Report Overview
Visitedpublic
2024-09-27 05:23:54
Tags
Submit Tags
URL
github.com/Neo23x0/signature-base/archive/master.zip
Finishing URL
about:privatebrowsing
IP / ASN
140.82.121.3
Title
about:privatebrowsing
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
0
Host Summary
| Host | Rank | Registered | First Seen | Last Seen | Sent | Received | IP | Fingerprints |
|---|---|---|---|---|---|---|---|---|
r10.o.lencr.org | unknown | 2020-06-29 | 2024-06-06 21:45:11 | 2024-09-26 18:37:25 | 1.3 kB | 3.6 kB |  23.36.77.32 | |
github.com | 1423 | 2007-10-09 | 2016-07-13 12:28:22 | 2024-09-26 20:14:00 | 506 B | 3.9 kB | 140.82.121.3 | |
codeload.github.com 1 alert(s) on this Host | 62359 | 2007-10-09 | 2013-04-18 13:49:11 | 2024-09-26 18:37:03 | 518 B | 3.9 MB | 140.82.121.9 | |
r11.o.lencr.org | unknown | 2020-06-29 | 2024-06-07 07:43:57 | 2024-09-26 18:37:24 | 981 B | 2.7 kB | 23.36.77.32 |
Related reports
Threat Detection Systems
Public InfoSec YARA rules
No alerts detected
OpenPhish
No alerts detected
PhishTank
No alerts detected
mnemonic secure dns
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
File detected
URL
codeload.github.com/Neo23x0/signature-base/zip/refs/heads/master
IP / ASN
140.82.121.9
File Overview
File TypeZip archive data, at least v1.0 to extract, compression method=store
Size3.9 MB (3928906 bytes)
MD5371d71a5a44a0481e55774ad78511670
SHA1b765576b2804762629f56b89cbd9642b8c4dae03
Archive (704)
| Filename | MD5 | File type |
|---|---|---|
| yara-assemble.yml | ca59011f565f728fd5ed629e5e21aa96 | ASCII text, with very long lines (602) |
| .gitignore | 23e8e43cbac7375e0504e9af7a59debd | ASCII text |
| .travis.yml | 2ecaa9bf3d4888ff5a3ab8de82e84016 | ASCII text |
| .yara-ci.yml | f1648849722b9603690c6a236f7beab9 | ASCII text |
| Code_of_Conduct.md | 595504f41396af1d281f2c3bc3b171f9 | ASCII text, with no line terminators |
| LICENSE | 466ef9c54721c9d829b515cdd5393e23 | ASCII text |
| README.md | 5fd9823707149c8f0549d2e32c3b2034 | exported SGML document, ASCII text, with very long lines (390) |
| _config.yml | 932865e374757d33e321eeb2d5e88b6b | ASCII text, with no line terminators |
| apt_unc2891_tinyshell_slapstick.yar | 9dddbc8ab1874cff1a7905c96270db88 | ASCII text |
| build-rules.py | 74b84aeeec1fb6041a89283205c91c5d | Python script, ASCII text executable |
| README.txt | e45d596eb974c222497a0aea9bac3ee5 | ASCII text |
| c2-iocs.txt | 48153c4fa0d4c0ba282422b41e39ae54 | ASCII text |
| filename-iocs.txt | b2b6981d6d14a59dc039f5806ecfb786 | Unicode text, UTF-8 text, with very long lines (314) |
| hash-iocs.txt | b916f02921f08e3fd1e61633c98f61ea | Unicode text, UTF-8 text |
| keywords.txt | 080eb19e508e6f7bcd4281c783e0dbbd | ASCII text |
| otx-hash-iocs.txt | 4815f03192a2b69af73fd66b246fab5d | ASCII text |
| makefile | 2686b9fbff6f01a806dc29abdd46dca6 | makefile script, ASCII text |
| file-type-signatures.txt | 4b7f2e6876be946791962bab4a4023c6 | ASCII text |
| sig-base-rules.csv | d475ed019e8ec258d650f8a0be362545 | ASCII text, with very long lines (347) |
| airbnb_binaryalert.yar | 62ee0fde275685493cc28ee515cc47db | ASCII text |
| apt_aa19_024a.yar | 4cf3a32cb2b93be356f04e0025bfd6c0 | ASCII text |
| apt_agent_btz.yar | f2e577141d977809eb610e2ae191665f | ASCII text |
| apt_alienspy_rat.yar | 31a40ba0a14256f4a53f311f08cb03bb | ASCII text |
| apt_apt10.yar | bb26f038a6e7c8dcd21295ec3d098942 | ASCII text |
| apt_apt10_redleaves.yar | 70d292fa55d5e8975e78ebd7365740fe | ASCII text |
| apt_apt12_malware.yar | d9f5223060ebd3d647fd932338e35e81 | ASCII text |
| apt_apt15.yar | 7ff37613cab0bf009251e6d54f504cc1 | ASCII text |
| apt_apt17_mal_sep17.yar | beb1b18794192df54eaa75a6c5e1c3f3 | ASCII text |
| apt_apt17_malware.yar | d162f9b663eb807751e62fa0461b86e7 | ASCII text |
| apt_apt19.yar | 9c8ebb7bde7aeb5742bf00fe0e9e8b45 | ASCII text |
| apt_apt27_hyperbro.yar | c4ee5387005f432bdc9e1ccc319004f1 | ASCII text |
| apt_apt27_rshell.yar | 9376404427b901de1369822100239e96 | ASCII text |
| apt_apt28.yar | fa433543cd28759561003c0b26a1fdef | ASCII text |
| apt_apt28_drovorub.yar | 5a15b33d88e68f2a8c726d63a10347b1 | ASCII text |
| apt_apt29_grizzly_steppe.yar | dac2929aa90c584e5e33e8b58761038d | ASCII text |
| apt_apt29_nobelium_apr22.yar | b0c08ded6c934785821cec7358f97f91 | ASCII text |
| apt_apt29_nobelium_may21.yar | 668df62d0c9d1cb839e82330e088ba3c | ASCII text |
| apt_apt30_backspace.yar | 2877e1e7a90d183ebb06c0e52493fabc | ASCII text |
| apt_apt32.yar | 3fa67f89d3e98edd8a272a347a15be93 | ASCII text |
| apt_apt34.yar | 8d18276a77676c1ddd536dab0ee4b26d | HTML document, ASCII text |
| apt_apt37.yar | 239d6216bfc8edcd303f6401d72aee5e | ASCII text |
| apt_apt37_bluelight.yar | 619df67982c6f636288944edc5e6a2d7 | ASCII text, with very long lines (755) |
| apt_apt3_bemstour.yar | 09949c6b9b0b1fff07ff049bc5cf7b6b | ASCII text |
| apt_apt41.yar | bcdbdc70503cf7e2794091d15677eda9 | ASCII text |
| apt_apt6_malware.yar | 718215659ed2f99b5b0d0bd5362c9201 | ASCII text |
| apt_ar18_165a.yar | a87fa2c7293a08484a9c0ecea9785c59 | ASCII text |
| apt_area1_phishing_diplomacy.yar | f523f2676931a8f54ccb38f010169062 | ASCII text |
| apt_aus_parl_compromise.yar | d3c81982cb8bf693afdade34262e0fcf | ASCII text |
| apt_babyshark.yar | 7870f39b3a565310423ebd0d8c617c2a | ASCII text |
| apt_backdoor_ssh_python.yar | ec5380bc70890c24755748e7b44f0c06 | ASCII text |
| apt_backdoor_sunburst_fnv1a_experimental.yar | 54af49250a677584fd1a2be7f14b27dd | ASCII text, with very long lines (400) |
| apt_backspace.yar | eb80ebdd63a69c68e5149002ee08d3ad | ASCII text |
| apt_barracuda_esg_unc4841_jun23.yar | a4d69e1642fdc5456618a95a4c53b59e | ASCII text |
| apt_beepservice.yar | 8c086ad5c99743ea3f23be277737dc96 | ASCII text |
| apt_between-hk-and-burma.yar | 416e7f5b8af2a5f4ed775de3711f43b8 | ASCII text |
| apt_bigbang.yar | 88e1d7949fab17d03129ca29d5700b3f | ASCII text |
| apt_bitter.yar | e4fe0e5634f1f3b0b9a64c374ab61e09 | ASCII text |
| apt_blackenergy.yar | a4915d2e27d12ac344f73345af3aa2d4 | ASCII text |
| apt_blackenergy_installer.yar | af6c380b3322d0abfd55f79b4f8d8a8e | ASCII text, with very long lines (960) |
| apt_bluetermite_emdivi.yar | bcdbb7910004f906170d4c26aa13fd90 | ASCII text |
| apt_bronze_butler.yar | 4f45725e32091293511b9cc542dcff28 | ASCII text |
| apt_buckeye.yar | 1e8d5dd1db6b6850e553ea314e228ae5 | ASCII text |
| apt_camaro_dragon_oct23.yar | 699ca55827a90cdd14099f77290c3bac | ASCII text |
| apt_candiru.yar | d61c3b45bbbcb12ae929b65c5e5af0b9 | ASCII text |
| apt_carbon_paper_turla.yar | 5547a5f84ab13222eea2af2bff521de2 | ASCII text |
| apt_casper.yar | 24b5efd0b1495565b3d02219851c896b | ASCII text |
| apt_cheshirecat.yar | cdbf68815cc1bb4ba46f731fe974963c | ASCII text |
| apt_cisco_asa_line_dancer_apr24.yar | 3b2dcdfa03f90f8e4b3ca31e2fd271b5 | ASCII text |
| apt_cloudatlas.yar | ba34df95ee7b7da1d415d6b2b253517f | ASCII text |
| apt_cloudduke.yar | d6ba11514f674ad821ed6f405f83bbad | ASCII text |
| apt_cmstar.yar | 935cce46be461371b8068cad3343ea59 | ASCII text |
| apt_cn_netfilter.yar | 254caf01adc5820299c697cf3dca88b4 | ASCII text, with very long lines (1395) |
| apt_cn_pp_zerot.yar | 1609e4c969d72dcb3912f2143081ef7d | ASCII text |
| apt_cn_reddelta.yar | 38089b0383e03a81d72c6a2ec620d0ad | ASCII text |
| apt_cn_twisted_panda.yar | 7526cfc69bc65a3be0c23abd2cd79c29 | ASCII text |
| apt_cobaltstrike.yar | 2edd65bfa780b1a39a8cde439aeea4e6 | ASCII text |
| apt_cobaltstrike_evasive.yar | 41a83a96bdaf6b60f0fafee950a44c00 | ASCII text |
| apt_codoso.yar | 2ba160fd7eee5c07795f679d7ead7f2a | ASCII text |
| apt_coreimpact_agent.yar | 0356132016052a39fceef1b16af581f9 | ASCII text |
| apt_danti_svcmondr.yar | df6ddc46ee69ea8677360cf4dd5be37f | data |
| apt_darkcaracal.yar | b222cc9f8b6d975d262454ddb8625b4f | ASCII text |
| apt_darkhydrus.yar | b353e329ada5fa693e55b967d042f497 | ASCII text, with very long lines (494) |
| apt_deeppanda.yar | 886729c3007c2b7854b776b6b6221d77 | ASCII text |
| apt_derusbi.yar | a7541712fa2d95f34fc5985cecc9d313 | ASCII text |
| apt_dnspionage.yar | adf569c539555a8f62a17b2ce43382dc | ASCII text |
| apt_donotteam_ytyframework.yar | 787bdb22ecc63683b8705a5f7a202f13 | ASCII text |
| apt_dragonfly.yar | 0823214d8125022db9be786c3dea226a | ASCII text |
| apt_dtrack.yar | e71cbf535e1cab99806dd0684143d6d4 | ASCII text |
| apt_dubnium.yar | 34a0c7869cd3fce490fac7a099306287 | ASCII text |
| apt_duqu1_5_modules.yar | 43d3317ccdd8b28a3fe9d52e5bb3b384 | ASCII text |
| apt_duqu2.yar | 64ddde07b0e135bd0b11a738e8bde1fa | ASCII text |
| apt_dustman.yar | 0f138242449e12c607e9c6f9c66ca334 | ASCII text |
| apt_emissary.yar | 0b761d2973de3cacfee0ca6594565aa0 | ASCII text |
| apt_eqgrp.yar | 37cd4b764d393b4820388c018d01987c | ASCII text |
| apt_eqgrp_apr17.yar | 21056e1da85930df04b3d776b1d0bc48 | ASCII text |
| apt_eqgrp_sparc_sbz_apr23.yar | af0e8a69552f432846d224113c635812 | ASCII text |
| apt_eqgrp_triangulation_jun23.yar | 5491c68bbd0fc24d8b962ec5774e92a0 | ASCII text |
| apt_eternalblue_non_wannacry.yar | ec69348fcc06e6fd29b4b1bc08bf568a | ASCII text |
| apt_exile_rat.yar | 2f24b48c08ba65af6edf0e71509fcdf8 | ASCII text |
| apt_f5_bigip_expl_payloads.yar | fafe43ec939bf8dbf0bf3adf231a8440 | ASCII text |
| apt_fakem_backdoor.yar | 529b94e6928b90742d6128ec1db9fbb8 | ASCII text |
| apt_fancybear_computrace_agent.yar | 71d058ead6190765a041cdd60662873c | ASCII text |
| apt_fancybear_dnc.yar | 8d5dc9180e33de25c141dad3a222c114 | ASCII text |
| apt_fancybear_osxagent.yar | a5ca0ca11304791afe1cb2a4237a085a | ASCII text |
| apt_fidelis_phishing_plain_sight.yar | 182027e818541281294bcf4c6dbda554 | ASCII text |
| apt_fin7.yar | 42940f152c8b151d27dbfbae2a6da316 | ASCII text |
| apt_fin7_backdoor.yar | e785903ae8660bfab92de01d77749f3d | ASCII text |
| apt_fin8.yar | f710f1f0ea22c98656eebe5a010d861e | ASCII text |
| apt_flame2_orchestrator.yar | 11f3e953c9cc6858064239624ffa3104 | ASCII text |
| apt_foudre.yar | 3b4c0c4c0b3dda42897d08828a916e8d | ASCII text |
| apt_four_element_sword.yar | 73625fbeab902a983435e833a1f80ff6 | ASCII text |
| apt_freemilk.yar | 0334aed8dc00110bda582416f2e41a5b | ASCII text |
| apt_fujinama_rat.yar | 0892ef8c1a97b4b4cc94239263c94f3d | ASCII text |
| apt_furtim.yar | 70be08f16cf285bbbfe58d881692256e | ASCII text |
| apt_fvey_shadowbroker_dec16.yar | df2b078a315febd553929882437c8aeb | ASCII text |
| apt_fvey_shadowbroker_jan17.yar | 397e3fefc239dc240452ce1fd1ea48b0 | ASCII text |
| apt_ghostdragon_gh0st_rat.yar | f2e49b0c8f65ff62358c3bdf8cef6228 | ASCII text |
| apt_glassRAT.yar | 359b1559dc029b4a455a74fa10a2433f | ASCII text |
| apt_golddragon.yar | 7c86bc6091f2a81310f775c5f186e373 | ASCII text |
| apt_goldenspy.yar | 6eb7735cb20ac73423642106dfb104f5 | ASCII text |
| apt_greenbug.yar | a07227c25bb2dc1460a9baa0ac150aa1 | ASCII text |
| apt_greyenergy.yar | b0fb797975ac75562e485c9b187dcf2c | ASCII text |
| apt_grizzlybear_uscert.yar | a0786e6d46706e012608ef8a3f1efafa | ASCII text, with very long lines (306) |
| apt_hackingteam_rules.yar | a9d6a6368664df02cf214a0e063444fc | ASCII text |
| apt_hafnium.yar | 445bfd837108456e4ff0207e43144e05 | HTML document, ASCII text, with very long lines (337) |
| apt_hafnium_log_sigs.yar | f190c9677ce744f484ec90e1cba4925f | ASCII text, with very long lines (909) |
| apt_ham_tofu_chches.yar | 1dd37c95081f5b372d9eb9c719f5d8fd | ASCII text |
| apt_hatman.yar | 18991a795af99297f3931961e6e948cf | ASCII text |
| apt_hellsing_kaspersky.yar | 41b75b29eb3ef266e9046ebefc9d417d | ASCII text |
| apt_hidden_cobra.yar | 8225a3cf8545872576e60133eb44caef | ASCII text |
| apt_hiddencobra_bankshot.yar | e4f8c7c1ee0f46e158d13eda9b576b0d | ASCII text |
| apt_hiddencobra_wiper.yar | 9f750a9cd63bff765f04af95f5e76c2f | ASCII text, with very long lines (338) |
| apt_hizor_rat.yar | 0fb51d04ca9ac3621deec97bb9e6623e | ASCII text |
| apt_hkdoor.yar | 3a53cf452814260b9612a45af4024b11 | ASCII text |
| apt_iamtheking.yar | 95d2aad80d8b76be6788adac6733c906 | ASCII text |
| apt_icefog.yar | 6de4b28ea6da80bef83830f8e99949bb | ASCII text |
| apt_indetectables_rat.yar | eca8b6eaed0c6408b273f11784043db8 | ASCII text |
| apt_industroyer.yar | d6fcd4019887aed86e9d5a504618ef84 | ASCII text |
| apt_inocnation.yar | 0259c50d0ad5bf1819f79af1445f781f | ASCII text, with very long lines (555) |
| apt_irongate.yar | 1e1b980617feec8db081415a8e6dc264 | ASCII text |
| apt_irontiger.yar | f4452747ed90bea6c76513ed0d35767a | HTML document, ASCII text |
| apt_irontiger_trendmicro.yar | c5e8305fd01fce4d4a134e393f2a3333 | ASCII text |
| apt_ism_rat.yar | 5f8a4abf1efbe50950c863594230bbcc | ASCII text |
| apt_kaspersky_duqu2.yar | 97044e99eae89440f6430fd297ec0900 | ASCII text |
| apt_ke3chang.yar | 58f39ff193ea639f767c5b21512c6d62 | ASCII text |
| apt_keyboys.yar | 2165fbc72cec6cb221f0eb9e212d0851 | ASCII text |
| apt_keylogger_cn.yar | 09606451c6f8a60ee33e289e0cc7ae8e | ASCII text |
| apt_khrat.yar | a28678cd26486c1834f608ce1d13af44 | ASCII text |
| apt_korplug_fast.yar | 96e1cb5999c3a51ec82f2fbccc1abf9a | ASCII text |
| apt_kwampirs.yar | 0a62fb0d66815b3cc0c3cd1f52191b9d | ASCII text |
| apt_laudanum_webshells.yar | 24e7e12b92ff20644cc09e4f013e9153 | HTML document, ASCII text |
| apt_lazarus_applejeus.yar | e701f5e820958f54a007e48f04850d86 | ASCII text |
| apt_lazarus_aug20.yar | feeebb189fce8e64ecb22f8c084f7549 | ASCII text |
| apt_lazarus_dec17.yar | 4234420eb844cd66214db1b013a72db8 | ASCII text |
| apt_lazarus_dec20.yar | 0ace9d15a844f1771d2813abb5504568 | ASCII text |
| apt_lazarus_gopuram.yar | 20c98f607ffd30dd3f7ae45e6cec0772 | ASCII text |
| apt_lazarus_jan21.yar | f7318c9de900fb01cc4794d6cf33fb64 | ASCII text |
| apt_lazarus_jun18.yar | a77e59e994058a0ac088259dd949be11 | ASCII text |
| apt_lazarus_vhd_ransomware.yar | e5ce352f6218abccb52d64b4c01edc82 | ASCII text |
| apt_leviathan.yar | 9cecc251f591eb8af348d9fe86606550 | HTML document, ASCII text |
| apt_lnx_kobalos.yar | 099b7723176d862f8a38d5d9bec638d2 | ASCII text |
| apt_lnx_linadoor_rootkit.yar | ad6127ca92fb5e860ba70d8e162fd962 | ASCII text |
| apt_lotusblossom_elise.yar | c984ad471874246b49061c8dd0a8e03f | ASCII text |
| apt_magichound.yar | 828415aff2361fe245e40821e9b6530f | ASCII text |
| apt_mal_gopuram_apr23.yar | 77d630b2977e73c4de4cdb3f13fd41f4 | ASCII text, with very long lines (342) |
| apt_mal_ilo_board_elf.yar | d38bdb7e6db9107231a29ab2bab5a3af | ASCII text |
| apt_mal_ru_snake_may23.yar | 8c7de190d8ff6e4d4750216bb5572186 | ASCII text |
| apt_microcin.yar | 36f97fc35041a80bdbecb59fa2f3a74e | ASCII text |
| apt_middle_east_talosreport.yar | 7596cf10b3562cc46ede67c07a89ba19 | ASCII text |
| apt_miniasp.yar | 86de676896833ba5be06ba61c98ceb41 | ASCII text |
| apt_minidionis.yar | 94d4314afa53fea74db165d505238e77 | ASCII text |
| apt_mofang.yar | 26f0a3e36cace2e5c265037679e6d6da | ASCII text |
| apt_molerats_jul17.yar | 25ddf9d11803fcfb6ee1c7095b965c7a | ASCII text |
| apt_monsoon.yar | 04f0dba77e76a300dc4b317e989cc133 | ASCII text |
| apt_moonlightmaze.yar | 06c58747b5f1607118c01de9d6821171 | ASCII text |
| apt_ms_platinum.yara | 065745fdd9e1f439ab22ea1e59b46696 | ASCII text |
| apt_muddywater.yar | 3cfac7eee7b5ae133aff43732dbfa65d | ASCII text |
| apt_naikon.yar | 4a251cde5c63c4c297bb07ca8a8fa5a7 | ASCII text |
| apt_nanocore_rat.yar | e6ddc897c7e800c012e3b9931b877c4e | ASCII text |
| apt_nazar.yar | d2cd52f30748b55a2de6ba49679a3082 | ASCII text |
| apt_ncsc_report_04_2018.yar | e69810e2d5a7fa5361be0e62dbe707cd | ASCII text |
| apt_netwire_rat.yar | 934e7c875979c134dd902f5d161a07ce | ASCII text |
| apt_nk_andariel_jul24.yar | d6488d21ba09c292075c29edc1ff17f3 | ASCII text, with very long lines (487) |
| apt_nk_gen.yar | 58c61ed0776035db1611fcac0a20cdef | ASCII text |
| apt_nk_goldbackdoor.yar | c85acd473234a25c41fc40d77f2f106a | ASCII text |
| apt_nk_inkysquid.yar | 210431bbb7ce02ae689b6a1e4beaac07 | ASCII text, with very long lines (755) |
| apt_nk_tradingtech_apr23.yar | f8f17871784ca670f600b2ecbcd2b425 | ASCII text, with very long lines (376) |
| apt_oilrig.yar | f612165261f1a5be27780dbba550fe62 | ASCII text |
| apt_oilrig_chafer_mar18.yar | 9804234457c6b8a32ffff0c72e083026 | ASCII text |
| apt_oilrig_oct17.yar | 66b22e0df32f46603f43d3e122bbaaec | ASCII text |
| apt_oilrig_rgdoor.yar | 07a864da54724e3e8911b23294b19cfa | ASCII text |
| apt_olympic_destroyer.yar | d06c7ffc8692e457eb724959e47f30c6 | ASCII text |
| apt_onhat_proxy.yar | 86364590524acedc2b358cc138111393 | ASCII text |
| apt_op_cleaver.yar | 352bcb00ad367d8904ee4a9dd1abb2dc | ASCII text |
| apt_op_cloudhopper.yar | 555adddc661ed3396a09ce14a99e39da | ASCII text |
| apt_op_honeybee.yar | ef837020784aec698fa3d370073821f1 | ASCII text |
| apt_op_shadowhammer.yar | 18cedbec78c65ac4fcf7dcdbe4142e63 | ASCII text |
| apt_op_wocao.yar | a9e7c4346add439ce1432d69f4646830 | ASCII text, with very long lines (972) |
| apt_passcv.yar | ee1042e84410bf36535b23d19f8eda7e | data |
| apt_passthehashtoolkit.yar | b8449d8431a48aef5a74b9f377424ef2 | ASCII text |
| apt_patchwork.yar | 1b17757b1088bc2832a74b045f36bc7a | ASCII text |
| apt_peach_sandstorm.yar | 61da0148de9d3745b4e7c85f367e6bbb | ASCII text |
| apt_plead_downloader.yar | 8905ae537f613c21d60e3c67b7831e28 | ASCII text |
| apt_plugx.yar | 6b3b0993232be250fefcede016df1e89 | ASCII text |
| apt_poisonivy.yar | c6acb23b26ff9ec62a2f4b16624c0650 | ASCII text |
| apt_poisonivy_gen3.yar | 388acabf7d9051c84ecfa57ce7965c45 | ASCII text |
| apt_poseidon_group.yar | 8b1664fd78cb85d52861f47a080906cb | ASCII text |
| apt_poshspy.yar | a4892e24acfffb794a2a278c8ffbbdcf | ASCII text |
| apt_prikormka.yar | d3d7030a45612abbd6bb0e60558de1fe | ASCII text |
| apt_project_m.yar | 5e91fe7e43fe6c21c9b548e91fcdc818 | ASCII text |
| apt_project_sauron.yara | a9c83fed1d295560a3536d3b3b4940f8 | ASCII text |
| apt_project_sauron_extras.yar | da3391602cd01466e6ad58ccba91f03a | ASCII text |
| apt_promethium_neodymium.yar | 92f8fac3780b73e97cad455b9e6bcb4f | ASCII text |
| apt_pulsesecure.yar | d55c7713b6d333c8013f5a3924d15eb1 | ASCII text, with very long lines (759) |
| apt_putterpanda.yar | 2f17c7fb930a8214f908f1a886beaeed | ASCII text |
| apt_quarkspwdump.yar | 8bad22fedef6ac7ceb10d9bb51194058 | ASCII text |
| apt_quasar_rat.yar | 725c6162a3e821238e34e99b2e6b2ea2 | ASCII text |
| apt_quasar_vermin.yar | 6c04d759040edf4e9a748f36b98297fd | ASCII text |
| apt_rancor.yar | b5ed300ba643765dc88ed0f0ab2d5e58 | ASCII text |
| apt_ransom_darkbit_feb23.yar | d1b71a36be331e1af313c8ed886274b5 | ASCII text |
| apt_ransom_lockbit_citrixbleed_nov23.yar | 550c8a986b44686f63341849308fec31 | ASCII text |
| apt_ransom_vicesociety_dec22.yar | 66759b68bdffad6010ec6c8a5a8fe31a | ASCII text |
| apt_reaver_sunorcal.yar | aa50bf8c5579c9752ed00f5261329837 | ASCII text |
| apt_rehashed_rat.yar | 13a9b0d5ec42f6f1381f8c1c17976534 | ASCII text |
| apt_report_ivanti_mandiant_jan24.yar | 35562f90951f3d7ab615f3dbbb008974 | ASCII text |
| apt_revenge_rat.yar | cd574682f5972086ec8302c01ce2e691 | ASCII text |
| apt_rocketkitten_keylogger.yar | 8d12ccdea797a5b9fb67ef32d843e403 | ASCII text |
| apt_rokrat.yar | d90a5ca3ae7e38eee733b83c5e166c2d | ASCII text |
| apt_royalroad.yar | debee858b6631330b1b42d438b6ad340 | ASCII text |
| apt_ru_crywiper.yar | d19a7938d888e27d175de18d165af78e | ASCII text |
| apt_ruag.yar | 7c8b0358bfeb26c2b8a504a3a0241252 | ASCII text |
| apt_rwmc_powershell_creddump.yar | 8529cf79fbf67a2bb1c5702fe570d848 | ASCII text |
| apt_sakula.yar | dccdb8fe2cc30b876fa29c3978d68052 | ASCII text |
| apt_sandworm_centreon.yar | 0e5ff2f72a92341b7365e774bea7f214 | ASCII text |
| apt_sandworm_cyclops_blink.yar | 28c364e39492c065dca83f22b042cb42 | ASCII text |
| apt_sandworm_exim_expl.yar | f8eaf587daa675c087c53195f9f2fd84 | ASCII text |
| apt_saudi_aramco_phish.yar | c489d8e18a6ca02ed2cd3ddf2de959d9 | ASCII text |
| apt_scanbox_deeppanda.yar | 62599736e4e2b3c9bb4938a85de8c4d8 | ASCII text |
| apt_scarcruft.yar | f137684a5f59106f796251fe87ce8aee | ASCII text |
| apt_seaduke_unit42.yar | b76cdf517ff2d559ac975aabaf1e2342 | ASCII text |
| apt_sednit_delphidownloader.yar | 0615b9babae2b84fb9693375375965ff | ASCII text |
| apt_servantshell.yar | 5423dbb35393bf6ac3b68e326f82e9fe | ASCII text |
| apt_shadowpad.yar | 41fc14f3f03d32eabd36f4c74314df22 | ASCII text |
| apt_shamoon.yar | c310cc3d194c4da44e376c46252401fe | ASCII text |
| apt_shamoon2.yar | b965ec733d0df7148a254ad20b4a95ea | ASCII text |
| apt_sharptongue.yar | 8664ea5e01656b0e57b43b8eb0df4d78 | ASCII text |
| apt_shellcrew_streamex.yar | b3c570217f54b9fc153d43f8e8497d42 | ASCII text |
| apt_sidewinder.yar | 2a0c4b885d153e44dd1952e57cddcc24 | ASCII text |
| apt_silence.yar | 085ca77569c8f5aeb628b97547a2ceca | ASCII text |
| apt_skeletonkey.yar | a4f125974a1c0820e29add28da195e6f | ASCII text, with very long lines (404) |
| apt_slingshot.yar | 56e407a515ce4c756471e40232c32f97 | ASCII text |
| apt_snaketurla_osx.yar | bfa547f342be70aca83990df596a3d6d | ASCII text |
| apt_snowglobe_babar.yar | 4eb0b652e4bcfe8d17df621ef7b1fd6b | ASCII text |
| apt_sofacy.yar | b8e40f138423b9a1355c2151a935026a | ASCII text |
| apt_sofacy_cannon.yar | df27ed7296280eae15036b38e0af5afe | ASCII text |
| apt_sofacy_dec15.yar | 216268bd1c2e43d76480c5398d9177d3 | ASCII text |
| apt_sofacy_fysbis.yar | 86ba3bc15461bfa1180ec37bddde65d5 | HTML document, ASCII text |
| apt_sofacy_hospitality.yar | ab0349426283b85013db10b36fddfa65 | ASCII text |
| apt_sofacy_jun16.yar | 0018a7c379b8bee139bd5ea45a0cb233 | ASCII text |
| apt_sofacy_oct17_camp.yar | 629de02ab70ca3ae095d40e0e83fb1d7 | ASCII text |
| apt_sofacy_xtunnel_bundestag.yar | f81cc98517bca0d2d79d67bd8f064884 | ASCII text |
| apt_sofacy_zebrocy.yar | a77c14502942c211c47c991739da0390 | ASCII text |
| apt_solarwinds_sunburst.yar | d9dfeb6ab287db6faf4ff3e715f8a392 | ASCII text, with very long lines (668) |
| apt_solarwinds_susp_sunburst.yar | 495f9a1f717676732fecedc8f92e91af | ASCII text |
| apt_sphinx_moth.yar | 483a5ee4435221ae585f4c562c00bc3d | ASCII text |
| apt_stealer_cisa_ar22_277a.yar | 83926ac5d33f584e99713442e99cf653 | ASCII text |
| apt_stonedrill.yar | 03a88e2961da0e0b0f18979f5f0efc3c | ASCII text |
| apt_strider.yara | 70f11a2a07c5b0b0d599b2af86586f3f | ASCII text, with very long lines (353) |
| apt_stuxnet.yar | 316dcc8abf5d5ce486d9590756b4d468 | ASCII text |
| apt_stuxshop.yar | 93715d9b35892246df1b25582ece6100 | ASCII text |
| apt_suckfly.yar | 3a5b6679b2b3081faa1dae468aa86e5f | ASCII text |
| apt_sunspot.yar | d257b4f9216ff627a2f7f1c43766c2f9 | ASCII text |
| apt_sysscan.yar | 0499912e2debb2527f91c5462092cca9 | ASCII text |
| apt_ta17_293A.yar | 5b6e9b5e88d517cd3e8a6a201c82a563 | ASCII text, with very long lines (326) |
| apt_ta17_318A.yar | 063ff4aab0c9558805cd3acaee03f5fe | ASCII text |
| apt_ta17_318B.yar | d3e567e21d6f689a435efa7e5a87f57f | ASCII text |
| apt_ta18_074A.yar | 53078565c63963351346a3e32ae4f041 | ASCII text |
| apt_ta18_149A.yar | 1cfeece6b57118687f90a498d48f90a9 | ASCII text |
| apt_ta459.yar | f54cc24f8954eccc60fbdde5fba6f29f | ASCII text |
| apt_telebots.yar | 067219f8fd67449399d74e32f73c1f37 | ASCII text |
| apt_terracotta.yar | d55e81e658a105ce64219475a1da6c56 | ASCII text |
| apt_terracotta_liudoor.yar | 406aa7ff17dd31a4d77e3e811c285db8 | ASCII text |
| apt_tetris.yar | bd2bc4d619681a17343ded2cc42fb3ff | JavaScript source, ASCII text |
| apt_threatgroup_3390.yar | 48db42b6dde92fa8b1214c06e3fc4fc3 | ASCII text |
| apt_thrip.yar | 003549c567c1da1ffb335713f1f5455f | ASCII text |
| apt_tick_datper.yar | c6509a93d08aae617d576175a9078847 | ASCII text |
| apt_tick_weaponized_usb.yar | ba9ca07f40600d4dc000a1d0f0cc73ec | ASCII text |
| apt_tidepool.yar | b7ed2abb2ad9a3ae5c846c92d316ce0e | ASCII text |
| apt_tophat.yar | f23b90bb6c3a21febadfc77bd03932c9 | ASCII text |
| apt_triton.yar | e9fa47da12fb2b5a9b61c35d97a4b3b6 | ASCII text |
| apt_triton_mal_sshdoor.yar | cc02de26162d1aca2647e306ac9c2840 | ASCII text |
| apt_turbo_campaign.yar | 10cae51e0b0a1706b543d6c10869b610 | ASCII text |
| apt_turla.yar | 958e3c3ce2dde4de94489ea29f1f3966 | ASCII text |
| apt_turla_gazer.yar | 956a421baf790c5db27c42cf0bb62467 | ASCII text |
| apt_turla_kazuar.yar | cf93f2d54ff7313997ca5fadd37d5943 | ASCII text |
| apt_turla_mosquito.yar | b36e129b7f94ba5e40e38e6f45f3a448 | ASCII text |
| apt_turla_neuron.yar | 942e0321a3beb3a968e0506b3c8127df | ASCII text, with very long lines (360) |
| apt_turla_penquin.yar | c37758ec9d4a50702171df50f3229662 | ASCII text |
| apt_turla_png_dropper_nov18.yar | 1e4c500ad73a992e2018b550f9026803 | ASCII text |
| apt_ua_caddywiper.yar | 0e2703ed5a15b56686ec28f1e217e36f | ASCII text |
| apt_ua_hermetic_wiper.yar | f82e256cf47d4f96a9906c84620fb9d2 | ASCII text |
| apt_ua_isaacwiper.yar | 49469c40ffbb3243b06effa33973c7d0 | ASCII text |
| apt_ua_wiper_whispergate.yar | 8fb6d79cfab3089e0db341471dbb8d3e | ASCII text |
| apt_uboat_rat.yar | 4f54a198484095fec62897f5d725d335 | ASCII text |
| apt_unc1151_ua.yar | 1b2960693c66f9b8b4c6e9f4144964de | ASCII text |
| apt_unc2447_sombrat.yar | 5626cb53f9e65313d8b8a9ccaf9d8fc1 | ASCII text |
| apt_unc2546_dewmode.yar | caefdf83dcb1f5c14d23528650752010 | ASCII text |
| apt_unc2891_mal_jan23.yar | 42350c0dd6390751e2cfff9ff8d4dc47 | ASCII text |
| apt_unc3886_virtualpita.yar | 86ea1dc35a09f7458b10750eceeb23bc | ASCII text, with very long lines (528) |
| apt_unit78020_malware.yar | f15c2d6f2ee42fcde7229ead7610a6d6 | ASCII text |
| apt_uscert_ta17-1117a.yar | f17542e03c59edbd2b88c129640b0948 | ASCII text |
| apt_venom_linux_rootkit.yar | 7b7fb1bebe134c7b2fd7988340b8758a | ASCII text |
| apt_volatile_cedar.yar | 77b5ee69fd504d92d9f8a59d74cc1303 | ASCII text |
| apt_volttyphoon_versamem.yar | 14e1339b122752e596302ee442366c31 | ASCII text |
| apt_vpnfilter.yar | 579d202ebdcc244e7eac14bb65ef90ae | ASCII text |
| apt_waterbear.yar | 00b9b51a17477cc259efa39dbc96e728 | ASCII text |
| apt_waterbug.yar | 3ba609e1f515063ab11efde594d666ae | ASCII text, with very long lines (324) |
| apt_webmonitor_rat.yar | 3904df357071bd1a1298e79ed09bf8bd | ASCII text |
| apt_webshell_chinachopper.yar | af038e1f18b088dfe3fdd0ec7763b10a | ASCII text |
| apt_wildneutron.yar | 092a21fe74c3bdefe5d83cc87674f131 | ASCII text |
| apt_wilted_tulip.yar | 75e69b656b7721202aefe59455584de6 | ASCII text |
| apt_win_plugx.yar | d0ba76c444c227e3f92921ec90d51cd2 | ASCII text |
| apt_winnti.yar | 2b779320cb5677c512d26129332e9138 | ASCII text |
| apt_winnti_br.yar | 898b7854959b06588969e92ba900a89a | ASCII text |
| apt_winnti_burning_umbrella.yar | 51528ce3fb9709073e79293b0a078307 | ASCII text |
| apt_winnti_hdroot.yar | 3d04a8b56ac82bb772d82bd2d8a9781f | ASCII text |
| apt_winnti_linux.yar | ce48966c793be850ccf1c046fc428939 | ASCII text |
| apt_winnti_ms_report_201701.yar | ae36a84366280d42f1eee9e0d3012b43 | ASCII text |
| apt_woolengoldfish.yar | 0799bbc69560b0047beb384255e15080 | ASCII text |
| apt_xrat.yar | 8d964d730991c6b0c9d5fb049dc2e3a0 | ASCII text |
| apt_zxshell.yar | b6111cf955778ebd41a044c2378e8143 | ASCII text |
| bkdr_xz_util_cve_2024_3094.yar | 703ec87122e13cd755a8da1a2d916c7f | ASCII text |
| cn_pentestset_scripts.yar | 1512cc922dc76dbf3c7fe2a0ccecd686 | ASCII text |
| cn_pentestset_tools.yar | f43c373d5d7d622c90c63b954176c186 | ASCII text |
| cn_pentestset_webshells.yar | 7c21cb114bd59b362dff97ecf23ab15e | ASCII text |
| configured_vulns_ext_vars.yar | bbba2e197221bb67351af6fc512b4bf9 | ASCII text |
| crime_academic_data_centers_camp_may20.yar | e90644979900c9f7a9cf2080f44bddfd | ASCII text |
| crime_andromeda_jun17.yar | cd753c295d4d8a0587b7479f66bec6a4 | ASCII text |
| crime_antifw_installrex.yar | 9066330febf50c9802c915f8bfc0c85f | ASCII text |
| crime_atm_dispenserxfs.yar | 3b84aacdf1d4a5bd088861ba7312e4c2 | ASCII text |
| crime_atm_javadipcash.yar | e6ab2cee9cb97d41cc04beffe60f8744 | ASCII text |
| crime_atm_loup.yar | 7615e93ad796726f9b6a22da76e6c2dc | ASCII text |
| crime_atm_xfsadm.yar | 3e22e6e88b82a6f06fab5064c8c91fa4 | ASCII text |
| crime_atm_xfscashncr.yar | 9dca4d55c094dc2d0b2a6fa084b51ea4 | ASCII text |
| crime_bad_patch.yar | 6c53315b4cbed010998ecac6969e75c5 | ASCII text |
| crime_badrabbit.yar | c721073bb70d112cbff957c057577dec | ASCII text |
| crime_bazarbackdoor.yar | 3ce6798d34b011a8d48ff35f1d0a4112 | ASCII text, with very long lines (514) |
| crime_bernhard_pos.yar | fbf05b24f7a883f121b8ccc4b0ff0f1c | ASCII text, with very long lines (404) |
| crime_bluenoroff_pos.yar | 6cae78d09309ecb154f3b0c8b0e4b2e0 | ASCII text |
| crime_buzus_softpulse.yar | 29051f5a83717a91fa3f2ddd3de10054 | ASCII text |
| crime_cmstar.yar | c9b6877600ca6e9425eed27825fb2427 | ASCII text |
| crime_cn_campaign_njrat.yar | d5eae7f013249c277736bd9bddf77764 | ASCII text |
| crime_cn_group_btc.yar | 7b4f76d14dc7b5aad3ca1316e80ca544 | ASCII text |
| crime_cobalt_gang_pdf.yar | 14d8d43439ae0a38ca324f72745c7868 | ASCII text |
| crime_cobaltgang.yar | 2c295d90258c10166e26b8bf1e6aa3d9 | ASCII text |
| crime_corkow_dll.yar | 7094586fc27f55b7b0847ed14b6c6d1c | ASCII text |
| crime_covid_ransom.yar | 5d4f0eaf6339f71c9344e292b91eb9cb | ASCII text |
| crime_credstealer_generic.yar | 0b6dbc9eaf909a2d0c1f5e1cde8e179e | ASCII text |
| crime_crypto_miner.yar | d6fd3bb68df61ad471d04281962f6571 | ASCII text |
| crime_cryptowall_svg.yar | 431975757009b0a76276e1a490b3363a | HTML document, ASCII text |
| crime_dearcry_ransom.yar | b332126bf6b7e73a77f4c87dd112ee82 | ASCII text, with very long lines (419) |
| crime_dexter_trojan.yar | 79fcd4bca201c0b785164b0b846685f9 | ASCII text |
| crime_dridex_xml.yar | b83556fc47cbef91ddfb8e606802b86b | ASCII text |
| crime_emotet.yar | 595a7643743ddf67dcd1a55d92ccccb8 | ASCII text, with very long lines (409) |
| crime_enfal.yar | 2656d39696a545f2eacac15a4b9c073e | ASCII text |
| crime_envrial.yar | 9a13aea10871282c5e5f3d794cfafdc6 | ASCII text |
| crime_eternalrocks.yar | c1b01a28018faab50f64bf54cd57e48f | ASCII text |
| crime_evilcorp_dridex_banker.yar | 681d849b2bb15396e7845776104912fe | ASCII text |
| crime_fareit.yar | 3ae17490bf2dc95b7fa6e0f27fcaa5a1 | ASCII text |
| crime_fireball.yar | 82793ad266c336991b96f6b4987dad45 | ASCII text |
| crime_floxif_flystudio.yar | 6c30b8c204041d21910d82c4a9780c71 | ASCII text |
| crime_gamaredon.yar | 9afec3308388812540be844347f2a573 | ASCII text |
| crime_goldeneye.yar | 45682b68d673e4c3d73061321fe79b2d | ASCII text |
| crime_gozi_crypter.yar | c41f17e3723b8cfc700b73bfb54c331a | ASCII text |
| crime_guloader.yar | 3bded53bc3d18363793766f583034aac | ASCII text, with very long lines (519) |
| crime_h2miner_kinsing.yar | cc95f53e4eba8d7a90f64d989190c569 | ASCII text |
| crime_hermes_ransom.yar | 5a3b2704ff7a3a1289153969e7054b3d | ASCII text |
| crime_icedid.yar | 3fd5c9001ba52a7c47147d154f34c366 | ASCII text |
| crime_kasper_oct17.yar | 79cb427bbc8b77f60d6114c91032d130 | ASCII text |
| crime_kins_dropper.yar | 0281f6231f915f38a415b0f0835d4a16 | ASCII text |
| crime_kr_malware.yar | 1adfead70dd6bd1941738212bb0f224f | ASCII text |
| crime_kraken_bot1.yar | 85bb8f8d67ee052c0172b498823cda51 | ASCII text |
| crime_kriskynote.yar | 1723c99f6fd53135e8b3531f73d19b66 | ASCII text |
| crime_locky.yar | d7442fff2e444c5ee812e99211327069 | ASCII text |
| crime_loki_bot.yar | 7bd5a107174d67e0886c5dbdb777884c | ASCII text |
| crime_mal_grandcrab.yar | e74aad04c6cd5c1e812edc95124749f1 | ASCII text |
| crime_mal_nitol.yar | 88685b782616e8bfb82c0652868ad83e | ASCII text |
| crime_mal_ransom_wadharma.yar | a178afa8f238c037e2a7a64b5fad91c3 | ASCII text |
| crime_malumpos.yar | fa2d69ce0c76f1decce2a0435a93aa2d | ASCII text |
| crime_malware_generic.yar | b8d9c0994ff0d69ac84d743d843f6479 | ASCII text |
| crime_malware_set_oct16.yar | caac6321363372ae67e640bb7fdece49 | ASCII text |
| crime_maze_ransomware.yar | 2232133fd520896a35f2c258868d4bce | ASCII text, with very long lines (560) |
| crime_mikey_trojan.yar | f7fcc42f7a2f88093ef433c44bde832a | ASCII text |
| crime_mirai.yar | 48af4186d21041245ed12fb3abc8262f | ASCII text |
| crime_mywscript_dropper.yar | 61732e6d94bedd9b8bebbf721c8a137e | ASCII text |
| crime_nansh0u.yar | c31f0ea9a3f9e92fa4e03a261ae379bd | ASCII text |
| crime_nkminer.yar | 33c59447c3cfcbb77f6b44d84928c686 | ASCII text |
| crime_nopetya_jun17.yar | d70bc0ca4f7a2cd056e7697169428756 | ASCII text |
| crime_ole_loadswf_cve_2018_4878.yar | 26188fc53b0ced98c56d5991cf878ba1 | ASCII text |
| crime_parallax_rat.yar | 95a4c248bf8c998b2cf9f7da3719929c | ASCII text, with very long lines (766) |
| crime_phish_gina_dec15.yar | c387b234fe2f58be15ea464bd7c04d19 | ASCII text |
| crime_ransom_conti.yar | 0e96749ca0e96813aafa837707f41209 | ASCII text |
| crime_ransom_darkside.yar | 11869959e96253170b4c189c4c32de71 | ASCII text, with very long lines (424) |
| crime_ransom_generic.yar | 5b111910ae10982e87e7a12d1af21507 | ASCII text |
| crime_ransom_germanwiper.yar | 2340ecbb0fa67e8b87d53c278e3f15b8 | ASCII text |
| crime_ransom_lockergoga.yar | 8739d5f91863d88f8c8c5b725bf36898 | ASCII text |
| crime_ransom_prolock.yar | af6473e3030da94f4747675158d6bc94 | ASCII text |
| crime_ransom_ragna_locker.yar | d6cf63081382cb254d098739d38d0461 | ASCII text |
| crime_ransom_revil.yar | 5dcc7914d6ab38b9aa2d7ccd84c7ae77 | ASCII text |
| crime_ransom_robinhood.yar | 6a8f3ef5ec64aca3f0774ef485197eff | ASCII text |
| crime_ransom_stealbit_lockbit.yar | a52c1e384e4c168b90c9801fb9fce521 | ASCII text |
| crime_ransom_venus.yar | e80cdd268cc19ebffff105e21523b5aa | HTML document, ASCII text |
| crime_rat_parallax.yar | e14ac3e5cbfefbe2e6954774a1ebe8b8 | ASCII text, with very long lines (533) |
| crime_revil_general.yar | 8f0ebfb0a79069e80c2501c7195330ef | ASCII text |
| crime_rombertik_carbongrabber.yar | 4581976901210f783a356b6012ab3720 | ASCII text |
| crime_ryuk_ransomware.yar | 58d7b9deeff64b48aed8f3e7331b3e4d | ASCII text |
| crime_shifu_trojan.yar | a7fae0aac666f5111554e282ede5c5bb | ASCII text |
| crime_snarasite.yar | e22715c6da6adcb53e3f8016a3b38374 | ASCII text |
| crime_socgholish.yar | 9722a11777f5d27be55470bf00e398ae | Unicode text, UTF-8 text |
| crime_stealer_exfil_zip.yar | 6f6f481bc0d6e2d61286a0e03c8d87f7 | ASCII text |
| crime_teledoor.yar | 5b2426c94c85349060b3d1afe0731951 | ASCII text |
| crime_trickbot.yar | 955e02202f3f11385d5bc72e5d538f0b | ASCII text |
| crime_upatre_oct15.yar | fc02bd6f02edb4516c25520239e5a08e | ASCII text |
| crime_wannacry.yar | 26df39e20a79b92962762363655ede84 | exported SGML document, ASCII text |
| crime_wsh_rat.yar | d2e341c1aae292b6e3919526af7f2351 | ASCII text |
| crime_xbash.yar | 259b4d86f0f01e2ea8e17c6afc4a7091 | HTML document, ASCII text |
| crime_zeus_panda.yar | 4a7c7d212c00555ce2bacab8ddd7fe90 | ASCII text |
| crime_zloader_maldocs.yar | 2b60ae65e5eb24feafd74c0a665a170a | ASCII text |
| expl_adselfservice_cve_2021_40539.yar | cbb3773dcf05a7df81271e912903bafb | ASCII text |
| expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar | dbcc2dcbbeafa34232df608f8787ecc0 | ASCII text, with very long lines (354) |
| expl_connectwise_screenconnect_vuln_feb24.yar | 6b41c69f3911babb45a8f729ebcccde8 | ASCII text |
| expl_cve_2021_1647.yar | dd88e7a6176d55873eac10b5de3de718 | ASCII text, with very long lines (1134) |
| expl_cve_2021_26084_confluence_log.yar | 7571e854412af7b086e4e0c9cfec0db7 | ASCII text |
| expl_cve_2021_40444.yar | 79ec7bf461732616949244b0824dcd47 | ASCII text |
| expl_cve_2022_41040_proxynoshell.yar | 44ba519da0fe4e670d4a5387648904ab | ASCII text |
| expl_cve_2022_46169_cacti.yar | a7a8dc62cdbd4c290b3dd35d0ea2935b | ASCII text |
| expl_ivanti_epmm_mobileiron_cve_2023_35078.yar | 6af0a58e16e5cc90f6cb55f996901edf | ASCII text |
| expl_keepass_cve_2023_24055.yar | fcf3542acd7ef15747a1d0327dfa5de2 | ASCII text |
| expl_libcue_cve_2023_43641.yar | e35bd881a90385e85e1a0c6619221ced | ASCII text |
| expl_libssh_cve_2023_2283_jun23.yar | 829c048f07c6621eee6aac94138e62f3 | ASCII text |
| expl_log4j_cve_2021_44228.yar | e7e051859857d09aec33088b1c4dadf7 | ASCII text, with very long lines (450) |
| expl_macos_switcharoo_dec22.yar | 2a7ffd127259b0ce74ff1d60b44278d5 | ASCII text |
| expl_manageengine_jan23.yar | bb4408e96a9f32c64e9f4660a0a64ae6 | ASCII text |
| expl_outlook_cve_2023_23397.yar | b3af50fcd24f073fba6798544162e859 | ASCII text |
| expl_outlook_cve_2024_21413.yar | 3116394442366264ab5378def42062b0 | ASCII text, with very long lines (382) |
| expl_proxynotshell_owassrf_dec22.yar | 24be9624715e614fe1b7b3bf4c00ee9e | ASCII text |
| expl_proxyshell.yar | 7f1daa6cb36a379147ad8fe46801872b | ASCII text |
| expl_sharepoint_cve_2023_29357.yar | 0f098739390b8fa1f49764935f1094ed | ASCII text |
| expl_spring4shell.yar | f6cb00fd6cb86ffb557420d487cb433d | ASCII text |
| expl_sysaid_cve_2023_47246.yar | 0f4e2e3cf7e00b5a2ddd424d2a682103 | ASCII text |
| expl_teamcity_2023_42793.yar | 6c85e2ffc4a377209020d10682f4ab5f | ASCII text |
| exploit_cve_2014_4076.yar | 4edb4bb188588817fbea8d81c72017a1 | ASCII text |
| exploit_cve_2015_1674.yar | 6a00d3a35e55fcbbb24c506c1a85abdc | ASCII text |
| exploit_cve_2015_1701.yar | 6619c9b9f32bec8626e9e842cbe869fa | ASCII text |
| exploit_cve_2015_2426.yar | cd2ef52c1812c5cd6e78efe8eb8cb331 | ASCII text |
| exploit_cve_2015_2545.yar | 46b6618cffb93833af2659c194b3f5a7 | ASCII text |
| exploit_cve_2015_5119.yar | eb5b8ca1fb11835eca97d86802c0a60b | ASCII text |
| exploit_cve_2017_11882.yar | 75b357f521047abc24a96cfa738bedb9 | ASCII text |
| exploit_cve_2017_8759.yar | 17ea7f10abef7e885859c3fd68a715b9 | ASCII text |
| exploit_cve_2017_9800.yar | e92dc3c16d421d67439cec3af1ce073e | ASCII text |
| exploit_cve_2018_0802.yar | b63a61ce4c2cc5debca9b1186d2b4f0d | ASCII text |
| exploit_cve_2018_16858.yar | 4e73431ea2d61601ec0e1c93347cc539 | ASCII text |
| exploit_cve_2021_31166.yar | 1c5d79305e56fb4297a5858341eb22b4 | ASCII text |
| exploit_cve_2021_33766_proxytoken.yar | a60700c77f9ee0dcda96b99620ca91f6 | ASCII text |
| exploit_cve_2022_22954_vmware_workspace_one.yar | b7be1e31a1350e22e046c92d5dfc0220 | ASCII text |
| exploit_cve_2023_38146.yar | 8df09b11b2d26049db07b0326a253b3b | ASCII text |
| exploit_f5_bigip_cve_2021_22986_log.yar | b486f55e91dc8cd34e7665ca0e815148 | ASCII text |
| exploit_gitlab_cve_2021_22205.yar | f46828921129228ecba60c291688077f | ASCII text |
| exploit_rtf_ole2link.yar | 71069a39f069c6e3ace604932426185f | ASCII text |
| exploit_shitrix.yar | 4eb27c44711c15b989522288390bc895 | ASCII text |
| exploit_tlb_scripts.yar | cdb64670f4f5d6813ad9391e022968dc | ASCII text |
| exploit_uac_elevators.yar | fa95e6fe6ba4c0ff1740eb77bf6ac5f5 | ASCII text |
| gen_100days_of_yara_2023.yar | 09115f99e1d06028ca04a426a98cedc4 | ASCII text |
| gen_Excel4Macro_Sharpshooter.yar | 3643d86f67621771418a4dcaca5e6248 | ASCII text |
| gen_ace_with_exe.yar | 16c7a950179da1c6e938d3e4eda179e6 | ASCII text |
| gen_anomalies_keyword_combos.yar | c199df287f5bca71b010fb46810d6e98 | ASCII text |
| gen_anydesk_compromised_cert_feb23.yar | f89722aa83aca23efa41994def0fae9b | ASCII text, with very long lines (309) |
| gen_armitage.yar | b0759a89d1d0a0c8fe5afb72cc854e6d | ASCII text |
| gen_autocad_lsp_malware.yar | 89a29be289c227e8bacd27d7c278532a | ASCII text |
| gen_b374k_extra.yar | ebe390aa6615b24b293c60ecf405c5ff | ASCII text |
| gen_bad_pdf.yar | b79945e64f7897e927af0ce53680b734 | ASCII text |
| gen_case_anomalies.yar | 6903985a298dd2041a6020c741b3d3b8 | ASCII text |
| gen_cert_payloads.yar | c00c31ae9d758f89ca95f0228215ce01 | ASCII text |
| gen_chaos_payload.yar | 560ade36da05a295df648ba70df73dd9 | ASCII text |
| gen_cmd_script_obfuscated.yar | 05cbf69a4a89672733a630d8ccef605b | ASCII text |
| gen_cn_hacktool_scripts.yar | caaee5c278609b3b663292502276db0f | ASCII text |
| gen_cn_hacktools.yar | 513fe25bea16de2b1f78377e65358c8e | ASCII text |
| gen_cn_webshells.yar | 43b3bd9eb8820abc321d7133273cc917 | HTML document, ASCII text |
| gen_cobaltstrike.yar | dd89a8d85f88a31e6887e4b3f044c3a2 | ASCII text |
| gen_cobaltstrike_by_avast.yar | bf65dea9bd05d55e969ce7b07f8e16e0 | ASCII text |
| gen_crime_bitpaymer.yar | 144cde64f09029149ab5db188553c718 | ASCII text |
| gen_crimson_rat.yar | c6c5c2650b834a51124f9a9fa98c9856 | ASCII text |
| gen_crunchrat.yar | 4325ef907fce1d27e6a30e1467c67d7e | ASCII text |
| gen_dde_in_office_docs.yar | e2a3b0b5f03faf9dfc3ed3dba95217cb | ASCII text |
| gen_deviceguard_evasion.yar | f19e7d3fbbe6d24567381f184292c2f5 | ASCII text |
| gen_doc_follina.yar | 8ef5b749b1b17ee61d7ed4aa8adfc2c5 | ASCII text |
| gen_dropper_pdb.yar | 33edd94efd83bd6c09e41ab4d145b248 | ASCII text |
| gen_elf_file_anomalies.yar | c25ae31c5860e98918d5bee5cebed5b7 | ASCII text |
| gen_empire.yar | f040d5a14e90bcd99a082eaba33829bc | ASCII text |
| gen_enigma_protector.yar | b1842b1ca304a25e244532d54fe19076 | ASCII text |
| gen_event_mute_hook.yar | d747e13a2b4c40c348fa58e70e29d61c | ASCII text |
| gen_excel_auto_open_evasion.yar | d1479306211cfed050f256fc4dea41d8 | ASCII text |
| gen_excel_xll_addin_suspicious.yar | 376390686e71a22eb65e777727eb439e | ASCII text |
| gen_excel_xor_obfuscation_velvetsweatshop.yar | e11e5f5ddd32080116a5c1db87952127 | ASCII text |
| gen_exploit_cve_2017_10271_weblogic.yar | 90e898d2bcfcfa99a9ddcd3037c73949 | ASCII text |
| gen_fake_amsi_dll.yar | 09a609a566df6db8db9102990a058a23 | ASCII text |
| gen_faked_versions.yar | 8f38cbba8769b9c87b3f93001e45e0f2 | ASCII text |
| gen_file_anomalies.yar | 19bab7c6646f3683bd107e98d6d9788a | ASCII text |
| gen_fireeye_redteam_tools.yar | e7a561b4920f1c50d9f5da429dcb0b7e | ASCII text, with very long lines (3182) |
| gen_floxif.yar | d9e61db5addc0aa50cfce958a0138b4c | ASCII text |
| gen_frp_proxy.yar | 743d298c3aa7ef176ac68d6a2959756f | ASCII text |
| gen_gcti_cobaltstrike.yar | 6afc3141f06a3581e1164f623e7fa139 | ASCII text |
| gen_gcti_sliver.yar | 3a81472ea70c210d8aa44e44ea0c6b78 | ASCII text |
| gen_gen_cactustorch.yar | b44103f584b724211b2d2f2918430358 | ASCII text |
| gen_github_net_redteam_tools_guids.yar | 377d19a6d9bc387f7f821aceef36346a | ASCII text |
| gen_github_net_redteam_tools_names.yar | 5161641fbf5278101cf496de22c206d3 | ASCII text |
| gen_github_repo_compromise_myjino_ru.yar | 3de5cade877597af3b3e7da1a1a9bf81 | ASCII text |
| gen_gobfuscate.yar | 1c47606dc89e483c2bcbff2aa4689a93 | ASCII text |
| gen_google_anomaly.yar | 7f240779dac682c6b9ab2db02bca88c0 | ASCII text |
| gen_gpp_cpassword.yar | 1737701c45af36a341a5f218d8b24815 | ASCII text |
| gen_hawkeye.yar | cfdac22dda1416ec6719e5d2fed9a457 | ASCII text |
| gen_hktl_koh_tokenstealer.yar | 89c014751650309a47e512f61760b817 | ASCII text |
| gen_hktl_roothelper.yar | fd465ad031de91ec7381f1f41c6b0806 | ASCII text |
| gen_hktl_venom_lib.yar | b72f26916b3350113bc008b52b3a62a5 | ASCII text |
| gen_hta_anomalies.yar | 074316b3276e841ecebb4fc70f88028b | HTML document, ASCII text |
| gen_hunting_susp_rar.yar | ad25e9cb6d0120b4ad597d4f549e1a77 | ASCII text |
| gen_icon_anomalies.yar | 868663bbb205b7e043871f1031faeb7e | ASCII text |
| gen_impacket_tools.yar | a1e70485ee63c042cc58defb70507c76 | ASCII text |
| gen_imphash_detection.yar | 6c416b93948bb51639f475b405e7560e | ASCII text |
| gen_invoke_mimikatz.yar | b3f92d041364be009e9aff91c8615db7 | ASCII text |
| gen_invoke_psimage.yar | 218c941e0ba20500b2e1ac2f60020d0e | ASCII text |
| gen_invoke_thehash.yar | df604adb6035647d224affaa04bbd091 | ASCII text |
| gen_javascript_powershell.yar | b86ad58e04f313c226d6b427ac3f3105 | ASCII text |
| gen_kerberoast.yar | 38d3b1010fb10b8f753db9ef30c15fd6 | ASCII text |
| gen_khepri.yar | 74394d924407a5fc6d7669d3ef66175d | ASCII text |
| gen_kirbi_mimkatz.yar | c4320f6c1b5ba3ee3e7a6278ed1862f3 | ASCII text |
| gen_lnx_malware_indicators.yar | 20735aece8f73fe70186f58fe7a9bb5c | ASCII text |
| gen_loaders.yar | e4af44e013fd61b6769b22d3cdb16bd0 | ASCII text |
| gen_macro_ShellExecute_action.yar | 4a36f52b7bad12910bc3ef3b74215714 | ASCII text |
| gen_macro_builders.yar | de0c5374e21f8e542eead457cb130602 | ASCII text |
| gen_macro_staroffice_suspicious.yar | ba31cd3ae9186acc63d379198d35b248 | ASCII text |
| gen_mal_3cx_compromise_mar23.yar | b60e93ae2f97a4d082879c9a56162c2a | ASCII text, with very long lines (329) |
| gen_mal_backnet.yar | 289fddeafbe452ada944c2bfd3f3a1fe | ASCII text |
| gen_mal_link.yar | a4f30625aade94373adcc222dbd1c9f6 | ASCII text |
| gen_mal_scripts.yar | 02709667c0aba8879d69d3f4e8c62723 | ASCII text |
| gen_maldoc.yar | 27aee7a87e5607c915933d8c3c1e8cdf | ASCII text |
| gen_malware_MacOS_plist_suspicious.yar | 7b071350490174c99c5bfec33af6be8a | exported SGML document, ASCII text |
| gen_malware_set_qa.yar | 051f1b1c90b3b950ecfa92673755b0a6 | ASCII text |
| gen_merlin_agent.yar | cb56da4f197d67773d47d2d41c155e3a | ASCII text |
| gen_metasploit_loader_rsmudge.yar | 78c77bfb344c5e0defb9a55ce9a98678 | ASCII text |
| gen_metasploit_payloads.yar | e48543ff5959e321d26a4c72c3bf3d85 | ASCII text |
| gen_mimikatz.yar | 5dbb431911293aac591f902be3931030 | JavaScript source, ASCII text |
| gen_mimikittenz.yar | 863c3369c586f9d5846e05ed192b6175 | ASCII text |
| gen_mimipenguin.yar | 1394cc84fa80066841c675fe7c924f75 | ASCII text |
| gen_net_xorstrings.yar | 81ce5a1895f6866709cc0b45c0ff9dca | ASCII text |
| gen_nighthawk_c2.yar | cc8f68e47603d137e69e47e83001f6f4 | ASCII text, with very long lines (478) |
| gen_nimpackt.yar | da2e4b20b8f8792826f5a7d459cf8f8e | ASCII text |
| gen_nopowershell.yar | ba10f08c803f8bc22ea61a8a887c4f6e | ASCII text |
| gen_nvidia_leaked_cert.yar | c59803dc0fbf0c241452413b4471c26a | ASCII text |
| gen_onenote_phish.yar | aa9b0645ce0d69ec6daed52aa69051d8 | ASCII text |
| gen_osx_backdoor_bella.yar | 2b9a0eeb1aedbe7dfbf341814b6705ec | ASCII text |
| gen_osx_evilosx.yar | 07a02677ab4c6d4a2d957c934e58190a | ASCII text, with very long lines (339) |
| gen_osx_pyagent_persistence.yar | 7624559fe3944b60605e384c63b184a6 | ASCII text |
| gen_p0wnshell.yar | 9725ba3eff70e212b0a53cd64f034745 | JavaScript source, ASCII text |
| gen_phish_attachments.yar | 3877fb772988ae7750211b21d7ef19d5 | ASCII text |
| gen_pirpi.yar | 3669a25414607bf27e643eb5d79b7ff2 | ASCII text |
| gen_powerkatz.yar | 7898b65f75087b7e45f39b8f4eeaf5e6 | ASCII text |
| gen_powershdll.yar | 8e71d0ebafa94b0fc45dd9fa00a52549 | HTML document, ASCII text |
| gen_powershell_empire.yar | 480c4fced01f74a00a71c9f7bb2fb82b | ASCII text |
| gen_powershell_invocation.yar | 739ef191efe079b123b2602039290e5a | ASCII text |
| gen_powershell_obfuscation.yar | c87b128cdfdbc62da165fa00cb362852 | ASCII text |
| gen_powershell_suite.yar | b775258e3c31e75d5db2e8e39a92007c | ASCII text |
| gen_powershell_susp.yar | 168b6dd9da40f10b3b4e135af6724596 | ASCII text |
| gen_powershell_toolkit.yar | c7cca579eb12384de9d25a234d976583 | ASCII text |
| gen_powersploit_dropper.yar | b18e3f4930ecb2c6ad80ad20eb80a585 | ASCII text |
| gen_ps1_shellcode.yar | f12150e0c0bfaba551b9082de1a616dd | ASCII text |
| gen_ps_empire_eval.yar | bb7c0be690b2ecb62f371b79fe3ca402 | ASCII text |
| gen_ps_osiris.yar | 9331d92af7869168d6ea497edce55527 | ASCII text |
| gen_pua.yar | 93407dfaed1bed6dca7bef9dd98661e8 | ASCII text |
| gen_pupy_rat.yar | c5012e69f986e57d268081de2546b534 | ASCII text |
| gen_python_encoded_adware.yar | 0b06b4a81bbcac0abb396cd438383e3a | ASCII text |
| gen_python_pty_shell.yar | fd59b0de74e2a9c82f842d43eed65bf3 | ASCII text |
| gen_python_pyminifier_encoded_payload.yar | 95a9c4a69a2ba2e6bc6788a1fa571c8b | ASCII text |
| gen_python_reverse_shell.yara | c94ab6e357352d4ea764cff53b3ee386 | ASCII text |
| gen_qakbot_uninstaller.yar | 4f0e28a545ed4b57cc719397aa2e9bc3 | ASCII text |
| gen_rar_exfil.yar | 9f9fbf3f95e57830702b79f40822f568 | ASCII text |
| gen_rats_malwareconfig.yar | 963447b80a5eb325497277544e9d1114 | ASCII text |
| gen_recon_indicators.yar | df1064d62a8dfdbd22d28a5a1eaca9f3 | ASCII text |
| gen_redmimicry.yar | b3dfa3b21044064e4123939a376cb824 | assembler source, ASCII text |
| gen_redsails.yar | e028b96a81c6fb47df2d172b11e9d897 | ASCII text |
| gen_regsrv32_issue.yar | 8f38cbba8769b9c87b3f93001e45e0f2 | ASCII text |
| gen_remote_potato0.yar | 2205a6767c822d966a0ad959976994d9 | ASCII text |
| gen_rottenpotato.yar | c2fa47f2ba373188ef136b6ddf60aa9b | ASCII text |
| gen_rtf_malver_objects.yar | e70a06885bbab027b73aecde82541c2a | ASCII text, with very long lines (755) |
| gen_sfx_with_microsoft_copyright.yar | 40e754e4aeaa9f8b105b58a850158756 | ASCII text |
| gen_sharpcat.yar | 4558044dbbaa06b487bb7be11371ffdc | ASCII text |
| gen_shikataganai.yar | 6802c3a0e4e63812df7b9c65056938c6 | ASCII text |
| gen_sign_anomalies.yar | 11d19120e3d34a5ac7b0f6f34cf9c969 | ASCII text |
| gen_solarwinds_credential_stealer.yar | e566f0854b9e0907e7468e04845d0cf2 | ASCII text |
| gen_susp_bat2exe.yar | 353ceb56d1a7baa9d0053c565317787a | ASCII text |
| gen_susp_bat_aux.yar | b7c0fa98d18704ebc700601f586e9cee | ASCII text |
| gen_susp_cmd_var_expansion.yar | d15866b78b37c9c932125d3e90b7edf6 | ASCII text |
| gen_susp_hacktool.yar | 07e04991b460d3bea71a4be3411e2bf6 | ASCII text |
| gen_susp_indicators.yar | bc77a13cb5cafff87fbd29e2e9df2290 | ASCII text |
| gen_susp_js_obfuscatorio.yar | 785327500bd1a2f1b2240909f2467adf | JavaScript source, ASCII text |
| gen_susp_lnk.yar | 6af21738495f1e86ee636bb7540cea7c | ASCII text |
| gen_susp_lnk_files.yar | 9d0a10418c382f91bd4cc5071c5572e7 | ASCII text |
| gen_susp_net_msil.yar | f74ba8d541b078d64b3a77fe0c1c970b | ASCII text |
| gen_susp_obfuscation.yar | 66f3ecc95cb99fac523300768349879c | HTML document, ASCII text |
| gen_susp_office_dropper.yar | 5ca6ee0b1f4eb992fedc9f38897e3494 | ASCII text |
| gen_susp_ps_jab.yar | 6656c42f8daf8e88a909c1d7c65a4340 | ASCII text |
| gen_susp_sfx.yar | 3712763011f57f730a1448af3e4b487f | ASCII text |
| gen_susp_strings_in_ole.yar | eae413c43c39055c1b03e199cb751113 | ASCII text |
| gen_susp_wer_files.yar | e2a90f9514a690afeba094d41cabbb4b | ASCII text |
| gen_susp_xor.yar | a2f14fd6c5f6631b7bf6b1c042edb7eb | ASCII text |
| gen_suspicious_InPage_dropper.yar | c5b4b593c0ead2de17e4480485e12cf7 | ASCII text |
| gen_suspicious_strings.yar | 1c5ea8634faa664968436a870ab56d88 | ASCII text |
| gen_sysinternals_anomaly.yar | caf46c334f8d1b155954463c81ee0ebc | ASCII text |
| gen_tempracer.yar | df6fac84713dfcf692ddb5de1c8a58bc | ASCII text |
| gen_thumbs_cloaking.yar | 8f38cbba8769b9c87b3f93001e45e0f2 | ASCII text |
| gen_transformed_strings.yar | 224c14bb682feb787a907930422cbe26 | ASCII text |
| gen_tscookie_rat.yar | 4b57361f3e298506b6164cb3967cdd6a | ASCII text |
| gen_unicorn_obfuscated_powershell.yar | 9ddebad74c90d94fd6673250f7f137fa | ASCII text |
| gen_unsigned_thor.yar | b4b758e36b8661272220212587efd159 | ASCII text |
| gen_unspecified_malware.yar | 00f168f43e2ab4fdf7312f389b640184 | ASCII text |
| gen_url_persitence.yar | 8b93b842879edc97a6e73ad69b1023c9 | ASCII text |
| gen_url_to_local_exe.yar | dfcb8360010af98aba1479e5f9660e9b | ASCII text |
| gen_vcruntime140_dll_sideloading.yar | 45c9657196a042218bd706ae40aca49b | ASCII text |
| gen_vhd_anomaly.yar | 0a77554415bd10b017e8c21e9a1358d3 | ASCII text |
| gen_webshell_csharp.yar | 7e3cfcd923e915819a6c7ed2dc00e5da | ASCII text |
| gen_webshells.yar | aa2f9dc951d64541763a1e5a632cdaa6 | ASCII text |
| gen_webshells_ext_vars.yar | 7aa2d33b7eee829969cc06ba6dab6f4e | HTML document, ASCII text |
| gen_win_privesc.yar | f32b165ebcc0f625fb43a05f93c6c7f2 | ASCII text |
| gen_winpayloads.yar | f0387463e55f2bf7fcefa8b704c128ee | ASCII text |
| gen_winshells.yar | e4970d5e193fcec0dbb7846a7c9a210d | ASCII text |
| gen_wmi_implant.yar | 82ccc02c52c8490b85cc6578fe2b6067 | ASCII text |
| gen_xor_hunting.yar | d2569e50b4636450363cb8fcd04a94b2 | ASCII text |
| gen_xored_pe.yar | 175d781545b45db9c1457c1bef4efada | ASCII text |
| gen_xtreme_rat.yar | 6610a9de4b1212f17cc2e9ed0c574b92 | ASCII text |
| gen_ysoserial_payloads.yar | 3e62203916ef6b07d4b3b947104c6b1c | ASCII text |
| gen_zoho_rcef_logs.yar | f2178abb5ad22d2971b22fb86baa4b89 | ASCII text |
| general_cloaking.yar | b562940c4a9239b5f33935ab54b91bb5 | ASCII text, with very long lines (314) |
| general_officemacros.yar | 49b067a746cf6510dc66dc1bb71e06f4 | ASCII text |
| generic_anomalies.yar | 1bf16400a8479cdd5db1570454235720 | exported SGML document, ASCII text |
| generic_cryptors.yar | c7fcfab79a284bc087eab51fe956ec5a | ASCII text |
| generic_dumps.yar | 2db72ff883cc49775a3e484f10387f34 | ASCII text |
| generic_exe2hex_payload.yar | 00627b291709a56a8fa0fe65994feda8 | ASCII text |
| hktl_bruteratel_c4.yar | 15d557f4049c581fcc1c6220af52ffeb | ASCII text |
| hktl_bruteratel_c4_badger.yar | 86a20367629f4d95b528e88f221eb9e6 | ASCII text |
| hktl_natbypass.yar | b3375408c273d5d699a48139e2307e6f | ASCII text |
| log_teamviewer_keyboard_layouts.yar | 83bb6f4338e5fe7bc42149c12d9b1a22 | ASCII text |
| mal_avemaria_rat.yar | 0bdd2f16b011b5a2356ae531ce587647 | ASCII text |
| mal_bibi_wiper_oct23.yar | 7d60f5381a1edb9792db5b6531171c12 | ASCII text |
| mal_codecov_hack.yar | b06ccbcd5bd94ee06d642d3851a9d34e | ASCII text |
| mal_crime_unknown.yar | 458fa863a2c1d00ea9f44f01f893755e | ASCII text, with very long lines (447) |
| mal_cryp_rat.yar | 102ceea5b1230f7649bae202682648ae | ASCII text |
| mal_ducktail_compromised_certs_jun23.yar | 3cfd83f8ea682ff5d1a0c781c1ab3e41 | ASCII text |
| mal_efile_apr23.yar | 4454fe13ac791aaa43cc189ac3254154 | ASCII text |
| mal_fake_document_software.yar | 61dc48be50c606a753c63924c263d421 | ASCII text |
| mal_fortinet_coathanger_feb24.yar | d90f312735a89b5c2b742c782332b2e8 | ASCII text |
| mal_go_modbus.yar | 2ec5daac8c458e1b90e5b53211484234 | ASCII text |
| mal_lnx_barracuda_cve_2023_2868.yar | 42e50b51c9f9c2ebac880d8c6ac278f3 | ASCII text |
| mal_lnx_implant_may22.yar | 821787f9205a9c8c3b3dbc828a1c8bce | ASCII text |
| mal_lockbit_lnx_macos_apr23.yar | f383d45f39d80409b466bc741718bde9 | ASCII text |
| mal_netsha.yar | 298f29aadfc2a31185f516a65baee903 | ASCII text |
| mal_passwordstate_backdoor.yar | 8751be03e4487e396cde802f0eb939bc | ASCII text |
| mal_qbot_feb23.yar | e72ba9bc24a12e989bc8dead5321568d | ASCII text |
| mal_qbot_payloads.yar | 9c386eb7160a301cc8e11215b9c11a62 | ASCII text |
| mal_ransom_esxi_attacks_feb23.yar | 5c680a531269fbcfdbb4e02819ba815c | ASCII text |
| mal_ransom_lorenz.yar | d8021422e961976e80bc56648c60dc71 | ASCII text |
| mal_ru_sparepart_dec22.yar | cb82039e2ace812e861e8b69fbc3cd48 | ASCII text, with very long lines (397) |
| pua_cryptocoin_miner.yar | e73edeee16dd3ff36fb83af66ea11581 | ASCII text |
| pua_xmrig_monero_miner.yar | b32790f36c8a22bdf338d71dbb89cb4c | ASCII text |
| pup_lightftp.yar | 3edb3bcff9a84888937fd001f05ef81b | ASCII text |
| spy_equation_fiveeyes.yar | 83a787747da773479312d9efe6082cf1 | ASCII text |
| spy_querty_fiveeyes.yar | ace2af19cd615224e35a4ce7bae34913 | ASCII text |
| spy_regin_fiveeyes.yar | 79a137f486d3db31a00e7c4f599b0ed6 | ASCII text |
| susp_bat_obfusc_jul24.yar | f6002bb0be014431b48371b9a16ac2d4 | ASCII text |
| susp_vulndriver_hp_hardware_diagnostics_etdsupp_may23.yar | 3659a5c72f2e035316e0eac7542934f9 | ASCII text |
| thor-hacktools.yar | 71a2f5ba6e03013e00dea0fc7d13ed80 | ASCII text |
| thor-webshells.yar | 5770c8034da9717dc49c9c4f9e89bb76 | HTML document, ASCII text |
| thor_inverse_matches.yar | d0b40f1f24b1bdd044ff18a91292656c | ASCII text |
| threat_lenovo_superfish.yar | 177d11f693725892ca9ed016df81cd67 | ASCII text |
| vul_backdoor_antitheftweb.yar | 025bcddf2c11629885d9bdd508999eb1 | ASCII text |
| vul_confluence_questions_plugin_cve_2022_26138.yar | 3070aa806f0155cb4ee940653afb9670 | ASCII text |
| vul_cve_2020_0688.yar | e088bf0d42568cfb04980b7b773844cb | ASCII text |
| vul_cve_2020_1938.yar | 8eea962adf4cb9048611bef5e350fa63 | exported SGML document, ASCII text |
| vul_cve_2021_3438_printdriver.yar | 27f0b9aaec72c9b050040680e0fe4592 | ASCII text |
| vul_cve_2021_386471_omi.yar | 904e494a65e1eb258037a2b8d286ad0f | ASCII text |
| vul_dell_bios_upd_driver.yar | 0a43a3042aeb3b1cfd4d6ad87cc87587 | ASCII text |
| vul_drivecrypt.yar | dc59a5b4e1116f2f7f3abec182b3036c | ASCII text |
| vul_jquery_fileupload_cve_2018_9206.yar | 287d20a5ff7a7f6b49ed3642fcabacd9 | ASCII text |
| vul_php_zlib_backdoor.yar | 28c0b9f981bfcac2b186416f8e711271 | ASCII text |
| vuln_gigabyte_driver.yar | b1608b4fda05b971b6f7a89edacc009b | ASCII text |
| vuln_keepass_brute_forcible.yar | e0e3be1ef6dc20784a2e965b7dbb442c | ASCII text, with very long lines (370) |
| vuln_moveit_0day_jun23.yar | 11a5d2b6e23435e858e2ea344b612f9a | ASCII text |
| vuln_paloalto_cve_2024_3400_apr24.yar | dc730bfc22f0922bc4931e21abfca88e | ASCII text |
| vuln_proxynotshell_cve_2022_41040.yar | 0c926ca44571ab411c610408ac3a3c3f | ASCII text |
| webshell_regeorg.yar | f7c160344180c05d1d946931c2aae479 | ASCII text |
| webshell_xsl_transform.yar | d8ff322a6b3beb712d3e63f8065a2cdd | ASCII text |
| yara-rules_mal_drivers.yar | 276687a2c231911aceaf395c69345b14 | ASCII text, with very long lines (338) |
| yara-rules_vuln_drivers_strict.yar | 9d599f536be474ceb66dd79fd0c5603a | ASCII text, with very long lines (668) |
| yara-rules_vuln_drivers_strict_renamed.yar | 253dab51ef3f0fd08ef29d8f2ce836ee | ASCII text, with very long lines (668) |
| yara_mixed_ext_vars.yar | 33999399cc1f4c7f37aefeab37fd7f85 | ASCII text |
Detections
| Analyzer | Verdict | Alert |
|---|---|---|
| Public Nextron YARA rules | malware | APT 10 / Cloud Hopper malware campaign |
| Public Nextron YARA rules | malware | String from the ShodowBroker Files Screenshots - Dec 2016 |
| Public Nextron YARA rules | malware | Detects path of the unix socket created to prevent concurrent executions in Exaramel malware |
| Public Nextron YARA rules | malware | EquationDrug - HDD/SSD firmware operation - nls_933w.dll |
| Public Nextron YARA rules | malware | Detects strings found in Runspace Post Exploitation Toolkit |
| Public Nextron YARA rules | malware | String from the ShodowBroker Files Screenshots - Dec 2016 |
| Public Nextron YARA rules | malware | Detects strings found in Runspace Post Exploitation Toolkit |
| Public Nextron YARA rules | malware | Osiris Device Guard Bypass - file Invoke-OSiRis.ps1 |
| Public Nextron YARA rules | malware | EquationDrug - HDD/SSD firmware operation - nls_933w.dll |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file readme.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file shankar.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file STNC.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file h4ntu shell [powered by tsoi].txt |
| Public Nextron YARA rules | malware | Detects Turla Agent.BTZ |
| Public Nextron YARA rules | malware | Detects JavaDropper RAT |
| Public Nextron YARA rules | malware | APT 10 / Cloud Hopper malware campaign |
| Public Nextron YARA rules | malware | Find generic data potentially relating to AP15 tools |
| Public Nextron YARA rules | malware | Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Public Nextron YARA rules | malware | HyperBro Stage 3 C2 path and user agent detection - also tested in memory |
| Public Nextron YARA rules | malware | Rule to detect Drovorub-server, Drovorub-agent, or Drovorub-client based |
| Public Nextron YARA rules | malware | Auto-generated rule |
| Public Nextron YARA rules | malware | php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings |
| Public Nextron YARA rules | malware | Generic PHP webshell which uses any eval/exec function in the same line with user input |
| Public Nextron YARA rules | malware | A loader for the CobaltStrike malware family, which ultimately takes the first and second bytes of an embedded file, and flips them prior to executing the resulting payload. |
| Public Nextron YARA rules | malware | The FRESHFIRE malware family. The malware acts as a downloader, pulling down an encrypted snippet of code from a remote source, executing it, and deleting it from the remote server. |
| Public Nextron YARA rules | malware | Detects EnvyScout deobfuscator code as used by NOBELIUM group |
| Public Nextron YARA rules | malware | Detects NV Link as used by NOBELIUM group |
| Public Nextron YARA rules | malware | Detects BoomBox malware as described in APT29 NOBELIUM report |
| Public Nextron YARA rules | malware | Detects stageless loader as used by APT29 / NOBELIUM |
| Public Nextron YARA rules | malware | Detects APT 34 malware |
| Public Nextron YARA rules | malware | North Korean origin malware which uses a custom Google App for c2 communications. |
| Public Nextron YARA rules | malware | Detects Speculoos Backdoor used by APT41 |
| Public Nextron YARA rules | malware | Rule written for 2 malware samples that communicated to APT6 C2 servers |
| Public Nextron YARA rules | malware | Detetcs a tool used in the Australian Parliament House network compromise |
| Public Nextron YARA rules | malware | Detetcs a tool used in the Australian Parliament House network compromise |
| Public Nextron YARA rules | malware | Detetcs a tool used in the Australian Parliament House network compromise |
| Public Nextron YARA rules | malware | Custome SSH backdoor based on python and paramiko - file server.py |
| Public Nextron YARA rules | malware | Casper French Espionage Malware - String Match in File - http://goo.gl/VRJNLo |
| Public Nextron YARA rules | malware | Casper French Espionage Malware - System Info Output - http://goo.gl/VRJNLo |
| Public Nextron YARA rules | malware | Detects possible shortcut usage for .URL persistence |
| Public Nextron YARA rules | malware | Detects malware from the Proofpoint CN APT ZeroT incident |
| Public Nextron YARA rules | malware | Detects malware from the Proofpoint CN APT ZeroT incident |
| Public Nextron YARA rules | malware | Chinese APT by Proofpoint ZeroT RAT - file Mcutil.dll |
| Public Nextron YARA rules | malware | Detects Red Delta samples |
| Public Nextron YARA rules | malware | Detects Red Delta samples |
| Public Nextron YARA rules | malware | Identifies strings used in Cobalt Strike Beacon DLL |
| CAPEv2 YARA detection rules | malware | Cobalt Strike Beacon Payload |
| Public Nextron YARA rules | malware | Detects unmodified CobaltStrike beacon DLL |
| Public Nextron YARA rules | malware | Detects CobaltStrike payloads |
| Public Nextron YARA rules | malware | Detects Codoso APT CustomTCP Malware |
| Public Nextron YARA rules | malware | Detects Codoso APT Gh0st Malware |
| Public Nextron YARA rules | malware | Detects Codoso APT Gh0st Malware |
| Public Nextron YARA rules | malware | Detects Codoso APT PGV PVID Malware |
| Public Nextron YARA rules | malware | Detects a malware sysdll.exe from the Rocket Kitten APT |
| Public Nextron YARA rules | malware | Detects trojan from APT report named http.exe |
| Public Nextron YARA rules | malware | Detects a malicious PotPlayer.dll |
| Public Nextron YARA rules | malware | Hack Deep Panda - lot1.tmp-pwdump |
| Public Nextron YARA rules | malware | Hack Deep Panda - htran-exe |
| Public Nextron YARA rules | malware | Hacktool |
| Public Nextron YARA rules | malware | Detects DTRACK malware |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file create_dns_injection.py |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file screamingplow.sh |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file MixText.py |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file tunnel_state_reader |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file payload.py |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file eligiblecandidate.py |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file BUSURPER-2211-724.exe |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file networkProfiler_orderScans.sh |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file epicbanana_2.1.0.1.py |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file sniffer_xml2pcap |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file BananaAid |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file config_jp1_UA.pl |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file userscript.FW |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file BUSURPER-3001-724.exe |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file workit.py |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file tinyhttp_setup.sh |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file EPBA.script |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file jetplow.sh |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file extrabacon_1.1.0.1.py |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file sploit.py |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file uninstallPBD.bat |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file BICECREAM-2140 |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file BFLEA-2201.exe |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file StoreFc.py |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - file BBALL_E28F6-2201.exe |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - from files BARPUNCH-3110, BPICKER-3100 |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - from files pandarock_v1.11.1.1.bin, pit |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - from files BananaUsurper-2120, writeJetPlow-2130 |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - from files BLIAR-2110, BLIQUER-2230, BLIQUER-3030, BLIQUER-3120 |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - from files BLIAR-2110, BLIQUER-2230 |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - from files sploit.py, sploit.py |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - from files ssh.py, telnet.py |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - Callback addresses |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - Extrabacon exploit output |
| Public Nextron YARA rules | malware | EQGRP Toolset Firewall - Unique strings |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file Auditcleaner |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file elgingamble |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file cmsd |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file ebbshave.v5 |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file eggbasket |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file sambal |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file cmsex |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file DUL |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file slugger2 |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file ebbisland |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file jackpop |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file parsescan |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file epoxyresin.v1.0.0.1 |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file estopmoonlit |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file envoytomato |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file smash |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file ratload |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file ys.auto |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file estesfox |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- file scanner |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7 |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- from files scanner, scanner.v2.1.2 |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- from files ghost_sparc, ghost_x86 |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- from files jparsescan, parsescan |
| Public Nextron YARA rules | malware | Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7 |
| Public Nextron YARA rules | malware | Equation Group hack tool set |
| Public Nextron YARA rules | malware | Detects EquationGroup Tool - April Leak |
| Public Nextron YARA rules | malware | Detects EquationGroup Tool - April Leak |
| Public Nextron YARA rules | malware | Detects EquationGroup Tool - April Leak |
| Public Nextron YARA rules | malware | Detects EquationGroup Tool - April Leak |
| Public Nextron YARA rules | malware | Detects output generated by EQGRP scanner.exe |
| Public Nextron YARA rules | malware | String from the ShodowBroker Files Screenshots - Dec 2016 |
| Public Nextron YARA rules | malware | Detects strings derived from the ShadowBroker's leak of Windows tools/exploits |
| Public Nextron YARA rules | malware | This rule is UNTESTED against a large dataset and is for hunting purposes only. |
| Public Nextron YARA rules | malware | Detects malware Redosdru - file systemHome.exe |
| Public Nextron YARA rules | malware | Detects code found in report on exploits against CVE-2020-5902 F5 BIG-IP vulnerability by NCC group |
| Public Nextron YARA rules | malware | Detects a string found in memory of malware cedt370r(3).exe |
| Public Nextron YARA rules | malware | Detects strings from FIN7 report in August 2018 |
| Public Nextron YARA rules | malware | Detects JavaScript obfuscation as used in MalDocs by FIN7 group |
| Public Nextron YARA rules | malware | Detects Word Dropper from Proofpoint FIN7 Report |
| Public Nextron YARA rules | malware | Detects FourElementSword Malware |
| Public Nextron YARA rules | malware | Detects FourElementSword Malware |
| Public Nextron YARA rules | malware | String from the ShodowBroker Files Screenshots - Dec 2016 |
| Public Nextron YARA rules | malware | Auto-generated rule - file violetspirit.README |
| Public Nextron YARA rules | malware | Auto-generated rule - file gr.notes |
| Public Nextron YARA rules | malware | Auto-generated rule - file user.tool.yellowspirit.COMMON |
| Public Nextron YARA rules | malware | Auto-generated rule - file opscript.se |
| Public Nextron YARA rules | malware | Auto-generated rule - file user.tool.epichero.COMMON |
| Public Nextron YARA rules | malware | Auto-generated rule - file user.tool.elatedmonkey |
| Public Nextron YARA rules | malware | Auto-generated rule - file user.tool.dubmoat.COMMON |
| Public Nextron YARA rules | malware | Auto-generated rule - file strifeworld.1 |
| Public Nextron YARA rules | malware | Auto-generated rule - file user.tool.pork.COMMON |
| Public Nextron YARA rules | malware | Auto-generated rule - file user.tool.ebbisland.COMMON |
| Public Nextron YARA rules | malware | Auto-generated rule - file user.tool.elgingamble.COMMON |
| Public Nextron YARA rules | malware | Auto-generated rule - file README.cup.NOPEN |
| Public Nextron YARA rules | malware | Auto-generated rule - file oneshot.example |
| Public Nextron YARA rules | malware | Auto-generated rule - file user.tool.earlyshovel.COMMON |
| Public Nextron YARA rules | malware | Auto-generated rule - file user.tool.envisioncollision.COMMON |
| Public Nextron YARA rules | malware | Auto-generated rule |
| Public Nextron YARA rules | malware | Auto-generated rule - from files user.tool.orleansstride.COMMON, user.tool.curserazor.COMMON |
| Public Nextron YARA rules | malware | Auto-generated rule |
| Public Nextron YARA rules | malware | Auto-generated rule - from files violetspirit.README, violetspirit.README |
| Public Nextron YARA rules | malware | Detects strings derived from the ShadowBroker's leak of Windows tools/exploits |
| Public Nextron YARA rules | malware | Detects Gh0st RAT mentioned in Cylance' Ghost Dragon Report |
| Public Nextron YARA rules | malware | Detects Gh0st RAT mentioned in Cylance' Ghost Dragon Report |
| Public Nextron YARA rules | malware | Detects export from Gold Dragon - February 2018 |
| Public Nextron YARA rules | malware | Detects ISMDoor Backdoor |
| Public Nextron YARA rules | malware | Auto-generated rule |
| Public Nextron YARA rules | malware | X-Agent/CHOPSTICK Implant by APT28 |
| Public Nextron YARA rules | malware | BlackEnergy / Voodoo Bear Implant by APT28 |
| Public Nextron YARA rules | malware | Unidentified Implant by APT29 |
| Public Nextron YARA rules | malware | Detects forensic artefacts found in HAFNIUM intrusions |
| Public Nextron YARA rules | malware | Detects PowerCat hacktool |
| Public Nextron YARA rules | malware | Detects PowerShell Oneliner in Nishang's repository |
| Public Nextron YARA rules | malware | variation on reGeorgtunnel |
| Public Nextron YARA rules | malware | The SPORTSBALL webshell allows attackers to upload files or execute commands on the system. |
| Public Nextron YARA rules | malware | Detects web shells dropped by CVE-2021-27065. All actors, not specific to HAFNIUM. TLP:WHITE |
| Public Nextron YARA rules | malware | Detects CVE-2021-27065 Webshellz |
| Public Nextron YARA rules | malware | Detects Chopper like ASPX Webshells |
| Public Nextron YARA rules | malware | Detects Chopper like ASPX Webshells |
| Public Nextron YARA rules | malware | Generic ASP webshell which uses any eval/exec function directly on user input |
| Public Nextron YARA rules | malware | Detects forensic artefacts found in HAFNIUM intrusions exploiting CVE-2021-27065 |
| Public Nextron YARA rules | malware | Detects forensic artefacts showing cleanup activity found in HAFNIUM intrusions exploiting |
| Public Nextron YARA rules | malware | Detects suspicious log entries that indicate requests as described in reports on HAFNIUM activity |
| Public Nextron YARA rules | malware | Detects Tofu Trojan |
| Public Nextron YARA rules | malware | detection for Hellsing implants |
| Public Nextron YARA rules | malware | Detects HOPLIGHT malware used by HiddenCobra APT group |
| Public Nextron YARA rules | malware | Detects Industroyer related custom port scaner output file |
| Public Nextron YARA rules | malware | Detects Industroyer related malware |
| Public Nextron YARA rules | malware | Detects IronGate APT Malware - Step7ProSim DLL |
| Public Nextron YARA rules | malware | Hack Deep Panda - htran-exe |
| Public Nextron YARA rules | malware | Iron Panda malware DnsTunClient - file named.exe |
| Public Nextron YARA rules | malware | Iron Panda Malware Htran |
| Public Nextron YARA rules | malware | ASPXSpy detection. It might be used by other fraudsters |
| Public Nextron YARA rules | malware | Iron Tiger Tool - wmi.vbs detection |
| Public Nextron YARA rules | malware | Keylogger - generic rule for a Chinese variant |
| Public Nextron YARA rules | malware | Laudanum Injector Tools - file shell.php |
| Public Nextron YARA rules | malware | Laudanum Injector Tools |
| Public Nextron YARA rules | malware | php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings |
| Public Nextron YARA rules | malware | Generic JSP webshell |
| Public Nextron YARA rules | malware | JSP Webshells which contain unique strings, lousy rule for low hanging fruits. Most are catched by other rules in here but maybe these catch different versions. |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - from files Dive Shell 1.0 |
| Public Nextron YARA rules | malware | Detects Lazarus malware from incident in Dec 2017 |
| Public Nextron YARA rules | malware | Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip |
| Public InfoSec YARA rules | malware | Identifies tricks often seen in malicious scripts such as moving the window off-screen or resizing it to zero. |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Public Nextron YARA rules | malware | Detects LinaDoor Linux Rootkit |
| Public Nextron YARA rules | malware | Detects Pupy RAT |
| Public Nextron YARA rules | malware | Detects DLLs loaded by shellcode loader (6ce5b6b4cdd6290d396465a1624d489c7afd2259a4d69b73c6b0ba0e5ad4e4ad) (relation to Lazarus group) |
| Public Nextron YARA rules | malware | Detects suspicios ELF files with sections as described in malicious iLO Board analysis by AmnPardaz in December 2021 |
| Public Nextron YARA rules | malware | Malware sample mentioned in Microcin technical report by Kaspersky |
| Public Nextron YARA rules | malware | CommentCrew Malware MiniASP APT |
| Public Nextron YARA rules | malware | Detects ShimRat and the ShimRat loader |
| Public Nextron YARA rules | malware | Detects ShimRatReporter |
| Public Nextron YARA rules | malware | Detects Molerats sample - July 2017 |
| Public Nextron YARA rules | malware | Rule to detect Moonlight Maze Loki samples by custom attacker-authored strings |
| Public Nextron YARA rules | malware | Rule to detect Moonlight Maze sniffer tools |
| Public Nextron YARA rules | malware | Rule to detect Moonlight Maze 'de' and 'deg' tunnel tool |
| Public Nextron YARA rules | malware | Rule to detect Moonlight Maze 'cle' log cleaning tool |
| Public Nextron YARA rules | malware | Rule to detect Moonlight Maze 'xk' keylogger |
| Public Nextron YARA rules | malware | Detetcs the Nanocore RAT and similar malware |
| Public Nextron YARA rules | malware | Detetcs the Nanocore RAT |
| Elastic Security YARA Rules | malware | Windows.Trojan.Nanocore |
| Public Nextron YARA rules | malware | Detects user function string from NCSC report |
| Public Nextron YARA rules | malware | Detects malicious batch file from NCSC report |
| Public Nextron YARA rules | malware | Detects malicious batch file from NCSC report |
| Public Nextron YARA rules | malware | Detects RDP brute forcer from NCSC report |
| Public Nextron YARA rules | malware | Detects Z Webshell from NCSC report |
| Public Nextron YARA rules | malware | Detects a string also used in Netwire RAT auxilliary |
| Public Nextron YARA rules | malware | Detects a string also used in Netwire RAT auxilliary |
| Public Nextron YARA rules | malware | Ruby loader seen loading the ROKRAT malware family. |
| Public Nextron YARA rules | malware | Detects strings found in POOLRAT malware |
| Public Nextron YARA rules | malware | Detects Oilrig malware samples |
| Public Nextron YARA rules | malware | Detects OilRig malware |
| Public Nextron YARA rules | malware | Detects OilRig malware |
| Public Nextron YARA rules | malware | Detects APT34 PowerShell malware |
| Public Nextron YARA rules | malware | Detects APT34 PowerShell malware |
| Public Nextron YARA rules | malware | Powershell CnC using DNS queries |
| Public Nextron YARA rules | malware | Detects ONHAT Proxy - Htran like SOCKS hack tool used by Chinese APT groups |
| Public Nextron YARA rules | malware | Keylogger used by attackers in Operation Cleaver |
| Public Nextron YARA rules | malware | ARP cache poisoner used by attackers in Operation Cleaver |
| Public Nextron YARA rules | malware | Shell Creator used by attackers in Operation Cleaver to create ASPX web shells |
| Public Nextron YARA rules | malware | Malware or hack tool used by attackers in Operation Cleaver |
| Public Nextron YARA rules | malware | Malware or hack tool used by attackers in Operation Cleaver |
| Public Nextron YARA rules | malware | Tiny Bot used by attackers in Operation Cleaver |
| Public Nextron YARA rules | malware | Keywords used by attackers in Operation Cleaver |
| Public Nextron YARA rules | malware | Hack tool used by attackers in Operation Cleaver |
| Public Nextron YARA rules | malware | Backdoor used by attackers in Operation Cleaver |
| Public Nextron YARA rules | malware | Backdoor used by attackers in Operation Cleaver |
| Public Nextron YARA rules | malware | Mimikatz Wrapper used by attackers in Operation Cleaver |
| Public Nextron YARA rules | malware | Parviz tool used by attackers in Operation Cleaver |
| Public Nextron YARA rules | malware | Hack tool used by attackers in Operation Cleaver |
| Public Nextron YARA rules | malware | Mimikatz wrapper used by attackers in Operation Cleaver |
| Public Nextron YARA rules | malware | CCProxy config known from Operation Cleaver |
| Public Nextron YARA rules | malware | Detects malware from Operation Cloud Hopper |
| Public Nextron YARA rules | malware | Malware related to Operation Cloud Hopper - Page 25 |
| Public Nextron YARA rules | malware | Tools related to Operation Cloud Hopper |
| Public Nextron YARA rules | malware | Strings from CSharp version of Agent |
| Public Nextron YARA rules | malware | Strings from PowerShell dropper of CSharp version of Agent |
| Public Nextron YARA rules | malware | Piece of Base64 encoded data from Agent CSharp version |
| Public Nextron YARA rules | malware | Strings from Python version of Agent |
| Public Nextron YARA rules | malware | Piece of Base64 encoded data from Agent Python version |
| Public Nextron YARA rules | malware | Strings from Python keylogger |
| Public Nextron YARA rules | malware | Strings from the CSharp version of XServer |
| Public Nextron YARA rules | malware | Piece of Base64 encoded data from the XServer PowerShell dropper |
| Public Nextron YARA rules | malware | Strings from the PowerShell dropper of XServer |
| Public Nextron YARA rules | malware | Process injector/launcher |
| Public Nextron YARA rules | malware | Timeliner utility |
| Public Nextron YARA rules | malware | Checkadmin utility |
| Public Nextron YARA rules | malware | Python getos utility |
| Public Nextron YARA rules | malware | Strings from the information grabber VBS |
| Public Nextron YARA rules | malware | Strings from the console.jsp webshell |
| Public Nextron YARA rules | malware | Strings from the ver.jsp webshell |
| Public Nextron YARA rules | malware | Generic strings from webinfo.war webshells |
| Public Nextron YARA rules | malware | PassCV Malware mentioned in Cylance Report |
| Public Nextron YARA rules | malware | Detects PoisonIvy RAT sample set |
| Public Nextron YARA rules | malware | Detects Poseidon Group Malware |
| Public Nextron YARA rules | malware | Detects |
| Public Nextron YARA rules | malware | Detects scripts (mostly LUA) from Project Sauron report by Kaspersky |
| Public Nextron YARA rules | malware | Detects Dsniff hack tool |
| Public Nextron YARA rules | malware | Detects strings from arping module - Project Sauron report by Kaspersky |
| Public Nextron YARA rules | malware | Detects strings from kblogi module - Project Sauron report by Kaspersky |
| Public Nextron YARA rules | malware | Detects strings from basex module - Project Sauron report by Kaspersky |
| Public Nextron YARA rules | malware | Detects strings from dext module - Project Sauron report by Kaspersky |
| Public Nextron YARA rules | malware | Detects PROMETHIUM and NEODYMIUM malware |
| Public Nextron YARA rules | malware | Detects PROMETHIUM and NEODYMIUM malware |
| Public Nextron YARA rules | malware | Detects an APT malware related to PutterPanda |
| Public Nextron YARA rules | malware | Detects Malware related to PutterPanda |
| Public Nextron YARA rules | malware | Detects all QuarksPWDump versions |
| Public Nextron YARA rules | malware | Detects Quasar RAT |
| Public Nextron YARA rules | malware | Detects indicators found in DarkBit ransomware |
| Public Nextron YARA rules | malware | Detects malware from Rehashed RAT incident |
| Public Nextron YARA rules | malware | Detects RevengeRAT malware |
| Public Nextron YARA rules | malware | Auto-generated rule - file Reveal-MemoryCredentials.ps1 |
| Public Nextron YARA rules | malware | Sakula malware - strings after unpacking (memory rule) |
| Public Nextron YARA rules | malware | Detects an archive file created by P.A.S. for download operation |
| Public Nextron YARA rules | malware | Detects SQL dump file created by P.A.S. webshell |
| Public Nextron YARA rules | malware | Detects the encryption key for the configuration file used by Exaramel malware as seen in sample e1ff72[...] |
| Public Nextron YARA rules | malware | Detects the specific name of the configuration file in Exaramel malware as seen in sample e1ff72[...] |
| Public Nextron YARA rules | malware | Detects path of the unix socket created to prevent concurrent executions in Exaramel malware |
| Public Nextron YARA rules | malware | Detects names of the tasks received from the CC server in Exaramel malware |
| Public Nextron YARA rules | malware | Detects Strings used by Exaramel malware |
| Public Nextron YARA rules | malware | Detects commands used by Sandworm group to exploit critical vulernability CVE-2019-10149 in Exim |
| Public Nextron YARA rules | malware | Detects SSH key used by Sandworm on exploited machines |
| Public Nextron YARA rules | malware | Detects ssh config entry inserted by Sandworm on compromised machines |
| Public Nextron YARA rules | malware | Detects mysql init script used by Sandworm on compromised machines |
| Public Nextron YARA rules | malware | Detects shell script used by Sandworm in attack against Exim mail server |
| Public Nextron YARA rules | malware | Detects Sandworm Python loader |
| Public Nextron YARA rules | malware | Scanbox Chinese Deep Panda APT Malware http://goo.gl/MUUfjv and http://goo.gl/WXUQcP |
| Public Nextron YARA rules | malware | Detects malware from Sednit Delphi Downloader report |
| Public Nextron YARA rules | malware | A malicious Chrome browser extention used by the SharpTongue threat actor to steal mail data from a victim |
| Public Nextron YARA rules | malware | Detects a |
| Public Nextron YARA rules | malware | Detects malware sample mentioned in the Silence report on Securelist |
| Public Nextron YARA rules | malware | Detects Sofacy Fysbis Linux Backdoor |
| Public Nextron YARA rules | malware | X-Agent/CHOPSTICK Implant by APT28 |
| Public Nextron YARA rules | malware | Sofacy Bundestags APT Batch Script |
| Public Nextron YARA rules | malware | Detects webshell access mentioned in FireEye's SUNBURST report |
| Public Nextron YARA rules | malware | STUXSHOP_config |
| Public Nextron YARA rules | malware | Detects mutex names in SUNSPOT |
| Public Nextron YARA rules | malware | inveigh pen testing tools & related artifacts |
| Public Nextron YARA rules | malware | Auto-generated rule |
| Public Nextron YARA rules | malware | Auto-generated rule |
| Public Nextron YARA rules | malware | Detects strings from scripts in the PowerShell-Suite repo |
| Public Nextron YARA rules | malware | Detects Volgmer malware as reported in US CERT TA17-318B |
| Public Nextron YARA rules | malware | Detects malware mentioned in TA18-074A |
| Public Nextron YARA rules | malware | Detects TeleBots malware - IntercepterNG |
| Public Nextron YARA rules | malware | Certutil Decode |
| Public Nextron YARA rules | malware | Detects Liudoor daemon backdoor |
| Public Nextron YARA rules | malware | Unique code from Jetriz, Swid & Jeniva of the Tetris framework |
| Public Nextron YARA rules | malware | Code and strings of plugins from the Tetris framework loaded by Swid |
| Public Nextron YARA rules | malware | Threat Group 3390 APT - Strings |
| Public Nextron YARA rules | malware | Generic ASP webshell which uses any eval/exec function directly on user input |
| Public Nextron YARA rules | malware | TRITON framework recovered during Mandiant ICS incident response |
| Public Nextron YARA rules | malware | Detects Turla malware (based on sample used in the RUAG APT case) |
| Public Nextron YARA rules | malware | Detects malware used in the RUAG APT case |
| Public Nextron YARA rules | malware | Detects Turla malware (based on sample used in the RUAG APT case) |
| Public Nextron YARA rules | malware | Detects Turla malicious script |
| Public Nextron YARA rules | malware | Rule for detection of Nautilus related strings |
| Public Nextron YARA rules | malware | Detects artefacts found in Hermetic Wiper malware related intrusions |
| Public Nextron YARA rules | malware | Detects scheduled task pattern found in Hermetic Wiper malware related intrusions |
| Public Nextron YARA rules | malware | Detects SombRAT samples from UNC2447 campaign |
| Public Nextron YARA rules | malware | Detects WARPRISM PowerShell samples from UNC2447 campaign |
| Public Nextron YARA rules | malware | Detects DEWMODE webshells |
| Public Nextron YARA rules | malware | Detects malware by Chinese APT PLA Unit 78020 - Generic Rule - Chong |
| Public Nextron YARA rules | malware | Detects a dropper used to deploy an implant via side loading. This dropper has specifically been observed deploying REDLEAVES & PlugX |
| Public Nextron YARA rules | malware | Strings identifying the core REDLEAVES RAT in its deobfuscated state |
| Public Nextron YARA rules | malware | Detects specific RedLeaves and PlugX binaries |
| Public Nextron YARA rules | malware | Venom Linux Rootkit |
| Public Nextron YARA rules | malware | Symantec Waterbug Attack - Trojan.Wipbot 2014 Down.dll component |
| Public Nextron YARA rules | malware | Detects powershell script used in Operation Wilted Tulip |
| Public Nextron YARA rules | malware | Detects a Windows scheduled task as used in Operation Wilted Tulip |
| Public Nextron YARA rules | malware | Detects hack tool used in Operation Wilted Tulip - Windows Tasks |
| Public Nextron YARA rules | malware | Detects powershell tool call Get_AD_Users_Logon_History used in Operation Wilted Tulip |
| Public Nextron YARA rules | malware | Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip |
| Public Nextron YARA rules | malware | Detects suspicious UTF16 and Base64 encoded PowerShell code that starts with a $ sign and a single char variable |
| Public Nextron YARA rules | malware | Detects PlugX Malware Samples from June 2016 |
| Public Nextron YARA rules | malware | Winnti sample - file NlaifSvc.dll |
| Public Nextron YARA rules | malware | Detects a operation Woolen-Goldfish sample - http://goo.gl/NpJpVZ |
| Public Nextron YARA rules | malware | Detects a operation Woolen-Goldfish sample - http://goo.gl/NpJpVZ |
| Public Nextron YARA rules | malware | Detects a ZxShell - CN threat group |
| Public Nextron YARA rules | malware | Script from disclosed CN Honker Pentest Toolset - file pr |
| Public Nextron YARA rules | malware | Hack Deep Panda - htran-exe |
| Public Nextron YARA rules | malware | Webshell from CN Honker Pentest Toolset - file php6.txt |
| Public Nextron YARA rules | malware | Webshell from CN Honker Pentest Toolset - file sniff.txt |
| Public Nextron YARA rules | malware | Webshell from CN Honker Pentest Toolset - file udf.php |
| Public Nextron YARA rules | malware | Webshell from CN Honker Pentest Toolset - file 2.6.9 |
| Public Nextron YARA rules | malware | Webshell from CN Honker Pentest Toolset - file php7.txt |
| Public Nextron YARA rules | malware | Webshell from CN Honker Pentest Toolset - file asp1.txt |
| Public Nextron YARA rules | malware | Chinese Hacktool Set - file templatr.php |
| Public Nextron YARA rules | malware | php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings |
| Public Nextron YARA rules | malware | Generic PHP webshell which uses any eval/exec function in the same line with user input |
| Public Nextron YARA rules | malware | PHP webshell which directly eval()s obfuscated string |
| Public Nextron YARA rules | malware | Generic ASP webshell which uses any eval/exec function directly on user input |
| Public Nextron YARA rules | malware | Generic JSP webshell |
| Public Nextron YARA rules | malware | BernhardPOS Credit Card dumping tool |
| Public Nextron YARA rules | malware | Bluenoroff POS malware - hkp.dll |
| Public Nextron YARA rules | malware | Detects Crypto Miner strings |
| Public Nextron YARA rules | malware | Find documents saved from the same potential Cobalt Gang PDF template |
| Public Nextron YARA rules | malware | Detects Script Dropper of Cobalt Gang used in August 2017 |
| Public Nextron YARA rules | malware | Detects suspicious statements in JavaScript files |
| Public Nextron YARA rules | malware | Detects helper script used in a crypto miner campaign |
| Public Nextron YARA rules | malware | Detects command line parameters often used by crypto mining software |
| Public Nextron YARA rules | malware | Triggers on strings of known DearCry samples |
| Public Nextron YARA rules | malware | Detects unpacked SystemBC module as used by Emotet in March 2022 |
| Public InfoSec YARA rules | malware | Identifies SystemBC RAT, decrypted config. |
| Public Nextron YARA rules | malware | Detects EternalRocks Malware - file taskhost.exe |
| Public Nextron YARA rules | malware | Detects Fireball malware - file clearlog.dll |
| Public Nextron YARA rules | malware | 2021 loader for Bokbot / Icedid core (license.dat) |
| Elastic Security YARA Rules | malware | Windows.Trojan.IcedID |
| Public Nextron YARA rules | malware | Match protocol, process injects and windows exploit present in KINS dropper |
| Public Nextron YARA rules | malware | Detects a string also used in Netwire RAT auxilliary |
| Public Nextron YARA rules | malware | Trojan Downloader - Flash Exploit Feb15 |
| Public Nextron YARA rules | malware | Detects unspecified malware sample |
| Public Nextron YARA rules | malware | Detects CVE-2018-4878 |
| Public Nextron YARA rules | malware | Detects Darkside Ransomware |
| Public InfoSec YARA rules | malware | Identifies Darkside ransomware. |
| Public InfoSec YARA rules | malware | Identifies RagnarLocker ransomware unpacked or in memory. |
| Public Nextron YARA rules | malware | Detects SocGholish fake update Javascript files 22.02.2022 |
| Public Nextron YARA rules | malware | Detects XBash malware |
| Public Nextron YARA rules | malware | Detects suspicious log lines produeced during the exploitation of ADSelfService vulnerability CVE-2021-40539 |
| Public Nextron YARA rules | malware | Detects suspicious log lines produeced during the exploitation of ADSelfService vulnerability CVE-2021-40539 |
| Public Nextron YARA rules | malware | Detects payloads used in Shitrix exploitation CVE-2019-19781 |
| YARAhub by abuse.ch | malware | Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen |
| Public Nextron YARA rules | malware | Detects exploitation attempts against Confluence servers abusing a RCE reported as CVE-2021-26084 |
| Public Nextron YARA rules | malware | Detects suspicious office reference files including an obfuscated MHTML reference exploiting CVE-2021-40444 |
| Public Nextron YARA rules | malware | Detects suspicious encodings in fields used in reference files found in weaponized MS Office documents |
| Public Nextron YARA rules | malware | Detects suspicious entries in the Keepass configuration file, which could be indicator of the exploitation of CVE-2023-24055 |
| Public Nextron YARA rules | malware | Detects suspicious triggers defined in the Keepass configuration file, which could be indicator of the exploitation of CVE-2023-24055 |
| Public Nextron YARA rules | malware | Detects exceptions found in server logs that indicate an exploitation attempt of CVE-2021-44228 |
| Public Nextron YARA rules | malware | Detects error messages related to JDNI usage in log files that can indicate a Log4Shell / Log4j exploitation |
| Public Nextron YARA rules | malware | Detects POCs that exploit privilege escalation vulnerability CVE-2022-46689 on macOS |
| Public Nextron YARA rules | malware | Detects indicators of exploitation of ManageEngine vulnerability as described by Horizon3 |
| Public Nextron YARA rules | malware | Detects unknown malicious loaders noticed in August 2021 |
| Public Nextron YARA rules | malware | Detects webshells dropped by DropHell malware |
| Public Nextron YARA rules | malware | Detects JSP webshells |
| Public Nextron YARA rules | malware | Detects indicators found after SpringCore exploitation attempts and in the POC script |
| Public Nextron YARA rules | malware | Detects webshell found after SpringCore exploitation attempts POC script |
| Public Nextron YARA rules | malware | Detects malicious files related to CVE-2017-8759 |
| Public Nextron YARA rules | malware | Detects a CVE-2017-9800 exploitation attempt |
| Public Nextron YARA rules | malware | Detects ProxyToken CVE-2021-33766 exploitation attempts on an unpatched system |
| Public Nextron YARA rules | malware | Detects payload as seen in PoC code to exploit Workspace ONE Access freemarker server-side template injection CVE-2022-22954 |
| Public Nextron YARA rules | malware | Detects forensic artefacts indicating successful exploitation of F5 BIG IP appliances as reported by NCCGroup |
| Public Nextron YARA rules | malware | Detects signs of exploitation of GitLab CE CVE-2021-22205 |
| Public Nextron YARA rules | malware | Detects payloads used in Shitrix exploitation CVE-2019-19781 |
| Public Nextron YARA rules | malware | Detection for Dimorf ransomeware |
| Public Nextron YARA rules | malware | Detects indicators found in LockBit ransomware |
| Public Nextron YARA rules | malware | Detects Armitage component |
| Public Nextron YARA rules | malware | Detects Armitage component |
| Public Nextron YARA rules | malware | Hack Deep Panda - htran-exe |
| Elastic Security YARA Rules | malware | Windows.Exploit.Dcom |
| Public Nextron YARA rules | malware | Chinese Hacktool Set - file templatr.php |
| Public Nextron YARA rules | malware | Chinese Hacktool Set - Webshells - file php.html |
| Public Nextron YARA rules | malware | php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings |
| Public Nextron YARA rules | malware | Generic PHP webshell which uses any eval/exec function in the same line with user input |
| Public Nextron YARA rules | malware | PHP webshell which directly eval()s obfuscated string |
| Public Nextron YARA rules | malware | Generic ASP webshell which uses any eval/exec function directly on user input |
| Public Nextron YARA rules | malware | Webshell in c# |
| Public Nextron YARA rules | malware | Generic JSP webshell |
| Public Nextron YARA rules | malware | JSP Webshells which contain unique strings, lousy rule for low hanging fruits. Most are catched by other rules in here but maybe these catch different versions. |
| Public Nextron YARA rules | malware | Detects CobaltStrike payloads |
| Public Nextron YARA rules | malware | Detects CobaltStrike payloads |
| Public Nextron YARA rules | malware | Detects Base64 encoded PS1 Shellcode |
| Public Nextron YARA rules | malware | Detects WDS file used to circumvent Device Guard |
| Public Nextron YARA rules | malware | Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation |
| Public Nextron YARA rules | malware | Detects a suspicious pattern in docx document.xml.rels file as seen in CVE-2022-30190 / Follina exploitation |
| Public Nextron YARA rules | malware | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation |
| Public Nextron YARA rules | malware | Detects a suspicious pattern in RTF files which downloads external resources inside e-mail attachments |
| Public Nextron YARA rules | malware | Detects a suspicious pattern in RTF files which downloads external resources as seen in CVE-2022-30190 / Follina exploitation inside e-mail attachment |
| YARAhub by abuse.ch | malware | Detects a suspicious pattern in docx document.xml.rels file as seen in CVE-2022-30190 / Follina exploitation |
| Public Nextron YARA rules | malware | Detects Empire component - file Get-SecurityPackages.ps1 |
| Public Nextron YARA rules | malware | Detects Empire component - file Invoke-PowerDump.ps1 |
| Public Nextron YARA rules | malware | Detects Empire component - file Invoke-ShellcodeMSIL.ps1 |
| Public Nextron YARA rules | malware | Detects Empire component - file Invoke-SmbScanner.ps1 |
| Public Nextron YARA rules | malware | Detects Empire component - file Invoke-EgressCheck.ps1 |
| Public Nextron YARA rules | malware | Detects Empire component - file Invoke-PostExfil.ps1 |
| Public Nextron YARA rules | malware | Detects Empire component - file Invoke-SMBAutoBrute.ps1 |
| Public Nextron YARA rules | malware | Detects Empire component - file Get-Keystrokes.ps1 |
| Public Nextron YARA rules | malware | Detects Empire component - file Invoke-DllInjection.ps1 |
| Public Nextron YARA rules | malware | Detects Empire component - file KeePassConfig.ps1 |
| Public Nextron YARA rules | malware | Detects Empire component |
| Public Nextron YARA rules | malware | Detects Empire component - from files PowerUp.ps1, PowerUp.ps1 |
| Public Nextron YARA rules | malware | Detects Empire component |
| Public Nextron YARA rules | malware | Detects Empire component - from files KeePassConfig.ps1, KeePassConfig.ps1 |
| Public Nextron YARA rules | malware | Detects Empire component - from files Invoke-Portscan.ps1, Invoke-Portscan.ps1 |
| Public Nextron YARA rules | malware | Detects Empire component - from files Invoke-CredentialInjection.ps1, Invoke-Mimikatz.ps1 |
| Public Nextron YARA rules | malware | Detects Empire component - from files Invoke-DCSync.ps1, Invoke-PSInject.ps1, Invoke-ReflectivePEInjection.ps1 |
| Public Nextron YARA rules | malware | Detects strings found in Runspace Post Exploitation Toolkit |
| Public Nextron YARA rules | malware | This rule is looking for B64 offsets of LazyNetToJscriptLoader which is a namespace specific to the internal version of the GadgetToJScript tooling. |
| Public Nextron YARA rules | malware | HackTool_MSIL_SharPersist_2 |
| Public Nextron YARA rules | malware | CredTheft_MSIL_ADPassHunt_2 |
| Public Nextron YARA rules | malware | Identifies GoRat malware in memory based on strings. |
| Public Nextron YARA rules | malware | Detects FireEye's Python Redflar |
| Elastic Security YARA Rules | malware | Windows.Hacktool.Rubeus |
| Elastic Security YARA Rules | malware | Windows.Hacktool.SafetyKatz |
| Elastic Security YARA Rules | malware | Windows.Hacktool.Seatbelt |
| Elastic Security YARA Rules | malware | Windows.Hacktool.Sharpersist |
| Elastic Security YARA Rules | malware | Windows.Hacktool.SharpHound |
| Elastic Security YARA Rules | malware | Windows.Hacktool.SharpView |
| Public Nextron YARA rules | malware | Detects Armitage component |
| Public Nextron YARA rules | malware | Cobalt Strike's resources/template.py signature for versions v3.3 to v4.x |
| Public Nextron YARA rules | malware | Cobalt Strike's resources/template.x64.ps1, resources/template.hint.x64.ps1 and resources/template.hint.x32.ps1 from v3.0 to v4.x except 3.12 and 3.13 |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Google GCTI YARA rules | malware | Cobalt Strike's resources/template.py signature for versions v3.3 to v4.x |
| Google GCTI YARA rules | malware | Cobalt Strike's resources/template.x64.ps1, resources/template.hint.x64.ps1 and resources/template.hint.x32.ps1 from v3.0 to v4.x except 3.12 and 3.13 |
| Public Nextron YARA rules | malware | Detects CactusTorch Hacktool |
| Elastic Security YARA Rules | malware | Windows.Hacktool.Rubeus |
| Elastic Security YARA Rules | malware | Windows.Hacktool.SafetyKatz |
| Elastic Security YARA Rules | malware | Windows.Hacktool.Seatbelt |
| Elastic Security YARA Rules | malware | Windows.Hacktool.Sharpersist |
| Elastic Security YARA Rules | malware | Windows.Hacktool.SharpDump |
| Elastic Security YARA Rules | malware | Windows.Hacktool.SharpHound |
| Elastic Security YARA Rules | malware | Windows.Hacktool.SharpMove |
| Elastic Security YARA Rules | malware | Windows.Hacktool.SharpRDP |
| Elastic Security YARA Rules | malware | Windows.Hacktool.SharpStay |
| Elastic Security YARA Rules | malware | Windows.Hacktool.SharpUp |
| Elastic Security YARA Rules | malware | Windows.Hacktool.SharpView |
| Elastic Security YARA Rules | malware | Windows.Hacktool.SharpWMI |
| Public Nextron YARA rules | malware | Detects URL mentioned in report on compromised Github repositories in August 2022 |
| Public Nextron YARA rules | malware | Detects HawkEye Keylogger Reborn |
| Public Nextron YARA rules | malware | Detects Venom - a library that meant to perform evasive communication using stolen browser socket |
| Public Nextron YARA rules | malware | Compiled Impacket Tools |
| Public InfoSec YARA rules | malware | Identifies Impacket, a collection of Python classes for working with network protocols. |
| Public Nextron YARA rules | malware | Detects Invoke-Mimikatz String |
| Public Nextron YARA rules | malware | Detects strings found in Runspace Post Exploitation Toolkit |
| Elastic Security YARA Rules | malware | Windows.Hacktool.Mimikatz |
| Public Nextron YARA rules | malware | Detects a command to execute PowerShell from String |
| Public Nextron YARA rules | malware | Detects Invoke-WmiExec or Invoke-SmbExec |
| Public Nextron YARA rules | malware | Detects Invoke-WmiExec or Invoke-SmbExec |
| Public Nextron YARA rules | malware | Auto-generated rule - file kerberoast.py |
| Public Nextron YARA rules | malware | Detects Khepri C2 framework beacons |
| Public Nextron YARA rules | malware | Detects Reflective DLL Loader |
| Public Nextron YARA rules | malware | Detects Reflective DLL Loader - suspicious - Possible FP could be program crack |
| Public Nextron YARA rules | malware | Detects Reflective DLL Loader |
| Public Nextron YARA rules | malware | Detects PowerShell AMSI Bypass |
| Public Nextron YARA rules | malware | Detects MSHTA Bypass |
| Public Nextron YARA rules | malware | Detects a suspicious Javascript Run command |
| Public Nextron YARA rules | malware | Certutil Decode |
| Public Nextron YARA rules | malware | Detects suspicious statements in JavaScript files |
| Public Nextron YARA rules | malware | Detects malicious obfuscated VBS observed in February 2018 |
| Public Nextron YARA rules | malware | Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip |
| Public Nextron YARA rules | malware | VT Research QA uploaded malware - file vqgk.dll |
| Elastic Security YARA Rules | malware | Windows.Trojan.CobaltStrike |
| Public Nextron YARA rules | malware | Detects Merlin agent |
| Public Nextron YARA rules | malware | Detects a Metasploit Loader by RSMudge - file loader.exe |
| Public Nextron YARA rules | malware | Metasploit Payloads - file msf.sh |
| Public Nextron YARA rules | malware | Metasploit Payloads - file msf-psh.vba |
| Public Nextron YARA rules | malware | Metasploit Payloads - file msf-exe.vba |
| Public Nextron YARA rules | malware | Metasploit Payloads - file msf.psh |
| Public Nextron YARA rules | malware | Metasploit Payloads - file msf.aspx |
| Public Nextron YARA rules | malware | Metasploit Payloads - file msf-cmd.ps1 |
| Public Nextron YARA rules | malware | Metasploit Payloads - file msf-ref.ps1 |
| Elastic Security YARA Rules | malware | Windows.Trojan.Metasploit |
| Public Nextron YARA rules | malware | PowerShell with PE Reflective Injection |
| Public Nextron YARA rules | malware | Detects a log file generated by malicious hack tool mimikatz |
| Public Nextron YARA rules | malware | Detects Mimikittenz - file Invoke-mimikittenz.ps1 |
| Public Nextron YARA rules | malware | Detects Mimipenguin Password Extractor - Linux |
| Public Nextron YARA rules | malware | Detects suspicious OneNote attachment that embeds suspicious payload, e.g. an executable (FPs possible if the PE is attached separately) |
| Public Nextron YARA rules | malware | Bella MacOS/OSX backdoor |
| Public Nextron YARA rules | malware | EvilOSX MacOS/OSX backdoor |
| Public Nextron YARA rules | malware | p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedPowerCat.cs |
| Public Nextron YARA rules | malware | p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedPotato.cs |
| Public Nextron YARA rules | malware | p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedExploits.cs |
| Public Nextron YARA rules | malware | p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedBinaries.cs |
| Public Nextron YARA rules | malware | p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedAmsiBypass.cs |
| Public Nextron YARA rules | malware | p0wnedShell Runspace Post Exploitation Toolkit - from files p0wnedShell.cs, p0wnedShell.cs |
| Public Nextron YARA rules | malware | Detects characteristics of suspicious file names or double extensions often found in phishing mail attachments |
| Public Nextron YARA rules | malware | Detects Pirpi Backdoor - and other malware (generic rule) |
| Public Nextron YARA rules | malware | Detects Pirpi Backdoor |
| Public Nextron YARA rules | malware | Detects hack tool PowerShdll |
| Public Nextron YARA rules | malware | Detects strings found in Runspace Post Exploitation Toolkit |
| Public Nextron YARA rules | malware | Empire - a pure PowerShell post-exploitation agent - file Invoke-BypassUAC.ps1 |
| Public Nextron YARA rules | malware | Empire - a pure PowerShell post-exploitation agent - file Persistence.psm1 |
| Public Nextron YARA rules | malware | Empire - a pure PowerShell post-exploitation agent - file Invoke-Shellcode.ps1 |
| Public Nextron YARA rules | malware | Empire - a pure PowerShell post-exploitation agent - file Invoke-Mimikatz.ps1 |
| Elastic Security YARA Rules | malware | Windows.Hacktool.Mimikatz |
| Public Nextron YARA rules | malware | Detects PowerShell ISESteroids obfuscation |
| Public Nextron YARA rules | malware | Detects indicators often found in obfuscated PowerShell scripts |
| Public Nextron YARA rules | malware | Detects strings from scripts in the PowerShell-Suite repo |
| Public Nextron YARA rules | malware | Detects obfuscated PowerShell hacktools |
| Public Nextron YARA rules | malware | Detects suspicious PowerShell code |
| Public Nextron YARA rules | malware | Detects base464 encoded $ sign at the beginning of a string |
| Public Nextron YARA rules | malware | Detects suspicious base64 encoded PowerShell expressions |
| Public InfoSec YARA rules | malware | Identifies tricks often seen in malicious scripts such as moving the window off-screen or resizing it to zero. |
| Public Nextron YARA rules | malware | Detects strings found in Runspace Post Exploitation Toolkit |
| Public Nextron YARA rules | malware | Detects suspicious PowerShell code that downloads from web sites |
| Public Nextron YARA rules | malware | Auto-generated rule - file Invoke-Shellcode.ps1 |
| Public Nextron YARA rules | malware | Auto-generated rule - file Invoke-Mimikatz.ps1 |
| Public Nextron YARA rules | malware | Auto-generated rule - file Invoke-RelfectivePEInjection.ps1 |
| Public Nextron YARA rules | malware | Auto-generated rule - file Persistence.ps1 |
| Public Nextron YARA rules | malware | Auto-generated rule - from files Invoke-Mimikatz.ps1, Invoke-RelfectivePEInjection.ps1 |
| Public Nextron YARA rules | malware | Auto-generated rule - from files Inveigh-BruteForce.ps1 |
| Public Nextron YARA rules | malware | Auto-generated rule - from files Persistence.ps1 |
| Public Nextron YARA rules | malware | Auto-generated rule - from files Inveigh-BruteForce.ps1 |
| Public Nextron YARA rules | malware | Detects Base64 encoded PS1 Shellcode |
| Public Nextron YARA rules | malware | Osiris Device Guard Bypass - file Invoke-OSiRis.ps1 |
| Public Nextron YARA rules | malware | Detects Pupy RAT |
| Public Nextron YARA rules | malware | Detects Pupy backdoor |
| Public Nextron YARA rules | malware | Detects reverse connect TCP PTY shell |
| Public Nextron YARA rules | malware | Detects Adzok RAT |
| Public Nextron YARA rules | malware | Detects Ap0calypse RAT |
| Public Nextron YARA rules | malware | Detects BlackShades RAT |
| Public Nextron YARA rules | malware | Detects BlueBanana RAT |
| Public Nextron YARA rules | malware | Detects Bozok RAT |
| Public Nextron YARA rules | malware | Detects ClientMesh RAT |
| Public Nextron YARA rules | malware | Detects DarkComet RAT |
| Public Nextron YARA rules | malware | Detects DarkRAT |
| Public Nextron YARA rules | malware | Detects JavaDropper RAT |
| Public Nextron YARA rules | malware | Detects LostDoor RAT |
| Public Nextron YARA rules | malware | Detects Paradox RAT |
| Public Nextron YARA rules | malware | Detects QRAT |
| Public Nextron YARA rules | malware | Detects ShadowTech RAT |
| Public Nextron YARA rules | malware | Detects Sub7Nation RAT |
| Public Nextron YARA rules | malware | Detects Vertex RAT |
| Public Nextron YARA rules | malware | Detects Adwind RAT |
| Public Nextron YARA rules | malware | Detects unrecom RAT |
| YARAhub by abuse.ch | malware | Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen |
| Public Nextron YARA rules | malware | Detects outputs of many different commands often used for reconnaissance purposes |
| Public Nextron YARA rules | malware | Detects Red Sails Hacktool - Python |
| Public Nextron YARA rules | malware | Detects code which uses the python lib sectools |
| Public Nextron YARA rules | malware | Detects an executable that has been encoded with base64 twice |
| Public Nextron YARA rules | malware | Detects an base64 encoded executable with reversed characters |
| Public Nextron YARA rules | malware | Detects a suspicious path traversal into a Windows folder |
| Public Nextron YARA rules | malware | Detects a suspicious base64 encoded keyword |
| Public Nextron YARA rules | malware | Detects a suspicious |
| Public Nextron YARA rules | malware | Detects suspicious string in executables |
| Public Nextron YARA rules | malware | Detects a suspicious command line with netsh and the portproxy command |
| Public Nextron YARA rules | malware | Detects method to disable ETW in ENV vars before executing a program |
| Public Nextron YARA rules | malware | Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN) |
| Public Nextron YARA rules | malware | Detects base464 encoded $ sign at the beginning of a string |
| Public Nextron YARA rules | malware | Detects local script usage for .URL persistence |
| Public Nextron YARA rules | malware | This is the syntax used for NTLM hash stealing via Responder - https://www.securify.nl/nl/blog/SFY20180501/living-off-the-land_-stealing-netntlm-hashes.html |
| Public Nextron YARA rules | malware | Detects possible shortcut usage for .URL persistence |
| Public Nextron YARA rules | malware | Detects possible shortcut usage for .URL persistence |
| Public Nextron YARA rules | malware | Detects possible shortcut usage for .URL persistence |
| Public Nextron YARA rules | malware | Detects possible shortcut usage for .URL persistence |
| Public Nextron YARA rules | malware | Detects possible shortcut usage for .URL persistence |
| Public Nextron YARA rules | malware | Detects possible shortcut usage for .URL persistence |
| Public Nextron YARA rules | malware | PHP webshell obfuscated by encoding of mixed hex and dec |
| Public Nextron YARA rules | malware | PHP webshell which eval()s obfuscated string |
| Public Nextron YARA rules | malware | Known PHP Webshells which contain unique strings, lousy rule for low hanging fruits. Most are catched by other rules in here but maybe these catch different versions. |
| Public Nextron YARA rules | malware | Webshell regeorg JSP version |
| Public Nextron YARA rules | malware | Generic JSP webshell |
| Public Nextron YARA rules | malware | Generic JSP webshell with base64 encoded payload |
| Public Nextron YARA rules | malware | Generic PHP webshell which uses any eval/exec function in the same line with user input |
| Public Nextron YARA rules | malware | Detects a tool that can be used for privilege escalation - file gp3finder_v4.0.exe |
| Public Nextron YARA rules | malware | Detects a tool that can be used for privilege escalation - file folderperm.ps1 |
| Public Nextron YARA rules | malware | Detects WinPayloads PowerShell Payload |
| Public Nextron YARA rules | malware | Detects simple Windows shell - file s3.exe |
| Public Nextron YARA rules | malware | Detects simple Windows shell - file s1.exe |
| Public Nextron YARA rules | malware | Detects simple Windows shell - from files keygen.exe, s1.exe, s2.exe, s3.exe, s4.exe |
| Public Nextron YARA rules | malware | Detects simple Windows shell - from files s3.exe, s4.exe |
| Public Nextron YARA rules | malware | Auto-generated rule - file WMImplant.ps1 |
| Public Nextron YARA rules | malware | Ysoserial Payloads - file Spring1.bin |
| Public Nextron YARA rules | malware | Ysoserial Payloads |
| Public Nextron YARA rules | malware | Ysoserial Payloads - from files JavassistWeld1.bin, JBossInterceptors.bin |
| Public Nextron YARA rules | malware | Detects lines in log lines of Zoho products that indicate RCE fixes (silent removal of evidence) |
| Public Nextron YARA rules | malware | Certutil Decode |
| Public Nextron YARA rules | malware | NTML Hash Dump output file - John/LC format |
| Public Nextron YARA rules | malware | Detects payload generated by exe2hex |
| Public Nextron YARA rules | malware | Hunts for known strings used in Badger till release v1.2.9 when not in an encrypted state |
| Public Nextron YARA rules | malware | Detects NatBypass tool (also used by APT41) |
| Public Nextron YARA rules | malware | Detects a suspicious TeamViewer log entry stating that the remote systems had a Chinese keyboard layout |
| Public Nextron YARA rules | malware | Detects a suspicious TeamViewer log entry stating that the remote systems had a Russian keyboard layout |
| Public Nextron YARA rules | malware | Detects SALTWATER malware used in Barracuda ESG exploitations (CVE-2023-2868) |
| Public Nextron YARA rules | malware | Detects BPFDoor malware |
| Public Nextron YARA rules | malware | Detects BPFDoor implants used by Chinese actor Red Menshen |
| Public Nextron YARA rules | malware | Detects BPFDoor/Tricephalic Hellkeeper passive implant |
| Public Nextron YARA rules | malware | Detects LockBit ransomware samples for Linux and macOS |
| Public Nextron YARA rules | malware | Detects indicators found in LockBit ransomware log files |
| Public Nextron YARA rules | malware | Detects forensic artifacts found in LockBit intrusions |
| Public Nextron YARA rules | malware | Detects double encoded PKZIP headers as seen in HTML files used by QBot |
| YARAhub by abuse.ch | malware | Detects QBOT HTML smuggling variants |
| Public Nextron YARA rules | malware | Detects script used in ransomware attacks exploiting and encrypting ESXi servers - file encrypt.sh |
| Public Nextron YARA rules | malware | Detects ransomware exploiting and encrypting ESXi servers |
| Public Nextron YARA rules | malware | Detects Python backdoor found on ESXi servers |
| Public Nextron YARA rules | malware | Detects malicious script found on ESXi servers |
| Public Nextron YARA rules | malware | Detects mining pool protocol string in Executable |
| Public Nextron YARA rules | malware | Detects CoinHive - JavaScript Crypto Miner |
| Public Nextron YARA rules | malware | Detects Crypto Miner strings |
| Public Nextron YARA rules | malware | Detects command line parameters often used by crypto mining software |
| Public Nextron YARA rules | malware | Rule to detect the EquationLaser malware |
| Public Nextron YARA rules | malware | EquationDrug - HDD/SSD firmware operation - nls_933w.dll |
| Public Nextron YARA rules | malware | FiveEyes QUERTY Malware - file 20123_cmdDef.xml |
| Public Nextron YARA rules | malware | FiveEyes QUERTY Malware - file 20123.xml |
| Public Nextron YARA rules | malware | FiveEyes QUERTY Malware - file 20120_cmdDef.xml |
| Public Nextron YARA rules | malware | FiveEyes QUERTY Malware - file 20121_cmdDef.xml |
| Public Nextron YARA rules | malware | Malware Sample - maybe Regin related |
| Public Nextron YARA rules | malware | Detects Invoke-Mimikatz String |
| Public Nextron YARA rules | malware | Detects strings found in Runspace Post Exploitation Toolkit |
| Public Nextron YARA rules | malware | Generic JSP webshell |
| Public Nextron YARA rules | malware | Windows Credential Editor |
| Public Nextron YARA rules | malware | Detects Amplia Security Tool like Windows Credential Editor |
| Public Nextron YARA rules | malware | PwDump 6 variant |
| Public Nextron YARA rules | malware | PScan - Port Scanner |
| Public Nextron YARA rules | malware | Hacktool |
| Public Nextron YARA rules | malware | This signature detects the Fierce2 domain scanner |
| Public Nextron YARA rules | malware | This signature detects the Ncrack brute force tool |
| Public Nextron YARA rules | malware | This signature detects the SQLMap SQL injection tool |
| Public Nextron YARA rules | malware | Auto-generated rule on file PortScanner.exe |
| Public Nextron YARA rules | malware | Auto-generated rule on file NetBIOS Name Scanner.exe |
| Public Nextron YARA rules | malware | Auto-generated rule on file ipscan.exe |
| Public Nextron YARA rules | malware | Auto-generated rule on file IP Stealing Utilities.exe |
| Public Nextron YARA rules | malware | Auto-generated rule on file PortRacer.exe |
| Public Nextron YARA rules | malware | Auto-generated rule on file scanarator.exe |
| Public Nextron YARA rules | malware | Auto-generated rule on file =Bitchin Threads=.exe |
| Public Nextron YARA rules | malware | Auto-generated rule on file portscan.exe |
| Public Nextron YARA rules | malware | Auto-generated rule on file ProPort.exe |
| Public Nextron YARA rules | malware | Auto-generated rule on file StealthWasp's Basic PortScanner v1.2.exe |
| Public Nextron YARA rules | malware | Auto-generated rule on file BluesPortScan.exe |
| Public Nextron YARA rules | malware | Auto-generated rule on file iis.exe |
| Public Nextron YARA rules | malware | Auto-generated rule on file ipscan.exe |
| Public Nextron YARA rules | malware | Auto-generated rule on file Loader.exe |
| Public Nextron YARA rules | malware | Detects the backdoor Beastdoor |
| Public Nextron YARA rules | malware | Detects a Powershell version of the Netcat network hacking tool |
| Public Nextron YARA rules | malware | Detects a chinese Portscanner named MilkT |
| Public Nextron YARA rules | malware | Modified (packed) version of Windows Credential Editor |
| Public Nextron YARA rules | malware | iKAT hack tools set agent - file ikat.exe |
| Public Nextron YARA rules | malware | Tool to hide unhide the windows startbar from command line - iKAT hack tools - file startbar.exe |
| Public Nextron YARA rules | malware | Auto-generated rule - file BypassUac2.zip |
| Public Nextron YARA rules | malware | Auto-generated rule - file BypassUac.zip |
| Public Nextron YARA rules | malware | APT Malware - Proxy |
| Public Nextron YARA rules | malware | Disclosed hacktool set - file nc.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set - file cs.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set - file sql.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set - file 445TOOL.rar |
| Public Nextron YARA rules | malware | Disclosed hacktool set - file s.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set - file Burst.rar |
| Public Nextron YARA rules | malware | Disclosed hacktool set - file GOGOGO.bat |
| Public Nextron YARA rules | malware | Disclosed hacktool set - file pass.txt |
| Public Nextron YARA rules | malware | Disclosed hacktool set - file JoHor_Posts_Killer.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set - file Start.bat - DoS tool |
| Public Nextron YARA rules | malware | Disclosed hacktool set - file Blast.bat |
| Public Nextron YARA rules | malware | PoS Scammer Toolbox - http://goo.gl/xiIphp - file VUBrute.exe |
| Public Nextron YARA rules | malware | PoS Scammer Toolbox - http://goo.gl/xiIphp - file config.ini |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file listip.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file ArtTrayHookDll.dll |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file EditServer.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file letmein.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file token.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file webget.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file ASPack Chinese.ini |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file EditKeyLogReadMe.txt |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file readme.txt |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file EditKeyLog.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file PassSniffer.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file InjectT.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file Jc.WinEggDrop Shell.txt |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file TBack.DLL |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file Inject.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file sqlcmd.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file 2323.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file CleanIISLog.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file sqlcheck.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file RunAsEx.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file splitjoin.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file InstGina.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file findoor.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file InjectT.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file gina.dll |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file xsniff.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - file fscan.exe |
| Public Nextron YARA rules | malware | Disclosed hacktool set (old stuff) - from files FsHttp.exe, FsPop.exe, FsSniffer.exe |
| Public Nextron YARA rules | malware | Remote Admin Tool used by APT group Anunak (ru) - file AA_v3.4.exe and AA_v3.5.exe |
| Public Nextron YARA rules | malware | Linux hack tools - file scanssh |
| Public Nextron YARA rules | malware | Linux hack tools - file pscan2 |
| Public Nextron YARA rules | malware | Linux hack tools - file a |
| Public Nextron YARA rules | malware | Linux hack tools - file mass |
| Public Nextron YARA rules | malware | Detects a Chinese hacktool from a disclosed toolset - from files XScanLib.dll, XScanLib.dll, XScanLib.dll |
| Public Nextron YARA rules | malware | Detects a Chinese hacktool from a disclosed toolset - file PipeCmd.exe |
| Public Nextron YARA rules | malware | Detects a Chinese hacktool from a disclosed toolset - file sqlr.exe |
| Public Nextron YARA rules | malware | Detects VSSown.vbs script - used to export shadow copy elements like NTDS to take away and crack elsewhere |
| Public Nextron YARA rules | malware | Network domain enumeration tool - often used by attackers - file Nv.exe |
| Public Nextron YARA rules | malware | Network domain enumeration tool output - often used by attackers - file filename.txt |
| Public Nextron YARA rules | malware | Detects Linux Port Scanner Shark |
| Public Nextron YARA rules | malware | Detects dnscat2 - from files dnscat, dnscat2.exe |
| Public Nextron YARA rules | malware | Detects Windows Credential Editor (WCE) in memory (and also on disk) |
| Public Nextron YARA rules | malware | Detects a tool used by APT groups - file pstgdump.exe |
| Public Nextron YARA rules | malware | Detects a tool used by APT groups |
| Public Nextron YARA rules | malware | Detects a tool used by APT groups - file fgexec.exe |
| Public Nextron YARA rules | malware | Detects a tool used by APT groups - from files cachedump.exe, cachedump64.exe |
| Public Nextron YARA rules | malware | Detects a tool used by APT groups - file PwDump.exe |
| Public Nextron YARA rules | malware | Detects an XML that executes Mimikatz on an endpoint via MSBuild |
| Public Nextron YARA rules | malware | Detects POC code from disclosed 0day hacktool set |
| Public Nextron YARA rules | malware | Detects a process injection utility that can be used ofr good and bad purposes |
| Public Nextron YARA rules | malware | Detects Lazagne PW Dumper |
| Public Nextron YARA rules | malware | Detects susupicious bash command |
| Public Nextron YARA rules | malware | Detects Lazagne password extractor hacktool |
| Public Nextron YARA rules | malware | Detects NoPowerShell hack tool |
| Public Nextron YARA rules | malware | Detects Pnscan port scanner |
| Public InfoSec YARA rules | malware | Identifies Impacket, a collection of Python classes for working with network protocols. |
| Public InfoSec YARA rules | malware | Identifies LaZagne, credentials recovery project. |
| Elastic Security YARA Rules | malware | Windows.Hacktool.Mimikatz |
| Public Nextron YARA rules | malware | php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings |
| Public Nextron YARA rules | malware | php webshell having some kind of input and using a callback to execute the payload. restricted to small files or would give lots of false positives |
| Public Nextron YARA rules | malware | PHP webshell which directly eval()s obfuscated string |
| Public Nextron YARA rules | malware | PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k |
| Public Nextron YARA rules | malware | Known PHP Webshells which contain unique strings, lousy rule for low hanging fruits. Most are catched by other rules in here but maybe these catch different versions. |
| Public Nextron YARA rules | malware | Generic ASP webshell which uses any eval/exec function directly on user input |
| Public Nextron YARA rules | malware | Web Shell - file iMHaPFtp.php |
| Public Nextron YARA rules | malware | Web Shell - file guo.php |
| Public Nextron YARA rules | malware | Web Shell - file redcod.php |
| Public Nextron YARA rules | malware | Web Shell - file server.php |
| Public Nextron YARA rules | malware | Web Shell - file cihshell_fix.php |
| Public Nextron YARA rules | malware | Web Shell - file up.php |
| Public Nextron YARA rules | malware | Web Shell - file EFSO_2.asp |
| Public Nextron YARA rules | malware | Web Shell - file up.jsp |
| Public Nextron YARA rules | malware | Web Shell - file Server Variables.asp |
| Public Nextron YARA rules | malware | Web Shell - file ice.php |
| Public Nextron YARA rules | malware | Web Shell - file phpspy2010.php |
| Public Nextron YARA rules | malware | Web Shell - file ice.asp |
| Public Nextron YARA rules | malware | Web Shell - file 404.asp |
| Public Nextron YARA rules | malware | Web Shell - file webshell-cnseay02-1.php |
| Public Nextron YARA rules | malware | Web Shell - file fbi.php |
| Public Nextron YARA rules | malware | Web Shell - file B374k.php |
| Public Nextron YARA rules | malware | Web Shell - file list.php |
| Public Nextron YARA rules | malware | Web Shell - file 404.php |
| Public Nextron YARA rules | malware | Web Shell - file aspydrv.asp |
| Public Nextron YARA rules | malware | Web Shell - file Dx.php |
| Public Nextron YARA rules | malware | Web Shell - file MySQL Web Interface Version 0.8.php |
| Public Nextron YARA rules | malware | Web Shell - file odd.php |
| Public Nextron YARA rules | malware | Web Shell - file idc.php |
| Public Nextron YARA rules | malware | Web Shell - file 404.php |
| Public Nextron YARA rules | malware | Web Shell - file webshell-cnseay-x.php |
| Public Nextron YARA rules | malware | Web Shell - file up.asp |
| Public Nextron YARA rules | malware | Web Shell - file odd.php |
| Public Nextron YARA rules | malware | Web Shell - file k81.jsp |
| Public Nextron YARA rules | malware | Web Shell - file cmdjsp.jsp |
| Public Nextron YARA rules | malware | Web Shell - file Java Shell.jsp |
| Public Nextron YARA rules | malware | Web Shell - file r57142.php |
| Public Nextron YARA rules | malware | Web Shell - file simple-backdoor.php |
| Public Nextron YARA rules | malware | Web Shell - file cmd.php |
| Public Nextron YARA rules | malware | Web Shell - file co.php |
| Public Nextron YARA rules | malware | Web Shell - file 150.php |
| Public Nextron YARA rules | malware | Web Shell - file c37.php |
| Public Nextron YARA rules | malware | Web Shell - file b37.php |
| Public Nextron YARA rules | malware | Web Shell - file bug (1).php |
| Public Nextron YARA rules | malware | Web Shell - from files ghost_source.php, icesword.php, silic.php |
| Public Nextron YARA rules | malware | Web Shell |
| Public Nextron YARA rules | malware | Web Shell |
| Public Nextron YARA rules | malware | Web Shell - from files jsp-reverse.jsp, jsp-reverse.jsp, jspbd.jsp |
| Public Nextron YARA rules | malware | Web Shell |
| Public Nextron YARA rules | malware | Web Shell - from files itsec.php, PHPJackal.php, itsecteam_shell.php, jHn.php |
| Public Nextron YARA rules | malware | Web Shell |
| Public Nextron YARA rules | malware | Web Shell |
| Public Nextron YARA rules | malware | Web Shell - from files 000.jsp, 403.jsp, c5.jsp, config.jsp, myxx.jsp, queryDong.jsp, spyjsp2010.jsp, zend.jsp |
| Public Nextron YARA rules | malware | Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php |
| Public Nextron YARA rules | malware | Web Shell |
| Public Nextron YARA rules | malware | Web Shell - from files phpspy_2005_full.php, phpspy_2005_lite.php, phpspy_2006.php, PHPSPY.php |
| Public Nextron YARA rules | malware | Web Shell |
| Public Nextron YARA rules | malware | Web Shell - from files r57shell127.php, r57_kartal.php, r57.php |
| Public Nextron YARA rules | malware | Web shells - generated from file con2.asp |
| Public Nextron YARA rules | malware | Web shells - generated from file Expdoor.com ASP.asp |
| Public Nextron YARA rules | malware | Web shells - generated from file php2.php |
| Public Nextron YARA rules | malware | Web shells - generated from file bypass-iisuser-p.asp |
| Public Nextron YARA rules | malware | Web shells - generated from file 404super.php |
| Public Nextron YARA rules | malware | Web shells - generated from file JSP.jsp |
| Public Nextron YARA rules | malware | Web shells - generated from file webshell-123.php |
| Public Nextron YARA rules | malware | Web shells - generated from file dev_core.php |
| Public Nextron YARA rules | malware | Web shells - generated from file pHp.php |
| Public Nextron YARA rules | malware | Web shells - generated from file pppp.php |
| Public Nextron YARA rules | malware | Web shells - generated from file code.php |
| Public Nextron YARA rules | malware | Web shells - generated from file xxxx.php |
| Public Nextron YARA rules | malware | Web shells - generated from file PHP1.php |
| Public Nextron YARA rules | malware | Web shells - generated from file asp1.asp |
| Public Nextron YARA rules | malware | Web shells - generated from file php6.php |
| Public Nextron YARA rules | malware | Web shells - generated from file GetPostpHp.php |
| Public Nextron YARA rules | malware | Web shells - generated from file php5.php |
| Public Nextron YARA rules | malware | Web shells - generated from file PHP.php |
| Public Nextron YARA rules | malware | Web shells - generated from file Asp.asp |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file perlbot.pl.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file php-backdoor.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file shankar.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Casus15.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file small.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file shellbot.pl.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file fuckphpshell.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file ngh.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file jsp-reverse.jsp.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Tool.asp.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file NT Addy.asp.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file phvayvv.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file r57shell.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file rst_sql.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file wh_bindshell.py.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file lurm_safemod_on.cgi.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file c99madshell_v2.0.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file w3d.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file WinX Shell.html.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Dx.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file csh.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file pHpINJ.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file 2008.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file ak74shell.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Rem View.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Java Shell.js.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file STNC.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file aZRaiLPhp v1.0.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file zacosmall.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file CmdAsp.asp.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file simple-backdoor.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file mysql_shell.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Dive Shell 1.0 - Emperor Hacking Team.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Asmodeus v0.1.pl.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Reader.asp.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file phpshell17.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file SimShell 1.0 - Simorgh Security MGZ.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file jspshall.jsp.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file rootshell.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file connectback2.pl.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file wso.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file backdoor1.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file elmaliseker.asp.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file s72 Shell v1.1 Coding.html.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file kacak.asp.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file PHP Backdoor Connect.pl.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Antichat Socks5 Server.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Antichat Shell v1.3.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file cyberlords_sql.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Ayyildiz Tim -AYT- Shell v 2.1 Biz.html.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file EFSO_2.asp.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file lamashell.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Ajax_PHP Command Shell.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file JspWebshell 1.2.jsp.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Sincap.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Phyton Shell.py.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file sh.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file phpjackal.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file sql.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file cgi-python.py.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file ru24_post_sh.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file telnetd.pl.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file php-include-w-shell.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file shell.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file telnet.cgi.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file ironshell.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file backdoorfr.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file aspydrv.asp.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file cmdjsp.jsp.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file h4ntu shell [powered by tsoi].txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file Ajan.asp.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file PHANTASMA.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - file MySQL Web Interface Version 0.8.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - from files nst.php.php.txt, img.php.php.txt, nstview.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - from files network.php.php.txt, xinfo.php.php.txt, nfm.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated |
| Public Nextron YARA rules | malware | Semi-Auto-generated - from files w.php.php.txt, wacking.php.php.txt, SpecialShell_99.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - from files r577.php.php.txt, SnIpEr_SA Shell.php.txt, r57.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - from files wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt, c100.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - from files r577.php.php.txt, r57.php.php.txt, r57 Shell.php.php.txt, spy.php.php.txt, s.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated - from files multiple_php_webshells |
| Public Nextron YARA rules | malware | Semi-Auto-generated - from files w.php.php.txt, c99madshell_v2.1.php.php.txt, wacking.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated |
| Public Nextron YARA rules | malware | Semi-Auto-generated - from files nst.php.php.txt, cybershell.php.php.txt, img.php.php.txt, nstview.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated |
| Public Nextron YARA rules | malware | Semi-Auto-generated - from files r577.php.php.txt, r57.php.php.txt, spy.php.php.txt, s.php.php.txt |
| Public Nextron YARA rules | malware | Semi-Auto-generated |
| Public Nextron YARA rules | malware | Looks like a webshell cloaked as GIF - http://goo.gl/xFvioC |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file dC3_Security_Crew_Shell_PRiV.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file simattacker.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file DTool Pro.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file ironshell.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file b374k-mini-shell-php.php.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file Sincap 1.0.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file b374k.php.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file h4ntu shell [powered by tsoi].php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file MyShell.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file pws.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file reader.asp.php.txt |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file php-backdoor.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file pHpINJ.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file NGH.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file matamu.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file ru24_post_sh.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file hiddens shell v1.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file c99_locus7s.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file safe0ver.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file kral.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file cgitelnet.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file NTDaddy v1.9.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file lamashell.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file Simple_PHP_backdoor_by_DK.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file CmdAsp.asp.php.txt |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file NCC-Shell.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file README.md |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file backupsql.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file AK-74 Security Team Web Shell Beta Version.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file cpanel.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file 529.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file qsd-php-backdoor.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file Ayyildiz Tim -AYT- Shell v 2.1 Biz.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file Gamma Web Shell.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file WinX Shell.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file php-include-w-shell.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file PhpSpy Ver 2006.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file myshell.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file lolipop.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file simple_cmd.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file go-shell.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file aZRaiLPhp v1.0.php |
| Public Nextron YARA rules | malware | Webshells Github Archive - file zehir4 |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file zehir4.asp.php.txt |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file lostDC.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - file CasuS 1.5.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - from files Ajax_PHP Command Shell.php, Ajax_PHP_Command_Shell.php, soldierofallah.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - from files Small Web Shell by ZaCo.php, small.php, zaco.php, zacosmall.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - from files CrystalShell v.1.php, erne.php, stres.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive - from files findsock.c, php-findsock-shell.php, php-reverse-shell.php |
| Public Nextron YARA rules | malware | PHP Webshells Github Archive |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file Injectt.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file ssh.php |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file Client.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file ZXshell.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file RkNTLoad.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file binder2.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file orice2.php |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file sendmail.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file zehir4.asp |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file hkshell.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file DarkSpy105.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file EditServer.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file reader.asp |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file svchostdll.dll |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file server.asp |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file vanquish.dll |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file Client.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file Simple_PHP_BackDooR.php |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file hkrmv.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file phpft.php |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file bdcli100.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file rdrbs084.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file 2005.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file casus15.php |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file installer.cmd |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file elmaliseker.asp |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file resolve.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file Fport.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file upload.asp |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file PasswordReminder.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file RkNT.dll |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file dbgntboot.dll |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file shell.php |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file rdrbs100.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file Mithril.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file hkdoordll.dll |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file dllTest.dll |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file dbgiis6cli.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file cress.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file usr.php |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file phpinj.php |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file db.asp |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file EditServer.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file by064cli.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file dllTest.dll |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file connector.asp |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file HideRun.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file PHP_Shell_v1.7.php |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file save.asp |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file screencap.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file zxrecv.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file deploy.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file by063cli.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file asp.asp |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file ntboot.dll |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file xwhois.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file vanquish.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file nc.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file Server.exe |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file 2006.asp |
| Public Nextron YARA rules | malware | Webshells Auto-generated - file HDConfig.exe |
| Public Nextron YARA rules | malware | Webshell and Exploit Code in relation with APT against Honk Kong protesters |
| Public Nextron YARA rules | malware | Detects a web shell that downloads content from pastebin.com http://goo.gl/7dbyZs |
| Public Nextron YARA rules | malware | Detects C99 Webshell |
| Public Nextron YARA rules | malware | Detects Webshell - rule generated from from files Backdoor.PHP.Agent.php, r57.mod-bizzz.shell.txt ... |
| Public Nextron YARA rules | malware | Detects Webshell - rule generated from from files c100 v. 777shell |
| Public Nextron YARA rules | malware | Detects a web shell |
| Public Nextron YARA rules | malware | Detects a simple cloaked PHP web shell |
| Public Nextron YARA rules | malware | Detects web shell often used by Iranian APT groups |
| Public Nextron YARA rules | malware | Detects properties file of Confluence Questions plugin with static user name and password (backdoor) CVE-2022-26138 |
| Public Nextron YARA rules | malware | Detects JQuery File Upload vulnerability CVE-2018-9206 |
| Public Nextron YARA rules | malware | Detects backdoored PHP zlib version |
| Public Nextron YARA rules | malware | Detects a vulnerable GIGABYTE driver sometimes used by malicious actors to escalate privileges |
| Public Nextron YARA rules | malware | Detects ASPX web shells as being used in MOVEit Transfer exploitation |
| Public Nextron YARA rules | malware | Detects a potential compromise indicator found in MOVEit Transfer logs |
| Public Nextron YARA rules | malware | Detects a potential compromise indicator found in MOVEit Transfer logs |
| Public Nextron YARA rules | malware | Detects a potential compromise indicator found in MOVEit DMZ Web API logs |
| Public Nextron YARA rules | malware | Detects logs generated after a successful exploitation using the PoC code against CVE-2022-41040 and CVE-2022-41082 (aka ProxyNotShell) in Microsoft Exchange servers |
| Public Nextron YARA rules | malware | REGEORG_Tuneller_generic |
| Public Nextron YARA rules | malware | Generic ASP webshell which uses any eval/exec function directly on user input |
| VirusTotal | malicious |
JavaScript (0)
No JavaScripts
HTTP Transactions (9)
| URL | IP | Response | Size |
|---|