Strings from PowerShell dropper of CSharp version of Agent |
| Public Nextron YARA rules | malware | Piece of Base64 encoded data from Agent CSharp version |
| Public Nextron YARA rules | malware | Strings from Python version of Agent |
| Public Nextron YARA rules | malware | Piece of Base64 encoded data from Agent Python version |
| Public Nextron YARA rules | malware | Strings from Python keylogger |
| Public Nextron YARA rules | malware | Strings from the CSharp version of XServer |
| Public Nextron YARA rules | malware | Piece of Base64 encoded data from the XServer PowerShell dropper |
| Public Nextron YARA rules | malware | Strings from the PowerShell dropper of XServer |
| Public Nextron YARA rules | malware | Process injector/launcher |
| Public Nextron YARA rules | malware | Timeliner utility |
| Public Nextron YARA rules | malware | Checkadmin utility |
| Public Nextron YARA rules | malware | Python getos utility |
| Public Nextron YARA rules | malware | Strings from the information grabber VBS |
| Public Nextron YARA rules | malware | Strings from the console.jsp webshell |
| Public Nextron YARA rules | malware | Strings from the ver.jsp webshell |
| Public Nextron YARA rules | malware | Generic strings from webinfo.war webshells |
| Public Nextron YARA rules | malware | PassCV Malware mentioned in Cylance Report |
| Public Nextron YARA rules | malware | Detects PoisonIvy RAT sample set |
| Public Nextron YARA rules | malware | Detects Poseidon Group Malware |
| Public Nextron YARA rules | malware | Detects |
| Public Nextron YARA rules | malware | Detects scripts (mostly LUA) from Project Sauron report by Kaspersky |
| Public Nextron YARA rules | malware | Detects Dsniff hack tool |
| Public Nextron YARA rules | malware | Detects strings from arping module - Project Sauron report by Kaspersky |
| Public Nextron YARA rules | malware | Detects strings from kblogi module - Project Sauron report by Kaspersky |
| Public Nextron YARA rules | malware | Detects strings from basex module - Project Sauron report by Kaspersky |
| Public Nextron YARA rules | malware | Detects strings from dext module - Project Sauron report by Kaspersky |
| Public Nextron YARA rules | malware | Detects PROMETHIUM and NEODYMIUM malware |
| Public Nextron YARA rules | malware | Detects PROMETHIUM and NEODYMIUM malware |
| Public Nextron YARA rules | malware | Detects an APT malware related to PutterPanda |
| Public Nextron YARA rules | malware | Detects all QuarksPWDump versions |
| Public Nextron YARA rules | malware | Detects Quasar RAT |
| Public Nextron YARA rules | malware | Detects indicators found in DarkBit ransomware |
| Public Nextron YARA rules | malware | Detects malware from Rehashed RAT incident |
| Public Nextron YARA rules | malware | Detects RevengeRAT malware |
| Public Nextron YARA rules | malware | Sakula malware - strings after unpacking (memory rule) |
| Public Nextron YARA rules | malware | Detects an archive file created by P.A.S. for download operation |
| Public Nextron YARA rules | malware | Detects SQL dump file created by P.A.S. webshell |
| Public Nextron YARA rules | malware | Detects the encryption key for the configuration file used by Exaramel malware as seen in sample e1ff72[...] |
| Public Nextron YARA rules | malware | Detects the specific name of the configuration file in Exaramel malware as seen in sample e1ff72[...] |
| Public Nextron YARA rules | malware | Detects path of the unix socket created to prevent concurrent executions in Exaramel malware |
| Public Nextron YARA rules | malware | Detects names of the tasks received from the CC server in Exaramel malware |
| Public Nextron YARA rules | malware | Detects Strings used by Exaramel malware |
| Public Nextron YARA rules | malware | Detects shell script used by Sandworm in attack against Exim mail server |
| Public Nextron YARA rules | malware | Detects Sandworm Python loader |
| Public Nextron YARA rules | malware | Scanbox Chinese Deep Panda APT Malware http://goo.gl/MUUfjv and http://goo.gl/WXUQcP |
| Public Nextron YARA rules | malware | A malicious Chrome browser extention used by the SharpTongue threat actor to steal mail data from a victim |
| Public Nextron YARA rules | malware | Detects a |
| Public Nextron YARA rules | malware | Detects malware sample mentioned in the Silence report on Securelist |
| Public Nextron YARA rules | malware | Detects Sofacy Fysbis Linux Backdoor |
| Public Nextron YARA rules | malware | Detects webshell access mentioned in FireEye's SUNBURST report |
| Public Nextron YARA rules | malware | STUXSHOP_config |
| Public Nextron YARA rules | malware | inveigh pen testing tools & related artifacts |
| Public Nextron YARA rules | malware | Detects TeleBots malware - IntercepterNG |
| Public Nextron YARA rules | malware | Detects Liudoor daemon backdoor |
| Public Nextron YARA rules | malware | Detects Turla malware (based on sample used in the RUAG APT case) |
| Public Nextron YARA rules | malware | Detects malware used in the RUAG APT case |
| Public Nextron YARA rules | malware | Detects Turla malware (based on sample used in the RUAG APT case) |
| Public Nextron YARA rules | malware | Rule for detection of Nautilus related strings |
| Public Nextron YARA rules | malware | Detects artefacts found in Hermetic Wiper malware related intrusions |
| Public Nextron YARA rules | malware | Detects scheduled task pattern found in Hermetic Wiper malware related intrusions |
| Public Nextron YARA rules | malware | Detects SombRAT samples from UNC2447 campaign |
| Public Nextron YARA rules | malware | Detects WARPRISM PowerShell samples from UNC2447 campaign |
| Public Nextron YARA rules | malware | Detects DEWMODE webshells |
| Public Nextron YARA rules | malware | Detects malware by Chinese APT PLA Unit 78020 - Generic Rule - Chong |
| Public Nextron YARA rules | malware | Strings identifying the core REDLEAVES RAT in its deobfuscated state |
| Public Nextron YARA rules | malware | Detects specific RedLeaves and PlugX binaries |
| Public Nextron YARA rules | malware | Symantec Waterbug Attack - Trojan.Wipbot 2014 Down.dll component |
| Public Nextron YARA rules | malware | Detects powershell script used in Operation Wilted Tulip |
| Public Nextron YARA rules | malware | Detects a Windows scheduled task as used in Operation Wilted Tulip |
| Public Nextron YARA rules | malware | Detects hack tool used in Operation Wilted Tulip - Windows Tasks |
| Public Nextron YARA rules | malware | Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip |
| Public Nextron YARA rules | malware | Detects PlugX Malware Samples from June 2016 |
| Public Nextron YARA rules | malware | Winnti sample - file NlaifSvc.dll |
| Public Nextron YARA rules | malware | Detects a operation Woolen-Goldfish sample - http://goo.gl/NpJpVZ |
| Public Nextron YARA rules | malware | Detects a operation Woolen-Goldfish sample - http://goo.gl/NpJpVZ |
| Public Nextron YARA rules | malware | Detects a ZxShell - CN threat group |
| Public Nextron YARA rules | malware | BernhardPOS Credit Card dumping tool |
| Public Nextron YARA rules | malware | Bluenoroff POS malware - hkp.dll |
| Public Nextron YARA rules | malware | Find documents saved from the same potential Cobalt Gang PDF template |
| Public Nextron YARA rules | malware | Triggers on strings of known DearCry samples |
| Public Nextron YARA rules | malware | Detects unpacked SystemBC module as used by Emotet in March 2022 |
| Public Nextron YARA rules | malware | Detects EternalRocks Malware - file taskhost.exe |
| Public Nextron YARA rules | malware | Detects Fireball malware - file clearlog.dll |
| Public Nextron YARA rules | malware | 2021 loader for Bokbot / Icedid core (license.dat) |
| Public Nextron YARA rules | malware | Match protocol, process injects and windows exploit present in KINS dropper |
| Public Nextron YARA rules | malware | Detects Darkside Ransomware |
| Public Nextron YARA rules | malware | Detects suspicious log lines produeced during the exploitation of ADSelfService vulnerability CVE-2021-40539 |
| Public Nextron YARA rules | malware | Detects suspicious log lines produeced during the exploitation of ADSelfService vulnerability CVE-2021-40539 |
| Public Nextron YARA rules | malware | Detects exploitation attempts against Confluence servers abusing a RCE reported as CVE-2021-26084 |
| Public Nextron YARA rules | malware | Detects exceptions found in server logs that indicate an exploitation attempt of CVE-2021-44228 |
| Public Nextron YARA rules | malware | Detects error messages related to JDNI usage in log files that can indicate a Log4Shell / Log4j exploitation |
| Public Nextron YARA rules | malware | Detects indicators of exploitation of ManageEngine vulnerability as described by Horizon3 |
| Public Nextron YARA rules | malware | Detects webshells dropped by DropHell malware |
| Public Nextron YARA rules | malware | Detects indicators found after SpringCore exploitation attempts and in the POC script |
| Public Nextron YARA rules | malware | Detects ProxyToken CVE-2021-33766 exploitation attempts on an unpatched system |
| Public Nextron YARA rules | malware | Detects payload as seen in PoC code to exploit Workspace ONE Access freemarker server-side template injection CVE-2022-22954 |
| Public Nextron YARA rules | malware | Detects forensic artefacts indicating successful exploitation of F5 BIG IP appliances as reported by NCCGroup |
| Public Nextron YARA rules | malware | Detects signs of exploitation of GitLab CE CVE-2021-22205 |
| Public Nextron YARA rules | malware | Detects payloads used in Shitrix exploitation CVE-2019-19781 |
| Public Nextron YARA rules | malware | Detection for Dimorf ransomeware |
| Public Nextron YARA rules | malware | Detects CobaltStrike payloads |
| Public Nextron YARA rules | malware | Detects CobaltStrike payloads |
| Public Nextron YARA rules | malware | Detects Empire component - file Get-SecurityPackages.ps1 |
| Public Nextron YARA rules | malware | Detects Empire component - file Invoke-PowerDump.ps1 |
| Public Nextron YARA rules | malware | Detects Empire component - file Invoke-ShellcodeMSIL.ps1 |
| Public Nextron YARA rules | malware | Detects Empire component - file Invoke-SmbScanner.ps1 |
| Public Nextron YARA rules | malware | Detects Empire component - file Invoke-EgressCheck.ps1 |
| Public Nextron YARA rules | malware | Detects Empire component - file Invoke-PostExfil.ps1 |
| Public Nextron YARA rules | malware | Detects Empire component - file Invoke-SMBAutoBrute.ps1 |
| Public Nextron YARA rules | malware | Detects Empire component - file Get-Keystrokes.ps1 |
| Public Nextron YARA rules | malware | Detects Empire component - file Invoke-DllInjection.ps1 |
| Public Nextron YARA rules | malware | Detects Empire component - file KeePassConfig.ps1 |
| Public Nextron YARA rules | malware | Detects Empire component |
| Public Nextron YARA rules | malware | Detects Empire component - from files PowerUp.ps1, PowerUp.ps1 |
| Public Nextron YARA rules | malware | Detects Empire component |
| Public Nextron YARA rules | malware | Detects Empire component - from files KeePassConfig.ps1, KeePassConfig.ps1 |
| Public Nextron YARA rules | malware | Detects Empire component - from files Invoke-Portscan.ps1, Invoke-Portscan.ps1 |
| Public Nextron YARA rules | malware | Detects Empire component - from files Invoke-CredentialInjection.ps1, Invoke-Mimikatz.ps1 |
| Public Nextron YARA rules | malware | Detects Empire component - from files Invoke-DCSync.ps1, Invoke-PSInject.ps1, Invoke-ReflectivePEInjection.ps1 |
| Public Nextron YARA rules | malware | This rule is looking for B64 offsets of LazyNetToJscriptLoader which is a namespace specific to the internal version of the GadgetToJScript tooling. |
| Public Nextron YARA rules | malware | HackTool_MSIL_SharPersist_2 |
| Public Nextron YARA rules | malware | CredTheft_MSIL_ADPassHunt_2 |
| Public Nextron YARA rules | malware | Identifies GoRat malware in memory based on strings. |
| Public Nextron YARA rules | malware | APT_Builder_PY_REDFLARE_2 |
| Public Nextron YARA rules | malware | Detects FireEye's Python Redflar |
| Public Nextron YARA rules | malware | Cobalt Strike's resources/template.py signature for versions v3.3 to v4.x |
| Public Nextron YARA rules | malware | Cobalt Strike's resources/template.x64.ps1, resources/template.hint.x64.ps1 and resources/template.hint.x32.ps1 from v3.0 to v4.x except 3.12 and 3.13 |
| Public Nextron YARA rules | malware | Detects CactusTorch Hacktool |
| Public Nextron YARA rules | malware | Detects URL mentioned in report on compromised Github repositories in August 2022 |
| Public Nextron YARA rules | malware | Detects HawkEye Keylogger Reborn |
| Public Nextron YARA rules | malware | Detects Venom - a library that meant to perform evasive communication using stolen browser socket |
| Public Nextron YARA rules | malware | Compiled Impacket Tools |
| Public Nextron YARA rules | malware | Detects Invoke-Mimikatz String |
| Public Nextron YARA rules | malware | Detects Invoke-WmiExec or Invoke-SmbExec |
| Public Nextron YARA rules | malware | Auto-generated rule - file kerberoast.py |
| Public Nextron YARA rules | malware | Detects Khepri C2 framework beacons |
| Public Nextron YARA rules | malware | Detects Reflective DLL Loader |
| Public Nextron YARA rules | malware | Detects Reflective DLL Loader - suspicious - Possible FP could be program crack |
| Public Nextron YARA rules | malware | Detects Reflective DLL Loader |
| Public Nextron YARA rules | malware | Detects PowerShell AMSI Bypass |
| Public Nextron YARA rules | malware | Detects MSHTA Bypass |
| Public Nextron YARA rules | malware | Detects a suspicious Javascript Run command |
| Public Nextron YARA rules | malware | VT Research QA uploaded malware - file vqgk.dll |
| Public Nextron YARA rules | malware | Detects Merlin agent |
| Public Nextron YARA rules | malware | Detects a Metasploit Loader by RSMudge - file loader.exe |
| Public Nextron YARA rules | malware | Metasploit Payloads - file msf-psh.vba |
| Public Nextron YARA rules | malware | Metasploit Payloads - file msf-exe.vba |
| Public Nextron YARA rules | malware | Metasploit Payloads - file msf.psh |
| Public Nextron YARA rules | malware | Metasploit Payloads - file msf.aspx |
| Public Nextron YARA rules | malware | Metasploit Payloads - file msf-cmd.ps1 |
| Public Nextron YARA rules | malware | Metasploit Payloads - file msf-ref.ps1 |
| Public Nextron YARA rules | malware | PowerShell with PE Reflective Injection |
| Public Nextron YARA rules | malware | Detects a log file generated by malicious hack tool mimikatz |
| Public Nextron YARA rules | malware | Detects Mimikittenz - file Invoke-mimikittenz.ps1 |
| Public Nextron YARA rules | malware | Detects Mimipenguin Password Extractor - Linux |
| Public Nextron YARA rules | malware | Bella MacOS/OSX backdoor |
| Public Nextron YARA rules | malware | p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedPowerCat.cs |
| Public Nextron YARA rules | malware | p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedPotato.cs |
| Public Nextron YARA rules | malware | p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedExploits.cs |
| Public Nextron YARA rules | malware | p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedBinaries.cs |
| Public Nextron YARA rules | malware | p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedAmsiBypass.cs |
| Public Nextron YARA rules | malware | p0wnedShell Runspace Post Exploitation Toolkit - from files p0wnedShell.cs, p0wnedShell.cs |
| Public Nextron YARA rules | malware | Detects characteristics of suspicious file names or double extensions often found in phishing mail attachments |
| Public Nextron YARA rules | malware | Detects Pirpi Backdoor - and other malware (generic rule) |
| Public Nextron YARA rules | malware | Detects Pirpi Backdoor |
| Public Nextron YARA rules | malware | Detects hack tool PowerShdll |
| Public Nextron YARA rules | malware | Detects PowerShell ISESteroids obfuscation |
| Public Nextron YARA rules | malware | Auto-generated rule - file Invoke-Shellcode.ps1 |
| Public Nextron YARA rules | malware | Auto-generated rule - file Invoke-Mimikatz.ps1 |
| Public Nextron YARA rules | malware | Auto-generated rule - file Invoke-RelfectivePEInjection.ps1 |
| Public Nextron YARA rules | malware | Auto-generated rule - file Persistence.ps1 |
| Public Nextron YARA rules | malware | Auto-generated rule - from files Invoke-Mimikatz.ps1, Invoke-RelfectivePEInjection.ps1 |
| Public Nextron YARA rules | malware | Auto-generated rule - from files Inveigh-BruteForce.ps1 |
| Public Nextron YARA rules | malware | Auto-generated rule - from files Persistence.ps1 |
| Public Nextron YARA rules | malware | Auto-generated rule - from files Inveigh-BruteForce.ps1 |
| Public Nextron YARA rules | malware | Detects Base64 encoded PS1 Shellcode |
| Public Nextron YARA rules | malware | Osiris Device Guard Bypass - file Invoke-OSiRis.ps1 |
| Public Nextron YARA rules | malware | Detects Pupy backdoor |
| Public Nextron YARA rules | malware | Detects Adzok RAT |
| Public Nextron YARA rules | malware | Detects Ap0calypse RAT |
| Public Nextron YARA rules | malware | Detects BlackShades RAT |
| Public Nextron YARA rules | malware | Detects BlueBanana RAT |
| Public Nextron YARA rules | malware | Detects Bozok RAT |
| Public Nextron YARA rules | malware | Detects ClientMesh RAT |
| Public Nextron YARA rules | malware | Detects DarkComet RAT |
| Public Nextron YARA rules | malware | Detects DarkRAT |
| Public Nextron YARA rules | malware | Detects JavaDropper RAT |
| Public Nextron YARA rules | malware | Detects LostDoor RAT |
| Public Nextron YARA rules | malware | Detects Paradox RAT |
| Public Nextron YARA rules | malware | Detects QRAT |
| Public Nextron YARA rules | malware | Detects ShadowTech RAT |
| Public Nextron YARA rules | malware | Detects Sub7Nation RAT |
| Public Nextron YARA rules | malware | Detects Vertex RAT |
| Public Nextron YARA rules | malware | Detects Adwind RAT |
| Public Nextron YARA rules | malware | Detects unrecom RAT |
| Public Nextron YARA rules | malware | Detects Red Sails Hacktool - Python |
| Public Nextron YARA rules | malware | Detects code which uses the python lib sectools |
| Public Nextron YARA rules | malware | Detects an executable that has been encoded with base64 twice |
| Public Nextron YARA rules | malware | Detects suspicious UTF16 and Base64 encoded PowerShell code that starts with a $ sign and a single char variable |
| Public Nextron YARA rules | malware | Detects a suspicious |
| Public Nextron YARA rules | malware | Detects a suspicious command line with netsh and the portproxy command |
| Public Nextron YARA rules | malware | Detects method to disable ETW in ENV vars before executing a program |
| Public Nextron YARA rules | malware | Detects a tool that can be used for privilege escalation - file gp3finder_v4.0.exe |
| Public Nextron YARA rules | malware | Detects a tool that can be used for privilege escalation - file folderperm.ps1 |
| Public Nextron YARA rules | malware | Detects simple Windows shell - file s3.exe |
| Public Nextron YARA rules | malware | Detects simple Windows shell - file s1.exe |
| Public Nextron YARA rules | malware | Detects simple Windows shell - from files keygen.exe, s1.exe, s2.exe, s3.exe, s4.exe |
| Public Nextron YARA rules | malware | Detects simple Windows shell - from files s3.exe, s4.exe |
| Public Nextron YARA rules | malware | Auto-generated rule - file WMImplant.ps1 |
| Public Nextron YARA rules | malware | Ysoserial Payloads - file Spring1.bin |
| Public Nextron YARA rules | malware | Ysoserial Payloads |
| Public Nextron YARA rules | malware | Ysoserial Payloads - from files JavassistWeld1.bin, JBossInterceptors.bin |
| Public Nextron YARA rules | malware | NTML Hash Dump output file - John/LC format |
| Public Nextron YARA rules | malware | Detects payload generated by exe2hex |
| Public Nextron YARA rules | malware | Detects NatBypass tool (also used by APT41) |
| Public Nextron YARA rules | malware | Detects a suspicious TeamViewer log entry stating that the remote systems had a Chinese keyboard layout |
| Public Nextron YARA rules | malware | Detects a suspicious TeamViewer log entry stating that the remote systems had a Russian keyboard layout |
| Public Nextron YARA rules | malware | Detects SALTWATER malware used in Barracuda ESG exploitations (CVE-2023-2868) |
| Public Nextron YARA rules | malware | Detects BPFDoor malware |
| Public Nextron YARA rules | malware | Detects BPFDoor implants used by Chinese actor Red Menshen |
| Public Nextron YARA rules | malware | Detects BPFDoor/Tricephalic Hellkeeper passive implant |
| Public Nextron YARA rules | malware | Detects LockBit ransomware samples for Linux and macOS |
| Public Nextron YARA rules | malware | Detects indicators found in LockBit ransomware log files |
| Public Nextron YARA rules | malware | Detects forensic artifacts found in LockBit intrusions |
| Public Nextron YARA rules | malware | Detects script used in ransomware attacks exploiting and encrypting ESXi servers - file encrypt.sh |
| Public Nextron YARA rules | malware | Detects ransomware exploiting and encrypting ESXi servers |
| Public Nextron YARA rules | malware | Detects Python backdoor found on ESXi servers |
| Public Nextron YARA rules | malware | Rule to detect the EquationLaser malware |
| Public Nextron YARA rules | malware | EquationDrug - HDD/SSD firmware operation - nls_933w.dll |
| Public Nextron YARA rules | malware | FiveEyes QUERTY Malware - file 20123_cmdDef.xml |
| Public Nextron YARA rules | malware | FiveEyes QUERTY Malware - file 20123.xml |
| Public Nextron YARA rules | malware | FiveEyes QUERTY Malware - file 20120_cmdDef.xml |
| Public Nextron YARA rules | malware | FiveEyes QUERTY Malware - file 20121_cmdDef.xml |
| Public Nextron YARA rules | malware | Malware Sample - maybe Regin related |
| Public Nextron YARA rules | malware | Windows Credential Editor |
| Public Nextron YARA rules | malware | Detects Amplia Security Tool like Windows Credential Editor |
| Public Nextron YARA rules | malware | PwDump 6 variant |
| Public Nextron YARA rules | malware | PScan - Port Scanner |
| Public Nextron YARA rules | malware | Hacktool |
| Public Nextron YARA rules | malware | This signature detects the Fierce2 domain scanner |
| Public Nextron YARA rules | malware | This signature detects the Ncrack brute force tool |
| Public Nextron YARA rules | malware | This signature detects the SQLMap SQL injection tool |
| Public Nextron YARA rules | malware | Auto-generated rule on file PortScanner.exe |
| Public Nextron YARA rules | malware | Auto-generated rule on file NetBIOS Name Scanner.exe |
| Public Nextron YARA rules | malware | Auto-generated rule on file ipscan.exe |
| Public Nextron YARA rules | malware | Auto-generated rule on file IP Stealing Utilities.exe |
| Public Nextron YARA rules | malware | Auto-generated rule on file PortRacer.exe |
| Public Nextron YARA rules | malware | Auto-generated rule on file scanarator.exe |
| Public Nextron YARA rules | malware | Auto-generated rule on file =Bitchin Threads=.exe |
| Public Nextron YARA rules | malware | Auto-generated rule on file portscan.exe |
| Public Nextron YARA rules | malware | Auto-generated rule on file ProPort.exe |
| Public Nextron YARA rules | malware | Auto-generated rule on file StealthWasp's Basic PortScanner v1.2.exe |
| Public Nextron YARA rules | malware | Auto-generated rule on file BluesPortScan.exe |
| Public Nextron YARA rules | malware | Auto-generated rule on file iis.exe |
| Public Nextron YARA rules | malware | Auto-generated rule on file ipscan.exe |
| Public Nextron YARA rules | malware | Auto-generated rule on file Loader.exe |
| Public Nextron YARA rules | malware | Detects the backdoor Beastdoor |
| Public Nextron YARA rules | malware | Detects a Powershell version of the Netcat network hacking tool |
| Public Nextron YARA rules | malware | Detects a chinese Portscanner named MilkT |
| Public Nextron YARA rules | malware | Modified (packed) version of Windows Credential Editor |
| Public Nextron YARA rules | malware | iKAT hack tools set agent - file ikat.exe |
| Public Nextron YARA rules | malware | Tool to hide unhide the windows startbar from command line - iKAT hack tools - file startbar.exe |
| Public Nextron YARA rules | malware | Auto-generated rule - file BypassUac2.zip |
| Public Nextron YARA rules | malware | APT Malware - Proxy |
| Public Nextron YARA rules | malware | Disclosed hacktool set - file nc.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set - file cs.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set - file sql.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set - file 445TOOL.rar |
| Public Nextron YARA rules | malware | Disclosed hacktool set - file s.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set - file Burst.rar |
| Public Nextron YARA rules | malware | Disclosed hacktool set - file GOGOGO.bat |
| Public Nextron YARA rules | malware | Disclosed hacktool set - file pass.txt |
| Public Nextron YARA rules | malware | Disclosed hacktool set - file JoHor_Posts_Killer.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set - file Start.bat - DoS tool |
| Public Nextron YARA rules | malware | Disclosed hacktool set - file Blast.bat |
| Public Nextron YARA rules | malware | PoS Scammer Toolbox - http://goo.gl/xiIphp - file VUBrute.exe |
| Public Nextron YARA rules | malware | PoS Scammer Toolbox - http://goo.gl/xiIphp - file config.ini |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file listip.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file ArtTrayHookDll.dll |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file EditServer.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file letmein.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file token.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file webget.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file ASPack Chinese.ini |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file EditKeyLogReadMe.txt |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file readme.txt |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file EditKeyLog.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file PassSniffer.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file InjectT.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file Jc.WinEggDrop Shell.txt |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file TBack.DLL |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file Inject.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file sqlcmd.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file 2323.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file CleanIISLog.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file sqlcheck.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file RunAsEx.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file splitjoin.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file InstGina.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file findoor.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file InjectT.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file gina.dll |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file xsniff.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file fscan.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - from files FsHttp.exe, FsPop.exe, FsSniffer.exe |
| Public Nextron YARA rules | malware | Remote Admin Tool used by APT group Anunak (ru) - file AA_v3.4.exe and AA_v3.5.exe |
| Public Nextron YARA rules | malware | Linux hack tools - file scanssh |
| Public Nextron YARA rules | malware | Linux hack tools - file pscan2 |
| Public Nextron YARA rules | malware | Linux hack tools - file a |
| Public Nextron YARA rules | malware | Linux hack tools - file mass |
| Public Nextron YARA rules | malware | Detects a Chinese hacktool from a disclosed toolset - from files XScanLib.dll, XScanLib.dll, XScanLib.dll |
| Public Nextron YARA rules | malware | Detects a Chinese hacktool from a disclosed toolset - file PipeCmd.exe |
| Public Nextron YARA rules | malware | Detects a Chinese hacktool from a disclosed toolset - file sqlr.exe |
| Public Nextron YARA rules | malware | Detects VSSown.vbs script - used to export shadow copy elements like NTDS to take away and crack elsewhere |
| Public Nextron YARA rules | malware | Network domain enumeration tool - often used by attackers - file Nv.exe |
| Public Nextron YARA rules | malware | Network domain enumeration tool output - often used by attackers - file filename.txt |
| Public Nextron YARA rules | malware | Detects Linux Port Scanner Shark |
| Public Nextron YARA rules | malware | Detects dnscat2 - from files dnscat, dnscat2.exe |
| Public Nextron YARA rules | malware | Detects Windows Credential Editor (WCE) in memory (and also on disk) |
| Public Nextron YARA rules | malware | Detects a tool used by APT groups - file pstgdump.exe |
| Public Nextron YARA rules | malware | Detects a tool used by APT groups |
| Public Nextron YARA rules | malware | Detects a tool used by APT groups - file fgexec.exe |
| Public Nextron YARA rules | malware | Detects a tool used by APT groups - from files cachedump.exe, cachedump64.exe |
| Public Nextron YARA rules | malware | Detects a tool used by APT groups - file PwDump.exe |
| Public Nextron YARA rules | malware | Detects an XML that executes Mimikatz on an endpoint via MSBuild |
| Public Nextron YARA rules | malware | Detects POC code from disclosed 0day hacktool set |
| Public Nextron YARA rules | malware | Detects a process injection utility that can be used ofr good and bad purposes |
| Public Nextron YARA rules | malware | Detects Lazagne PW Dumper |
| Public Nextron YARA rules | malware | Detects susupicious bash command |
| Public Nextron YARA rules | malware | Detects Lazagne password extractor hacktool |
| Public Nextron YARA rules | malware | Detects NoPowerShell hack tool |
| Public Nextron YARA rules | malware | Web Shell - file iMHaPFtp.php |
| Public Nextron YARA rules | malware | Web Shell - file guo.php |
| Public Nextron YARA rules | malware | Web Shell - file redcod.php |
| Public Nextron YARA rules | malware | Web Shell - file server.php |
| Public Nextron YARA rules | malware | Web Shell - file cihshell_fix.php |
| Public Nextron YARA rules | malware | Web Shell - file up.php |
| Public Nextron YARA rules | malware | Web Shell - file EFSO_2.asp |
| Public Nextron YARA rules | malware | Web Shell - file up.jsp |
| Public Nextron YARA rules | malware | Web Shell - file Server Variables.asp |
| Public Nextron YARA rules | malware | Web Shell - file ice.php |
| Public Nextron YARA rules | malware | Web Shell - file phpspy2010.php |
| Public Nextron YARA rules | malware | Web Shell - file ice.asp |
| Public Nextron YARA rules | malware | Web Shell - file 404.asp |
| Public Nextron YARA rules | malware | Web Shell - file webshell-cnseay02-1.php |
| Public Nextron YARA rules | malware | Web Shell - file fbi.php |
| Public Nextron YARA rules | malware | Web Shell - file B374k.php |
| Public Nextron YARA rules | malware | Web Shell - file list.php |
| Public Nextron YARA rules | malware | Web Shell - file 404.php |
| Public Nextron YARA rules | malware | Web Shell - file aspydrv.asp |
| Public Nextron YARA rules | malware | Web Shell - file Dx.php |
| Public Nextron YARA rules | malware | Web Shell - file MySQL Web Interface Version 0.8.php |
| Public Nextron YARA rules | malware | Web Shell - file odd.php |
| Public Nextron YARA rules | malware | Web Shell - file idc.php |
| Public Nextron YARA rules | malware | Web Shell - file 404.php |
| Public Nextron YARA rules | malware | Web Shell - file webshell-cnseay-x.php |
| Public Nextron YARA rules | malware | Web Shell - file up.asp |
| Public Nextron YARA rules | malware | Web Shell - file odd.php |
| Public Nextron YARA rules | malware | Web Shell - file k81.jsp |
| Public Nextron YARA rules | malware | Web Shell - file cmdjsp.jsp |
| Public Nextron YARA rules | malware | Web Shell - file Java Shell.jsp |
| Public Nextron YARA rules | malware | Web Shell - file r57142.php |
| Public Nextron YARA rules | malware | Web Shell - file simple-backdoor.php |
| Public Nextron YARA rules | malware | Web Shell - file cmd.php |
| Public Nextron YARA rules | malware | Web Shell - file co.php |
| Public Nextron YARA rules | malware | Web Shell - file 150.php |
| Public Nextron YARA rules | malware | Web Shell - file c37.php |
| Public Nextron YARA rules | malware | Web Shell - file b37.php |
| Public Nextron YARA rules | malware | Web Shell - file bug (1).php |
| Public Nextron YARA rules | malware | Web Shell - from files ghost_source.php, icesword.php, silic.php |
| Public Nextron YARA rules | malware | Web Shell |
| Public Nextron YARA rules | malware | Web Shell |
| Public Nextron YARA rules | malware | Web Shell - from files jsp-reverse.jsp, jsp-reverse.jsp, jspbd.jsp |
| Public Nextron YARA rules | malware | Web Shell |
| Public Nextron YARA rules | malware | Web Shell - from files itsec.php, PHPJackal.php, itsecteam_shell.php, jHn.php |
| Public Nextron YARA rules | malware | Web Shell |
| Public Nextron YARA rules | malware | Web Shell |
| Public Nextron YARA rules | malware | Web Shell - from files 000.jsp, 403.jsp, c5.jsp, config.jsp, myxx.jsp, queryDong.jsp, spyjsp2010.jsp, zend.jsp |
| Public Nextron YARA rules | malware | Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php |
| Public Nextron YARA rules | malware | Web Shell |
| Public Nextron YARA rules | malware | Web Shell - from files phpspy_2005_full.php, phpspy_2005_lite.php, phpspy_2006.php, PHPSPY.php |
| Public Nextron YARA rules | malware | Web Shell |
| Public Nextron YARA rules | malware | Web Shell - from files r57shell127.php, r57_kartal.php, r57.php |
| Public Nextron YARA rules | malware | Web shells - generated from file con2.asp |
| Public Nextron YARA rules | malware | Web shells - generated from file Expdoor.com ASP.asp |
| Public Nextron YARA rules | malware | Web shells - generated from file php2.php |
| Public Nextron YARA rules | malware | Web shells - generated from file bypass-iisuser-p.asp |
| Public Nextron YARA rules | malware | Web shells - generated from file 404super.php |
| Public Nextron YARA rules | malware | Web shells - generated from file JSP.jsp |
| Public Nextron YARA rules | malware | Web shells - generated from file webshell-123.php |
| Public Nextron YARA rules | malware | Web shells - generated from file dev_core.php |
| Public Nextron YARA rules | malware | Web shells - generated from file pHp.php |
| Public Nextron YARA rules | malware | Web shells - generated from file pppp.php |
| Public Nextron YARA rules | malware | Web shells - generated from file code.php |
| Public Nextron YARA rules | malware | Web shells - generated from file xxxx.php |
| Public Nextron YARA rules | malware | Web shells - generated from file PHP1.php |
| Public Nextron YARA rules | malware | Web shells - generated from file asp1.asp |
| Public Nextron YARA rules | malware | Web shells - generated from file php6.php |
| Public Nextron YARA rules | malware | Web shells - generated from file GetPostpHp.php |
| Public Nextron YARA rules | malware | Web shells - generated from file php5.php |
| Public Nextron YARA rules | malware | Web shells - generated from file PHP.php |
| Public Nextron YARA rules | malware | Web shells - generated from file Asp.asp |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file perlbot.pl.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file php-backdoor.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file shankar.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Casus15.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file small.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file shellbot.pl.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file fuckphpshell.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file ngh.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file jsp-reverse.jsp.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Tool.asp.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file NT Addy.asp.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file phvayvv.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file r57shell.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file rst_sql.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file wh_bindshell.py.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file lurm_safemod_on.cgi.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file c99madshell_v2.0.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file w3d.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file WinX Shell.html.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Dx.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file csh.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file pHpINJ.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file 2008.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file ak74shell.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Rem View.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Java Shell.js.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file STNC.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file aZRaiLPhp v1.0.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file zacosmall.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file CmdAsp.asp.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file simple-backdoor.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file mysql_shell.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Dive Shell 1.0 - Emperor Hacking Team.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Asmodeus v0.1.pl.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Reader.asp.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file phpshell17.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file SimShell 1.0 - Simorgh Security MGZ.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file jspshall.jsp.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file rootshell.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file connectback2.pl.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file wso.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file backdoor1.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file elmaliseker.asp.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file s72 Shell v1.1 Coding.html.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file kacak.asp.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file PHP Backdoor Connect.pl.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Antichat Socks5 Server.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Antichat Shell v1.3.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file cyberlords_sql.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Ayyildiz Tim -AYT- Shell v 2.1 Biz.html.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file EFSO_2.asp.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file lamashell.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Ajax_PHP Command Shell.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file JspWebshell 1.2.jsp.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Sincap.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Phyton Shell.py.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file sh.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file phpjackal.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file sql.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file cgi-python.py.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file ru24_post_sh.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file telnetd.pl.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file php-include-w-shell.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file shell.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file telnet.cgi.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file ironshell.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file backdoorfr.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file aspydrv.asp.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file cmdjsp.jsp.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file h4ntu shell [powered by tsoi].txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Ajan.asp.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file PHANTASMA.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file MySQL Web Interface Version 0.8.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - from files nst.php.php.txt, img.php.php.txt, nstview.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - from files network.php.php.txt, xinfo.php.php.txt, nfm.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated |
| Public Nextron YARA rules | malware | Semi-Auto-generated - from files w.php.php.txt, wacking.php.php.txt, SpecialShell_99.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - from files r577.php.php.txt, SnIpEr_SA Shell.php.txt, r57.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - from files wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt, c100.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - from files r577.php.php.txt, r57.php.php.txt, r57 Shell.php.php.txt, spy.php.php.txt, s.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - from files multiple_php_webshells |
| Public Nextron YARA rules | malware | Semi-Auto-generated - from files w.php.php.txt, c99madshell_v2.1.php.php.txt, wacking.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated |
| Public Nextron YARA rules | malware | Semi-Auto-generated - from files nst.php.php.txt, cybershell.php.php.txt, img.php.php.txt, nstview.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated |
| Public Nextron YARA rules | malware | Semi-Auto-generated - from files r577.php.php.txt, r57.php.php.txt, spy.php.php.txt, s.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated |
| Public Nextron YARA rules | malware | Looks like a webshell cloaked as GIF - http://goo.gl/xFvioC |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file dC3_Security_Crew_Shell_PRiV.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file simattacker.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file DTool Pro.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file ironshell.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file b374k-mini-shell-php.php.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file Sincap 1.0.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file b374k.php.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file h4ntu shell [powered by tsoi].php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file MyShell.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file pws.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file reader.asp.php.txt |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file php-backdoor.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file pHpINJ.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file NGH.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file matamu.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file ru24_post_sh.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file hiddens shell v1.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file c99_locus7s.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file safe0ver.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file kral.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file cgitelnet.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file NTDaddy v1.9.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file lamashell.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file Simple_PHP_backdoor_by_DK.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file CmdAsp.asp.php.txt |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file NCC-Shell.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file README.md |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file backupsql.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file AK-74 Security Team Web Shell Beta Version.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file cpanel.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file 529.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file qsd-php-backdoor.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file Ayyildiz Tim -AYT- Shell v 2.1 Biz.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file Gamma Web Shell.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file WinX Shell.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file php-include-w-shell.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file PhpSpy Ver 2006.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file myshell.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file lolipop.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file simple_cmd.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file go-shell.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file aZRaiLPhp v1.0.php |
| Public Nextron YARA rules | malware | Webshells Github Archive - file zehir4 |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file zehir4.asp.php.txt |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file lostDC.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file CasuS 1.5.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - from files Ajax_PHP Command Shell.php, Ajax_PHP_Command_Shell.php, soldierofallah.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - from files Small Web Shell by ZaCo.php, small.php, zaco.php, zacosmall.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - from files Dive Shell 1.0 |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - from files CrystalShell v.1.php, erne.php, stres.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - from files findsock.c, php-findsock-shell.php, php-reverse-shell.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file Injectt.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file ssh.php |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file Client.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file ZXshell.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file RkNTLoad.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file binder2.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file orice2.php |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file sendmail.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file zehir4.asp |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file hkshell.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file DarkSpy105.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file EditServer.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file reader.asp |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file svchostdll.dll |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file server.asp |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file vanquish.dll |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file Client.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file Simple_PHP_BackDooR.php |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file hkrmv.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file phpft.php |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file bdcli100.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file rdrbs084.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file 2005.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file casus15.php |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file installer.cmd |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file elmaliseker.asp |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file resolve.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file Fport.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file upload.asp |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file PasswordReminder.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file RkNT.dll |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file dbgntboot.dll |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file shell.php |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file rdrbs100.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file Mithril.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file hkdoordll.dll |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file dllTest.dll |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file dbgiis6cli.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file cress.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file usr.php |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file phpinj.php |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file db.asp |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file EditServer.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file by064cli.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file dllTest.dll |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file connector.asp |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file HideRun.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file PHP_Shell_v1.7.php |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file save.asp |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file screencap.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file zxrecv.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file deploy.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file by063cli.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file asp.asp |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file ntboot.dll |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file xwhois.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file vanquish.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file nc.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file Server.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file 2006.asp |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file HDConfig.exe |
| Public Nextron YARA rules | malware | Webshell and Exploit Code in relation with APT against Honk Kong protesters |
| Public Nextron YARA rules | malware | Detects a web shell that downloads content from pastebin.com http://goo.gl/7dbyZs |
| Public Nextron YARA rules | malware | Detects a web shell |
| Public Nextron YARA rules | malware | Detects a simple cloaked PHP web shell |
| Public Nextron YARA rules | malware | Detects properties file of Confluence Questions plugin with static user name and password (backdoor) CVE-2022-26138 |
| Public Nextron YARA rules | malware | Detects JQuery File Upload vulnerability CVE-2018-9206 |
| Public Nextron YARA rules | malware | Detects a potential compromise indicator found in MOVEit Transfer logs |
| Public Nextron YARA rules | malware | Detects a potential compromise indicator found in MOVEit Transfer logs |
| Public Nextron YARA rules | malware | Detects a potential compromise indicator found in MOVEit DMZ Web API logs |
| Public Nextron YARA rules | malware | Detects logs generated after a successful exploitation using the PoC code against CVE-2022-41040 and CVE-2022-41082 (aka ProxyNotShell) in Microsoft Exchange servers |
| Trellix Threat Reasearch YARA rules | malware | Filter for 2nd stage malware used in VPNfilter attack |
| Trellix Threat Reasearch YARA rules | malware | Monero mining software |
| Trellix Threat Reasearch YARA rules | malware | CTB_Locker |
| Trellix Threat Reasearch YARA rules | malware | Detect GPGQwerty ransomware |
| Trellix Threat Reasearch YARA rules | malware | Rule to detect the Kraken Cryptor Ransomware |
| Trellix Threat Reasearch YARA rules | malware | rule to detect Linux variant of the Hello Kitty Ransomware |
| Trellix Threat Reasearch YARA rules | malware | Rule to detect Mount Locker ransomware |
| Trellix Threat Reasearch YARA rules | malware | Credentials Stealing Attack |
| YARAhub by abuse.ch | malware | Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen |
| YARAhub by abuse.ch | malware | Detect basics of ItsSoEasy Ransomware (Itssoeasy-A) |
| YARAhub by abuse.ch | malware | Lucasstealer |
| YARAhub by abuse.ch | malware | Detects QBOT HTML smuggling variants |
| YARAhub by abuse.ch | malware | RABBITHUNT_cls |
| YARAhub by abuse.ch | malware | Detects the ESXiArgs Ransomware encryption python script |
| YARAhub by abuse.ch | malware | yarahub_win_remcos_rat_unpacked_aug_2023 |
| Public InfoSec YARA rules | malware | Identifies Adfind, a Command line Active Directory query tool. |
| Public InfoSec YARA rules | malware | Identifies Aurora Stealer. |
| Public InfoSec YARA rules | malware | Identifies AveMaria aka WarZone RAT. |
| Public InfoSec YARA rules | malware | Identifies CryLock aka Cryakl ransomware. |
| Public InfoSec YARA rules | malware | Identifies Darkside ransomware. |
| Public InfoSec YARA rules | malware | Identifies Hidden Windows driver, used by malware such as PurpleFox. |
| Public InfoSec YARA rules | malware | Identifies IcedID (stage 1 and 2, initial loaders). |
| Public InfoSec YARA rules | malware | Identifies Impacket, a collection of Python classes for working with network protocols. |
| Public InfoSec YARA rules | malware | Identifies LaZagne, credentials recovery project. |
| Public InfoSec YARA rules | malware | Identifies Maze ransomware in memory or unpacked. |
| Public InfoSec YARA rules | malware | Identifies Parallax RAT. |
| Public InfoSec YARA rules | malware | Identifies Pysa aka Mespinoza ransomware. |
| Public InfoSec YARA rules | malware | Identifies RagnarLocker ransomware unpacked or in memory. |
| Public InfoSec YARA rules | malware | Identifies SystemBC RAT, decrypted config. |
| Public InfoSec YARA rules | malware | Identifies Windows Credentials Editor (WCE), post-exploitation tool. |
| Public InfoSec YARA rules | malware | Identifies Zeppelin ransomware and variants (Buran, Vega etc.) |
| CAPEv2 YARA detection rules | malware | Detecting HTML strings used by Agent Tesla malware |
| CAPEv2 YARA detection rules | malware | AgenetTesla Type 2 Keylogger payload |
| CAPEv2 YARA detection rules | malware | AgentTeslaV3 infostealer payload |
| CAPEv2 YARA detection rules | malware | Cobalt Strike Beacon Payload |
| CAPEv2 YARA detection rules | malware | TrickBot Payload |
| CAPEv2 YARA detection rules | malware | Detects TrickBot Banking module permaDll |
| Elastic Security YARA Rules | malware | Linux.Backdoor.Fontonlake |
| Elastic Security YARA Rules | malware | Linux.Backdoor.Tinyshell |
| Elastic Security YARA Rules | malware | Linux.Exploit.CVE-2021-3156 |
| Elastic Security YARA Rules | malware | Linux.Exploit.CVE-2021-3156 |
| Elastic Security YARA Rules | malware | Linux.Exploit.CVE-2021-3490 |
| Elastic Security YARA Rules | malware | Linux.Exploit.CVE-2021-4034 |
| Elastic Security YARA Rules | malware | Linux.Exploit.CVE-2022-0847 |
| Elastic Security YARA Rules | malware | Linux.Exploit.Log4j |
| Elastic Security YARA Rules | malware | Linux.Hacktool.Fontonlake |
| Elastic Security YARA Rules | malware | Linux.Hacktool.Wipelog |
| Elastic Security YARA Rules | malware | Linux.Proxy.Frp |
| Elastic Security YARA Rules | malware | Linux.Rootkit.Fontonlake |
| Elastic Security YARA Rules | malware | Linux.Trojan.BPFDoor |
| Elastic Security YARA Rules | malware | Linux.Trojan.BPFDoor |
| Elastic Security YARA Rules | malware | Linux.Trojan.BPFDoor |
| Elastic Security YARA Rules | malware | Linux.Trojan.BPFDoor |
| Elastic Security YARA Rules | malware | Linux.Trojan.BPFDoor |
| Elastic Security YARA Rules | malware | Linux.Trojan.Mirai |
| Elastic Security YARA Rules | malware | Linux.Trojan.Mirai |
| Elastic Security YARA Rules | malware | Linux.Trojan.Orbit |
| Elastic Security YARA Rules | malware | MacOS.Backdoor.Fakeflashlxk |
| Elastic Security YARA Rules | malware | MacOS.Backdoor.Kagent |
| Elastic Security YARA Rules | malware | MacOS.Backdoor.Keyboardrecord |
| Elastic Security YARA Rules | malware | MacOS.Backdoor.Useragent |
| Elastic Security YARA Rules | malware | MacOS.Cryptominer.Generic |
| Elastic Security YARA Rules | malware | MacOS.Cryptominer.Xmrig |
| Elastic Security YARA Rules | malware | MacOS.Exploit.Log4j |
| Elastic Security YARA Rules | malware | MacOS.Hacktool.Bifrost |
| Elastic Security YARA Rules | malware | MacOS.Hacktool.Swiftbelt |
| Elastic Security YARA Rules | malware | MacOS.Trojan.Eggshell |
| Elastic Security YARA Rules | malware | MacOS.Trojan.Electrorat |
| Elastic Security YARA Rules | malware | MacOS.Trojan.Metasploit |
| Elastic Security YARA Rules | malware | MacOS.Trojan.Metasploit |
| Elastic Security YARA Rules | malware | MacOS.Trojan.Metasploit |
| Elastic Security YARA Rules | malware | MacOS.Trojan.RustBucket |
| Elastic Security YARA Rules | malware | MacOS.Trojan.Thiefquest |
| Elastic Security YARA Rules | malware | Macos.Hacktool.JokerSpy |
| Elastic Security YARA Rules | malware | Multi.Ransomware.Luna |
| Elastic Security YARA Rules | malware | Multi.Trojan.Coreimpact |
| Elastic Security YARA Rules | malware | Multi.Trojan.Sliver |
| Elastic Security YARA Rules | malware | Multi.Trojan.Sliver |
| Elastic Security YARA Rules | malware | Windows.Backdoor.TeamViewer |
| Elastic Security YARA Rules | malware | Windows.Exploit.Dcom |
| Elastic Security YARA Rules | malware | Windows.Exploit.Log4j |
| Elastic Security YARA Rules | malware | Windows.Hacktool.AskCreds |
| Elastic Security YARA Rules | malware | Windows.Hacktool.DarkLoadLibrary |
| Elastic Security YARA Rules | malware | Windows.Hacktool.Mimikatz |
| Elastic Security YARA Rules | malware | Windows.Hacktool.Rubeus |
| Elastic Security YARA Rules | malware | Windows.Hacktool.SafetyKatz |
| Elastic Security YARA Rules | malware | Windows.Hacktool.Seatbelt |
| Elastic Security YARA Rules | malware | Windows.Hacktool.Sharpersist |
| Elastic Security YARA Rules | malware | Windows.Hacktool.SharpAppLocker |
| Elastic Security YARA Rules | malware | Windows.Hacktool.SharpChromium |
| Elastic Security YARA Rules | malware | Windows.Hacktool.SharpDump |
| Elastic Security YARA Rules | malware | Windows.Hacktool.SharpHound |
| Elastic Security YARA Rules | malware | Windows.Hacktool.SharpLAPS |
| Elastic Security YARA Rules | malware | Windows.Hacktool.SharpMove |
| Elastic Security YARA Rules | malware | Windows.Hacktool.SharpRDP |
| Elastic Security YARA Rules | malware | Windows.Hacktool.SharpShares |
| Elastic Security YARA Rules | malware | Windows.Hacktool.SharpStay |
| Elastic Security YARA Rules | malware | Windows.Hacktool.SharpUp |
| Elastic Security YARA Rules | malware | Windows.Hacktool.SharpView |
| Elastic Security YARA Rules | malware | Windows.Hacktool.SharpWMI |
| Elastic Security YARA Rules | malware | Windows.Hacktool.WinPEAS-ng |
| Elastic Security YARA Rules | malware | Windows.Hacktool.WinPEAS-ng |
| Elastic Security YARA Rules | malware | Windows.Hacktool.WinPEAS-ng |
| Elastic Security YARA Rules | malware | Windows.Hacktool.WinPEAS-ng |
| Elastic Security YARA Rules | malware | Windows.Hacktool.WinPEAS-ng |
| Elastic Security YARA Rules | malware | Windows.Hacktool.WinPEAS-ng |
| Elastic Security YARA Rules | malware | Windows.Hacktool.WinPEAS-ng |
| Elastic Security YARA Rules | malware | Windows.Hacktool.WinPEAS-ng |
| Elastic Security YARA Rules | malware | Windows.Hacktool.WinPEAS-ng |
| Elastic Security YARA Rules | malware | Windows.Hacktool.WinPEAS-ng |
| Elastic Security YARA Rules | malware | Windows.Hacktool.WinPEAS-ng |
| Elastic Security YARA Rules | malware | Windows.Hacktool.WinPEAS-ng |
| Elastic Security YARA Rules | malware | Windows.PUP.MediaArena |
| Elastic Security YARA Rules | malware | Windows.Ransomware.Bitpaymer |
| Elastic Security YARA Rules | malware | Windows.Ransomware.BlackBasta |
| Elastic Security YARA Rules | malware | Windows.Ransomware.Clop |
| Elastic Security YARA Rules | malware | Windows.Ransomware.Dharma |
| Elastic Security YARA Rules | malware | Windows.Ransomware.Egregor |
| Elastic Security YARA Rules | malware | Windows.Ransomware.Generic |
| Elastic Security YARA Rules | malware | Windows.Ransomware.Helloxd |
| Elastic Security YARA Rules | malware | Windows.Ransomware.Hive |
| Elastic Security YARA Rules | malware | Windows.Ransomware.Hive |
| Elastic Security YARA Rules | malware | Windows.Ransomware.Ragnarok |
| Elastic Security YARA Rules | malware | Windows.Ransomware.Ragnarok |
| Elastic Security YARA Rules | malware | Windows.Ransomware.Ragnarok |
| Elastic Security YARA Rules | malware | Windows.Ransomware.Snake |
| Elastic Security YARA Rules | malware | Windows.Ransomware.Thanos |
| Elastic Security YARA Rules | malware | Windows.Trojan.AgentTesla |
| Elastic Security YARA Rules | malware | Windows.Trojan.Backoff |
| Elastic Security YARA Rules | malware | Windows.Trojan.Bandook |
| Elastic Security YARA Rules | malware | Windows.Trojan.Behinder |
| Elastic Security YARA Rules | malware | Windows.Trojan.Bitrat |
| Elastic Security YARA Rules | malware | Windows.Trojan.BruteRatel |
| Elastic Security YARA Rules | malware | Windows.Trojan.Bughatch |
| Elastic Security YARA Rules | malware | Windows.Trojan.Carberp |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Elastic Security YARA Rules | malware | Windows.Trojan.CyberGate |
| Elastic Security YARA Rules | malware | Windows.Trojan.DCRat |
| Elastic Security YARA Rules | malware | Windows.Trojan.Darkcomet |
| Elastic Security YARA Rules | malware | Windows.Trojan.DoorMe |
| Elastic Security YARA Rules | malware | Windows.Trojan.DoubleBack |
| Elastic Security YARA Rules | malware | Windows.Trojan.DownTown |
| Elastic Security YARA Rules | malware | Windows.Trojan.Dridex |
| Elastic Security YARA Rules | malware | Windows.Trojan.Generic |
| Elastic Security YARA Rules | malware | Windows.Trojan.Gh0st |
| Elastic Security YARA Rules | malware | Windows.Trojan.Gozi |
| Elastic Security YARA Rules | malware | Windows.Trojan.Guloader |
| Elastic Security YARA Rules | malware | Windows.Trojan.Hancitor |
| Elastic Security YARA Rules | malware | Windows.Trojan.Hawkeye |
| Elastic Security YARA Rules | malware | Windows.Trojan.IcedID |
| Elastic Security YARA Rules | malware | Windows.Trojan.IcedID |
| Elastic Security YARA Rules | malware | Windows.Trojan.Jupyter |
| Elastic Security YARA Rules | malware | Windows.Trojan.Kronos |
| Elastic Security YARA Rules | malware | Windows.Trojan.Lokibot |
| Elastic Security YARA Rules | malware | Windows.Trojan.Metasploit |
| Elastic Security YARA Rules | malware | Windows.Trojan.Nanocore |
| Elastic Security YARA Rules | malware | Windows.Trojan.NapListener |
| Elastic Security YARA Rules | malware | Windows.Trojan.Netwire |
| Elastic Security YARA Rules | malware | Windows.Trojan.Netwire |
| Elastic Security YARA Rules | malware | Windows.Trojan.OnlyLogger |
| Elastic Security YARA Rules | malware | Windows.Trojan.Pandastealer |
| Elastic Security YARA Rules | malware | Windows.Trojan.Parallax |
| Elastic Security YARA Rules | malware | Windows.Trojan.Pingpull |
| Elastic Security YARA Rules | malware | Windows.Trojan.PoshC2 |
| Elastic Security YARA Rules | malware | Windows.Trojan.PowerSeal |
| Elastic Security YARA Rules | malware | Windows.Trojan.Qbot |
| Elastic Security YARA Rules | malware | Windows.Trojan.RedLineStealer |
| Elastic Security YARA Rules | malware | Windows.Trojan.RedLineStealer |
| Elastic Security YARA Rules | malware | Windows.Trojan.Remcos |
| Elastic Security YARA Rules | malware | Windows.Trojan.Revcoderat |
| Elastic Security YARA Rules | malware | Windows.Trojan.SVCReady |
| Elastic Security YARA Rules | malware | Windows.Trojan.ShadowPad |
| Elastic Security YARA Rules | malware | Windows.Trojan.ShadowPad |
| Elastic Security YARA Rules | malware | Windows.Trojan.SnakeKeylogger |
| Elastic Security YARA Rules | malware | Windows.Trojan.Squirrelwaffle |
| Elastic Security YARA Rules | malware | Windows.Trojan.SysJoker |
| Elastic Security YARA Rules | malware | Windows.Trojan.SysJoker |
| Elastic Security YARA Rules | malware | Windows.Trojan.Sythe |
| Elastic Security YARA Rules | malware | Windows.Trojan.Trickbot |
| Elastic Security YARA Rules | malware | Windows.Trojan.Trickbot |
| Elastic Security YARA Rules | malware | Windows.Trojan.Trickbot |
| Elastic Security YARA Rules | malware | Windows.Trojan.Trickbot |
| Elastic Security YARA Rules | malware | Windows.Trojan.Trickbot |
| Elastic Security YARA Rules | malware | Windows.Trojan.Trickbot |
| Elastic Security YARA Rules | malware | Windows.Trojan.Trickbot |
| Elastic Security YARA Rules | malware | Windows.Trojan.Trickbot |
| Elastic Security YARA Rules | malware | Windows.Trojan.Trickbot |
| Elastic Security YARA Rules | malware | Windows.Trojan.Trickbot |
| Elastic Security YARA Rules | malware | Windows.Trojan.Trickbot |
| Elastic Security YARA Rules | malware | Windows.Trojan.Trickbot |
| Elastic Security YARA Rules | malware | Windows.Trojan.Xworm |
| Google GCTI YARA rules | malware | Cobalt Strike's resources/template.py signature for versions v3.3 to v4.x |
| Google GCTI YARA rules | malware | Cobalt Strike's resources/template.x64.ps1, resources/template.hint.x64.ps1 and resources/template.hint.x32.ps1 from v3.0 to v4.x except 3.12 and 3.13 |
JavaScript (0)
No JavaScripts
HTTP Transactions (2)
| URL | IP | Response | Size |
|---|