mirror of
https://github.com/valitydev/signature-base.git
synced 2024-11-06 10:05:18 +00:00
601 KiB
601 KiB
ACE_Containing_EXE;Looks for ACE Archives containing an exe/scr file;-;2015-09-09 00:00:00;50;Florian Roth - based on Nick Hoffman' rule - Morphick Inc;FILE;25e3ffe70795c56ef869c65149c41c71 ALFA_SHELL;Detects web shell often used by Iranian APT groups;Internal Research - APT33;2017-09-21 00:00:00;75;Florian Roth;APT,WEBSHELL;469453dad2fbae30d38aafa5fc8ad6a7 APT10_Malware_Sample_Gen;APT 10 / Cloud Hopper malware campaign;https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html;2017-04-06 00:00:00;80;Florian Roth;APT,CHINA,GEN,MAL;0649cdaf2bf2c92d9b510d04f8f3bfe0 APT12_Malware_Aug17;Detects APT 12 Malware;http://blog.macnica.net/blog/2017/08/post-fb81.html;2017-08-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;389a7a0aba0ca219a35d24f7cce571cc APT15_Malware_Mar18_BS2005;Detects malware from APT 15 report by NCC Group;https://goo.gl/HZ5XMN;2018-03-10 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;f16b4312e0d0dde001dc6af87c8789b5 APT15_Malware_Mar18_MSExchangeTool;Detects malware from APT 15 report by NCC Group;https://goo.gl/HZ5XMN;2018-03-10 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;63dd5feec94e34664b2264fdf8460484 APT15_Malware_Mar18_RoyalCli;Detects malware from APT 15 report by NCC Group;https://goo.gl/HZ5XMN;2018-03-10 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;73c96ae158f506c87d0537333b80e3c5 APT15_Malware_Mar18_RoyalDNS;Detects malware from APT 15 report by NCC Group;https://goo.gl/HZ5XMN;2018-03-10 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;9c2fb9f5dba2cbf05cd3a259aa9b453d APT17_Malware_Oct17_1;Detects APT17 malware;https://goo.gl/puVc9q;2017-10-03 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;08b41a3e2a062f8d9acd219263b7f035 APT17_Malware_Oct17_2;Detects APT17 malware;https://goo.gl/puVc9q;2017-10-03 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;88c86ccb80f6a61690facd025dd17946 APT17_Malware_Oct17_Gen;Detects APT17 malware;https://goo.gl/puVc9q;2017-10-03 00:00:00;75;Florian Roth;APT,EXE,FILE,GEN,MAL;fe6b57c0e6c98d344bb2842615a68161 APT17_Sample_FXSST_DLL;Detects Samples related to APT17 activity - file FXSST.DLL;https://goo.gl/ZiJyQv;2015-05-14 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;2ac052f29ea53de7a58b4b73502d2229 APT17_Unsigned_Symantec_Binary_EFA;Detects APT17 malware;https://goo.gl/puVc9q;2017-10-03 00:00:00;75;Florian Roth;APT,EXE,FILE;01ab888843f68b2902c7f5a69c1abe33 APT28_CHOPSTICK;Detects a malware that behaves like CHOPSTICK mentioned in APT28 report;https://goo.gl/v3ebal;2015-06-02 00:00:00;60;Florian Roth;APT,EXE,FILE,RUSSIA;7cce8362c5381282c0df3eb6c3eb9156 APT28_HospitalityMalware_document;Yara Rule for APT28_Hospitality_Malware document identification;http://csecybsec.com/download/zlab/APT28_Hospitality_Malware_report.pdf;1970-01-01 01:00:00;75;CSE CybSec Enterprise - Z-Lab;APT,MAL,RUSSIA;3f5c202664a898ea2c371851aae63d32 APT28_HospitalityMalware_mvtband_file;Yara Rule for mvtband.dll malware;http://csecybsec.com/download/zlab/APT28_Hospitality_Malware_report.pdf;1970-01-01 01:00:00;75;CSE CybSec Enterprise - Z-Lab;EXTVAR,RUSSIA;b8b0d2a41f42aa2529ae15ec986e1e3f APT28_SourFace_Malware1;Detects Malware from APT28 incident - SOURFACE is a downloader that obtains a second-stage backdoor from a C2 server.;https://www.fireeye.com/blog/threat-research/2014/10/apt28-a-window-into-russias-cyber-espionage-operations.html;2015-06-01 00:00:00;60;Florian Roth;APT,EXE,FILE,MAL,RUSSIA;02aedce037d2125858f8e19dd988556d APT28_SourFace_Malware2;Detects Malware from APT28 incident - SOURFACE is a downloader that obtains a second-stage backdoor from a C2 server.;https://www.fireeye.com/blog/threat-research/2014/10/apt28-a-window-into-russias-cyber-espionage-operations.html;2015-06-01 00:00:00;60;Florian Roth;APT,EXE,FILE,MAL,RUSSIA;05b146ef78dc991baee4121b4c702c3b APT28_SourFace_Malware3;Detects Malware from APT28 incident - SOURFACE is a downloader that obtains a second-stage backdoor from a C2 server.;https://www.fireeye.com/blog/threat-research/2014/10/apt28-a-window-into-russias-cyber-espionage-operations.html;2015-06-01 00:00:00;60;Florian Roth;APT,EXE,FILE,MAL,RUSSIA;178a2c12a1bac4d04c92fae9f90f159c APT30_Generic_1;FireEye APT30 Report Sample;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;fe1d94587cebf1518cc407ffe6ab38f4 APT30_Generic_2;FireEye APT30 Report Sample - from many files;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;5da8fa4357c3fd250ce879b543b61a28 APT30_Generic_3;FireEye APT30 Report Sample;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;bf9bb849cd6b71f57dc258a0f4c815b0 APT30_Generic_4;FireEye APT30 Report Sample;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;cc1fc38876cf2475a899b4bd8260fac4 APT30_Generic_5;FireEye APT30 Report Sample;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;8d9c92e796d19542b77a5f82e70f8591 APT30_Generic_6;FireEye APT30 Report Sample;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;991e6f873e99c148692e9159583b73cf APT30_Generic_7;FireEye APT30 Report Sample;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;4aee9ac419c2d05737a23dfcdffd1cb4 APT30_Generic_8;FireEye APT30 Report Sample;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;05b8fb856120648c596b8ceec7a510b8 APT30_Generic_9;FireEye APT30 Report Sample;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;73e89128560cf46d4230faed5a457b46 APT30_Generic_A;FireEye APT30 Report Sample - file af1c1c5d8031c4942630b6a10270d8f4;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;a9a85fb6c4a338a71e8a30716145f12f APT30_Generic_B;FireEye APT30 Report Sample - file 29395c528693b69233c1c12bef8a64b3;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;a0534ff9c4f277fb354c2f7b3f58fbc8 APT30_Generic_C;FireEye APT30 Report Sample - file 0c4fcef3b583d0ffffc2b14b9297d3a4;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;2879b2af568ca54a3348416e449f189c APT30_Generic_D;FireEye APT30 Report Sample - file 597805832d45d522c4882f21db800ecf;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;c33de9e37ff6277b302bb8194755c682 APT30_Generic_E;FireEye APT30 Report Sample - file 8ff473bedbcc77df2c49a91167b1abeb;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;e4a30568e98b12f3718e850d7ee35d97 APT30_Generic_E_v2;FireEye APT30 Report Sample - file 71f25831681c19ea17b2f2a84a41bbfb;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;22141fbdcca6b014f9566519cd7c298a APT30_Generic_F;FireEye APT30 Report Sample - file 4c10a1efed25b828e4785d9526507fbc;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;a20b2bce01631cdc7f5eead7244ad533 APT30_Generic_G;FireEye APT30 Report Sample - file 53f1358cbc298da96ec56e9a08851b4b;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;e9511d1a54b3a5471fb26c191793007d APT30_Generic_H;FireEye APT30 Report Sample - file db3e5c2f2ce07c2d3fa38d6fc1ceb854;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;afec35d66fa2b1735045e03f20b988d8 APT30_Generic_I;FireEye APT30 Report Sample - file fe211c7a081c1dac46e3935f7c614549;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;3443195777e0c12a1a59b13b3def6bee APT30_Generic_J;FireEye APT30 Report Sample - file baff5262ae01a9217b10fcd5dad9d1d5;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;d8843c47f355a0126011a2bdf6e899b1 APT30_Generic_K;FireEye APT30 Report Sample - file b5a343d11e1f7340de99118ce9fc1bbb;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;7b54039f2298405d3426794afbe69948 APT30_Microfost;FireEye APT30 Report Sample - file 310a4a62ba3765cbf8e8bbb9f324c503;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;8d43f03efce7c13905060a6d5239dc1d APT30_Sample_10;FireEye APT30 Report Sample - file 8c713117af4ca6bbd69292a78069e75b;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;f1ad8a3c0803f9d74c27eacd1c96c51a APT30_Sample_11;FireEye APT30 Report Sample - file d97aace631d6f089595f5ce177f54a39;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;14ca1d119f921ebb0a551287ab221272 APT30_Sample_12;FireEye APT30 Report Sample - file c95cd106c1fecbd500f4b97566d8dc96;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;57c8a9ade58f4b474a3d8d12c317b2ae APT30_Sample_13;FireEye APT30 Report Sample - file 95bb314fe8fdbe4df31a6d23b0d378bc;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;177691765cc479d1d7855d08fc2aef14 APT30_Sample_14;FireEye APT30 Report Sample - file 6f931c15789d234881be8ae8ccfe33f4;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;7ba755fcc71af84a84b29a0731e455ff APT30_Sample_15;FireEye APT30 Report Sample - file e26a2afaaddfb09d9ede505c6f1cc4e3;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;409c2c6270d7b3f5af3617fd4e84e623 APT30_Sample_16;FireEye APT30 Report Sample - file 37e568bed4ae057e548439dc811b4d3a;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;1467c951d41899bac55e7ea7f6dfc819 APT30_Sample_17;FireEye APT30 Report Sample - file 23813c5bf6a7af322b40bd2fd94bd42e;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;349e51ebbcca4928e207d36dd92a554b APT30_Sample_18;FireEye APT30 Report Sample - file b2138a57f723326eda5a26d2dec56851;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;0772747cbbac471913191d5291a42572 APT30_Sample_19;FireEye APT30 Report Sample - file 5d4f2871fd1818527ebd65b0ff930a77;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;0762804dab920ccca6a4463457c5824a APT30_Sample_1;FireEye APT30 Report Sample - file 4c6b21e98ca03e0ef0910e07cef45dac;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;1b9d4a94c6f1bcb1e82a63a6365484c7 APT30_Sample_20;FireEye APT30 Report Sample - file 5ae51243647b7d03a5cb20dccbc0d561;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;4e4615a9dbefa88a3cbdd39ec25c1b54 APT30_Sample_21;FireEye APT30 Report Sample - file 78c4fcee5b7fdbabf3b9941225d95166;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;aaf852089c60a676f2337579066b53d0 APT30_Sample_22;FireEye APT30 Report Sample - file fad06d7b4450c4631302264486611ec3;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;d32e02724030536f5111eda2c4b2a515 APT30_Sample_23;FireEye APT30 Report Sample - file a5ca2c5b4d8c0c1bc93570ed13dcab1a;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;564ecfff275f5e4a48dc5838d24bafc2 APT30_Sample_24;FireEye APT30 Report Sample - file 062fe1336459a851bd0ea271bb2afe35;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;c58c25f17ab1b86165a4fffa6272cbac APT30_Sample_25;FireEye APT30 Report Sample - file c4c068200ad8033a0f0cf28507b51842;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;8b2bdcc232d698858b6f08cf30774b83 APT30_Sample_26;FireEye APT30 Report Sample - file 428fc53c84e921ac518e54a5d055f54a;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;c3ab3ebe8a2505ec6567411f54b1cbfb APT30_Sample_27;FireEye APT30 Report Sample - file d38e02eac7e3b299b46ff2607dd0f288;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;f9cadec46c18a434ddfb4f685d6ecf9d APT30_Sample_28;FireEye APT30 Report Sample - file e62a63307deead5c9fcca6b9a2d51fb0;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;d31f17012fbb5f3982902660788945c2 APT30_Sample_29;FireEye APT30 Report Sample - file 1b81b80ff0edf57da2440456d516cc90;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;35f722d2d0fdc6212953d8c046d55a74 APT30_Sample_2;FireEye APT30 Report Sample - file c4dec6d69d8035d481e4f2c86f580e81;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;3333c6d5755d334a287d3a013c6953db APT30_Sample_30;FireEye APT30 Report Sample - file bf8616bbed6d804a3dea09b230c2ab0c;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;1e06ca1cc167639ccac881b93e5e0eb2 APT30_Sample_31;FireEye APT30 Report Sample - file d8e68db503f4155ed1aeba95d1f5e3e4;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;a27a27964a61ad2d78eddf76eac6ab65 APT30_Sample_33;FireEye APT30 Report Sample - file 5eaf3deaaf2efac92c73ada82a651afe;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;70e471485ef80e48097b1839332faa4e APT30_Sample_34;FireEye APT30 Report Sample - file a9e8e402a7ee459e4896d0ba83543684;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;3170af458456cb72a3a27d9e7d349767 APT30_Sample_35;FireEye APT30 Report Sample - file 414854a9b40f7757ed7bfc6a1b01250f;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;8e4583021e94a2f804e4de286a81a011 APT30_Sample_3;FireEye APT30 Report Sample - file 59e055cee87d8faf6f701293e5830b5a;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;78a32fff1fde9b722ace5ed7e10bd31e APT30_Sample_4;FireEye APT30 Report Sample - file 6ba315275561d99b1eb8fc614ff0b2b3;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;8c85fd66417d880198fcc7237800fa69 APT30_Sample_5;FireEye APT30 Report Sample - file ebf42e8b532e2f3b19046b028b5dfb23;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;f658f116c06cac879213d69e8f669b40 APT30_Sample_6;FireEye APT30 Report Sample - file ee1b23c97f809151805792f8778ead74;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;05282a8a968e6797220b07b7b437f6c7 APT30_Sample_7;FireEye APT30 Report Sample - file 74b87086887e0c67ffb035069b195ac7;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;b35e34d35f51e98f02aa47039ea1a7f6 APT30_Sample_8;FireEye APT30 Report Sample - file 44b98f22155f420af4528d17bb4a5ec8;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;9c3cff51e5b163f9b9a1ffda24048705 APT30_Sample_9;FireEye APT30 Report Sample - file e3ae3cbc024e39121c87d73e87bb2210;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;c890bfe8b5df7a67ddaab42857af47a6 APT34_Malware_Exeruner;Detects APT 34 malware;https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html;2017-12-07 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL,MIDDLE_EAST;69ada7dd7d1f48ce90aa156b84dd752b APT34_Malware_HTA;Detects APT 34 malware;https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html;2017-12-07 00:00:00;75;Florian Roth;APT,MAL,MIDDLE_EAST;819d957427d626ea2ec2851b1c5fe99c APT6_Malware_Sample_Gen;Rule written for 2 malware samples that communicated to APT6 C2 servers;https://otx.alienvault.com/pulse/56c4d1664637f26ad04e5b73/;2016-04-09 00:00:00;80;Florian Roth;APT,EXE,FILE,GEN,MAL;a0fb19cb9984d92bc59db250ce6ed255 APTGroupX_PlugXTrojanLoader_StringDecode;Rule to detect PlugX Malware;https://t.co/4xQ8G2mNap;1970-01-01 01:00:00;80;Jay DiMartino;MAL;f9300e67d61b85f3be3f9161b362d1ad APT_APT10_Malware_Imphash_Dec18_1;Detects APT10 malware based on ImpHashes;AlienVault OTX IOCs - statistical sample analysis;2018-12-28 00:00:00;75;Florian Roth;APT,CHINA,EXE,FILE,MAL;6e2087b6abb48da2f67d25c43a8d95b1 APT_APT28_Cannon_Trojan_Nov18_1;Detects Cannon Trojan used by Sofacy;https://researchcenter.paloaltonetworks.com/2018/11/unit42-sofacy-continues-global-attacks-wheels-new-cannon-trojan/;2018-11-20 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL,RUSSIA;874b39ec14a7d1f15a0b6095ed66f33a APT_Area1_SSF_GoogleSend_Strings;Detects send tool used in phishing campaign reported by Area 1 in December 2018;https://cdn.area1security.com/reports/Area-1-Security-PhishingDiplomacy.pdf;2018-12-19 00:00:00;75;Area 1 (modified by Florian Roth);APT,EXE,FILE;0a23b99fcbf29d6e0e24d8b0487f0f93 APT_Area1_SSF_PlugX;Detects send tool used in phishing campaign reported by Area 1 in December 2018;https://cdn.area1security.com/reports/Area-1-Security-PhishingDiplomacy.pdf;2018-12-19 00:00:00;75;Area 1;APT;fdf36018ac3dac89649c94a139ed1539 APT_Cloaked_PsExec;Looks like a cloaked PsExec. May be APT group activity.;-;2014-07-18 00:00:00;60;Florian Roth;APT,EXE,EXTVAR,FILE;0443bf568d17de127ae3eaaa789a156b APT_Cloaked_ScanLine;Looks like a cloaked ScanLine Port Scanner. May be APT group activity.;-;2014-07-18 00:00:00;50;Florian Roth;APT,EXE,EXTVAR,FILE,HKTL;a2b258e6701a526d5afb3850fd52083d APT_Cloaked_SuperScan;Looks like a cloaked SuperScan Port Scanner. May be APT group activity.;-;2014-07-18 00:00:00;50;Florian Roth;APT,EXE,EXTVAR,FILE,HKTL;907a9e92a733e7a9d8df45fb93a0d023 APT_CobaltStrike_Beacon_Indicator;Detects CobaltStrike beacons;https://github.com/JPCERTCC/aa-tools/blob/master/cobaltstrikescan.py;2018-11-09 00:00:00;75;JPCERT;APT,EXE,FILE;5380485dc275908e4cac5731b8cc9a08 APT_DarkHydrus_Jul18_1;Detects strings found in malware samples in APT report in DarkHydrus;https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/;2018-07-28 00:00:00;75;Florian Roth;APT,EXE,FILE,MIDDLE_EAST;b651d033ca15b5028ad57c7886f5a343 APT_DarkHydrus_Jul18_2;Detects strings found in malware samples in APT report in DarkHydrus;https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/;2018-07-28 00:00:00;75;Florian Roth;APT,EXE,FILE,MIDDLE_EAST;f84af612bfe4e856885feaaa6c911b08 APT_DarkHydrus_Jul18_3;Detects strings found in malware samples in APT report in DarkHydrus;https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/;2018-07-28 00:00:00;75;Florian Roth;APT,EXE,FILE,MIDDLE_EAST;69b866acc6899c583919db3e7e09ebda APT_DarkHydrus_Jul18_4;Detects strings found in malware samples in APT report in DarkHydrus;https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/;2018-07-28 00:00:00;75;Florian Roth;APT,EXE,FILE,MIDDLE_EAST;9c57a24ada5685d6e6b93ab4bfea7637 APT_DarkHydrus_Jul18_5;Detects strings found in malware samples in APT report in DarkHydrus;https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/;2018-07-28 00:00:00;75;Florian Roth;APT,EXE,FILE,MIDDLE_EAST;e84e68b7618884588bd6f776c6b0d689 APT_DonotTeam_YTYframework;Modular malware framework with similarities to EHDevel;arbornetworks.com/blog/asert/don;2018-08-03 00:00:00;75;James E.C, ProofPoint;APT,FILE;136f2bdeeda5a19363961d060331947c APT_FIN7_EXE_Sample_Aug18_10;Detects sample from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;75;Florian Roth;APT,EXE,FILE,RUSSIA;c5db62ea6f8b5e4576258bea857020fd APT_FIN7_EXE_Sample_Aug18_1;Detects sample from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;75;Florian Roth;APT,EXE,FILE,RUSSIA;aa76e34953d18a24728d0f4217c6586f APT_FIN7_EXE_Sample_Aug18_2;Detects sample from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;75;Florian Roth;APT,EXE,FILE,RUSSIA;9a953dcd27e95bca8e8c062e5a748ce1 APT_FIN7_EXE_Sample_Aug18_3;Detects sample from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;75;Florian Roth;APT,EXE,FILE,RUSSIA;9a4375419e88fa4ddba9fec09d42af1f APT_FIN7_EXE_Sample_Aug18_4;Detects sample from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;75;Florian Roth;APT,EXE,FILE,RUSSIA;ebeb4eed696df08f224dad1dbb039677 APT_FIN7_EXE_Sample_Aug18_5;Detects sample from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;75;Florian Roth;APT,EXE,FILE,RUSSIA;0d28c3976fdbe57bbfd0e494374d4fe9 APT_FIN7_EXE_Sample_Aug18_6;Detects sample from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;75;Florian Roth;APT,EXE,FILE,RUSSIA;aa3c712d6085d59a241c5b25604692d0 APT_FIN7_EXE_Sample_Aug18_7;Detects sample from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;75;Florian Roth;APT,EXE,FILE,RUSSIA;8bb7bd379468c65dba3fd69188de4527 APT_FIN7_EXE_Sample_Aug18_8;Detects sample from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;75;Florian Roth;APT,EXE,FILE,RUSSIA;cc7341764212bef3c1e1ccb7c6ab66bb APT_FIN7_MalDoc_Aug18_1;Detects malicious Doc from FIN7 campaign;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;75;Florian Roth;APT,RUSSIA;b867d4a326ef36a400372e4e76462760 APT_FIN7_Sample_Aug18_1;Detects FIN7 samples mentioned in FireEye report;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;75;Florian Roth;APT,FILE,RUSSIA;c2acdcf6f4989a335e0fa5dd4b31e8e0 APT_FIN7_Sample_Aug18_2;Detects FIN7 malware sample;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;75;Florian Roth;APT,FILE,RUSSIA;0df1456663be95d991e03d35c2a8c018 APT_FIN7_Sample_EXE_Aug18_1;Detects FIN7 Sample;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;75;Florian Roth;APT,EXE,FILE,RUSSIA;dfb8dcf78be259a2ff4c6db2d4ea009c APT_FIN7_Strings_Aug18_1;Detects strings from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;75;Florian Roth;APT,RUSSIA;130d7a4b3d12d94331598ae75184f512 APT_FallChill_RC4_Keys;Detects FallChill RC4 keys;https://securelist.com/operation-applejeus/87553/;2018-08-21 00:00:00;75;Florian Roth;APT,EXE,FILE;4b5013fcabc0b64d3e57daa4b1423436 APT_GreyEnergy_Malware_Oct18_1;Detects samples from Grey Energy report;https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/;2018-10-17 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;417bb04c18efa14ede7f2187a5e81ab1 APT_GreyEnergy_Malware_Oct18_2;Detects samples from Grey Energy report;https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/;2018-10-17 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;25494921f5c155770a1ed4d19850e2d4 APT_GreyEnergy_Malware_Oct18_3;Detects samples from Grey Energy report;https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/;2018-10-17 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;a2fb0917d72762344f9526d6e7c27417 APT_GreyEnergy_Malware_Oct18_4;Detects samples from Grey Energy report;https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/;2018-10-17 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;713a4f65c36c19c4ebe7d523fe29f5ac APT_GreyEnergy_Malware_Oct18_5;Detects samples from Grey Energy report;https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/;2018-10-17 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;b7e2162f7eb8bd8aba59a91e2ac7fb43 APT_HiddenCobra_GhostSecret_1;Detects Hidden Cobra Sample;https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/;2018-08-11 00:00:00;75;Florian Roth;APT,EXE,FILE,NK;0396d3a9a2714271358ea538a2b21da2 APT_HiddenCobra_GhostSecret_2;Detects Hidden Cobra Sample;https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/;2018-08-11 00:00:00;75;Florian Roth;APT,EXE,FILE,NK;c03b4c575274fe92be010449bd65f112 APT_HiddenCobra_enc_PK_header;Hidden Cobra - Detects trojan with encrypted header;https://www.us-cert.gov/ncas/analysis-reports/AR18-165A;2018-04-12 00:00:00;75;NCCIC trusted 3rd party - Edit: Tobias Michalski;APT,FILE,NK;2502e27de56191163efa6acc51bb1061 APT_HiddenCobra_import_obfuscation_2;Hidden Cobra - Detects remote access trojan;https://www.us-cert.gov/ncas/analysis-reports/AR18-165A;2018-04-12 00:00:00;75;NCCIC trusted 3rd party - Edit: Tobias Michalski;APT,FILE,NK,OBFUS;c114694e143f8cb1e511cbe3ccc28fd0 APT_Kaspersky_Duqu2_SamsungPrint;Kaspersky APT Report - Duqu2 Sample - file 2a9a5afc342cde12c6eb9a91ad29f7afdfd8f0fb17b983dcfddceccfbc17af69;https://goo.gl/7yKyOj;2015-06-10 00:00:00;75;Florian Roth;APT,EXE,FILE;47745f831e1771d08f56c5f3f550612b APT_Kaspersky_Duqu2_msi3_32;Kaspersky APT Report - Duqu2 Sample - file d8a849654ab97debaf28ae5b749c3b1ff1812ea49978713853333db48c3972c3;https://goo.gl/7yKyOj;2015-06-10 00:00:00;75;Florian Roth;APT,EXE,FILE;242dda6b6b6acbb4a231f071e30df518 APT_Kaspersky_Duqu2_procexp;Kaspersky APT Report - Duqu2 Sample - Malicious MSI;https://goo.gl/7yKyOj;2015-06-10 00:00:00;75;Florian Roth;APT,EXE,FILE;e05f23fa6212b7879ad5c54ef5c567f1 APT_Lazarus_Aug18_1;Detects Lazarus Group Malware;https://securelist.com/operation-applejeus/87553/;2018-08-24 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL,NK;b968cecce9632b4f5e359819edf14bad APT_Lazarus_Aug18_2;Detects Lazarus Group Malware;https://securelist.com/operation-applejeus/87553/;2018-08-24 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL,NK;0247f90fa9095549dc79ab5dfaa9afb9 APT_Lazarus_Aug18_Downloader_1;Detects Lazarus Group Malware Downloadery;https://securelist.com/operation-applejeus/87553/;2018-08-24 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL,NK;63151c7429dba5ee7cfb74287147456b APT_Lazarus_Dropper_Jun18_1;Detects Lazarus Group Dropper;https://twitter.com/DrunkBinary/status/1002587521073721346;2018-06-01 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL,NK;2e5ab44793cc3a4f8669162213309c47 APT_Lazarus_RAT_Jun18_1;Detects Lazarus Group RAT;https://twitter.com/DrunkBinary/status/1002587521073721346;2018-06-01 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL,NK;2f5026b3b45edf547f6b59fca5f14b22 APT_Lazarus_RAT_Jun18_2;Detects Lazarus Group RAT;https://twitter.com/DrunkBinary/status/1002587521073721346;2018-06-01 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL,NK;e24e9743324976b49232860679e54d4d APT_Liudoor;Detects Liudoor daemon backdoor;-;2015-07-23 00:00:00;75;RSA FirstWatch;APT,MAL;df75e72b1850464de866832f0fb7e432 APT_MAL_DNS_Hijacking_Campaign_AA19_024A;Detects malware used in DNS Hijackign campaign;https://www.us-cert.gov/ncas/alerts/AA19-024A;2019-01-25 00:00:00;75;Florian Roth;APT,EXE,FILE;74a54b611b333f749e264b527b244c1a APT_ME_BigBang_Gen_Jul18_1;Detects malware from Big Bang campaign against Palestinian authorities;https://research.checkpoint.com/apt-attack-middle-east-big-bang/;2018-07-09 00:00:00;75;Florian Roth;APT,EXE,FILE,GEN;f1e013ec5b8f6aeec6fc98391bc694cc APT_ME_BigBang_Mal_Jul18_1;Detects malware from Big Bang report;https://research.checkpoint.com/apt-attack-middle-east-big-bang/;2018-07-09 00:00:00;75;Florian Roth;APT,EXE,FILE;5d7a2550cfecbb2e6fa07d9509252b4b APT_MagicHound_MalMacro;Detects malicious macro / powershell in Office document;https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations;2017-02-17 00:00:00;75;Florian Roth;APT,FILE,OFFICE;768633d484dd36908416bffe638c1647 APT_Malware_CommentCrew_MiniASP;CommentCrew Malware MiniASP APT;VT Analysis;2015-06-03 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;a3b714945a91061a9f3c15dca27f652d APT_Malware_PutterPanda_Gen1;Detects a malware ;not set;2015-06-03 00:00:00;75;YarGen Rule Generator;APT,EXE,FILE,MAL;d6393b376fd3295f10921be72475846a APT_Malware_PutterPanda_Gen4;Detects Malware related to PutterPanda;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;APT,CHINA,EXE,FILE,MAL;4602e2bbe8b06d4adb03123a5db0a1eb APT_Malware_PutterPanda_MsUpdater_1;Detects Malware related to PutterPanda - MSUpdater;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;APT,CHINA,EXE,FILE,MAL;62f69d46210e12fe401e56f901fdb5af APT_Malware_PutterPanda_MsUpdater_2;Detects Malware related to PutterPanda - MSUpdater;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;APT,CHINA,EXE,FILE,MAL;87e2474c8bf0220c02a57dd0f01c5c3a APT_Malware_PutterPanda_MsUpdater_3;Detects Malware related to PutterPanda - MSUpdater;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;APT,CHINA,EXE,FILE,MAL;aa99b02760344bafd1edc132a8e809ec APT_Malware_PutterPanda_PSAPI;Detects a malware related to Putter Panda;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;APT,CHINA,EXE,FILE,MAL;756ceadee9087abddcefa10d379fe73e APT_Malware_PutterPanda_Rel;Detects an APT malware related to PutterPanda;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;APT,CHINA,EXE,FILE,MAL;83c7029886bc572d4d3152499d7b9b4f APT_Malware_PutterPanda_Rel_2;APT Malware related to PutterPanda Group;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;APT,CHINA,EXE,FILE,MAL;d8aac4d61260f18f1cf2f45b16458a37 APT_Malware_PutterPanda_WUAUCLT;Detects a malware related to Putter Panda;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;APT,CHINA,MAL;036c84b599ab24a61b602c9435f936db APT_NK_AR18_165A_1;Detects APT malware from AR18-165A report by US CERT;https://www.us-cert.gov/ncas/analysis-reports/AR18-165A;2018-06-15 00:00:00;75;Florian Roth;APT,EXE,FILE;32b90b0c9c4fc974b03b0ec757a23457 APT_NK_AR18_165A_HiddenCobra_import_deob;Hidden Cobra - Detects installed proxy module as a service;https://www.us-cert.gov/ncas/analysis-reports/AR18-165A;2018-04-12 00:00:00;75;NCCIC trusted 3rd party - Edit: Tobias Michalski;APT,FILE,NK;c4200d68bb1633295b87464cb797bffb APT_Project_Sauron_Custom_M1;Detects malware from Project Sauron APT;https://goo.gl/eFoP4A;2016-08-09 00:00:00;75;Florian Roth;APT,EXE,FILE;4e91d0b33284ea30079ce886bdcb212a APT_Project_Sauron_Custom_M2;Detects malware from Project Sauron APT;https://goo.gl/eFoP4A;2016-08-09 00:00:00;75;Florian Roth;APT,EXE,FILE;dad36d29819639821437138975f2caa2 APT_Project_Sauron_Custom_M3;Detects malware from Project Sauron APT;https://goo.gl/eFoP4A;2016-08-09 00:00:00;75;Florian Roth;APT,EXE,FILE;00e18a86832995ec47774c3ed39687b2 APT_Project_Sauron_Custom_M4;Detects malware from Project Sauron APT;https://goo.gl/eFoP4A;2016-08-09 00:00:00;75;Florian Roth;APT,EXE,FILE;6a363a45bbf20c1dc10cc2d00ee9e495 APT_Project_Sauron_Custom_M6;Detects malware from Project Sauron APT;https://goo.gl/eFoP4A;2016-08-09 00:00:00;75;Florian Roth;APT,EXE,FILE;7c3291cd11ef684d0ff6386d80963046 APT_Project_Sauron_Custom_M7;Detects malware from Project Sauron APT;https://goo.gl/eFoP4A;2016-08-09 00:00:00;75;Florian Roth;APT,EXE,FILE;9b63e16a3ed9a07bb2abb39b063e0e1c APT_Project_Sauron_Scripts;Detects scripts (mostly LUA) from Project Sauron report by Kaspersky;https://goo.gl/eFoP4A;2016-08-08 00:00:00;75;Florian Roth;APT;91a9845d427b6228911040f8038da40a APT_Project_Sauron_arping_module;Detects strings from arping module - Project Sauron report by Kaspersky;https://goo.gl/eFoP4A;2016-08-08 00:00:00;75;Florian Roth;APT;f03f1968bc51e724055967fb4a046a14 APT_Project_Sauron_basex_module;Detects strings from basex module - Project Sauron report by Kaspersky;https://goo.gl/eFoP4A;2016-08-08 00:00:00;75;Florian Roth;APT;16cf8f05aa3907e85ec798fc096479e0 APT_Project_Sauron_dext_module;Detects strings from dext module - Project Sauron report by Kaspersky;https://goo.gl/eFoP4A;2016-08-08 00:00:00;75;Florian Roth;APT;da2b1be9edaa32bd0aa2efaf52f7f418 APT_Project_Sauron_kblogi_module;Detects strings from kblogi module - Project Sauron report by Kaspersky;https://goo.gl/eFoP4A;2016-08-08 00:00:00;75;Florian Roth;APT;ec07e689a011e6a31d319b3999da0bb3 APT_Proxy_Malware_Packed_dev;APT Malware - Proxy;-;2014-11-10 00:00:00;50;FRoth;APT,HKTL,MAL;4fd49d834248d564bdb9933ab43d17e5 APT_PupyRAT_PY;Detects Pupy RAT;https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations;2017-02-17 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;09a191b2c03fa158d39f13231101b7e9 APT_RANCOR_DDKONG_Malware_Exports;Detects DDKONG malware;https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/;2018-06-26 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;d7560fb5113904c0c354f2bc4b86b911 APT_RANCOR_JS_Malware;Rancor Malware;https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/;2018-06-26 00:00:00;75;Florian Roth;APT,FILE,MAL;2c3ad5e74ac6c69e11c902c039ca2609 APT_RANCOR_PLAINTEE_Malware_Exports;Detects PLAINTEE malware;https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/;2018-06-26 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;13916744f5dbd4b900db9b9f24fa5c06 APT_RANCOR_PLAINTEE_Variant;Detects PLAINTEE malware;https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/;2018-06-26 00:00:00;75;Florian Roth;APT,EXE,FILE;89eb8706e9b0319a15f3fe87091c69e9 APT_Script_AUS_4;Detetcs a script involved in the Australian Parliament House network compromise;https://twitter.com/cyb3rops/status/1097423665472376832;2019-02-18 00:00:00;75;Florian Roth;APT;bbab688544d15089b70b810eed4f42ce APT_TA18_149A_Joanap_Sample1;Detects malware from TA18-149A report by US-CERT;https://www.us-cert.gov/ncas/alerts/TA18-149A;2018-05-30 00:00:00;75;Florian Roth;APT,EXE,FILE;22854bce2a4cb9668af7560676ef3f5b APT_TA18_149A_Joanap_Sample2;Detects malware from TA18-149A report by US-CERT;https://www.us-cert.gov/ncas/alerts/TA18-149A;2018-05-30 00:00:00;75;Florian Roth;APT,EXE,FILE;825dcfc720d736eb38b391ac567b8ac7 APT_TA18_149A_Joanap_Sample3;Detects malware from TA18-149A report by US-CERT;https://www.us-cert.gov/ncas/alerts/TA18-149A;2018-05-30 00:00:00;75;Florian Roth;APT,EXE,FILE;41361f529408f78752ef4dafa298f688 APT_Thrip_Sample_Jun18_10;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;5505225b0656a48ae0080f2505d5b125 APT_Thrip_Sample_Jun18_11;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;68fbc87a090b4657e9320f4c1fdeee0c APT_Thrip_Sample_Jun18_12;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;310659f9e5facfca8b57015698c845f2 APT_Thrip_Sample_Jun18_13;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;97686ef26597255211b1f013a1769fa7 APT_Thrip_Sample_Jun18_14;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;b3229a509922511aa17d441bcf60bd9c APT_Thrip_Sample_Jun18_15;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;4eafdd297e00ce45c3bda4f9fecc4ec5 APT_Thrip_Sample_Jun18_16;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;6624479e657a33b7d8b4b9f5551e66df APT_Thrip_Sample_Jun18_17;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;48e6e9e05e9fd58b3e0244976ee9b947 APT_Thrip_Sample_Jun18_18;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;f82008ea0e930ee78eebf40fe7b06a4b APT_Thrip_Sample_Jun18_1;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;bd85d955f29d90efa1892523481d92f9 APT_Thrip_Sample_Jun18_2;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;072da4a7c4a18fed64e26f24b80e4ab8 APT_Thrip_Sample_Jun18_3;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;681acf80e792f90a6a57a6760ab13cb0 APT_Thrip_Sample_Jun18_4;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;d6f4818c1ca83ffcf25ad91bffb1a41f APT_Thrip_Sample_Jun18_5;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;59d58dd876e31e1f0a48f76b81af0ebc APT_Thrip_Sample_Jun18_6;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;885b0ef5472feabc36e6adab633f2c12 APT_Thrip_Sample_Jun18_7;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;aa6534d29321a7604e7002e67f0c399b APT_Thrip_Sample_Jun18_8;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT;5e0c7a650501521d8f076b6a19948892 APT_Thrip_Sample_Jun18_9;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;76cb7ecfbd2b761cfaabae73666adcc0 APT_Tick_HomamDownloader_Jun18;Detects HomamDownloader from Tick group incident - Weaponized USB;https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/;2018-06-23 00:00:00;75;Florian Roth;APT,EXE,FILE;aaf3cf99c4ad24675325ad060e4abfe2 APT_Tick_Sysmon_Loader_Jun18;Detects Sysmon Loader from Tick group incident - Weaponized USB;https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/;2018-06-23 00:00:00;75;Florian Roth;APT,EXE,FILE;2eee100ad35b654d3ba0795089b42612 APT_Turla_Agent_BTZ_Gen_1;Detects Turla Agent.BTZ;Internal Research;2018-06-16 00:00:00;80;Florian Roth;APT,EXE,FILE,GEN,RUSSIA;954fbf13ceb44f194cdfa8f6b475133f APT_WebShell_AUS_4;Detetcs a webshell involved in the Australian Parliament House network compromise;https://twitter.com/cyb3rops/status/1097423665472376832;2019-02-18 00:00:00;75;Florian Roth;APT,FILE;b917ec27375f65f4d5456997b9908c85 APT_WebShell_AUS_5;Detetcs a webshell involved in the Australian Parliament House network compromise;https://twitter.com/cyb3rops/status/1097423665472376832;2019-02-18 00:00:00;75;Florian Roth;APT,FILE;c7da99b5ca7eaea74482829f77f3774d APT_WebShell_AUS_JScript_3;Detetcs a webshell involved in the Australian Parliament House network compromise;https://twitter.com/cyb3rops/status/1097423665472376832;2019-02-18 00:00:00;75;Florian Roth;APT,FILE;f2f38cd4ee8bcf9bfc9850b3149e7d96 APT_WebShell_AUS_Tiny_2;Detetcs a tiny webshell involved in the Australian Parliament House network compromise;https://twitter.com/cyb3rops/status/1097423665472376832;2019-02-18 00:00:00;75;Florian Roth;APT,FILE;e8372bb28854117dc39430efa0b534f2 APT_WebShell_Tiny_1;Detetcs a tiny webshell involved in the Australian Parliament House network compromise;https://twitter.com/cyb3rops/status/1097423665472376832;2019-02-18 00:00:00;75;Florian Roth;APT,FILE;5290299f5b4360e6da135e2a1ee34fb7 ASPXspy2;Web shell - file ASPXspy2.aspx;not set;2015-01-24 00:00:00;75;Florian Roth;WEBSHELL;64bcf8b4482b74a98f0785ef682a7b43 ASP_CmdAsp;Webshells Auto-generated - file CmdAsp.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;5b76cd35652a09169872813539f7a9f8 ASPack_ASPACK;Disclosed hacktool set (old stuff) - file ASPACK.EXE;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;61aceaec0a789fdcfca7398e1e3a7f33 ASPack_Chinese;Disclosed hacktool set (old stuff) - file ASPack Chinese.ini;-;2014-11-23 00:00:00;60;Florian Roth;CHINA,HKTL;12b02c0b768afa6ee47a142304445ad7 ATM_Malware_DispenserXFS;Detects ATM Malware DispenserXFS;https://twitter.com/r3c0nst/status/1100775857306652673;2019-02-27 00:00:00;80;@Xylit0l @r3c0nst / Modified by Florian Roth;FILE,MAL;1d77456406c1a337869c969ddbaa70e8 ATM_Malware_JavaDispCash;Detects ATM Malware JavaDispCash;https://twitter.com/r3c0nst/status/1111254169623674882;2019-03-28 00:00:00;75;Frank Boldewin (@r3c0nst);FILE,MAL;90d7f79970aa353033e509c1187b9290 Acrotray_Anomaly;Detects an acrotray.exe that does not contain the usual strings;-;1970-01-01 01:00:00;75;Florian Roth;EXE,EXTVAR,FILE;bffe62c85ccfa49006d6bbe06d9baf84 Agent_BTZ_Aug17;Detects Agent.BTZ;http://www.intezer.com/new-variants-of-agent-btz-comrat-found/;2017-08-07 00:00:00;75;Florian Roth;EXE,FILE;9db09505061381f676cbb90f6bdfcdb7 Agent_BTZ_Proxy_DLL_1;Detects Agent-BTZ Proxy DLL - activeds.dll;http://www.intezer.com/new-variants-of-agent-btz-comrat-found/;2017-08-07 00:00:00;75;Florian Roth;EXE,FILE,HKTL;ad36e572a62c1642d912690452103068 Agent_BTZ_Proxy_DLL_2;Detects Agent-BTZ Proxy DLL - activeds.dll;http://www.intezer.com/new-variants-of-agent-btz-comrat-found/;2017-08-07 00:00:00;75;Florian Roth;EXE,FILE,HKTL;f23df0c672663c34a2c745a84efe8ae6 Ajan_asp;Semi-Auto-generated - file Ajan.asp.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;454801e1476bd8a169f89833af7730f8 Ajax_PHP_Command_Shell_php;Semi-Auto-generated - file Ajax_PHP Command Shell.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;fbfeda165a7c223e59fd3cedd9cc74c1 AllTheThings;Detects AllTheThings;https://github.com/subTee/AllTheThings;2017-07-27 00:00:00;75;Florian Roth;EXE,FILE,HKTL;641ea753af7653c454a326ee62e9596b Ammyy_Admin_AA_v3;Remote Admin Tool used by APT group Anunak (ru) - file AA_v3.4.exe and AA_v3.5.exe;http://goo.gl/gkAg2E;2014-12-22 00:00:00;55;Florian Roth;APT,HKTL;d420ca5201d66d9d520a658a4dbe421f Amplia_Security_Tool;Amplia Security Tool;-;1970-01-01 01:00:00;60;Florian Roth (auto-filled);HKTL;9b1a75a703b0f2ce629b8cae55b6594a Andromeda_MalBot_Jun_1A;Detects a malicious Worm Andromeda / RETADUP;http://blog.trendmicro.com/trendlabs-security-intelligence/information-stealer-found-hitting-israeli-hospitals/;2017-06-30 00:00:00;75;Florian Roth;EXE,FILE,MAL;a026ee9dacea76c4e319616f81223bce Angry_IP_Scanner_v2_08_ipscan;Auto-generated rule on file ipscan.exe;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator by Florian Roth;HKTL;5047ae4a89e4f291100a9407d1a3a322 Antichat_Shell_v1_3_php;Semi-Auto-generated - file Antichat Shell v1.3.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;c45847d7c44ffa336e1cc042dd7bb829 Antichat_Socks5_Server_php_php;Semi-Auto-generated - file Antichat Socks5 Server.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;b31085b3df7027f11b9044933dfa0900 Antiy_Ports_1_21;Disclosed hacktool set (old stuff) - file Antiy Ports 1.21.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;7c320a796fe2ad5238b6901938d0c44d Apolmy_Privesc_Trojan;Apolmy Privilege Escalation Trojan used in APT Terracotta;https://blogs.rsa.com/terracotta-vpn-enabler-of-advanced-threat-anonymity/;2015-08-04 00:00:00;80;Florian Roth;APT,EXE,FILE,MAL;6b74ccbc60c1398e63ef6a08a5e74924 AppInitHook;AppInitGlobalHooks-Mimikatz - Hide Mimikatz From Process Lists - file AppInitHook.dll;https://goo.gl/Z292v6;2015-07-15 00:00:00;70;Florian Roth;EXE,FILE,HKTL;d1019ac2912b8dc185a884d738c56031 Armitage_MeterpreterSession_Strings;Detects Armitage component;Internal Research;2017-12-24 00:00:00;75;Florian Roth;;30ddf234bd6521e9641f3164ae0e3a57 Armitage_OSX;Detects Armitage component;Internal Research;2017-12-24 00:00:00;75;Florian Roth;MACOS;d179b9817be60dfa8d671b125ce552f8 Armitage_msfconsole;Detects Armitage component;Internal Research;2017-12-24 00:00:00;75;Florian Roth;FILE;70c4348204b5d70da56e3005fb97a85d Arp_EMP_v1_0;Chinese Hacktool Set - file Arp EMP v1.0.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;7b7c9bff655595ce612c9ba2993eda01 ArtTrayHookDll;Disclosed hacktool set (old stuff) - file ArtTrayHookDll.dll;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;c8c4e0071a7f51d430e4f17fdc684064 ArtTray_zip_Folder_ArtTray;Disclosed hacktool set (old stuff) - file ArtTray.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;68be83e66535003ab310d4b07b9ef3bb Asmodeus_v0_1_pl;Semi-Auto-generated - file Asmodeus v0.1.pl.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;e2a204a3975937fc43b7f0a264677bf0 Ayyildiz_Tim___AYT__Shell_v_2_1_Biz_html;Semi-Auto-generated - file Ayyildiz Tim -AYT- Shell v 2.1 Biz.html.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;d3b0d31d04723d2407bc273d51288458 BIN_Client;Webshells Auto-generated - file Client.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;3581a479b97449413919a77999f89e69 BIN_Server;Webshells Auto-generated - file Server.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;ff54c9b589e2004f77543d679f32364a BKDR_Snarasite_Oct17;Auto-generated rule - file 36ba92cba23971ca9d16a0b4f45c853fd5b3108076464d5f2027b0f56054fd62;Internal Research;2017-10-07 00:00:00;75;Florian Roth;EXE,FILE,MAL;b66f9a61f42f8e2ed7eb9ea2f2f7d1c0 BTC_Miner_lsass1_chrome_2;Detects a Bitcoin Miner;Internal Research - CN Actor;2017-06-22 00:00:00;60;Florian Roth;EXE,FILE;f7838095e37a2ad5a410e418e87e214c BackDooR__fr_;Webshells Auto-generated - file BackDooR (fr).php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;d58fa9e597031b1609f3bd02d8f59009 Backdoor_Naikon_APT_Sample1;Detects backdoors related to the Naikon APT;https://goo.gl/7vHyvh;2015-05-14 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;22e277065a8ea627431a93c28ea6bdc4 Backdoor_Nitol_Jun17;Detects malware backdoor Nitol - file wyawou.exe - Attention: this rule also matches on Upatre Downloader;https://goo.gl/OOB3mH;2017-06-04 00:00:00;75;Florian Roth;EXE,FILE,MAL;5d207e77c56ebc6b53574b09bd29c83b Backdoor_Redosdru_Jun17;Detects malware Redosdru - file systemHome.exe;https://goo.gl/OOB3mH;2017-06-04 00:00:00;75;Florian Roth;EXE,FILE,MAL;4acdec50c06c0e961b3f1b76531dbd7b BadRabbit_Gen;Detects BadRabbit Ransomware;https://pastebin.com/Y7pJv3tK;2017-10-25 00:00:00;75;Florian Roth;CRIME,EXE,FILE,GEN,MAL,RANSOM;e4f9f3800e9d0ed564396a1dee1742c1 BadRabbit_Mimikatz_Comp;Auto-generated rule - file 2f8c54f9fa8e47596a3beff0031f85360e56840c77f71c6a573ace6f46412035;https://pastebin.com/Y7pJv3tK;2017-10-25 00:00:00;75;Florian Roth;EXE,FILE;5021ac0ae32441f76b7784a2f2754269 Base64_PS1_Shellcode;Detects Base64 encoded PS1 Shellcode;https://twitter.com/ItsReallyNick/status/1062601684566843392;2018-11-14 00:00:00;65;Nick Carr, David Ledbetter;;0fa56395f5fa2df0e145645835549b93 Base64_encoded_Executable;Detects an base64 encoded executable (often embedded);-;2015-05-28 00:00:00;40;Florian Roth;EXE,EXTVAR,FILE;7f4f57c927eafb70f2cbd872d218161b Batch_Powershell_Invoke_Inveigh;Detects malicious batch file from NCSC report;https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control;2018-04-06 00:00:00;75;NCSC;;6d1232425d9698d507def223dd5deaea Batch_Script_To_Run_PsExec;Detects malicious batch file from NCSC report;https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control;2018-04-06 00:00:00;75;NCSC;;3c21092795a11e46e0020a1748a0da79 Beacon_K5om;Detects Meterpreter Beacon - file K5om.dll;https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html;2017-06-07 00:00:00;75;Florian Roth;EXE,FILE,HKTL,METASPLOIT;362807b09d5d4d1589b723f1d0279264 Beastdoor_Backdoor;Detects the backdoor Beastdoor;-;1970-01-01 01:00:00;55;Florian Roth;HKTL,MAL;b8047562af97b679d7737b840eea7423 BeepService_Hacktool;Detects BeepService Hacktool used by Chinese APT groups;https://goo.gl/p32Ozf;2016-05-12 00:00:00;85;Florian Roth;APT,CHINA,EXE,FILE,HKTL;eee10cf930f59c6d6c602cd8f5ead919 BergSilva_Malware;Detects a malware from the same author as the Indetectables RAT;-;2015-10-01 00:00:00;75;Florian Roth;EXE,FILE,MAL;8a14ff87bf0cee341fbd91e26ec1018d BernhardPOS;BernhardPOS Credit Card dumping tool;http://morphick.com/blog/2015/7/14/bernhardpos-new-pos-malware-discovered-by-morphick;1970-01-01 01:00:00;70;Nick Hoffman / Jeremy Humble;;45b85f33ec36b1f79e77cebedce319b6 BeyondExec_RemoteAccess_Tool;Detects BeyondExec Remote Access Tool - file rexesvr.exe;https://goo.gl/BvYurS;2017-03-17 00:00:00;75;Florian Roth;EXE,FILE,HKTL;b145fc4bff367d228070fec8fa8bd768 Binary_Drop_Certutil;Drop binary as base64 encoded cert trick;https://goo.gl/9DNn8q;2015-07-15 00:00:00;70;Florian Roth;;d502940b293d654bdeee13591b073b9d BlackEnergy_BE_2;Detects BlackEnergy 2 Malware;http://goo.gl/DThzLz;2015-02-19 00:00:00;75;Florian Roth;EXE,FILE,MAL;2f5f6b04b803cc0613663c94389f819a BlackEnergy_BackdoorPass_DropBear_SSH;Detects the password of the backdoored DropBear SSH Server - BlackEnergy;http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/;2016-01-03 00:00:00;75;Florian Roth;EXE,FILE,MAL,RUSSIA;9006c661b82b57c4b78be4d572bd23cc BlackEnergy_Driver_AMDIDE;Black Energy Malware;http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/;2016-01-04 00:00:00;75;Florian Roth;EXE,FILE,MAL;66749239f5e86e51ba5642ffcc860ace BlackEnergy_Driver_USBMDM;Black Energy Driver;http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/;2016-01-04 00:00:00;75;Florian Roth;EXE,FILE;8105b175ff7021c6bfd299865035b4b8 BlackEnergy_KillDisk_1;Detects KillDisk malware from BlackEnergy;http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/;2016-01-03 00:00:00;80;Florian Roth;EXE,FILE;0f82d70aa823c7979fff6fdae63ab257 BlackEnergy_KillDisk_2;Detects KillDisk malware from BlackEnergy;http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/;2016-01-03 00:00:00;80;Florian Roth;EXE,FILE;3540a51991bc17152f1e5df9d98bb070 BlackEnergy_VBS_Agent;Detects VBS Agent from BlackEnergy Report - file Dropbearrun.vbs;http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/;2016-01-03 00:00:00;75;Florian Roth;SCRIPT;4e0812bd7c3d633c684786bac9a93078 Bladabindi_Malware_B64;Detects Bladabindi Malware using Base64 encoded strings;Internal Research;2016-10-08 00:00:00;75;Florian Roth;EXE,FILE,MAL;7bd16a86033da5e89b23b61cfc4457a3 BluenoroffPoS_DLL;Bluenoroff POS malware - hkp.dll;http://blog.trex.re.kr/3?category=737685;2018-06-07 00:00:00;75;http://blog.trex.re.kr/;;2c7b87f2746930c23d2fca6babad2e4d BluesPortScan;Auto-generated rule on file BluesPortScan.exe;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator by Florian Roth;HKTL;725827b7340608a867594bf5edb215c3 BronzeButler_DGet_1;Detects malware / hacktool sample from Bronze Butler incident;https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses;2017-10-14 00:00:00;75;Florian Roth;EXE,FILE;3b5549ec6b153894c021a310df7d2058 BronzeButler_Daserf_C_1;Detects malware / hacktool sample from Bronze Butler incident;https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses;2017-10-14 00:00:00;75;Florian Roth;EXE,FILE;cd3f100b48000b1e7276424860810dfa BronzeButler_Daserf_Delphi_1;Detects malware / hacktool sample from Bronze Butler incident;https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses;2017-10-14 00:00:00;75;Florian Roth;EXE,FILE;ddadd4533f93cd48f77be59c93460e4a BronzeButler_RarStar_1;Detects malware / hacktool sample from Bronze Butler incident;https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses;2017-10-14 00:00:00;75;Florian Roth;EXE,FILE;8ed981eff7e57049b08b35413d0e283c BronzeButler_UACBypass_1;Detects malware / hacktool sample from Bronze Butler incident;https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses;2017-10-14 00:00:00;75;Florian Roth;EXE,FILE;aca0e50e1464769ea69977f38db697cf BronzeButler_xxmm_1;Detects malware / hacktool sample from Bronze Butler incident;https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses;2017-10-14 00:00:00;75;Florian Roth;EXE,FILE;b7cc810e10efbb03e74bb37cf07f105b Buckeye_Osinfo;Detects OSinfo tool used by the Buckeye APT group;http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong;2016-09-05 00:00:00;75;Florian Roth;APT,EXE,FILE;2878db44d4806f50798dc3b3efbe5f31 ByPassFireWall_zip_Folder_Ie;Disclosed hacktool set (old stuff) - file Ie.dll;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;b614d8ce1d5e567a7c7e639d10fbb903 ByPassFireWall_zip_Folder_Inject;Disclosed hacktool set (old stuff) - file Inject.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;9ae2bdcc15a37f3849526beec96c1908 BypassUac2;Auto-generated rule - file BypassUac2.zip;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator;HKTL;76cec79554cf69393cf128bad0404d69 BypassUacDll_6;Auto-generated rule - file BypassUacDll.aps;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator;HKTL;b37846ddcd5757a2964f221e73e78eea BypassUac_3;Auto-generated rule - file BypassUacDll.dll;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator;HKTL;acf4676382220e6b41607459e05f6ea9 BypassUac_9;Auto-generated rule - file BypassUac.zip;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator;HKTL;ffe0807e2c151c9637b3eacdaaa4a4d0 BypassUac_EXE;Auto-generated rule - file BypassUacDll.aps;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator;HKTL;f12d02db4924c1e3eb66ec4638e25e2d Bytes_used_in_AES_key_generation;Detects Backdoor.goodor;https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control;2018-04-06 00:00:00;75;NCSC;EXE,FILE,MAL;5d10ba093b9589452f603283b84a5a34 CACTUSTORCH;Detects CactusTorch Hacktool;https://github.com/mdsecactivebreach/CACTUSTORCH;2017-07-31 00:00:00;75;Florian Roth;HKTL;be4a3fbf04b523384d73af5a2bab07a7 CGISscan_CGIScan;Auto-generated rule on file CGIScan.exe;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator by Florian Roth;HKTL;a40c46c59696d4103a7748b0b93d9d05 CHAOS_Payload;Detects a CHAOS back connect payload;https://github.com/tiagorlampert/CHAOS;2017-07-15 00:00:00;80;Florian Roth;EXE,FILE;0c72ad990063eb233e99e87093e91aff CMStar_Malware_Sep17;Detects CMStar Malware;https://goo.gl/pTffPA;2017-10-03 00:00:00;75;Florian Roth;EXE,FILE,MAL;dae69b504e654dae8f4fcef08685d695 CN_APT_ZeroT_extracted_Go;Chinese APT by Proofpoint ZeroT RAT - file Go.exe;https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx;2017-02-04 00:00:00;75;Florian Roth;APT,CHINA,EXE,FILE,MAL;43282f950d27bb23f7dbe98fb1dd98a4 CN_APT_ZeroT_extracted_Mcutil;Chinese APT by Proofpoint ZeroT RAT - file Mcutil.dll;https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx;2017-02-04 00:00:00;75;Florian Roth;APT,CHINA,EXE,FILE,MAL;4367593873fb45197e435f13afc80b26 CN_APT_ZeroT_extracted_Zlh;Chinese APT by Proofpoint ZeroT RAT - file Zlh.exe;https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx;2017-02-04 00:00:00;75;Florian Roth;APT,CHINA,EXE,FILE,MAL;bb9184371f1ae21f1ce712e9167f4598 CN_APT_ZeroT_nflogger;Chinese APT by Proofpoint ZeroT RAT - file nflogger.dll;https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx;2017-02-04 00:00:00;75;Florian Roth;APT,CHINA,EXE,FILE,HKTL,MAL;c6da9a3b5b6b098b5264b526aa963a83 CN_Actor_AmmyyAdmin;Detects Ammyy Admin Downloader;Internal Research - CN Actor;2017-06-22 00:00:00;60;Florian Roth;EXE,FILE;796cf7ca3dc1476711f6d6354387e64a CN_Actor_RA_Tool_Ammyy_mscorsvw;Detects Ammyy remote access tool;Internal Research - CN Actor;2017-06-22 00:00:00;75;Florian Roth;EXE,FILE;e24a151b42a02c90d321abaae2d01a04 CN_GUI_Scanner;Detects an unknown GUI scanner tool - CN background;-;2014-04-10 00:00:00;65;Florian Roth;HKTL;185809c6a094deaa89fe2db8e5642c13 CN_Hacktool_1433_Scanner;Detects a chinese MSSQL scanner;-;2014-12-10 00:00:00;40;Florian Roth;EXE,FILE,HKTL;7f59ccb8b168f9e0a3ef2cbf00092fe0 CN_Hacktool_1433_Scanner_Comp2;Detects a chinese MSSQL scanner - component 2;-;2014-12-10 00:00:00;40;Florian Roth;EXE,FILE,HKTL;0e12d0e502789cf30f84daae14f2c811 CN_Hacktool_BAT_PortsOpen;Detects a chinese BAT hacktool for local port evaluation;-;2014-12-10 00:00:00;60;Florian Roth;HKTL;8ef582b067a26e9cdf7519d0852087e2 CN_Hacktool_MilkT_BAT;Detects a chinese Portscanner named MilkT - shipped BAT;-;2014-12-10 00:00:00;70;Florian Roth;HKTL;08ed5dd7133b3dd666844d7a828eda3c CN_Hacktool_MilkT_Scanner;Detects a chinese Portscanner named MilkT;-;2014-12-10 00:00:00;60;Florian Roth;HKTL;6a2b71583c732208457e1a8459e433e4 CN_Hacktool_SSPort_Portscanner;Detects a chinese Portscanner named SSPort;-;2014-12-10 00:00:00;70;Florian Roth;HKTL;eaec49fce24482fc8a60b22e4adcc3d1 CN_Hacktool_S_EXE_Portscanner;Detects a chinese Portscanner named s.exe;-;2014-12-10 00:00:00;70;Florian Roth;HKTL;ca871abc82d2d9db972ab9f1b0669fce CN_Hacktool_ScanPort_Portscanner;Detects a chinese Portscanner named ScanPort;-;2014-12-10 00:00:00;70;Florian Roth;HKTL;2ad0de002a7d863790547c239bea9359 CN_Honker_ACCESS_brute;Sample from CN Honker Pentest Toolset - file ACCESS_brute.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;0ba83ecd051bd8ac80cb4558062fd3be CN_Honker_ASP_wshell;Sample from CN Honker Pentest Toolset - file wshell.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE;37333cf7858bfcad17ba308d63d0adc3 CN_Honker_Acunetix_Web_Vulnerability_Scanner_8_x_Enterprise_Edition_KeyGen;Sample from CN Honker Pentest Toolset - file Acunetix_Web_Vulnerability_Scanner_8.x_Enterprise_Edition_KeyGen.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,GEN,HKTL;33943f1f75ac0f452de5dacd926b9136 CN_Honker_Alien_D;Script from disclosed CN Honker Pentest Toolset - file D.ASP;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;7c5ecfd00ad39dcfa31acd54230ada7e CN_Honker_Alien_command;Script from disclosed CN Honker Pentest Toolset - file command.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;a578d7d9d9c982c9e1826b11e9116770 CN_Honker_Alien_ee;Sample from CN Honker Pentest Toolset - file ee.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;be9ff7a78d6c4021d645109d1ea277de CN_Honker_Alien_iispwd;Sample from CN Honker Pentest Toolset - file iispwd.vbs;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;;0092b5dbe604d712a1465a8ecf29296a CN_Honker_Arp_EMP_v1_0;Sample from CN Honker Pentest Toolset - file Arp EMP v1.0.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;ce29d74ae10b5e690dab5d8f0fb824ed CN_Honker_AspxClient;Sample from CN Honker Pentest Toolset - file AspxClient.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;cf69320f9c51dd1993eadeb70f933380 CN_Honker_Baidu_Extractor_Ver1_0;Sample from CN Honker Pentest Toolset - file Baidu_Extractor_Ver1.0.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;b227d56319f6d926ef63e9e1c96f5d8a CN_Honker_COOKIE_CooKie;Sample from CN Honker Pentest Toolset - file CooKie.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;abc063f2415e933d473b5f14c8842e3b CN_Honker_ChinaChopper;Sample from CN Honker Pentest Toolset - file ChinaChopper.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;CHINA,EXE,FILE;5aab5d6df224c27bc323d3a4ad52e5aa CN_Honker_ChinaChopper_db;Script from disclosed CN Honker Pentest Toolset - file db.mdb;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;6917ae4530eb350a4906a19520e7847a CN_Honker_Churrasco;Sample from CN Honker Pentest Toolset - file Churrasco.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;f9eac44e10432afe187c3d824126571e CN_Honker_CleanIISLog;Sample from CN Honker Pentest Toolset - file CleanIISLog.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;63cfc341fc4697b6acf796a4f509f791 CN_Honker_CnCerT_CCdoor_CMD;Sample from CN Honker Pentest Toolset - file CnCerT.CCdoor.CMD.dll;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;709cdcf7d1a0abc7b96c93d520de10aa CN_Honker_CnCerT_CCdoor_CMD_2;Sample from CN Honker Pentest Toolset - file CnCerT.CCdoor.CMD.dll2;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;534fe9c30f350b66295abcb0847d14a5 CN_Honker_Codeeer_Explorer;Sample from CN Honker Pentest Toolset - file Codeeer Explorer.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;0d3610de1495e4e0b6d8d4ffe3ff8ed5 CN_Honker_CookiesView;Sample from CN Honker Pentest Toolset - file CookiesView.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;33813419c8cd14cfda1914650e0c6748 CN_Honker_CoolScan_scan;Sample from CN Honker Pentest Toolset - file scan.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;25b73bc9ccf106df29619f08b40a135b CN_Honker_Cracker_SHELL;Sample from CN Honker Pentest Toolset - file SHELL.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;725197e74af4919e16df721f4b58d988 CN_Honker_DLL_passive_privilege_escalation_ws2help;Sample from CN Honker Pentest Toolset - file ws2help.dll;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;85683ed5bdabcc546f5eb02ef5e840f2 CN_Honker_D_injection_V2_32;Sample from CN Honker Pentest Toolset - file D_injection_V2.32.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;30d27a67dfea907898bc4d17fd038230 CN_Honker_DictionaryGenerator;Sample from CN Honker Pentest Toolset - file DictionaryGenerator.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,GEN;9e54b083f3d7fc056f95a6cab4dcd533 CN_Honker_F4ck_Team_F4ck_3;Sample from CN Honker Pentest Toolset - file F4ck_3.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;adc11db30010802e079cce7816c7c296 CN_Honker_F4ck_Team_f4ck;Script from disclosed CN Honker Pentest Toolset - file f4ck.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;116fbc118986d06d05c04007a1d0c2a7 CN_Honker_F4ck_Team_f4ck_2;Sample from CN Honker Pentest Toolset - file f4ck_2.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;7341c701a805864a08ac846304a7a2e0 CN_Honker_F4ck_Team_f4ck_3;Sample from CN Honker Pentest Toolset - file f4ck.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;ce98a559271a5f3af6cf48e7e9308b7b CN_Honker_FTP_scanning;Sample from CN Honker Pentest Toolset - file FTP_scanning.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;dc61afde68d2f40fc81775fa34354e31 CN_Honker_Fckeditor;Sample from CN Honker Pentest Toolset - file Fckeditor.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;35455a9bd02f374b512dec9c532734d6 CN_Honker_Fpipe_FPipe;Sample from CN Honker Pentest Toolset - file FPipe.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;50;Florian Roth;EXE,FILE;5a2b53dad5c0be22c1d9e908d23a053f CN_Honker_GetHashes;Sample from CN Honker Pentest Toolset - file GetHashes.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;98ac9a4f9310b810f439fcb3d0beba41 CN_Honker_GetHashes_2;Sample from CN Honker Pentest Toolset - file GetHashes.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;4755daad11cb1caa9bda85a66aaf965e CN_Honker_GetPass_GetPass;Sample from CN Honker Pentest Toolset - file GetPass.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;298b250f6e3588957d93f92d461abae0 CN_Honker_GetSyskey;Sample from CN Honker Pentest Toolset - file GetSyskey.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;d41d6e0c95fa2041f348a294c1ee678d CN_Honker_GetWebShell;Sample from CN Honker Pentest Toolset - file GetWebShell.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;e72415d4469e9cd7b4fbf1e077524d9d CN_Honker_GroupPolicyRemover;Sample from CN Honker Pentest Toolset - file GroupPolicyRemover.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;702d419238ff9841698cf170abe08f41 CN_Honker_HASH_32;Sample from CN Honker Pentest Toolset - file 32.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;77443d6628cb4327734abef4422f7742 CN_Honker_HASH_PwDump7;Sample from CN Honker Pentest Toolset - file PwDump7.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,HKTL;63f0eea5b7e7e91787125c37b9f31985 CN_Honker_HASH_pwhash;Sample from CN Honker Pentest Toolset - file pwhash.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;f57fad9853b222ff63d75cc6b7987495 CN_Honker_HTran2_4;Sample from CN Honker Pentest Toolset - file HTran2.4.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;485c7ba9360ac853fb6342e1fc26f7bd CN_Honker_Happy_Happy;Sample from CN Honker Pentest Toolset - file Happy.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;3e1e4f32a2b1b23d734a3be3c344b608 CN_Honker_Havij_Havij;Sample from CN Honker Pentest Toolset - file Havij.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;5b7f98f2c4aacf70b623ac7f644b4115 CN_Honker_HconSTFportable;Sample from CN Honker Pentest Toolset - file HconSTFportable.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;2d0a051ac4095cd33efbc232b1984585 CN_Honker_Hookmsgina;Sample from CN Honker Pentest Toolset - file Hookmsgina.dll;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;da7c330671f33f9c211d8bfc559706b8 CN_Honker_Htran_V2_40_htran20;Sample from CN Honker Pentest Toolset - file htran20.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;a21c7eef73ccad5230afa55d8df1b0c9 CN_Honker_IIS6_iis6;Sample from CN Honker Pentest Toolset - file iis6.com;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;437b2c6158616f1f2b11b7eae0d7649a CN_Honker_IIS_logcleaner1_0_readme;Script from disclosed CN Honker Pentest Toolset - file readme.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;b2cc05e476d13ae0015581dfca3d978e CN_Honker_Injection;Sample from CN Honker Pentest Toolset - file Injection.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,HKTL;18ed84592b8951c153d4572ee113f03f CN_Honker_Injection_Transit_jmCook;Script from disclosed CN Honker Pentest Toolset - file jmCook.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;5873bdba9841ca92c9c737d8a4698c1b CN_Honker_Injection_transit;Sample from CN Honker Pentest Toolset - file Injection_transit.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,HKTL;a3a4d3446d3c748c5e6e82d6b993d295 CN_Honker_Interception3389_setup;Sample from CN Honker Pentest Toolset - file setup.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;529115e3b9d6323686e16990c5b336d7 CN_Honker_Interception;Sample from CN Honker Pentest Toolset - file Interception.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;f59f2b0644100a79abcd672a10c52b85 CN_Honker_Intersect2_Beta;Script from disclosed CN Honker Pentest Toolset - file Intersect2-Beta.py;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE,SCRIPT;e6cbd448e86b77de2092cda606e7b7fb CN_Honker_InvasionErasor;Sample from CN Honker Pentest Toolset - file InvasionErasor.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;a69cf82c9dce437aaa742a15b7d1a86e CN_Honker_LPK2_0_LPK;Sample from CN Honker Pentest Toolset - file LPK.DAT;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;530b0426dc70cc5d524258fe336221f9 CN_Honker_Layer_Layer;Sample from CN Honker Pentest Toolset - file Layer.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;ac46b7991324278c02444bb41184c251 CN_Honker_LogCleaner;Sample from CN Honker Pentest Toolset - file LogCleaner.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;5447c248ca996e84b711084586b8b5e0 CN_Honker_MAC_IPMAC;Sample from CN Honker Pentest Toolset - file IPMAC.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;21154473a107a2b505ab3dbcb440809e CN_Honker_MSTSC_can_direct_copy;Sample from CN Honker Pentest Toolset - file MSTSC_can_direct_copy.EXE;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;fb8f3095b24159c6bf1425801e0be147 CN_Honker_ManualInjection;Sample from CN Honker Pentest Toolset - file ManualInjection.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,HKTL;cb7c40645a36cf9b58cb220632717606 CN_Honker_Master_beta_1_7;Sample from CN Honker Pentest Toolset - file Master_beta_1.7.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;c19c927e5213ec1b44ee482b4497592f CN_Honker_MatriXay1073;Sample from CN Honker Pentest Toolset - file MatriXay1073.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;48922735ec60a65a88f5fbe058d1c98e CN_Honker_Md5CrackTools;Sample from CN Honker Pentest Toolset - file Md5CrackTools.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;da0c623f332e24c73af0ade9787662cd CN_Honker_NBSI_3_0;Sample from CN Honker Pentest Toolset - file NBSI 3.0.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;45684e0e6077bd3956b5143c63fdbe2d CN_Honker_NetFuke_NetFuke;Sample from CN Honker Pentest Toolset - file NetFuke.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;bd5b0c14ce9dbce6628dcfaa8697274f CN_Honker_Oracle_v1_0_Oracle;Sample from CN Honker Pentest Toolset - file Oracle.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;e3156d6334bfd7ab5ca2650ce93f7ad1 CN_Honker_PHP_php11;Sample from CN Honker Pentest Toolset - file php11.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;;4b8bc6d91639ca05aeacacd3fb1d48d9 CN_Honker_Perl_serv_U;Script from disclosed CN Honker Pentest Toolset - file Perl-serv-U.pl;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;717ab117c0d613876c524d2a5095ebcd CN_Honker_Pk_Pker;Sample from CN Honker Pentest Toolset - file Pker.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;37998c302f50eb27ec8a4543a5fde53e CN_Honker_PostgreSQL;Sample from CN Honker Pentest Toolset - file PostgreSQL.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;7dcac70ccb9036600f4dfbbe64ae311b CN_Honker_Pwdump7_Pwdump7;Script from disclosed CN Honker Pentest Toolset - file Pwdump7.bat;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;6d6cfcc099fba5c1021a862f05e0dbbf CN_Honker_SAMInside;Sample from CN Honker Pentest Toolset - file SAMInside.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;cdf45a0f8a7430fb6a83376a00824459 CN_Honker_SQLServer_inject_Creaked;Sample from CN Honker Pentest Toolset - file SQLServer_inject_Creaked.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;97a31a7acfad1aa61155be30274ebe9f CN_Honker_Safe3WVS;Sample from CN Honker Pentest Toolset - file Safe3WVS.EXE;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;8d964640a5aa679e6260eca4b807a66e CN_Honker_ScanHistory;Sample from CN Honker Pentest Toolset - file ScanHistory.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;d705b3bc1cff610d9a5617ba79395551 CN_Honker_SegmentWeapon;Sample from CN Honker Pentest Toolset - file SegmentWeapon.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;f14a56e4544b6ff3f1d47dd54c54ab36 CN_Honker_ShiftBackdoor_Server;Sample from CN Honker Pentest Toolset - file Server.dat;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;fbab62529574271c1f0fd39f5234aa4f CN_Honker_SkinHRootkit_SkinH;Sample from CN Honker Pentest Toolset - file SkinH.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;eeddc2d7068b723067314c57bd3501b4 CN_Honker_SqlMap_Python_Run;Sample from CN Honker Pentest Toolset - file Run.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,SCRIPT;13f071e1e6d6f638a71bf996a45084c6 CN_Honker_Sword1_5;Sample from CN Honker Pentest Toolset - file Sword1.5.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;c74a1ed4feceb96cc06b293af211e62d CN_Honker_SwordCollEdition;Sample from CN Honker Pentest Toolset - file SwordCollEdition.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;d18590d24fab2fd82061b94fad22c200 CN_Honker_SwordHonkerEdition;Sample from CN Honker Pentest Toolset - file SwordHonkerEdition.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;0bc47a1415a2fa65062fb2786cf226d2 CN_Honker_T00ls_Lpk_Sethc_v2;Sample from CN Honker Pentest Toolset - file T00ls Lpk Sethc v2.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;f2b9bcdc6295316a723efbe2525ac2c3 CN_Honker_T00ls_Lpk_Sethc_v3_0;Sample from CN Honker Pentest Toolset - file T00ls Lpk Sethc v3.0.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;ffa996c9560dbfe61835b14d6cbf1ed6 CN_Honker_T00ls_Lpk_Sethc_v3_LPK;Sample from CN Honker Pentest Toolset - file LPK.DAT;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;81efebbb34ef4b68c8429a32a128b836 CN_Honker_T00ls_Lpk_Sethc_v4_0;Sample from CN Honker Pentest Toolset - file T00ls Lpk Sethc v4.0.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;9633dc7435a4a6f0202f290313815a2c CN_Honker_T00ls_Lpk_Sethc_v4_LPK;Sample from CN Honker Pentest Toolset - file LPK.DAT;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;49be95e0441b40be0fb356744bc7f2be CN_Honker_T00ls_scanner;Sample from CN Honker Pentest Toolset - file T00ls_scanner.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;285059811f71b2432b52f9978d1e274a CN_Honker_Tuoku_script_MSSQL_;Script from disclosed CN Honker Pentest Toolset - file MSSQL_.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;0aa5ec33cf0f847fa8486d04028448b9 CN_Honker_Tuoku_script_oracle_2;Sample from CN Honker Pentest Toolset - file oracle.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;;65b6e9adc57175ed265261248c316103 CN_Honker_WebCruiserWVS;Sample from CN Honker Pentest Toolset - file WebCruiserWVS.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;f70fbef149ea29ec3ba1d8d15c1c0806 CN_Honker_WebRobot;Sample from CN Honker Pentest Toolset - file WebRobot.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;5d65b7bd1f89d17c3f4299c59ac3879c CN_Honker_WebScan_WebScan;Sample from CN Honker Pentest Toolset - file WebScan.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;9dd00450569944d5e114999eeea76c12 CN_Honker_WebScan_wwwscan;Sample from CN Honker Pentest Toolset - file wwwscan.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;3aefdc951cd3da15997b74de60c1e6bf CN_Honker_Webshell;Sample from CN Honker Pentest Toolset - file Webshell.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,WEBSHELL;3a463250b2f6301c7ccd431248213ace CN_Honker_Webshell_ASPX_aspx2;Webshell from CN Honker Pentest Toolset - file aspx2.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE,WEBSHELL;aaf413b173a1ef71108c35a3afc55707 CN_Honker_Webshell_ASPX_aspx3;Webshell from CN Honker Pentest Toolset - file aspx3.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;f5932323d5a2f114282b3ea74814217f CN_Honker_Webshell_ASPX_aspx4;Webshell from CN Honker Pentest Toolset - file aspx4.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;640e3bb33af58f44f379ac6bb5335a2b CN_Honker_Webshell_ASPX_aspx;Webshell from CN Honker Pentest Toolset - file aspx.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;91a5fde1c904dee16213bafca75a4139 CN_Honker_Webshell_ASPX_shell_shell;Webshell from CN Honker Pentest Toolset - file shell.aspx;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;94d4b00d75529500587278f7f2d10363 CN_Honker_Webshell_ASPX_sniff;Webshell from CN Honker Pentest Toolset - file sniff.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;04db1cf71c388468cb010057cbddf1e1 CN_Honker_Webshell_ASP_asp1;Webshell from CN Honker Pentest Toolset - file asp1.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;38b0f54720a2459d021fa259c36820c3 CN_Honker_Webshell_ASP_asp2;Webshell from CN Honker Pentest Toolset - file asp2.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;f1720f106131e2a0842d3cec21b79e2b CN_Honker_Webshell_ASP_asp3;Webshell from CN Honker Pentest Toolset - file asp3.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;08fb4030c1c50809ce721bae37622c3a CN_Honker_Webshell_ASP_asp404;Webshell from CN Honker Pentest Toolset - file asp404.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;8a292acef66c78b80b106967c9c4fe1c CN_Honker_Webshell_ASP_asp4;Webshell from CN Honker Pentest Toolset - file asp4.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;418616d5a4715987c68072356c270e43 CN_Honker_Webshell_ASP_hy2006a;Webshell from CN Honker Pentest Toolset - file hy2006a.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;c150317c32e43f7996e39ba58961fdc5 CN_Honker_Webshell_ASP_rootkit;Webshell from CN Honker Pentest Toolset - file rootkit.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;03d5f36cbbff2392cbc2c08a929403ab CN_Honker_Webshell_ASP_shell;Webshell from CN Honker Pentest Toolset - file shell.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;22d088360fcee75cd26f136ddf694dd3 CN_Honker_Webshell_ASP_web_asp;Webshell from CN Honker Pentest Toolset - file web.asp.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;898b2f97937ef7b0113064d23bd70299 CN_Honker_Webshell_FTP_MYSQL_MSSQL_SSH;Webshell from CN Honker Pentest Toolset - file FTP MYSQL MSSQL SSH.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;45a467944b060919e29626dfdbe15634 CN_Honker_Webshell_Injection_Transit_jmPost;Webshell from CN Honker Pentest Toolset - file jmPost.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;2d01631f3d672c338fef8209002676dd CN_Honker_Webshell_Interception3389_get;Webshell from CN Honker Pentest Toolset - file get.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;cf73446922e0cb36bbc296bb3506bc00 CN_Honker_Webshell_JSPMSSQL;Webshell from CN Honker Pentest Toolset - file JSPMSSQL.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;2258ce83c8b65b102c8dc96ed0d17c14 CN_Honker_Webshell_JSP_jsp;Webshell from CN Honker Pentest Toolset - file jsp.html;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;f82abad2e367b5fda729170e30e6774e CN_Honker_Webshell_Linux_2_6_Exploit;Webshell from CN Honker Pentest Toolset - file 2.6.9;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;LINUX,WEBSHELL;8379bc937b1c32e11dc8da041a5bda9d CN_Honker_Webshell_PHP_BlackSky;Webshell from CN Honker Pentest Toolset - file php6.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;69aad7f19dd615165972e98dba9cabd3 CN_Honker_Webshell_PHP_linux;Webshell from CN Honker Pentest Toolset - file linux.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE,WEBSHELL;f861b2c73ca4a08ded7705140b5c8128 CN_Honker_Webshell_PHP_php10;Webshell from CN Honker Pentest Toolset - file php10.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;08790a6dd5536d8193f408274f91aae2 CN_Honker_Webshell_PHP_php1;Webshell from CN Honker Pentest Toolset - file php1.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;e6837a2376c2e42971ce188c33adfaf2 CN_Honker_Webshell_PHP_php2;Webshell from CN Honker Pentest Toolset - file php2.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;c6c863c37de115d62be86a1680b7a25e CN_Honker_Webshell_PHP_php3;Webshell from CN Honker Pentest Toolset - file php3.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;229ab7524e2e13f82b54edb28ed3a053 CN_Honker_Webshell_PHP_php4;Webshell from CN Honker Pentest Toolset - file php4.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE,WEBSHELL;b827db8fee745099ecebef6a02a01805 CN_Honker_Webshell_PHP_php5;Webshell from CN Honker Pentest Toolset - file php5.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE,WEBSHELL;df6383045b488026ef60e5ba88e2d64c CN_Honker_Webshell_PHP_php7;Webshell from CN Honker Pentest Toolset - file php7.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;9071ed4b38b2255ad4c85d471eee752e CN_Honker_Webshell_PHP_php8;Webshell from CN Honker Pentest Toolset - file php8.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;959caab162bee77587db7eef6177d8ea CN_Honker_Webshell_PHP_php9;Webshell from CN Honker Pentest Toolset - file php9.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;075b5e6cae3cccbacaa810068cb3a280 CN_Honker_Webshell_Serv_U_2_admin_by_lake2;Webshell from CN Honker Pentest Toolset - file Serv-U 2 admin by lake2.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;a926cd12ac308ecbe12773b04d759aad CN_Honker_Webshell_Serv_U_asp;Webshell from CN Honker Pentest Toolset - file Serv-U asp.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;f44bff7ab4dfcb6dcf1146159e37b11c CN_Honker_Webshell_Serv_U_by_Goldsun;Webshell from CN Honker Pentest Toolset - file Serv-U_by_Goldsun.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;4e52db4c36c7497495373be28f1ef815 CN_Honker_Webshell_Serv_U_serv_u;Webshell from CN Honker Pentest Toolset - file serv-u.php;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;40eb8b08a07ab052832df9ce42a9392a CN_Honker_Webshell_Serv_U_servu;Webshell from CN Honker Pentest Toolset - file servu.php;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;bf405239eb1bb547242c0232c9ddb08c CN_Honker_Webshell_T00ls_Lpk_Sethc_v4_mail;Webshell from CN Honker Pentest Toolset - file mail.php;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;3a823be7813d09f5fc4b62b88ff8bcb3 CN_Honker_Webshell_Tuoku_script_mssql_2;Webshell from CN Honker Pentest Toolset - file mssql.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;86937beb9172026e1c5ba1ae4953f420 CN_Honker_Webshell_Tuoku_script_mysql;Webshell from CN Honker Pentest Toolset - file mysql.aspx;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;1ef12ac14ad1ceece57644df7872751b CN_Honker_Webshell_Tuoku_script_oracle;Webshell from CN Honker Pentest Toolset - file oracle.jsp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;69c97ebb72f7c9a6f26e2cc32a9846c3 CN_Honker_Webshell_Tuoku_script_xx;Webshell from CN Honker Pentest Toolset - file xx.php;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;4051f21e2485c1a641974d19cbe2681b CN_Honker_Webshell_WebShell;Webshell from CN Honker Pentest Toolset - file WebShell.cgi;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;ec3eebd747fec5497c6eb49b8edfe7ba CN_Honker_Webshell__Injection_jmCook_jmPost_ManualInjection;Webshell from CN Honker Pentest Toolset - from files Injection.exe, jmCook.asp, jmPost.asp, ManualInjection.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;HKTL,WEBSHELL;288816741449920a7f3b25af00c3bae1 CN_Honker_Webshell__Serv_U_by_Goldsun_asp3_Serv_U_asp;Webshell from CN Honker Pentest Toolset - from files Serv-U_by_Goldsun.asp, asp3.txt, Serv-U asp.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;029026d1374edc7806c0cca7a4758b59 CN_Honker_Webshell__asp4_asp4_MSSQL__MSSQL_;Webshell from CN Honker Pentest Toolset - from files asp4.txt, asp4.txt, MSSQL_.asp, MSSQL_.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;3c83cc5c75d439f2ffa3fd7594a9e653 CN_Honker_Webshell__php1_php7_php9;Webshell from CN Honker Pentest Toolset - from files php1.txt, php7.txt, php9.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;81329e8036a09526e86b08954d85c7ac CN_Honker_Webshell_assembly;Webshell from CN Honker Pentest Toolset - file assembly.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;2893c5e2507731134aff00f3dd4bc713 CN_Honker_Webshell_cfmShell;Webshell from CN Honker Pentest Toolset - file cfmShell.cfm;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;38b2a94e1aa4c262146136fd3d5f2d2f CN_Honker_Webshell_cfm_list;Webshell from CN Honker Pentest Toolset - file list.cfm;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;b4514250f1e4f98b5b4d761d5e5c4431 CN_Honker_Webshell_cfm_xl;Webshell from CN Honker Pentest Toolset - file xl.cfm;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE,WEBSHELL;a28723579c031ad6c6af224ab9fe2f53 CN_Honker_Webshell_cmfshell;Webshell from CN Honker Pentest Toolset - file cmfshell.cmf;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;df2fd2279e055420ee226f0afba3ab2c CN_Honker_Webshell_dz_phpcms_phpbb;Webshell from CN Honker Pentest Toolset - file dz_phpcms_phpbb.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;37393d52ccedd6e3e3c0998023148197 CN_Honker_Webshell_jspshell2;Webshell from CN Honker Pentest Toolset - file jspshell2.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;662840942d199064bcdd7a0cfe88c126 CN_Honker_Webshell_jspshell;Webshell from CN Honker Pentest Toolset - file jspshell.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;6665eb5948075be73ca4ebbef2aa162b CN_Honker_Webshell_mycode12;Webshell from CN Honker Pentest Toolset - file mycode12.cfm;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;ac5bd6a53982801ac062db53eef6dd5d CN_Honker_Webshell_nc_1;Webshell from CN Honker Pentest Toolset - file 1.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;b4f52fb3a5b15a693d6a94ebbdefd1f1 CN_Honker_Webshell_offlibrary;Webshell from CN Honker Pentest Toolset - file offlibrary.php;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;2f99903844128d4f5d4bcbac0b5cd096 CN_Honker_Webshell_phpwebbackup;Webshell from CN Honker Pentest Toolset - file phpwebbackup.php;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE,WEBSHELL;14c997486b4724106ae0d812a9ccf6bf CN_Honker_Webshell_picloaked_1;Webshell from CN Honker Pentest Toolset - file 1.gif;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;cbe4826769a0f4f7e4f34189d9bf1d65 CN_Honker_Webshell_portRecall_jsp2;Webshell from CN Honker Pentest Toolset - file jsp2.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;a40caaa5e0215867a762e2839a810e07 CN_Honker_Webshell_portRecall_jsp;Webshell from CN Honker Pentest Toolset - file jsp.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;ae68cb8e0176a18f2e7dcd9c1af51dc6 CN_Honker_Webshell_su7_x_9_x;Webshell from CN Honker Pentest Toolset - file su7.x-9.x.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;e4ce90a5c8ade05dbe99f70e72ffb1ac CN_Honker_Webshell_test3693;Webshell from CN Honker Pentest Toolset - file test3693.war;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE,WEBSHELL;781125768081bd83b5a75af14f6801d7 CN_Honker_Webshell_udf_udf;Webshell from CN Honker Pentest Toolset - file udf.php;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;c72e6fefc40369bcb4fe3e4fb6edecc2 CN_Honker_Webshell_wshell_asp;Webshell from CN Honker Pentest Toolset - file wshell-asp.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;9be67af6b50e623b06068697bbf64b6f CN_Honker_Without_a_trace_Wywz;Sample from CN Honker Pentest Toolset - file Wywz.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;9c39120de4a95dabb8d666fce325e830 CN_Honker_WordpressScanner;Sample from CN Honker Pentest Toolset - file WordpressScanner.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,HKTL,OFFICE;f8f42be172af03cf8b80ecd8e76d2a42 CN_Honker_Xiaokui_conversion_tool;Sample from CN Honker Pentest Toolset - file Xiaokui_conversion_tool.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;460b9625969b3082b56fa1714fe52e6b CN_Honker__D_injection_V2_32_D_injection_V2_32_D_injection_V2_32;Sample from CN Honker Pentest Toolset - from files D_injection_V2.32.exe, D_injection_V2.32.exe, D_injection_V2.32.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;7bcc6f54a188188b2adeef4a95396ce6 CN_Honker__LPK_LPK_LPK;Sample from CN Honker Pentest Toolset - from files LPK.DAT, LPK.DAT, LPK.DAT;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;9574d12023fc461414b245f68fa4ca62 CN_Honker__PostgreSQL_mysql_injectV1_1_Creak_Oracle_SQLServer_inject_Creaked;Sample from CN Honker Pentest Toolset;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;e16d7e0d0d89ed385c4fe126d5315cc1 CN_Honker__builder_shift_SkinH;Sample from CN Honker Pentest Toolset - from files builder.exe, shift.exe, SkinH.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;5011eee543a6c934cd6681fc80ed1e1d CN_Honker__lcx_HTran2_4_htran20;Sample from CN Honker Pentest Toolset - from files lcx.exe, HTran2.4.exe, htran20.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;77dbcb4648695c0d7db307a8f77fddcc CN_Honker__wwwscan_wwwscan_wwwscan_gui;Sample from CN Honker Pentest Toolset - from files wwwscan.exe, wwwscan.exe, wwwscan_gui.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;f2f4765ceb4885ed54cce9831d44b8ef CN_Honker_arp3_7_arp3_7;Sample from CN Honker Pentest Toolset - file arp3.7.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;8d18a2a51cf8b588d973fa350b60ad84 CN_Honker_cleaner_cl_2;Sample from CN Honker Pentest Toolset - file cl.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;cc0582d0fa73d9ff905a3d8765faf7e7 CN_Honker_cleaniis;Sample from CN Honker Pentest Toolset - file cleaniis.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;7dcfca1e09be9a1352b7324a85139193 CN_Honker_clearlogs;Sample from CN Honker Pentest Toolset - file clearlogs.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;814cadd46cb70d03da4a4c2a882c52a0 CN_Honker_dedecms5_7;Sample from CN Honker Pentest Toolset - file dedecms5.7.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;29958cfee298b2e20271ed4cddbb1240 CN_Honker_dirdown_dirdown;Sample from CN Honker Pentest Toolset - file dirdown.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;908cf15b45a5a37e5cf6e10144c1f440 CN_Honker_exp_iis7;Sample from CN Honker Pentest Toolset - file iis7.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;e8d661ec9f1384e25abc1d97e759b076 CN_Honker_exp_ms11011;Sample from CN Honker Pentest Toolset - file ms11011.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;f1e3a65c1ead550703dbd12ebd889593 CN_Honker_exp_ms11046;Sample from CN Honker Pentest Toolset - file ms11046.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;efbf8ef2183257bdfbd6671cd2f1a2e2 CN_Honker_exp_ms11080;Sample from CN Honker Pentest Toolset - file ms11080.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;4b16ac9bbb013f6ca72a1b82e2850b4c CN_Honker_exp_win2003;Sample from CN Honker Pentest Toolset - file win2003.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;57877205700e1f0aec0f7f4fbe7a973f CN_Honker_getlsasrvaddr;Sample from CN Honker Pentest Toolset - file getlsasrvaddr.exe - WCE Amplia Security;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;04e8ad7e8a82bd2ea47b677efbae7188 CN_Honker_hashq_Hashq;Sample from CN Honker Pentest Toolset - file Hashq.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;b83a9109328f3cf293efa2c0924a7a5f CN_Honker_hkmjjiis6;Sample from CN Honker Pentest Toolset - file hkmjjiis6.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;7585795c55063bafdf19bb44177d1e74 CN_Honker_hxdef100;Sample from CN Honker Pentest Toolset - file hxdef100.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;6574c840494aeb244be4a06ed5341386 CN_Honker_lcx_lcx;Sample from CN Honker Pentest Toolset - HTRAN - file lcx.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;fb31d2996245cd3958b7ab631dd01fca CN_Honker_linux_bin;Script from disclosed CN Honker Pentest Toolset - file linux_bin;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;92fc599b5df44958c8aad0e00c29ce89 CN_Honker_mafix_root;Script from disclosed CN Honker Pentest Toolset - file root;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;d2a64ee4d8881f70988ee2c22bb51bb5 CN_Honker_mempodipper2_6;Sample from CN Honker Pentest Toolset - file mempodipper2.6.39;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;;8f8e9b9100ead0a07ad0767b341a1fec CN_Honker_ms10048_x64;Sample from CN Honker Pentest Toolset - file ms10048-x64.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;f6760e07ba0dc657b6c9acdb1ac912e8 CN_Honker_ms10048_x86;Sample from CN Honker Pentest Toolset - file ms10048-x86.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;fdadccb72ff3c5195f480d6fec02f837 CN_Honker_ms11080_withcmd;Sample from CN Honker Pentest Toolset - file ms11080_withcmd.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;bef6cc93c9187bbc5a92a138cf263a7d CN_Honker_mssqlpw_scan;Script from disclosed CN Honker Pentest Toolset - file mssqlpw scan.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;6373161c00c79b67bf029bef1d7450fe CN_Honker_mysql_injectV1_1_Creak;Sample from CN Honker Pentest Toolset - file mysql_injectV1.1_Creak.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;8a2e7acbcb75725dee4fb4cd5f8eec6c CN_Honker_nc_MOVE;Script from disclosed CN Honker Pentest Toolset - file MOVE.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;ef67fd7b388cf8b92ff956ed506c4192 CN_Honker_net_packet_capt;Sample from CN Honker Pentest Toolset - file net_packet_capt.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;a98c295ee39f1d4c3fd6f58063c7db61 CN_Honker_net_priv_esc2;Sample from CN Honker Pentest Toolset - file net-priv-esc2.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;915fa4c9f8beff55765cea116d7fc342 CN_Honker_no_net_priv_esc_AddUser;Sample from CN Honker Pentest Toolset - file AddUser.dll;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;474639638926f8a42b921da56c74421b CN_Honker_passwd_dict_3389;Script from disclosed CN Honker Pentest Toolset - file 3389.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;cd476a35630f7d29f4fa0a5b7378ba40 CN_Honker_portRecall_bc;Script from disclosed CN Honker Pentest Toolset - file bc.pl;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;87669dde2d5deeec17bb86b1190bbce6 CN_Honker_portRecall_pr;Script from disclosed CN Honker Pentest Toolset - file pr;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;f275a63ce0042fa2a25a643f57985217 CN_Honker_pr_debug;Sample from CN Honker Pentest Toolset - file debug.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;3644fcded9c45045362400d3b87dfa75 CN_Honker_safe3wvs_cgiscan;Sample from CN Honker Pentest Toolset - file cgiscan.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;5f8b90d2fa5e89e046d93068f1e7629e CN_Honker_shell_brute_tool;Sample from CN Honker Pentest Toolset - file shell_brute_tool.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;d9100ccc8489432b491f187588cf7b96 CN_Honker_sig_3389_2_3389;Sample from CN Honker Pentest Toolset - file 3389.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;a2d508cab567356683739635427f1504 CN_Honker_sig_3389_3389;Script from disclosed CN Honker Pentest Toolset - file 3389.vbs;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;a3e2f198db19c42b44f22a9647f354d2 CN_Honker_sig_3389_3389_2;Script from disclosed CN Honker Pentest Toolset - file 3389.bat;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;6644e1a3673082c51786e89cd0ad75f2 CN_Honker_sig_3389_3389_3;Script from disclosed CN Honker Pentest Toolset - file 3389.bat;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;3442dd1d18df5f878605345ac7ae6f03 CN_Honker_sig_3389_80_AntiFW;Sample from CN Honker Pentest Toolset - file AntiFW.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;5ad4bf63586cec24fe3fcf6e6b15efc4 CN_Honker_sig_3389_DUBrute_v3_0_RC3_2_0;Sample from CN Honker Pentest Toolset - file 2.0.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;f201dd5920e62ff692b5045dee9bda1b CN_Honker_sig_3389_DUBrute_v3_0_RC3_3_0;Sample from CN Honker Pentest Toolset - file 3.0.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;173dc7094664c72cad3a32afdea62c0c CN_Honker_sig_3389_mstsc_MSTSCAX;Sample from CN Honker Pentest Toolset - file MSTSCAX.DLL;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;cfd023364590a80fdf5c9a6484356a7f CN_Honker_sig_3389_xp3389;Sample from CN Honker Pentest Toolset - file xp3389.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;f5827f3836f600caad3858c61cc09b62 CN_Honker_smsniff_smsniff;Sample from CN Honker Pentest Toolset - file smsniff.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;b10d74ff4efd20167e6450b88d979972 CN_Honker_struts2_catbox;Sample from CN Honker Pentest Toolset - file catbox.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;f33544fe893891cffaaa49400806dfa5 CN_Honker_super_Injection1;Sample from CN Honker Pentest Toolset - file super Injection1.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,HKTL;5962cfaad69bb42c5073db5b22e40f98 CN_Honker_syconfig;Script from disclosed CN Honker Pentest Toolset - file syconfig.dll;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE,SCRIPT;4ffcd67bbc0a56ff358c2ff7be7f3157 CN_Honker_termsrvhack;Sample from CN Honker Pentest Toolset - file termsrvhack.dll;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;d886c2ee4fc694cd4b61bd9c2322e10a CN_Honker_windows_exp;Sample from CN Honker Pentest Toolset - file exp.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;8ac1bacebfe7f053811f70110c8dd9e6 CN_Honker_windows_mstsc_enhanced_RMDSTC;Sample from CN Honker Pentest Toolset - file RMDSTC.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;ad1194c36618063093da7a662c855d4e CN_Honker_wwwscan_1_wwwscan;Sample from CN Honker Pentest Toolset - file wwwscan.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;d81a41bb742536080fc7c167784fc520 CN_Honker_wwwscan_gui;Sample from CN Honker Pentest Toolset - file wwwscan_gui.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;baed62509ab3e7b641e83d5a62f0aaaa CN_Packed_Scanner;Suspiciously packed executable;-;2014-06-10 00:00:00;40;Florian Roth;HKTL;6a6489a5466ee1517b1203e098e2547b CN_Portscan;CN Port Scanner;-;2013-11-29 00:00:00;70;Florian Roth;FILE,HKTL;85336c14ce9f8f9cb7f167fd3de24346 CN_Tools_MyUPnP;Chinese Hacktool Set - file MyUPnP.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;4d369fd10ed5c1d9ee59a72b93c9a732 CN_Tools_PcShare;Chinese Hacktool Set - file PcShare.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;ed3e2aa5e63c07dd3c0b0f24b672e89d CN_Tools_Shiell;Chinese Hacktool Set - file Shiell.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;c40e9fcdb94240211451f0c92b0e4637 CN_Tools_Temp;Chinese Hacktool Set - file Temp.war;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,FILE,HKTL,SCRIPT;2d4e6926c4de49d9996463134c21f800 CN_Tools_VNCLink;Chinese Hacktool Set - file VNCLink.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;1ac82ac690135e9e67a115d80d83ff13 CN_Tools_Vscan;Chinese Hacktool Set - file Vscan.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;1b51b7d1044fbc72c6b18a4b1e6d7c19 CN_Tools_hscan;Chinese Hacktool Set - file hscan.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;4aec92428d99072ed269f1110d2ce84b CN_Tools_item;Chinese Hacktool Set - file item.php;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;93704793e0011d3894f59c312864cf40 CN_Tools_old;Chinese Hacktool Set - file old.php;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;5ed4bdc5d6d5b3de84ecce1287423c37 CN_Tools_pc;Chinese Hacktool Set - file pc.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;6983d62951572beadc80e6510f3926f1 CN_Tools_srss;Chinese Hacktool Set - file srss.bat;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,SCRIPT;9fbb518dcd86fc0e06393116565b264a CN_Tools_srss_2;Chinese Hacktool Set - file srss.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;3d7aee664114204904d55b4e22c4ec36 CN_Tools_xbat;Chinese Hacktool Set - file xbat.vbs;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,FILE,HKTL,SCRIPT;79fcc34418a66945907ddabfa59a8c2a CN_Tools_xsniff;Chinese Hacktool Set - file xsniff.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;81e842044f2f98649d79f4a27463daef CN_Toolset_LScanPortss_2;Detects a Chinese hacktool from a disclosed toolset - file LScanPortss.exe;http://qiannao.com/ls/905300366/33834c0c/;2015-03-30 00:00:00;70;Florian Roth;CHINA,HKTL;0ddc973cf63fc297a209e287dae9d459 CN_Toolset_NTscan_PipeCmd;Detects a Chinese hacktool from a disclosed toolset - file PipeCmd.exe;http://qiannao.com/ls/905300366/33834c0c/;2015-03-30 00:00:00;70;Florian Roth;CHINA,HKTL;4df9c32d374e9b326b7c84136ce1d5a8 CN_Toolset__XScanLib_XScanLib_XScanLib;Detects a Chinese hacktool from a disclosed toolset - from files XScanLib.dll, XScanLib.dll, XScanLib.dll;http://qiannao.com/ls/905300366/33834c0c/;2015-03-30 00:00:00;70;Florian Roth;CHINA,HKTL;49c5f68941cf3c37a02313e44d0f53cc CN_Toolset_sig_1433_135_sqlr;Detects a Chinese hacktool from a disclosed toolset - file sqlr.exe;http://qiannao.com/ls/905300366/33834c0c/;2015-03-30 00:00:00;70;Florian Roth;CHINA,HKTL;196fdd5c3f2190e74b80abb73fc5c9a5 CN_disclosed_20180208_KeyLogger_1;Detects malware from disclosed CN malware set;https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details;2018-02-08 00:00:00;75;Florian Roth;EXE,FILE;ce3aabef2fbe748d6253546c5caae118 CN_disclosed_20180208_Mal1;Detects malware from disclosed CN malware set;https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details;2018-02-08 00:00:00;75;Florian Roth;EXE,FILE;3101e9f2544751c5f474e1ea29796d97 CN_disclosed_20180208_Mal4;Detects malware from disclosed CN malware set;https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details;2018-02-08 00:00:00;75;Florian Roth;EXE,FILE;74c9e534cb34e029f3644d02818d7433 CN_disclosed_20180208_Mal5;Detects malware from disclosed CN malware set;https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details;2018-02-08 00:00:00;75;Florian Roth;EXE,FILE;e85aeaa15f1e8b82d5b0b95c0f9a90f2 CN_disclosed_20180208_System3;Detects malware from disclosed CN malware set;https://twitter.com/cyberintproject/status/961714165550342146;2018-02-08 00:00:00;75;Florian Roth;EXE,FILE;9bcb5792841fded27d0d4c42d007a3b2 CN_disclosed_20180208_c;Detects malware from disclosed CN malware set;https://twitter.com/cyberintproject/status/961714165550342146;2018-02-08 00:00:00;75;Florian Roth;EXE,FILE;c372c0976ae31d89902c755293eea83c CN_disclosed_20180208_lsls;Detects malware from disclosed CN malware set;https://twitter.com/cyberintproject/status/961714165550342146;2018-02-08 00:00:00;75;Florian Roth;FILE;f8a614a236ca6786dd77dd410ea6857a COZY_FANCY_BEAR_Hunt;Detects Cozy Bear / Fancy Bear C2 Server IPs;https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/;2016-06-14 00:00:00;75;Florian Roth;EXE,FILE,RUSSIA;8625a07b826c1f692d660335c0d88c38 COZY_FANCY_BEAR_modified_VmUpgradeHelper;Detects a malicious VmUpgradeHelper.exe as mentioned in the CrowdStrike report;https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/;2016-06-14 00:00:00;75;Florian Roth;EXE,EXTVAR,FILE,RUSSIA;7afa3db027f0568fec52ea7d757d87f4 COZY_FANCY_BEAR_pagemgr_Hunt;Detects a pagemgr.exe as mentioned in the CrowdStrike report;https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/;2016-06-14 00:00:00;75;Florian Roth;EXE,FILE,RUSSIA;60373e22d0f11c0c647932105e5f5735 CVE_2014_4076_Exploitcode;Detects an exploit code for CVE-2014-4076;https://github.com/Neo23x0/yarGen;2018-04-04 00:00:00;75;Florian Roth;EXE,EXPLOIT,FILE;00f42062a6535dee548150ea846e1904 CVE_2015_1674_CNGSYS;Detects exploits for CVE-2015-1674;http://www.binvul.com/viewthread.php?tid=508;2015-05-14 00:00:00;75;Florian Roth;EXE,EXPLOIT,FILE;e836fcc4432f2ecf8f45da76bd8f9304 CVE_2015_1701_Taihou;CVE-2015-1701 compiled exploit code;http://goo.gl/W4nU0q;2015-05-13 00:00:00;70;Florian Roth;EXE,EXPLOIT,FILE;4f0ae821c6a1fd5990289a3bc506f3a0 CVE_2017_11882_RTF;Detects suspicious Microsoft Equation OLE contents as used in CVE-2017-11882;Internal Research;2018-02-13 00:00:00;60;Florian Roth;EXPLOIT,FILE;ef27d0b93df82ef201724ade2ae2273b CVE_2017_8759_Mal_Doc;Detects malicious files related to CVE-2017-8759 - file Doc1.doc;https://github.com/Voulnet/CVE-2017-8759-Exploit-sample;2017-09-14 00:00:00;75;Florian Roth;EXPLOIT,FILE;5c93520f209dcfe349912c9463b43c29 CVE_2017_8759_Mal_HTA;Detects malicious files related to CVE-2017-8759 - file cmd.hta;https://github.com/Voulnet/CVE-2017-8759-Exploit-sample;2017-09-14 00:00:00;75;Florian Roth;EXPLOIT,FILE;91ac33411ecb33ce0b04f5a12af01c46 CVE_2017_8759_SOAP_Excel;Detects malicious files related to CVE-2017-8759;https://twitter.com/buffaloverflow/status/908455053345869825;2017-09-15 00:00:00;60;Florian Roth;EXPLOIT,OFFICE;e31482bbeea9488a2661118446a35eb8 CVE_2017_8759_SOAP_txt;Detects malicious file in releation with CVE-2017-8759 - file exploit.txt;https://github.com/Voulnet/CVE-2017-8759-Exploit-sample;2017-09-14 00:00:00;75;Florian Roth;EXPLOIT;cd2cd96573c20de5e68cfab5330d1a86 CVE_2017_8759_SOAP_via_JS;Detects SOAP WDSL Download via JavaScript;https://twitter.com/buffaloverflow/status/907728364278087680;2017-09-14 00:00:00;60;Florian Roth;EXPLOIT;2be3f1a0db3bc48b7d3efcf756f2e479 CVE_2017_8759_WSDL_in_RTF;Detects malicious RTF file related CVE-2017-8759;https://twitter.com/xdxdxdxdoa/status/908665278199996416;2017-09-15 00:00:00;75;Security Doggo @xdxdxdxdoa;EXPLOIT,EXTVAR,REQ_PRIVATE;b3f31f437a181fd6536dee0780a794af Casper_Backdoor_x86;Casper French Espionage Malware - Win32/ProxyBot.B - x86 Payload http://goo.gl/VRJNLo;http://goo.gl/VRJNLo;2015-03-05 00:00:00;80;Florian Roth;HKTL,MAL;a63c3d2858b183e62c352efb0660bd52 Casper_EXE_Dropper;Casper French Espionage Malware - Win32/ProxyBot.B - Dropper http://goo.gl/VRJNLo;http://goo.gl/VRJNLo;2015-03-05 00:00:00;80;Florian Roth;HKTL,MAL;c36beb35fb4dfd49b45fa1036763409f Casper_Included_Strings;Casper French Espionage Malware - String Match in File - http://goo.gl/VRJNLo;http://goo.gl/VRJNLo;2015-03-06 00:00:00;50;Florian Roth;EXE,FILE,MAL;508b869f2e152518fb5d439b8a4b20a2 Casper_SystemInformation_Output;Casper French Espionage Malware - System Info Output - http://goo.gl/VRJNLo;http://goo.gl/VRJNLo;2015-03-06 00:00:00;70;Florian Roth;MAL;fc27fd8f4cc505734516241907b065b2 Casus15_php_php;Semi-Auto-generated - file Casus15.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;33eca24f2752efd245ddb57581a3071d Certutil_Decode_OR_Download;Certutil Decode;Internal Research;2017-08-29 00:00:00;40;Florian Roth;EXTVAR,REQ_PRIVATE,SCRIPT;d3951a7bf1c5c6c2d00de10b9c440953 Chafer_Exploit_Copyright_2017;Detects Oilrig Internet Server Extension with Copyright (C) 2017 Exploit;https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf;2018-03-22 00:00:00;75;Markus Neis;EXE,FILE,MIDDLE_EAST;a8e4b99feb76c0df7a72b3b748679c5a Chafer_Mimikatz_Custom;Detects Custom Mimikatz Version;https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf;2018-03-22 00:00:00;75;Florian Roth / Markus Neis;EXE,FILE,MIDDLE_EAST;166ac77cb3969436b74d66d7f8b97c70 Chafer_Packed_Mimikatz;Detects Oilrig Packed Mimikatz also detected as Chafer_WSC_x64 by FR;https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf;2018-03-22 00:00:00;75;Florian Roth / Markus Neis;EXE,FILE,MIDDLE_EAST;a7db6463555c66249169c9de91d77e13 Chafer_Portscanner;Detects Custom Portscanner used by Oilrig;https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf;2018-03-22 00:00:00;75;Markus Neis;EXE,FILE,MIDDLE_EAST;9a3b7aac5d412481c090713f894ac069 CheshireCat_Gen1;Auto-generated rule - file ec41b029c3ff4147b6a5252cb8b659f851f4538d4af0a574f7e16bc1cd14a300;https://malware-research.org/prepare-father-of-stuxnet-news-are-coming/;2015-08-08 00:00:00;90;Florian Roth;EXE,FILE;54048ad5f41479c363b1ec1c1a48a589 CheshireCat_Gen2;Cheshire Cat Malware;https://malware-research.org/prepare-father-of-stuxnet-news-are-coming/;2015-08-08 00:00:00;70;Florian Roth;EXE,FILE,MAL;33fcd67aee2118149a54cb3b1dfd042b CheshireCat_Sample2;Auto-generated rule - file dc18850d065ff6a8364421a9c8f9dd5fcce6c7567f4881466cee00e5cd0c7aa8;https://malware-research.org/prepare-father-of-stuxnet-news-are-coming/;2015-08-08 00:00:00;70;Florian Roth;EXE,FILE;328474022f4d377f6192bed6dcc9c790 ChinaChopper_Generic;China Chopper Webshells - PHP and ASPX;https://www.fireeye.com/content/dam/legacy/resources/pdfs/fireeye-china-chopper-report.pdf;2015-03-10 00:00:00;75;Florian Roth;CHINA,GEN,WEBSHELL;4bb7e96a7be18d17ddcfe1c0f6298010 ChinaChopper_caidao;Chinese Hacktool Set - file caidao.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;c674185bb6f318e42175194828218eff ChinaChopper_one;Chinese Hacktool Set - file one.asp;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;fe64735d438250cbad7c9723c14ba3b9 ChinaChopper_temp;Chinese Hacktool Set - file temp.asp;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;50d4e00b16beaf29f2af408e7b84f881 ChinaChopper_temp_2;Chinese Hacktool Set - file temp.php;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;57b56a3e726baee47dc69ea1c5559b34 ChinaChopper_temp_3;Chinese Hacktool Set - file temp.aspx;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,FILE,HKTL,WEBSHELL;e7f2bf33da8a1d7d5252f29a112bea50 Chinese_Hacktool_1014;Detects a chinese hacktool with unknown use;-;2014-10-10 00:00:00;60;Florian Roth;CHINA,HKTL;3a8d7b2852c971ea8810ed090e3d0151 ChromePass;Detects a tool used by APT groups - file ChromePass.exe;http://goo.gl/igxLyF;2016-09-08 00:00:00;75;Florian Roth;APT,EXE,FILE;0058dc2c95cd61621ae7587c74518982 CleanIISLog;Disclosed hacktool set (old stuff) - file CleanIISLog.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;f7f9246b1d12d6211c58261747cc8fbc Cloaked_RAR_File;RAR file cloaked by a different extension;-;1970-01-01 01:00:00;75;Florian Roth;EXTVAR,FILE;175814794e324e345606ea6bd535b1a4 Cloaked_as_JPG;Detects a cloaked file as JPG;-;2015-02-28 00:00:00;40;Florian Roth (eval section from Didier Stevens);EXTVAR,FILE;90d470799467e72c928763273235d079 CloudDuke_Malware;Detects CloudDuke Malware;https://www.f-secure.com/weblog/archives/00002822.html;2015-07-22 00:00:00;60;Florian Roth;EXE,FILE,MAL,RUSSIA;81b63ced2b77709e2a93ee79e161b16c CmdAsp_asp;Semi-Auto-generated - file CmdAsp.asp.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;b407964cce301d5b119c24db06a2acb2 CmdShell64;Chinese Hacktool Set - file CmdShell64.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;37efdfc1d967c7ca77311447873612c9 Cmdshell32;Chinese Hacktool Set - file Cmdshell32.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;f5fa9d17853739cc4f6e74041ea4e4f8 CobaltGang_Malware_Aug17_1;Detects a Cobalt Gang malware;https://sslbl.abuse.ch/intel/6ece5ece4192683d2d84e25b0ba7e04f9cb7eb7c;2017-08-09 00:00:00;75;Florian Roth;EXE,FILE,MAL;b2b8fe82b87faa1d62c290ca18422c8a CobaltGang_Malware_Aug17_2;Detects a Cobalt Gang malware;https://sslbl.abuse.ch/intel/6ece5ece4192683d2d84e25b0ba7e04f9cb7eb7c;2017-08-09 00:00:00;75;Florian Roth;EXE,FILE,MAL;d36380a856a0ab9616fec8184cc90c66 CobaltStrike_CN_Group_BeaconDropper_Aug17;Detects Script Dropper of Cobalt Gang used in August 2017;Internal Research;2017-08-09 00:00:00;75;Florian Roth;MAL;4b85986fe24cde65221cff42ad3f7694 Cobaltgang_PDF_Metadata_Rev_A;Find documents saved from the same potential Cobalt Gang PDF template;https://researchcenter.paloaltonetworks.com/2018/10/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed/;2018-10-25 00:00:00;75;Palo Alto Networks Unit 42;;d771a9e6ba5d11e23c565b52cfe785e5 Codoso_CustomTCP;Codoso CustomTCP Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;EXE,FILE,MAL;48804fe32fbd66aed10af689fb8674dc Codoso_CustomTCP_2;Detects Codoso APT CustomTCP Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;4fa1d49cc232579873942453b4ff6b61 Codoso_CustomTCP_3;Detects Codoso APT CustomTCP Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;c897622b6e3d8872838289ca239b4b5d Codoso_CustomTCP_4;Detects Codoso APT CustomTCP Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;a9091c669a08690781265ee544cb29be Codoso_Gh0st_1;Detects Codoso APT Gh0st Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;1ec0a5233de3da78e24990102e7aa52c Codoso_Gh0st_2;Detects Codoso APT Gh0st Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;40e20a03cf14131b8c37cf4165175ed0 Codoso_Gh0st_3;Detects Codoso APT Gh0st Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;26900d91b40bfff57536a4a1232f17b3 Codoso_PGV_PVID_1;Detects Codoso APT PGV PVID Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;ab3225ed535e8054ca44aab333c5cdbf Codoso_PGV_PVID_2;Detects Codoso APT PGV PVID Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;71ed1da911b8adc4b985688cee96c054 Codoso_PGV_PVID_3;Detects Codoso APT PGV PVID Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,MAL;39fdae689352b0e9377979baa644bfb2 Codoso_PGV_PVID_4;Detects Codoso APT PlugX Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;aad90017d970742a8b4a6c1dbb2e99fb Codoso_PGV_PVID_5;Detects Codoso APT PGV PVID Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;af012cf9fa6625b5d5b596bf1e952030 Codoso_PGV_PVID_6;Detects Codoso APT PGV_PVID Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;f89c491439b2b95b22ec8dff6c671610 Codoso_PlugX_1;Detects Codoso APT PlugX Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;090a294c779e483207798a6a9fdd5d1e Codoso_PlugX_2;Detects Codoso APT PlugX Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;7c0891b7ecde320280fe3a0999cd45c9 Codoso_PlugX_3;Detects Codoso APT PlugX Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;517258b3800f860bde2b8db59ad3a8f6 CoinHive_Javascript_MoneroMiner;Detects CoinHive - JavaScript Crypto Miner;https://coinhive.com/documentation/miner;2018-01-04 00:00:00;50;Florian Roth;;a63b91b52e08cf7061223fc7d140e180 CoinMiner_Strings;Detects mining pool protocol string in Executable;https://minergate.com/faq/what-pool-address;2018-01-04 00:00:00;50;Florian Roth;;0376a5f767eae520701d2f90d49a36f7 CookieTools2;Chinese Hacktool Set - file CookieTools2.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;623d621cd7c34eac94c21ae4f9cc67b2 CookieTools;Chinese Hacktool Set - file CookieTools.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;d3eec543cf2344d13b0bd2d1fb274e64 CoreImpact_sysdll_exe;Detects a malware sysdll.exe from the Rocket Kitten APT;-;2014-12-27 00:00:00;70;Florian Roth;APT,MIDDLE_EAST;e758e0de0674ded55ae4e035dc4a1641 CorkowDLL;Rule to detect the Corkow DLL files;-;2016-02-06 00:00:00;75;Group IB;EXE,FILE;6865fc797565280ff4806c0db15428ac Crackmapexec_EXE;Detects CrackMapExec hack tool;Internal Research;2018-04-06 00:00:00;85;Florian Roth;EXE,FILE,HKTL;acc5c292d36402509047e152546bc5cb CredentialStealer_Generic_Backdoor;Detects credential stealer byed on many strings that indicate password store access;Internal Research;2017-06-07 00:00:00;75;Florian Roth;EXE,FILE,GEN,MAL;8783d298ba001abc08aa5dc32383f3ee CrimsonRAT_Mar18_1;Detects CrimsonRAT malware;Internal Research;2018-03-06 00:00:00;75;Florian Roth;EXE,FILE,MAL;b94ecf53d3bcae109df1414b9f27486a CrowdStrike_Shamoon_DroppedFile;Rule to detect Shamoon malware http://goo.gl/QTxohN;http://www.rsaconference.com/writable/presentations/file_upload/exp-w01-hacking-exposed-day-of-destruction.pdf;1970-01-01 01:00:00;75;Florian Roth (auto-filled);MIDDLE_EAST;e067c46be7cfee1bde054614d5d6b7a2 CrunchRAT;Detects CrunchRAT - file CrunchRAT.exe;https://github.com/t3ntman/CrunchRAT;2017-11-03 00:00:00;75;Florian Roth;EXE,FILE,MAL;2f44455075167c17b144dc3a70b2f094 Customize;Chinese Hacktool Set - file Customize.aspx;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;00e8c27ceb39d9d30d176fa274657d30 Customize_2;Chinese Hacktool Set - file Customize.jsp;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;332988e785373430636837524c1e80c7 DKShell_f0772be3c95802a2d1e7a4a3f5a45dcdef6997f3;Detects a web shell;https://github.com/bartblaze/PHP-backdoors;2016-09-10 00:00:00;75;Florian Roth;FILE,WEBSHELL;7955b61923d939e26295faebf5f08997 DK_Brute;PoS Scammer Toolbox - http://goo.gl/xiIphp - file DK Brute.exe;http://goo.gl/xiIphp;2014-11-22 00:00:00;70;Florian Roth;HKTL;d34d983c28f36c9977ed2472176d5142 DLL_Injector_Lynx;Detects Lynx DLL Injector;Internal Research;2017-08-20 00:00:00;75;Florian Roth;EXE,FILE,HKTL;072ab30488dc228516251ee898963fc2 DTool_Pro_php;Semi-Auto-generated - file DTool Pro.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;8a9f14ff23d04617165a2134803a9fd7 DTools2_02_DTools;Chinese Hacktool Set - file DTools.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;0c586d0a4945d0b6c50e7edb911b33b8 DUBrute_DUBrute;Chinese Hacktool Set - file DUBrute.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;e7d7d00f997f01103453538072d10647 DarkComet_Keylogger_File;Looks like a keylogger file created by DarkComet Malware;-;2014-07-25 00:00:00;50;Florian Roth;FILE,HKTL,MAL;02e873f4adf37c54594a9e34c65b3f91 DarkEYEv3_Cryptor;Rule to detect DarkEYEv3 encrypted executables (often malware);http://darkeyev3.blogspot.fi/;2015-05-24 00:00:00;55;Florian Roth;EXE,FILE;0dbe69f1711caa056c04ea022a2f94d8 DarkSecurityTeam_Webshell;Dark Security Team Webshell;-;1970-01-01 01:00:00;50;Florian Roth;WEBSHELL;287d0d9b079e437164326890200251bb DarkSpy105;Webshells Auto-generated - file DarkSpy105.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;34bd97e8d696022dd48e695db79efda0 Daserf_Nov1_BronzeButler;Detects Daserf malware used by Bronze Butler;https://goo.gl/ffeCfd;2017-11-08 00:00:00;75;Florian Roth;EXE,FILE;1a2e59a16103002c417ebd9405777a79 Datper_Backdoor;Detects Datper Malware;http://blog.jpcert.or.jp/2017/08/detecting-datper-malware-from-proxy-logs.html;2017-08-21 00:00:00;75;Florian Roth;EXE,FILE,MAL;3cb4f12c84f36ac49b64842222f56d8b Debug_BDoor;Webshells Auto-generated - file BDoor.dll;-;1970-01-01 01:00:00;75;Florian Roth;MAL,WEBSHELL;3a8188f48535d9f046ccd9ae585b94b8 Debug_cress;Webshells Auto-generated - file cress.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;853ad7a1ad2ffc0ce705811ce06df956 Debug_dllTest_2;Webshells Auto-generated - file dllTest.dll;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;183ad1a70b017fb8403a0ad6b2c99830 DeepPanda_Trojan_Kakfum;Hack Deep Panda - Trojan.Kakfum sqlsrv32.dll;-;2015-02-08 00:00:00;75;Florian Roth;CHINA,MAL;4dcd758d4ec3ae58da77ba1b594db1f0 DeepPanda_htran_exe;Hack Deep Panda - htran-exe;-;2015-02-08 00:00:00;75;Florian Roth;CHINA;b945cd4ac408326375d2788d5a10b76f DeepPanda_lot1;Hack Deep Panda - lot1.tmp-pwdump;-;2015-02-08 00:00:00;75;Florian Roth;CHINA;81138d1ebad2ed4de9c93f6196797858 DeepPanda_sl_txt_packed;Hack Deep Panda - ScanLine sl-txt-packed;-;2015-02-08 00:00:00;75;Florian Roth;CHINA;fc53e2d0d744abfe0b47fe0c02e96892 DefaceKeeper_0_2_php;Semi-Auto-generated - file DefaceKeeper_0.2.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;e381cba4bbf69722a703222f6e19c9ca Derusbi_Backdoor_Mar17_1;Detects a variant of the Derusbi backdoor;Internal Research;2017-03-03 00:00:00;75;Florian Roth;EXE,FILE,MAL;840583059cdfc5e3f0d1885e40a9cb2f Derusbi_Code_Signing_Cert;Detects an executable signed with a certificate also used for Derusbi Trojan - suspicious;http://blog.airbuscybersecurity.com/post/2015/11/Newcomers-in-the-Derusbi-family;2015-12-15 00:00:00;60;Florian Roth;EXE,FILE,MAL;6825d00a1f11e7fdaab6f6b4f9a49ae9 Derusbi_Kernel_Driver_WD_UDFS;Detects Derusbi Kernel Driver;http://blog.airbuscybersecurity.com/post/2015/11/Newcomers-in-the-Derusbi-family;2015-12-15 00:00:00;80;Florian Roth;EXE,FILE;3cad4591c7165b723bd639e657ab52aa Destructive_Ransomware_Gen1;Detects destructive malware;http://blog.talosintelligence.com/2018/02/olympic-destroyer.html;2018-02-12 00:00:00;75;Florian Roth;CRIME,EXE,FILE;b62321e394fe16b344868a2b3409fd1c DeviceGuard_WDS_Evasion;Detects WDS file used to circumvent Device Guard;http://www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html;1970-01-01 01:00:00;80;Florian Roth;OBFUS;cb4573bc612bc3be444cb037b0dabb1d Dexter_Malware;Detects the Dexter Trojan/Agent http://goo.gl/oBvy8b;http://goo.gl/oBvy8b;2015-02-10 00:00:00;70;Florian Roth;MAL;d2dfa50d329079da20d64cdf9e7201be Disclosed_0day_POCs_InjectDll;Detects POC code from disclosed 0day hacktool set;Disclosed 0day Repos;2017-07-07 00:00:00;75;Florian Roth;EXE,EXPLOIT,FILE,HKTL;71df2c5acf52c49393584fcedae2afe8 Disclosed_0day_POCs_exploit;Detects POC code from disclosed 0day hacktool set;Disclosed 0day Repos;2017-07-07 00:00:00;75;Florian Roth;EXE,EXPLOIT,FILE,HKTL;ab9c0a5da96179e02861c7ec580ff7f3 Disclosed_0day_POCs_injector;Detects POC code from disclosed 0day hacktool set;Disclosed 0day Repos;2017-07-07 00:00:00;75;Florian Roth;EXE,EXPLOIT,FILE,HKTL;dabae5526b4e238ab1fd3763dfb9e36f Disclosed_0day_POCs_lpe;Detects POC code from disclosed 0day hacktool set;Disclosed 0day Repos;2017-07-07 00:00:00;75;Florian Roth;EXE,EXPLOIT,FILE,HKTL;daf7f29073ea3c2cb8c18403e9345790 Disclosed_0day_POCs_lpe_2;Detects POC code from disclosed 0day hacktool set;Disclosed 0day Repos;2017-07-07 00:00:00;75;Florian Roth;EXE,EXPLOIT,FILE,HKTL;4be7ec131429441e2e73969fa43fa0c4 Disclosed_0day_POCs_payload_MSI;Detects POC code from disclosed 0day hacktool set;Disclosed 0day Repos;2017-07-07 00:00:00;75;Florian Roth;EXPLOIT,FILE,HKTL;c200000f11f46c9b86319c7010c30465 Disclosed_0day_POCs_shellcodegenerator;Detects POC code from disclosed 0day hacktool set;Disclosed 0day Repos;2017-07-07 00:00:00;75;Florian Roth;EXE,EXPLOIT,FILE,HKTL;d2e46d9a7e3e67b0c92b076af823b794 Dive_Shell_1_0___Emperor_Hacking_Team_php;Semi-Auto-generated - file Dive Shell 1.0 - Emperor Hacking Team.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;9fb8c63b434029f4c253afae5d136503 DkShell_4000bd83451f0d8501a9dfad60dce39e55ae167d;Detects a web shell;https://github.com/bartblaze/PHP-backdoors;2016-09-10 00:00:00;75;Florian Roth;FILE,WEBSHELL;5725a6161ef6ab41f3415acd28bbe171 DllInjection;Webshells Auto-generated - file DllInjection.exe;-;1970-01-01 01:00:00;75;Florian Roth;HKTL,WEBSHELL;3784c3b2a24c82d2429640857ad8c03d Dll_LoadEx;Chinese Hacktool Set - file Dll_LoadEx.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;e350443a78dbea2e37af1c0eed6155cf Docm_in_PDF;Detects an embedded DOCM in PDF combined with OpenAction;Internal Research;2017-05-15 00:00:00;75;Florian Roth;FILE;8591203da3bb272c29e9b084e9db1b4b DomainScanV1_0;Auto-generated rule on file DomainScanV1_0.exe;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator by Florian Roth;HKTL;db400263a64c6890331b1ac664ab41df Dorkbot_Injector_Malware;Detects Darkbot Injector;Internal Research;2016-10-08 00:00:00;75;Florian Roth;EXE,FILE,HKTL,MAL;bf7ca70ea15e0f2efa023931c793950d Dos_1;Chinese Hacktool Set - file 1.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;d0725a81879d3308ac7518179bfd1f0b Dos_Down32;Chinese Hacktool Set - file Down32.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;736febecdb790c495ceb24d188b0750a Dos_Down64;Chinese Hacktool Set - file Down64.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;7bee9f6409898b7e6cb32f4f89432771 Dos_GetPass;Chinese Hacktool Set - file GetPass.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;aa6e1d90f2e7aed657b99e383b323f85 Dos_NtGod;Chinese Hacktool Set - file NtGod.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;2e5533b6c0e50cd56016e5132146ee79 Dos_c;Chinese Hacktool Set - file c.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;b16928f4f2a406788a99e90b933afae5 Dos_ch;Chinese Hacktool Set - file ch.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;d42a9077eb29661a2680863348992d45 Dos_fp;Chinese Hacktool Set - file fp.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;1f88d629ef127a20298070ae85d16902 Dos_iis7;Chinese Hacktool Set - file iis7.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;573a12eb9749981f13f13e44f5251747 Dos_iis;Chinese Hacktool Set - file iis.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;1bf9342b909fb80fe5efe5c0391c1f87 Dos_lcx;Chinese Hacktool Set - file lcx.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;60f1c514beeda7798fe7b94a80881cc6 Dos_look;Chinese Hacktool Set - file look.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;b42d4ad1d0136cbaf5ee1e0f9e211ccd Dos_netstat;Chinese Hacktool Set - file netstat.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;84a38f46dc22c0feb0fe7bae1a5ed5ba Dos_sys;Chinese Hacktool Set - file sys.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;d83d40b264e8f142eced140de3777737 DragonFly_APT_Sep17_1;Detects malware from DrqgonFly APT report;https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group;2017-09-12 00:00:00;75;Florian Roth;APT,EXE,FILE;041389263d30bea7f856e6489fa72aae DragonFly_APT_Sep17_2;Detects malware from DrqgonFly APT report;https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group;2017-09-12 00:00:00;75;Florian Roth;APT,EXE,FILE;2bf6250527b5d68ad5a5d96a9cf751ca DragonFly_APT_Sep17_3;Detects malware from DrqgonFly APT report;https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group;2017-09-12 00:00:00;75;Florian Roth;APT,EXE,FILE;f1d6e70129f7341627c6d1b688214034 DragonFly_APT_Sep17_4;Detects malware from DrqgonFly APT report;https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group;2017-09-12 00:00:00;75;Florian Roth;APT,EXE,FILE;8884eaf6d00828032e2b42941b94f937 Dridex_Trojan_XML;Dridex Malware in XML Document;https://threatpost.com/dridex-banking-trojan-spreading-via-macros-in-xml-files/111503;2015-03-08 00:00:00;75;Florian Roth @4nc4p;MAL;5a60b02253161fcb1335f0cc4674fc14 DropBear_SSH_Server;Detects DropBear SSH Server (not a threat but used to maintain access);http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/;2016-01-03 00:00:00;50;Florian Roth;EXE,FILE,RUSSIA;c5d92dd2239d05b6ab8544cfa0f093f8 Dropper_DeploysMalwareViaSideLoading;Detect a dropper used to deploy an implant via side loading. This dropper has specifically been observed deploying REDLEAVES & PlugX;https://www.us-cert.gov/ncas/alerts/TA17-117A;1970-01-01 01:00:00;75;USG;MAL;14a3885d08ca41b61841483ee4bd92cc Dubnium_Sample_1;Detects sample mentioned in the Dubnium Report;https://goo.gl/AW9Cuu;2016-06-10 00:00:00;75;Florian Roth;EXE,FILE;cc337bbc7abd167e2e3e34a439a51847 Dubnium_Sample_2;Detects sample mentioned in the Dubnium Report;https://goo.gl/AW9Cuu;2016-06-10 00:00:00;75;Florian Roth;EXE,FILE;96e4ba0245bbb1298ca68e102a38556c Dubnium_Sample_3;Detects sample mentioned in the Dubnium Report;https://goo.gl/AW9Cuu;2016-06-10 00:00:00;75;Florian Roth;EXE,FILE;8470ed9aaa85e62ec098196f89f20a70 Dubnium_Sample_5;Detects sample mentioned in the Dubnium Report;https://goo.gl/AW9Cuu;2016-06-10 00:00:00;75;Florian Roth;EXE,FILE;2ec97c979ec36f70de8602f425272178 Dubnium_Sample_6;Detects sample mentioned in the Dubnium Report;https://goo.gl/AW9Cuu;2016-06-10 00:00:00;75;Florian Roth;EXE,FILE;8b4afa47172c15876d2a122c47469fad Dubnium_Sample_7;Detects sample mentioned in the Dubnium Report;https://goo.gl/AW9Cuu;2016-06-10 00:00:00;75;Florian Roth;EXE,FILE;d842e5cd26af008835fcbd4c12b56749 Dubnium_Sample_SSHOpenSSL;Detects sample mentioned in the Dubnium Report;https://goo.gl/AW9Cuu;2016-06-10 00:00:00;75;Florian Roth;EXE,FILE;a56308d4ac87c8e82ac8c55864b5dbfd Duqu2_Generic1;Kaspersky APT Report - Duqu2 Sample - Generic Rule;https://goo.gl/7yKyOj;2015-06-10 00:00:00;75;Florian Roth;APT,EXE,FILE,GEN;1abe669252467f4730656dba316cbe52 Duqu2_Sample1;Detects malware - Duqu2 (cross-matches with IronTiger malware and Derusbi);https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/;2016-07-02 00:00:00;80;Florian Roth;EXE,FILE,INDIA;42a3dce0826282a67267950b43dcbb08 Duqu2_Sample2;Detects Duqu2 Malware;https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/;2016-07-02 00:00:00;80;Florian Roth;EXE,FILE,MAL;858bc8ad641fd659cc416020e315d44f Duqu2_Sample3;Detects Duqu2 Malware;https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/;2016-07-02 00:00:00;80;Florian Roth;EXE,FILE,MAL;20ab712d5a884aa49b5c8e39a1fa5103 Duqu2_Sample4;Detects Duqu2 Malware;https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/;2016-07-02 00:00:00;80;Florian Roth;EXE,FILE,MAL;792e67995304dc4b9a06b2039b561512 Duqu2_UAs;Detects Duqu2 Executable based on the specific UAs in the file;https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/;2016-07-02 00:00:00;80;Florian Roth;EXE,FILE;71c00df0e48e2f62ee4667642347c535 DxShell_php_php;Semi-Auto-generated - file DxShell.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;5517579d243a70a985430bf4e7c34cf2 Dx_php_php;Semi-Auto-generated - file Dx.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;3a164b5bfba340b5026c2421eae2004b EFSO_2_asp;Semi-Auto-generated - file EFSO_2.asp.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;8bf184090f9a6aa3d31a54dd60f489a6 EQGRP_1212;Detects tool from EQGRP toolset - file 1212.pl;Research;2016-08-15 00:00:00;75;Florian Roth;;7c6979d6da9ddd08509e6d43db635609 EQGRP_1212_dehex;Detects tool from EQGRP toolset - from files 1212.pl, dehex.pl;Research;2016-08-15 00:00:00;75;Florian Roth;FILE;17f2525df3dd9f20d6d7897592f157bd EQGRP_BARPUNCH_BPICKER;EQGRP Toolset Firewall - from files BARPUNCH-3110, BPICKER-3100;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;b1c6840d77de5a0af6134d5438661e49 EQGRP_BBALL;EQGRP Toolset Firewall - file BBALL_E28F6-2201.exe;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;e5ff07052dc73cccc612b4a13a592e4e EQGRP_BBALL_M50FW08_2201;EQGRP Toolset Firewall - file BBALL_M50FW08-2201.exe;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;c88c2f9cdaf2fa9ef9a2bce3fdcc5d19 EQGRP_BBANJO;EQGRP Toolset Firewall - file BBANJO-3011.exe;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;cfa5dedbe2cebe0bf69b3a7f1893030b EQGRP_BFLEA_2201;EQGRP Toolset Firewall - file BFLEA-2201.exe;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;d2e7e34a5f431f1a059a8276e563f30a EQGRP_BICECREAM;EQGRP Toolset Firewall - file BICECREAM-2140;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;2e12f1c7de4d5b14113b639d8c81a5d6 EQGRP_BLIAR_BLIQUER;EQGRP Toolset Firewall - from files BLIAR-2110, BLIQUER-2230;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;a7bf69ed4d7a0ce38e1d38fc7d976b6f EQGRP_BPATROL_2201;EQGRP Toolset Firewall - file BPATROL-2201.exe;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;9e1cb52fe08587705d4e210ef3f37cd0 EQGRP_BPIE;EQGRP Toolset Firewall - file BPIE-2201.exe;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;89181d624030f60cda8ded63d04125d6 EQGRP_BUSURPER_2211_724;EQGRP Toolset Firewall - file BUSURPER-2211-724.exe;Research;2016-08-16 00:00:00;75;Florian Roth;;d321ea7b77f23d0a23b3c5828563ad91 EQGRP_BUSURPER_3001_724;EQGRP Toolset Firewall - file BUSURPER-3001-724.exe;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;06ee316e9ebb05dbd793779766196127 EQGRP_BananaAid;EQGRP Toolset Firewall - file BananaAid;Research;2016-08-16 00:00:00;75;Florian Roth;;fff10477e6dbfdfb7727fecf0cbf2e85 EQGRP_BananaUsurper_writeJetPlow;EQGRP Toolset Firewall - from files BananaUsurper-2120, writeJetPlow-2130;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;1ecb55168ddd3eccea357b97c48c6f43 EQGRP_BpfCreator_RHEL4;EQGRP Toolset Firewall - file BpfCreator-RHEL4;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;147bc90bc93754d48cc794c96c8236f6 EQGRP_EPBA;EQGRP Toolset Firewall - file EPBA.script;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;ca90782a116c335cf29a738146018259 EQGRP_Extrabacon_Output;EQGRP Toolset Firewall - Extrabacon exploit output;Research;2016-08-16 00:00:00;75;Florian Roth;;1a6483adc2dbc283120ccb518119d749 EQGRP_Implants_Gen1;EQGRP Toolset Firewall;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;75bd3ae3ea69b6241f986183ff8896c1 EQGRP_Implants_Gen2;EQGRP Toolset Firewall;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;9e81c11386ca1c7e6fcfa1cf4f935860 EQGRP_Implants_Gen3;EQGRP Toolset Firewall;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;d40aa3e5d8e87cf6a6c0d865ba9f4d57 EQGRP_Implants_Gen4;EQGRP Toolset Firewall - from files BLIAR-2110, BLIQUER-2230, BLIQUER-3030, BLIQUER-3120;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;14e9c9bada21f8d6fe7c231038779bda EQGRP_Implants_Gen5;EQGRP Toolset Firewall;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;4aa479e184f933d8cb4dad20d1a38ef2 EQGRP_Implants_Gen6;EQGRP Toolset Firewall;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;389e11e9aec54aff67796e7e077132d5 EQGRP_MixText;EQGRP Toolset Firewall - file MixText.py;Research;2016-08-16 00:00:00;75;Florian Roth;;e5ff327d23b429d8eb0f8da9647c08c9 EQGRP_RC5_RC6_Opcode;EQGRP Toolset Firewall - RC5 / RC6 opcode;https://securelist.com/blog/incidents/75812/the-equation-giveaway/;2016-08-17 00:00:00;75;Florian Roth;;b38cb20b42b04d579fa9b8eef3c2b076 EQGRP_SecondDate_2211;EQGRP Toolset Firewall - file SecondDate-2211.exe;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;4980391841b856e9e16e9873e70586e2 EQGRP_StoreFc;EQGRP Toolset Firewall - file StoreFc.py;Research;2016-08-16 00:00:00;75;Florian Roth;;210b02d6530b8718fffa89ad530fcd0d EQGRP_Unique_Strings;EQGRP Toolset Firewall - Unique strings;Research;2016-08-16 00:00:00;75;Florian Roth;;5d187740298457865db568d7659e6b50 EQGRP_bc_parser;Detects tool from EQGRP toolset - file bc-parser;Research;2016-08-15 00:00:00;75;Florian Roth;FILE;82acaef9436942eae235375f0889a971 EQGRP_bo;EQGRP Toolset Firewall - file bo;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;ce90861e83f3bd08475173409c8e65ea EQGRP_callbacks;EQGRP Toolset Firewall - Callback addresses;Research;2016-08-16 00:00:00;75;Florian Roth;;df044b137e069c5d842e58e48499317e EQGRP_config_jp1_UA;EQGRP Toolset Firewall - file config_jp1_UA.pl;Research;2016-08-16 00:00:00;75;Florian Roth;;8d4924e8e020a13f3b2e1e4d5e231864 EQGRP_create_dns_injection;EQGRP Toolset Firewall - file create_dns_injection.py;Research;2016-08-16 00:00:00;75;Florian Roth;;40f64937508bec4cf5247484111f1cc3 EQGRP_create_http_injection;EQGRP Toolset Firewall - file create_http_injection.py;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;30c5f17a31115d9bf3ec176894765b38 EQGRP_dn_1_0_2_1;Detects tool from EQGRP toolset - file dn.1.0.2.1.linux;Research;2016-08-15 00:00:00;75;Florian Roth;FILE;bfface3706e55e7e9fd04ac768904589 EQGRP_durablenapkin_solaris_2_0_1;Detects tool from EQGRP toolset - file durablenapkin.solaris.2.0.1.1;Research;2016-08-15 00:00:00;75;Florian Roth;FILE;11eca751993ecf7a56917767fafba597 EQGRP_eligiblebombshell_generic;EQGRP Toolset Firewall - from files eligiblebombshell_1.2.0.1.py, eligiblebombshell_1.2.0.1.py;Research;2016-08-16 00:00:00;75;Florian Roth;;8c33e5cc0110299bfa280e9aff62071d EQGRP_eligiblecandidate;EQGRP Toolset Firewall - file eligiblecandidate.py;Research;2016-08-16 00:00:00;75;Florian Roth;;55d542a53d2169b25bdb0bcbc385c1fd EQGRP_epicbanana_2_1_0_1;EQGRP Toolset Firewall - file epicbanana_2.1.0.1.py;Research;2016-08-16 00:00:00;75;Florian Roth;;0143e3e7de8d23cc48400394874ebe9a EQGRP_extrabacon;EQGRP Toolset Firewall - file extrabacon_1.1.0.1.py;Research;2016-08-16 00:00:00;75;Florian Roth;;962c67327ad32f344713237f8b1ef52f EQGRP_false;Detects tool from EQGRP toolset - file false.exe;Research;2016-08-15 00:00:00;75;Florian Roth;EXE,FILE;d46b5d5ba85dcaae28d2e05e813a0cb2 EQGRP_hexdump;EQGRP Toolset Firewall - file hexdump.py;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;38a52d2892755d6c5d269008b20a1377 EQGRP_installdate;Detects tool from EQGRP toolset - file installdate.pl;Research;2016-08-15 00:00:00;75;Florian Roth;;c537182739153ad9b88acaf20be76ca4 EQGRP_jetplow_SH;EQGRP Toolset Firewall - file jetplow.sh;Research;2016-08-16 00:00:00;75;Florian Roth;;3879f43ed991cc40dc0095c98b2059da EQGRP_morel;Detects tool from EQGRP toolset - file morel.exe;Research;2016-08-15 00:00:00;75;Florian Roth;EXE,FILE;67eecc3f25eef7efe54081fbed28a4c0 EQGRP_networkProfiler_orderScans;EQGRP Toolset Firewall - file networkProfiler_orderScans.sh;Research;2016-08-16 00:00:00;75;Florian Roth;;f23017fa5a89bd2b5138d21b9f390229 EQGRP_noclient_3_0_5;Detects tool from EQGRP toolset - file noclient-3.0.5.3;Research;2016-08-15 00:00:00;75;Florian Roth;FILE;28a7849171571982c700e7e74512b48c EQGRP_pandarock;EQGRP Toolset Firewall - from files pandarock_v1.11.1.1.bin, pit;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;9f219785ef69da5d69946d5cc8598a2c EQGRP_payload;EQGRP Toolset Firewall - file payload.py;Research;2016-08-16 00:00:00;75;Florian Roth;;db7972df2a542c87dab866c324c89754 EQGRP_screamingplow;EQGRP Toolset Firewall - file screamingplow.sh;Research;2016-08-16 00:00:00;75;Florian Roth;;97617c6c734f56af00f141ef70808b1a EQGRP_shellcode;EQGRP Toolset Firewall - file shellcode.py;Research;2016-08-16 00:00:00;75;Florian Roth;;49ce5d8476c4b999f6e35bb059d362c6 EQGRP_sniffer_xml2pcap;EQGRP Toolset Firewall - file sniffer_xml2pcap;Research;2016-08-16 00:00:00;75;Florian Roth;;0d119859efc7d96ad9b9029bd0083211 EQGRP_sploit;EQGRP Toolset Firewall - from files sploit.py, sploit.py;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;14faa51b9a7825311f23230571632abd EQGRP_sploit_py;EQGRP Toolset Firewall - file sploit.py;Research;2016-08-16 00:00:00;75;Florian Roth;;75392d2c415fd57df243f0e1f7999af7 EQGRP_ssh_telnet_29;EQGRP Toolset Firewall - from files ssh.py, telnet.py;Research;2016-08-16 00:00:00;75;Florian Roth;;6630ce60a4d71641f638818614caec6d EQGRP_teflondoor;Detects tool from EQGRP toolset - file teflondoor.exe;Research;2016-08-15 00:00:00;75;Florian Roth;EXE,FILE;6ff5825dd6b1b225f60f3e131a1947e5 EQGRP_teflonhandle;Detects tool from EQGRP toolset - file teflonhandle.exe;Research;2016-08-15 00:00:00;75;Florian Roth;EXE,FILE;e2d3f7a6f37f35eb02c5eaefe137b018 EQGRP_tinyexec;EQGRP Toolset Firewall - from files tinyexec;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;6c9162cf7f4d1da8645b10b8293e3854 EQGRP_tinyhttp_setup;EQGRP Toolset Firewall - file tinyhttp_setup.sh;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;f05e8b4242e4da5bf1460d42072387bb EQGRP_tunnel_state_reader;EQGRP Toolset Firewall - file tunnel_state_reader;Research;2016-08-16 00:00:00;75;Florian Roth;;3933c0823eb49d7f12d91216fbc27220 EQGRP_uninstallPBD;EQGRP Toolset Firewall - file uninstallPBD.bat;Research;2016-08-16 00:00:00;75;Florian Roth;;030aa292729c501d6b51cf53d8414f8f EQGRP_userscript;EQGRP Toolset Firewall - file userscript.FW;Research;2016-08-16 00:00:00;75;Florian Roth;;c302f2fc10e4368c37baefd0498a7b9a EQGRP_workit;EQGRP Toolset Firewall - file workit.py;Research;2016-08-16 00:00:00;75;Florian Roth;;3cdddd5f4ee23019238eaed2d86cfa0e EXE_cloaked_as_TXT;Executable with TXT extension;-;1970-01-01 01:00:00;75;Florian Roth;EXE,EXTVAR,FILE;576f24d95b92db4276dfda4f947323cf EXE_extension_cloaking;Executable showing different extension (Windows default 'hide known extension');-;1970-01-01 01:00:00;75;Florian Roth;EXTVAR;b6fa473cf0fad20a26af3401f5d35ddf EXP_DriveCrypt_1;Detects DriveCrypt exploit;Internal Research;2018-08-21 00:00:00;75;Florian Roth;EXE,FILE;e1bc3892d05a54250758c939008d8690 EXP_DriveCrypt_x64passldr;Detects DriveCrypt exploit;Internal Research;2018-08-21 00:00:00;75;Florian Roth;EXE,FILE;2aec493ab46702c51af2a9dc5a6df802 EXP_Libre_Office_CVE_2018_16858;RCE in Libre Office with crafted ODT file (CVE-2018-16858);https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html;2019-02-01 00:00:00;75;John Lambert @JohnLaTwC / modified by Florian Roth;EXPLOIT,FILE,OFFICE;72f61f72487cc2d22901f609faf540ca EXP_potential_CVE_2017_11882;-;https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobalt-strike-payload-exploiting-cve-2017-11882.html;1970-01-01 01:00:00;75;ReversingLabs;EXPLOIT,FILE;0252985f2de0e1d9c79626b9e8c35d9e EditKeyLog;Disclosed hacktool set (old stuff) - file EditKeyLog.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;ae5fe4e5125c7bb016a1ceec9b59d5f5 EditKeyLogReadMe;Disclosed hacktool set (old stuff) - file EditKeyLogReadMe.txt;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;724df4898eca7886c1988c434674c3ec EditServer;Disclosed hacktool set (old stuff) - file EditServer.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;76eca2bb98f8b5fbeeb81b78610d8f78 EditServer_2;Webshells Auto-generated - file EditServer.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;d7f376503813ec00f7098ee317b40a68 EditServer_EXE;Webshells Auto-generated - file EditServer.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;f7c34844a075488f569775e1fb74bcaf EldoS_RawDisk;EldoS Rawdisk Device Driver (Commercial raw disk access driver - used in Operation Shamoon 2.0);https://goo.gl/jKIfGB;2016-12-01 00:00:00;50;Florian Roth (with Binar.ly);EXE,FILE,MIDDLE_EAST;ce1afeb11c3dfbc0d48b5820678fece6 Elise_Jan18_1;Detects Elise malware samples - fake Norton Security NavShExt.dll;https://twitter.com/blu3_team/status/955971742329135105;2018-01-24 00:00:00;75;Florian Roth;EXE,FILE;93ed708cddd7fb5b7017e3e2573e8502 Embedded_EXE_Cloaking;Detects an embedded executable in a non-executable file;-;2015-02-27 00:00:00;65;Florian Roth;EXTVAR;5d0c8c79c9da3ffe4c788b52d30e605e Emdivi_Gen1;Detects Emdivi Malware;https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/;2015-08-20 00:00:00;80;Florian Roth @Cyber0ps;EXE,FILE,MAL;d6b91e3d623099ffa3c7194b70079ccc Emdivi_Gen2;Detects Emdivi Malware;https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/;2015-08-20 00:00:00;80;Florian Roth @Cyber0ps;EXE,FILE,MAL;56b8a6bb85f18f2c60e4d69a7d835207 Emdivi_Gen3;Detects Emdivi Malware;https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/;2015-08-20 00:00:00;80;Florian Roth @Cyber0ps;EXE,FILE,MAL;18547d6ad5a9b859dfd85397e8acc331 Emdivi_Gen4;Detects Emdivi Malware;https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/;2015-08-20 00:00:00;80;Florian Roth @Cyber0ps;EXE,FILE,MAL;6b8302e3e12d1559845c42cbda8d05db Emdivi_SFX;Detects Emdivi malware in SFX Archive;https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/;2015-08-20 00:00:00;70;Florian Roth @Cyber0ps;EXE,FILE;48a1d72e13349fc01487383b03314c23 Emissary_APT_Malware_1;Detect Emissary Malware - from samples A08E81B411.DAT, ishelp.dll;http://goo.gl/V0epcf;2016-01-02 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;6d7ed0cef7d27fe0c21b39c84e1cf2a5 Empire_Agent_Gen;Detects Empire component - from files agent.ps1, agent.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,GEN;6a64c71600326b1464ea33dbde73d751 Empire_Exploit_JBoss;Detects Empire component - file Exploit-JBoss.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;431a913047e22558fba85862c81399fc Empire_Exploit_Jenkins;Detects Empire component - file Exploit-Jenkins.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;fcc7c2ff213cbd95e99615bc0e098309 Empire_Get_GPPPassword;Detects Empire component - file Get-GPPPassword.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;f2f1c775c6199ebe1619c2a28597e7f6 Empire_Get_Keystrokes;Detects Empire component - file Get-Keystrokes.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;8d02d71ef33099cc0ef4475eefef83cc Empire_Get_SecurityPackages;Detects Empire component - file Get-SecurityPackages.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;f38f2c0ac0404985c807792c27bba37a Empire_Install_SSP;Detects Empire component - file Install-SSP.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;21f3004f4cdd85bd32619be69e642f8d Empire_Invoke_BypassUAC;Empire - a pure PowerShell post-exploitation agent - file Invoke-BypassUAC.ps1;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT;87f4ffc5ca0f06a2680abeb6b903837a Empire_Invoke_CredentialInjection_Invoke_Mimikatz_Gen;Detects Empire component - from files Invoke-CredentialInjection.ps1, Invoke-Mimikatz.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,GEN,HKTL;782ea2bed8abd6414f4528c7546eb9eb Empire_Invoke_DllInjection;Detects Empire component - file Invoke-DllInjection.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,HKTL;f108fb4a477ead407fe348cba725fc8e Empire_Invoke_EgressCheck;Detects Empire component - file Invoke-EgressCheck.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;8a180036af68dafdad3d4bf02db4bd65 Empire_Invoke_Gen;Detects Empire component - from files Invoke-DCSync.ps1, Invoke-PSInject.ps1, Invoke-ReflectivePEInjection.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,GEN,HKTL;6781b86147aadec0c02a9039bbf2991d Empire_Invoke_InveighRelay_Gen;Detects Empire component - from files Invoke-InveighRelay.ps1, Invoke-InveighRelay.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,GEN;131e679e53548de96c292de22359297b Empire_Invoke_MetasploitPayload;Detects Empire component - file Invoke-MetasploitPayload.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,METASPLOIT;f374984d4a9a8d9e693de479f61fe26d Empire_Invoke_Mimikatz;Empire - a pure PowerShell post-exploitation agent - file Invoke-Mimikatz.ps1;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT;b0c42663a2a80661439d90c51a62f223 Empire_Invoke_Mimikatz_Gen;Detects Empire component - file Invoke-Mimikatz.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,GEN;855e91608d96c7da83e97696ba2f857f Empire_Invoke_Portscan_Gen;Detects Empire component - from files Invoke-Portscan.ps1, Invoke-Portscan.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,GEN;c379621c0d96792eb56aa47627f53b04 Empire_Invoke_PostExfil;Detects Empire component - file Invoke-PostExfil.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;8cc9c8f05018561c93ed9808d63a1102 Empire_Invoke_PowerDump;Detects Empire component - file Invoke-PowerDump.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,HKTL;bd9fa7c5e957bff85c98a5cdb7bfdef6 Empire_Invoke_PsExec;Detects Empire component - file Invoke-PsExec.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;9fc5d8f8ca4a3d93041eccb517bc3d3b Empire_Invoke_SMBAutoBrute;Detects Empire component - file Invoke-SMBAutoBrute.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;aff6eb5f253f644054f3122bc585ee17 Empire_Invoke_SSHCommand;Detects Empire component - file Invoke-SSHCommand.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;d9e2e6b3d8b64db9c17d3cc60e5a0477 Empire_Invoke_Shellcode;Empire - a pure PowerShell post-exploitation agent - file Invoke-Shellcode.ps1;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT;a178ed59a274ef7e78c009befbd1c8ba Empire_Invoke_ShellcodeMSIL;Detects Empire component - file Invoke-ShellcodeMSIL.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;05e723bc6cae299a10241a2d62423a6b Empire_Invoke_SmbScanner;Detects Empire component - file Invoke-SmbScanner.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,HKTL;3c09e2ec7c54701e54380ceb0423278f Empire_KeePassConfig;Detects Empire component - file KeePassConfig.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;44a7600026242ad544d18e5f49a81578 Empire_KeePassConfig_Gen;Detects Empire component - from files KeePassConfig.ps1, KeePassConfig.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,GEN;e14e3424e95f68ec98d0885315fa3800 Empire_Out_Minidump;Detects Empire component - file Out-Minidump.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;0d96fa4ec66cf2f06dc81ce481a04d42 Empire_Persistence;Empire - a pure PowerShell post-exploitation agent - file Persistence.psm1;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT;acca598ff463e33990aa88ea85273d16 Empire_PowerShell_Framework_Gen1;Detects Empire component;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,SCRIPT;ce57580e6bba3b35bed995db63469f29 Empire_PowerShell_Framework_Gen2;Detects Empire component;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,SCRIPT;afa4d5f7c2d033218bcffeb89d1193c8 Empire_PowerShell_Framework_Gen3;Detects Empire component;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,SCRIPT;570768ef633b1b31a213b3310aba4263 Empire_PowerShell_Framework_Gen4;Detects Empire component;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,SCRIPT;553b1863ae5837fc321b7dd940ce1ba9 Empire_PowerShell_Framework_Gen5;Detects Empire component;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,SCRIPT;151d6468b086f58766c1c23cbd393f53 Empire_PowerUp_Gen;Detects Empire component - from files PowerUp.ps1, PowerUp.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,GEN;aad5425b0b6ae494d8b5ee30eb1cfada Empire_ReflectivePick_x64_orig;Detects Empire component - file ReflectivePick_x64_orig.dll;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;EXE,FILE;fff228861d89a014b39875e95262224f Empire_Write_HijackDll;Empire - a pure PowerShell post-exploitation agent - file Write-HijackDll.ps1;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT;46af379772268b1fb3f062c07bb47773 Empire__Users_neo_code_Workspace_Empire_4sigs_PowerUp;Detects Empire component - file PowerUp.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;0a149cc203710721cb9b7fe06ebfa24d Empire_dumpCredStore;Detects Empire component - file dumpCredStore.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;66e299e00a39a39816860d5e2432e466 Empire_invoke_wmi;Empire - a pure PowerShell post-exploitation agent - file invoke_wmi.py;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT;fae411c5405ca0609834ac83cc74f497 Empire_lib_modules_credentials_mimikatz_pth;Empire - a pure PowerShell post-exploitation agent - file pth.py;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT;c5e17daffaf8721d2fd0460251b0eede Empire_lib_modules_trollsploit_message;Empire - a pure PowerShell post-exploitation agent - file message.py;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT;c67c8a7679e2a9f0eebc00d6c9655201 Empire_portscan;Empire - a pure PowerShell post-exploitation agent - file portscan.py;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT;18a34460b5845afbdce198aed2fc0c73 Empire_skeleton_key;Empire - a pure PowerShell post-exploitation agent - file skeleton_key.py;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT;36fc680ade21f8fa5f57e972b31f9900 Enfal_Malware;Detects a certain type of Enfal Malware;not set;2015-02-10 00:00:00;60;Florian Roth;MAL;e8d78d2acb0206721d19546f7a5538af Enfal_Malware_Backdoor;Generic Rule to detect the Enfal Malware;-;2015-02-10 00:00:00;60;Florian Roth;EXE,FILE,GEN,MAL;44ad0725968b589df4d9b83461acc663 EnigmaPacker_Rare;Detects an ENIGMA packed executable;Internal Research;2017-04-27 00:00:00;60;Florian Roth;EXE,FILE;2e94cf82a091fc5a1509200400740835 Enigma_Protected_Malware;Detects samples packed by Enigma Protector;https://goo.gl/OEVQ9w;2017-02-03 00:00:00;75;Florian Roth with the help of binar.ly;EXE,FILE,MAL;e02b5b66e3b73fc6764e4db2fa3251b6 Enigma_Protected_Malware_May17_RhxFiles;Auto-generated rule - file RhxFiles.dll;Internal Research;2017-05-02 00:00:00;75;Florian Roth with the help of binar.ly;EXE,FILE,MAL;5b1a3673d318228ad17073ff9624185f EquationDrug_CompatLayer_UnilayDLL;EquationDrug - Unilay.DLL;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;75;Florian Roth @4nc4p;EXE,FILE;57ba4d66c6ed22844eb72728f09a2597 EquationDrug_FileSystem_Filter;EquationDrug - Filesystem filter driver - volrec.sys, scsi2mgr.sys;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;75;Florian Roth @4nc4p;;2327fdf9194211c00430eefbe163583b EquationDrug_HDDSSD_Op;EquationDrug - HDD/SSD firmware operation - nls_933w.dll;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;75;Florian Roth @4nc4p;;2f6e053968f1d642ec8bdcf441291447 EquationDrug_KernelRootkit;EquationDrug - Kernel mode stage 0 and rootkit (Windows 2000 and above) - msndsrv.sys;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;75;Florian Roth @4nc4p;;eda83e9d7d20428eb0a51853d49147ae EquationDrug_Keylogger;EquationDrug - Key/clipboard logger driver - msrtvd.sys;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;75;Florian Roth @4nc4p;HKTL;b0c56a123c4650117bcc4b65ae889a3c EquationDrug_MS_Identifier;Microsoft Identifier used in EquationDrug Platform;-;2015-03-11 00:00:00;75;Florian Roth @4nc4p;;0bc45170c2d4b50719cf029e07be5e8b EquationDrug_NetworkSniffer1;EquationDrug - Backdoor driven by network sniffer - mstcp32.sys, fat32.sys;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;75;Florian Roth @4nc4p;MAL;09dcb2349f45ec5e1aa3cadb2845e0d3 EquationDrug_NetworkSniffer2;EquationDrug - Network Sniffer - tdip.sys;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;75;Florian Roth @4nc4p;;3f47605d50cca76d93730327968796e9 EquationDrug_NetworkSniffer3;EquationDrug - Network Sniffer - tdip.sys;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;75;Florian Roth @4nc4p;;5ff2e2254e4155db6fcdd02677908ac7 EquationDrug_NetworkSniffer4;EquationDrug - Network-sniffer/patcher - atmdkdrv.sys;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;75;Florian Roth @4nc4p;;fb864fba90d20a6c97e5205c0146057f EquationDrug_NetworkSniffer5;EquationDrug - Network-sniffer/patcher - atmdkdrv.sys;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;75;Florian Roth @4nc4p;;f3d11e1af4163400843245049cb821df EquationDrug_PlatformOrchestrator;EquationDrug - Platform orchestrator - mscfg32.dll, svchost32.dll;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;75;Florian Roth @4nc4p;;c9e3fcd3b3b24b26ba202b14f87255de EquationDrug_VolRec_Driver;EquationDrug - Collector plugin for Volrec - msrstd.sys;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;75;Florian Roth @4nc4p;;a52c43e7944ba250156d1a528de74076 EquationGroup_Auditcleaner;Equation Group hack tool leaked by ShadowBrokers- file Auditcleaner;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;HKTL;770b54e61e62a638235f93634e396002 EquationGroup_DUL;Equation Group hack tool leaked by ShadowBrokers- file DUL;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;c5ffc50667fb8570b15595ad65592cd7 EquationGroup_DXGHLP16;EquationGroup Malware - file DXGHLP16.SYS;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;2f8e939ac5fb828509fc037131db5310 EquationGroup_EquationDrug_Gen_1;EquationGroup Malware;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,GEN,MAL;c99fff6bebdf39c960e3850170f62a57 EquationGroup_EquationDrug_Gen_2;EquationGroup Malware - file PortMap_Implant.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Auto Generated;EXE,FILE,GEN,MAL;7d82cdec429d163b812c955033e0c6b9 EquationGroup_EquationDrug_Gen_3;EquationGroup Malware - file mssld.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Auto Generated;EXE,FILE,GEN,MAL;60aed6f3ce8b1cc411db52b091c07057 EquationGroup_EquationDrug_Gen_4;EquationGroup Malware - file PC_Level4_flav_dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Auto Generated;EXE,FILE,GEN,MAL;c26d566d8386245260cee2c2f1d7ffc2 EquationGroup_EquationDrug_Gen_5;EquationGroup Malware - file PC_Level3_http_dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,GEN,MAL;791a85ac7fbdd11ef97f59c6945f2c9f EquationGroup_EquationDrug_Gen_6;EquationGroup Malware - file PC_Level3_dll_x64;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,GEN,MAL;0946a5f7c97639c69f9a0973e6c506a3 EquationGroup_EquationDrug_msgkd;EquationGroup Malware - file msgkd.ex_;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;046e15346ad7a723a7e4d679a2d8772a EquationGroup_EquationDrug_mstcp32;EquationGroup Malware - file mstcp32.sys;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;711ad989f61f61e6f8751c657833d285 EquationGroup_EquationDrug_ntevt;EquationGroup Malware - file ntevt.sys;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;c483c99bb2995e71c8dd0f5c6e86678e EquationGroup_EquationDrug_tdi6;EquationGroup Malware - file tdi6.sys;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;68be2c7ef9b027d0a96d405f14054ee1 EquationGroup_EventLogEdit_Implant;EquationGroup Malware - file EventLogEdit_Implant.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;2c2be8d2c37df69084c38b7a4234e9c2 EquationGroup_GetAdmin_Lp;EquationGroup Malware - file GetAdmin_Lp.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;1e97b4e713cbfb29ec26d361b16108d3 EquationGroup_LSADUMP_Lp;EquationGroup Malware - file LSADUMP_Lp.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,HKTL,MAL;731309734d583d0b837598bf2d05851b EquationGroup_ModifyGroup_Lp;EquationGroup Malware - file ModifyGroup_Lp.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;1337de2e9b413582841b5340efa67e93 EquationGroup_PC_Level3_http_flav_dll;EquationGroup Malware - file PC_Level3_http_flav_dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;9187c03351bb7c6040273a8d4d7bf05f EquationGroup_PC_Level3_http_flav_dll_x64;EquationGroup Malware - file PC_Level3_http_flav_dll_x64;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;c04c069fa6c5a082690130775d2d8069 EquationGroup_PC_Level4_flav_dll_x64;EquationGroup Malware - file PC_Level4_flav_dll_x64;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;1114404f89cce39b3a23177e8d9643c2 EquationGroup_PC_Level4_flav_exe;EquationGroup Malware - file PC_Level4_flav_exe;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;ddc8abb3594dfb720f95e7170000e9f3 EquationGroup_PassFreely_Lp;EquationGroup Malware - file PassFreely_Lp.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;9cbf27185f325ae41f5d60bb37bdbbfc EquationGroup_PortMap_Lp;EquationGroup Malware - file PortMap_Lp.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;c8c90b7ac023165d4d7b6ab441ad250b EquationGroup_ProcessHide_Lp;EquationGroup Malware - file ProcessHide_Lp.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;e4eeea73bc431a2aa77fb8a339b29ab8 EquationGroup_ProcessOptions_Lp;EquationGroup Malware - file ProcessOptions_Lp.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;95c49a9808264ae52b5ebaeb7bde14b3 EquationGroup_RunAsChild_Lp;EquationGroup Malware - file RunAsChild_Lp.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;90ca59ed086ff6312b046ee9c657e20f EquationGroup_Toolset_Apr17_ActiveDirectory_Target;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;b7356077f4eeddc1c3844d7683bdf469 EquationGroup_Toolset_Apr17_AdUser_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;7aae3acc15a6c23491c3e63158b37eef EquationGroup_Toolset_Apr17_Architouch_1_0_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;0d66c58cd7297d9f012fc3081355243e EquationGroup_Toolset_Apr17_Architouch_Eternalsynergy_Smbtouch;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;8d5c2c5362470228952334a3f48f65ad EquationGroup_Toolset_Apr17_Banner_Implant9x;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;1de788df6dafb8e4e8cf12ee45c50ae2 EquationGroup_Toolset_Apr17_DS_ParseLogs;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;6fd565c99c208b5c8c8c9d277784a6ac EquationGroup_Toolset_Apr17_Darkpulsar_1_1_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;4e70b464154eb8aa0582f601120773ff EquationGroup_Toolset_Apr17_DiBa_Target;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;388811d116e3bc51358ec962ccc06fbd EquationGroup_Toolset_Apr17_DiBa_Target_2000;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;a13982f21bc5caaaca6a4f2780399a25 EquationGroup_Toolset_Apr17_DiBa_Target_BH;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;764638e8cb406f38d281b699c08637f5 EquationGroup_Toolset_Apr17_DiBa_Target_BH_2000;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;0f945d32c236e1a9e5683c07f7c0c1b5 EquationGroup_Toolset_Apr17_DllLoad_Target;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;fed04826969ed552ce691bc9965f3ef6 EquationGroup_Toolset_Apr17_DmGz_Target;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;d5af3c268b01a9ef1d477ebf717e9314 EquationGroup_Toolset_Apr17_DmGz_Target_2;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;7c47a5e261a640d8aa9a4eb574342716 EquationGroup_Toolset_Apr17_DoubleFeatureDll_dll_2;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;f472de25fbfbbf9a85d0801ff6568355 EquationGroup_Toolset_Apr17_DoubleFeatureDll_dll_3;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;60aed6f3ce8b1cc411db52b091c07057 EquationGroup_Toolset_Apr17_Doublepulsar_1_3_1;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;baa3e5ec39839d0a86f6ac420f586c02 EquationGroup_Toolset_Apr17_Dsz_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;33fe8c54b266ef283a636c231048ae65 EquationGroup_Toolset_Apr17_EXPA;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;0956888b708845615394ca4ae2ebe386 EquationGroup_Toolset_Apr17_Easybee_1_0_1;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;05bd44b7d8917b450651b5e3e557712e EquationGroup_Toolset_Apr17_Easypi_Explodingcan;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;9c3b95dfb6c87110a7f2bf2d4cdb6b74 EquationGroup_Toolset_Apr17_Eclipsedwing_Rpcproxy_Pcdlllauncher;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;989424ce05f45b34d068c771a0f96343 EquationGroup_Toolset_Apr17_Eclipsedwingtouch_1_0_4;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;e68d37e990243af13593cf57e700c914 EquationGroup_Toolset_Apr17_Educatedscholar_1_0_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;37642ca2f3a08356a290c25963e7ca16 EquationGroup_Toolset_Apr17_Educatedscholartouch_1_0_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;a2b1afc92775f381dd8876cb1e6bc98c EquationGroup_Toolset_Apr17_Englishmansdentist_1_2_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;706d7309640198c1a123fd2cbaa9013b EquationGroup_Toolset_Apr17_EpWrapper;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;bb7e38b9f22b8de85ddb98b2ab043755 EquationGroup_Toolset_Apr17_Erraticgopher_1_0_1;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;dc21bc344241e61b993940a99572f060 EquationGroup_Toolset_Apr17_Erraticgophertouch_1_0_1;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;28a533e088ad9660e9ad27c405f3377a EquationGroup_Toolset_Apr17_Esteemaudit_2_1_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;6c3379a686592c46d9ef8d135d9382ce EquationGroup_Toolset_Apr17_Esteemaudittouch_2_1_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;27abad7eb8ac03eb4e7cde100fbba10b EquationGroup_Toolset_Apr17_Eternalromance;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;857cc98a711449837051ff218e9d25e4 EquationGroup_Toolset_Apr17_Eternalromance_2;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;0ec496b73b856ffdf3a4bfb720e5f306 EquationGroup_Toolset_Apr17_Explodingcantouch_1_2_1;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;b1a3c4c0992cdd90212a6cfcdf3c00d9 EquationGroup_Toolset_Apr17_GangsterThief_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;9b4b7de2904a4d6b60b79324aa2ca5c7 EquationGroup_Toolset_Apr17_Gen1;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;9aa747526894fd276fa6f2247eaa34e5 EquationGroup_Toolset_Apr17_Gen2;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;df4f2e422261cb8e4a3a9b6e9bb4da13 EquationGroup_Toolset_Apr17_Gen3;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;2b7322579100e04f0e0c39d74c43b42a EquationGroup_Toolset_Apr17_Gen4;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;b33c0b85651708e85d11c38c56f69966 EquationGroup_Toolset_Apr17_GenKey;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;6ec81a655a6e62bd302756f166ffbdad EquationGroup_Toolset_Apr17_GetAdmin_LSADUMP_ModifyPrivilege_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;9bd47bd45ed7033c0a9aebf804b409a0 EquationGroup_Toolset_Apr17_GrDo_FileScanner_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;b77ca3111c19898e498e8381f7e6b983 EquationGroup_Toolset_Apr17_Ifconfig_Target;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;7e945b244da98a32790028bdad19134a EquationGroup_Toolset_Apr17_Iistouch_1_2_2;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;6e3ae16ccf3d5e64d0e2c6afb2e99e17 EquationGroup_Toolset_Apr17_KisuComms_Target_2000;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;b015209967f7d7ae3077ca810d5dc016 EquationGroup_Toolset_Apr17_Mcl_NtMemory_Std;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;9b64f40a57355e2545a7520a1c15e7ef EquationGroup_Toolset_Apr17_Mofconfig_1_0_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;28f3226fa0204beeeb5b335f4ab8998c EquationGroup_Toolset_Apr17_Namedpipetouch_2_0_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;010975a4b2d365a5c894764457bc4249 EquationGroup_Toolset_Apr17_Oracle_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;80b9953a2587b208a68e230ccece1381 EquationGroup_Toolset_Apr17_PC_Exploit;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;3a702857e3d6479039d8792f2bdb27f4 EquationGroup_Toolset_Apr17_PC_LP;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;eed646975c6cf416cdcf8aae889514d3 EquationGroup_Toolset_Apr17_PC_Legacy_dll;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;5d8e944d2992831ebc44ae2a4dc7b67e EquationGroup_Toolset_Apr17_PC_Level3_Gen;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE,GEN;2612e5cdac71ef211e2e06eb3945ca50 EquationGroup_Toolset_Apr17_PC_Level3_http_exe;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;84847a051c02ae52697ea0625157af2a EquationGroup_Toolset_Apr17_PC_Level_Generic;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE,GEN;89d8ff71af2b2d375f68dbcbaa378fef EquationGroup_Toolset_Apr17_PacketScan_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;3258463f0e6f998f42b0dabe1ea64d41 EquationGroup_Toolset_Apr17_ParseCapture;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;d16137f74862ae0220ad505ebc51e1be EquationGroup_Toolset_Apr17_Processes_Target;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;cba8dba96720baeda15c13f9f376f822 EquationGroup_Toolset_Apr17_Regread_1_1_1;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;01ed91dcb5fabca7f3dff5ab656426b3 EquationGroup_Toolset_Apr17_RemoteCommand_Lp;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;971974f470269497d978fa01d8411c14 EquationGroup_Toolset_Apr17_RemoteExecute_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;27425e42b9ac9cd66b1ee6a3853a64f9 EquationGroup_Toolset_Apr17_RemoteExecute_Target;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;ccfa14b55a7791e19a2df499e0a6e78f EquationGroup_Toolset_Apr17_Rpctouch_2_1_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;22603ee6c4b4beb068f00ee0c6dc178c EquationGroup_Toolset_Apr17_SendPKTrigger;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;68fdaccc15bcec1f88d619d44a2a623b EquationGroup_Toolset_Apr17_SetCallback;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;5cc99f9bdfbd95d664aba8793575aa3a EquationGroup_Toolset_Apr17_SetCallbackPorts;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;575c52463c41796f536bc56801024429 EquationGroup_Toolset_Apr17_SetOurAddr;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;1ec865afd0e5a21004a41a29484ca53a EquationGroup_Toolset_Apr17_SetPorts;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;7c38753c72ef92406543ca60a84dfa25 EquationGroup_Toolset_Apr17_SetResourceName;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;379639e6ade003f097d2fcc9e93fde8a EquationGroup_Toolset_Apr17_Shares_Target;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;b04386af8b299ff04cf7e10c7b6f626d EquationGroup_Toolset_Apr17_SlDecoder;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;8c92eda0dc3a7a4f6cc274cd2af70d08 EquationGroup_Toolset_Apr17_Smbtouch_1_1_1;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;13c7e9415593c1d35cf980afae13a314 EquationGroup_Toolset_Apr17_Windows_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;1178f632d2c6d8f82dbadcd590dd6ce7 EquationGroup_Toolset_Apr17__AddResource;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;abfbf765bb3dac99f5bb81d0baf57491 EquationGroup_Toolset_Apr17__DoubleFeatureReader_DoubleFeatureReader_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;ba22f86f5178e2050519325aaa551931 EquationGroup_Toolset_Apr17__EAFU_ecwi_ESKE_EVFR_RPC2_4;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;0bbd0cbe1e7c57baf3a2d57da1aea25d EquationGroup_Toolset_Apr17__ELV_ESKE_13;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;4d397415f6327dd1b84896994fc65127 EquationGroup_Toolset_Apr17__ELV_ESKE_ETBL_ETRE_EVFR_11;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;c63aae2e1dc378552613280c5b2f6e16 EquationGroup_Toolset_Apr17__ELV_ESKE_EVFR_16;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;d12b8b4afa30981ed48601ffe5806d39 EquationGroup_Toolset_Apr17__ELV_ESKE_EVFR_RPC2_15;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;586a226b96bf1cfdd61aee4d27bfaf4a EquationGroup_Toolset_Apr17__ELV_ESKE_EVFR_RideArea2_12;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;b896d925bd79e724281bac78b4f8620e EquationGroup_Toolset_Apr17__ESKE_RPC2_8;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;7f48440dd35d534f09eef2676d7aadc2 EquationGroup_Toolset_Apr17__ETBL_ETRE_10;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;ed72136f0914236cee8619a902bd24ae EquationGroup_Toolset_Apr17__ETBL_ETRE_SMBTOUCH_17;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;792d2698751621181755648da1501c48 EquationGroup_Toolset_Apr17__Emphasismine;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;515fb76bb78d2f7fdd538d206f811cf0 EquationGroup_Toolset_Apr17__LSADUMP_Lp_ModifyPrivilege_Lp_PacketScan_Lp_put_Lp_RemoteExecute_Lp_Windows_Lp_wmi_Lp_9;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;199bfc46ffcde4d131c89c4eaf7aad43 EquationGroup_Toolset_Apr17__NameProbe_SMBTOUCH_14;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;444337a634db7cbdb2c185b71f789daa EquationGroup_Toolset_Apr17__SendCFTrigger_SendPKTrigger_6;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;05c62adbbcf90da8e53317889129d85f EquationGroup_Toolset_Apr17__ecwi_ESKE_EVFR_RPC2_2;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;15087343cbc48daf3a85154a22f05f05 EquationGroup_Toolset_Apr17__vtuner_vtuner_1;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;b0dae39138eca8d21cfa93cf9ca86143 EquationGroup_Toolset_Apr17_clocksvc;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;fc0a309581335db0d4793bef652a4ad3 EquationGroup_Toolset_Apr17_drivers_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;efa68f1e327141c8d9bb6c51fec034d9 EquationGroup_Toolset_Apr17_greatdoc_dll_config;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;464158b540f16b8b1b7689e619323d2f EquationGroup_Toolset_Apr17_lp_mstcp;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;a6455048c9a5419b15e3d76596456bfb EquationGroup_Toolset_Apr17_msgkd_msslu64_msgki_mssld;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;4dd2318780233dcbbc581c7c22f61cce EquationGroup_Toolset_Apr17_msgks_mskgu;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;7bc5b0809dcce5a3f137ee77fae3a444 EquationGroup_Toolset_Apr17_mstcp32_DXGHLP16_tdip;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;fbdb5b7e19e22b2d37125dbe73126301 EquationGroup_Toolset_Apr17_ntevt;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;a6a0d65030e5649d839fd735fb2f1073 EquationGroup_Toolset_Apr17_ntfltmgr;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;660989497995efb8c531e686713e0b7c EquationGroup_Toolset_Apr17_promiscdetect_safe;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;47d6fa8a3b0cb849f41d37931edc1249 EquationGroup_Toolset_Apr17_put_Implant9x;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;ca9cae6d1e1f329bbcedd38eb64fd763 EquationGroup_Toolset_Apr17_pwd_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;221b93c5d228c3a7592c398120b805c1 EquationGroup_Toolset_Apr17_rc5;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;41d121343b7d73773dea874878e3c34c EquationGroup_Toolset_Apr17_regprobe;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;2c8aa954e58c7099e90430698d21d430 EquationGroup_Toolset_Apr17_renamer;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;106a6ee3d141eed69ebad41faac22b2c EquationGroup_Toolset_Apr17_scanner;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;b4729cd00720fd4f6d0ce01484012b04 EquationGroup_Toolset_Apr17_st_lp;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;4fb31bbcd5d00936c88852c0272ca08f EquationGroup_Toolset_Apr17_svctouch;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;567618e015415d759aae51d26b450875 EquationGroup_Toolset_Apr17_tacothief;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;a830db478b5e1904ef1906d3b9ace7fb EquationGroup_Toolset_Apr17_wmi_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;a400e12ff31c97f6be02a289e79a3735 EquationGroup_Toolset_Apr17_xxxRIDEAREA;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;6472cc3a38af094eeaf66811e6757cb3 EquationGroup_Toolset_Apr17_yak;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;e3cd27eacf597e496ba46ff0123db4ba EquationGroup_Toolset_Apr17_yak_min_install;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;2f6453ea63d03b4b0a63708b17fad7ed EquationGroup__ftshell;Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;f88e054eb2f98b07227534fda5d33a3b EquationGroup__ftshell_ftshell_v3_10_3_0;Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;e27684c1b964de88273525328e05eede EquationGroup__funnelout_v4_1_0_1;Equation Group hack tool leaked by ShadowBrokers- from files funnelout.v4.1.0.1.pl;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;d8f05177e79ccbb0b24b76da425429bf EquationGroup__ghost_sparc_ghost_x86_3;Equation Group hack tool leaked by ShadowBrokers- from files ghost_sparc, ghost_x86;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;185ff0e54027b5a22293763ccc427a9c EquationGroup__jparsescan_parsescan_5;Equation Group hack tool leaked by ShadowBrokers- from files jparsescan, parsescan;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;50a686d09c2e759360c6cd02321d7e9f EquationGroup__magicjack_v1_1_0_0_client;Equation Group hack tool leaked by ShadowBrokers- from files magicjack_v1.1.0.0_client-1.1.0.0.py;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;73341b040a293c76e7ad301d3b34371c EquationGroup__pclean_v2_1_1_pclean_v2_1_1_4;Equation Group hack tool leaked by ShadowBrokers- from files pclean.v2.1.1.0-linux-i386, pclean.v2.1.1.0-linux-x86_64;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;aed6ef9aa0b36f9c67ca60fb0013c438 EquationGroup__scanner_scanner_v2_1_2;Equation Group hack tool leaked by ShadowBrokers- from files scanner, scanner.v2.1.2;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;7b6e303c108264a88cfd1a660fa01de9 EquationGroup_calserver;Equation Group hack tool leaked by ShadowBrokers- file calserver;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;662083f8caf6dc4e63a260d8b5c0aa7e EquationGroup_charm_saver_win2k_v_2_0_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;EXE,FILE;337cf049bfed0384e624dffbcdc81eaf EquationGroup_cmsd;Equation Group hack tool leaked by ShadowBrokers- file cmsd;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;82aff8b3fb6fa34eaaaac7f147cc9e73 EquationGroup_cmsex;Equation Group hack tool leaked by ShadowBrokers- file cmsex;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;84c5b6d19ae2b7a7816cd839b7cc182b EquationGroup_cryptTool;Equation Group hack tool leaked by ShadowBrokers- file cryptTool;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;21d4db180fdedfbb898763f10a9385d3 EquationGroup_curseflower_mswin32_v_1_0_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;EXE,FILE;f6115a74ada4c081b30d897cba74fee0 EquationGroup_cursehappy_win2k_v_6_1_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;EXE,FILE;2340eca6c15849bc662a84918b2019fa EquationGroup_cursehelper_win2k_i686_v_2_2_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;EXE,FILE;ff4c0083ead631aedde343b1bfc37034 EquationGroup_curseroot_win2k_v_2_1_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;EXE,FILE;02abf0e8135cb95419905d16e5679979 EquationGroup_cursesleepy_mswin32_v_1_0_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;EXE,FILE;8c5ba6f57696417ee0d74db26ef7ff39 EquationGroup_cursetingle_2_0_1_2_mswin32_v_2_0_1;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;EXE,FILE;aaf262f720218a8cb5363f36344728cb EquationGroup_cursewham_curserazor_cursezinger_curseroot_win2k;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;EXE,FILE;115ad255134fcdaf2710431c348d9560 EquationGroup_curseyo_win2k_v_1_0_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;EXE,FILE;40a532a12356e2b7f6bfe0b64d516b57 EquationGroup_cursezinger_linuxrh7_3_v_2_0_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;FILE;c56b59b03c5c664e6dbbd3d1c214afe0 EquationGroup_dumppoppy;Equation Group hack tool leaked by ShadowBrokers- file dumppoppy;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;HKTL;52adab9be80a11a52403f199adc81616 EquationGroup_ebbisland;Equation Group hack tool leaked by ShadowBrokers- file ebbisland;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;HKTL;5751dfff8e03cb21ac4ffc4743c244ed EquationGroup_ebbshave;Equation Group hack tool leaked by ShadowBrokers- file ebbshave.v5;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;8c9e67e3bdb36bfaa21ed0441bbfdd49 EquationGroup_eggbasket;Equation Group hack tool leaked by ShadowBrokers- file eggbasket;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;a1543c0579cb2aff126c59301669dfe8 EquationGroup_eh_1_1_0;Equation Group hack tool leaked by ShadowBrokers- file eh.1.1.0.0;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;72a1cdb31bf653d236c3174253ae81f4 EquationGroup_elatedmonkey_1_0_1_1;Equation Group hack tool leaked by ShadowBrokers- file elatedmonkey.1.0.1.1.sh;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;2d0226c0d1bbeca40f7541acc78de960 EquationGroup_electricslide;Equation Group hack tool leaked by ShadowBrokers- file electricslide;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;bb7f7662d4e40c35f49cfd26bfaf8bcb EquationGroup_elgingamble;Equation Group hack tool leaked by ShadowBrokers- file elgingamble;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;HKTL;ef5b6d9324e86e442e489e9d85e3a308 EquationGroup_emptycriss;Equation Group hack tool leaked by ShadowBrokers- file emptycriss;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;HKTL;432be1a50b4db57f3f58c49df26b1d54 EquationGroup_envisioncollision;Equation Group hack tool leaked by ShadowBrokers- file envisioncollision;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;8ef60df99720313bcee319e943059d66 EquationGroup_envoytomato;Equation Group hack tool leaked by ShadowBrokers- file envoytomato;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;HKTL;9ce659d819e264cf98bec9d5d13358a7 EquationGroup_epoxyresin_v1_0_0;Equation Group hack tool leaked by ShadowBrokers- file epoxyresin.v1.0.0.1;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;8900a6adb1521fe33f1589f5eb10b15a EquationGroup_estesfox;Equation Group hack tool leaked by ShadowBrokers- file estesfox;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;HKTL;49d1c5133034ee666c67d0a86ffeef84 EquationGroup_estopmoonlit;Equation Group hack tool leaked by ShadowBrokers- file estopmoonlit;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;HKTL;e19ea12e699972247b8540855783a271 EquationGroup_evolvingstrategy_1_0_1;Equation Group hack tool leaked by ShadowBrokers- file evolvingstrategy.1.0.1.1;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;HKTL;6898e2c79fbdd39846d9c31437c59c89 EquationGroup_ewok;Equation Group hack tool leaked by ShadowBrokers- file ewok;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;699aaae8212224474d565d94c85668e8 EquationGroup_exze;Equation Group hack tool leaked by ShadowBrokers- file exze;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;250d04616bdf51ef957517803aacedc5 EquationGroup_gr;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;;26ccd5b38b31f1edd893fa066255bf17 EquationGroup_gr_dev_bin_now;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;;74cec48099854ebea1f8cf4c938ebb0b EquationGroup_gr_dev_bin_post;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;;f92fa0540f27bfd1295bc740883e8240 EquationGroup_jackpop;Equation Group hack tool leaked by ShadowBrokers- file jackpop;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;16f9fc72ef538421918346856fe51017 EquationGroup_jparsescan;Equation Group hack tool leaked by ShadowBrokers- file jparsescan;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;HKTL;12e46c85667ffe8ca31955f84fa09ea6 EquationGroup_jscan;Equation Group hack tool leaked by ShadowBrokers- file jscan;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;HKTL;723d7a648ad32f79c61e36cbaeb4e370 EquationGroup_libXmexploit2;Equation Group hack tool leaked by ShadowBrokers- file libXmexploit2.8;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;cd6cf0f1d7fdbd6147ccc984d645df3b EquationGroup_linux_exactchange;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;FILE;dd1a684c26edaa331ac29731ff5aaaf9 EquationGroup_magicjack_v1_1_0_0_client_1_1_0_0;Equation Group hack tool leaked by ShadowBrokers- file magicjack_v1.1.0.0_client-1.1.0.0.py;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;c649212bf95d99daee81c68618f50fb9 EquationGroup_modifyAudit_Implant;EquationGroup Malware - file modifyAudit_Implant.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;4711346bf0a7a3901db5e88c6afe8a7e EquationGroup_modifyAudit_Lp;EquationGroup Malware - file modifyAudit_Lp.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;7ce3a67ebf3c885e3f168ad6c257db86 EquationGroup_modifyAuthentication_Implant;EquationGroup Malware - file modifyAuthentication_Implant.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;e7ca66adb01f6427291200a74e10160a EquationGroup_morerats_client_Store;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;FILE;cf0715bfc58c5e91b662fe37ba1ff895 EquationGroup_morerats_client_addkey;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;;84c7fd5a7b6c532f41241b344cbc3360 EquationGroup_morerats_client_genkey;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;;f42866361bc2d986afe6f246eee3042b EquationGroup_morerats_client_noprep;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;;95d1c61589cd0923e0daadf9541423bc EquationGroup_nethide_Implant;EquationGroup Malware - file nethide_Implant.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;fd10578a09eaf704b1c8c0fa85176a18 EquationGroup_nethide_Lp;EquationGroup Malware - file nethide_Lp.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;fc2123bcb001f25954b833a873e53ca6 EquationGroup_noclient_3_3_2;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;;c3d6229208c857cc91c8b8491cd62f87 EquationGroup_ntfltmgr;EquationGroup Malware - file ntfltmgr.sys;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;4d9fcc64eb8bce01014fac4a3d41a40e EquationGroup_orleans_stride_sunos5_9_v_2_4_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;FILE;8d63f5732f2c17d353cd95bacfc48abc EquationGroup_packrat;Equation Group hack tool leaked by ShadowBrokers- file packrat;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;HKTL;1e0e42f02c15446dfda600b4a8d900dc EquationGroup_parsescan;Equation Group hack tool leaked by ShadowBrokers- file parsescan;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;HKTL;2e8468475fd9c6d83bfeb364fa213d8c EquationGroup_pclean_v2_1_1_2;Equation Group hack tool leaked by ShadowBrokers- file pclean.v2.1.1.0-linux-i386;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;cb6063e7d8b7e089dc7473ae79fe2b06 EquationGroup_porkclient;Equation Group hack tool leaked by ShadowBrokers- file porkclient;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;d9a662b2f250d07c1acf6b2c8fae83ae EquationGroup_processinfo_Implant;EquationGroup Malware - file processinfo_Implant.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;8623d4c50ddab329bd52f60061c657f2 EquationGroup_promptkill;Equation Group hack tool leaked by ShadowBrokers- file promptkill;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;HKTL;fb149c88adee0602f9226998ff4cd038 EquationGroup_pwdump_Implant;EquationGroup Malware - file pwdump_Implant.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;f6cee9fed16d5765f68c5a14593d54a0 EquationGroup_pwdump_Lp;EquationGroup Malware - file pwdump_Lp.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;4d69ca11f0e60bf0b1f454979f965219 EquationGroup_ratload;Equation Group hack tool leaked by ShadowBrokers- file ratload;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;HKTL;0b25d89f893c48b8144b4ed7b9d55018 EquationGroup_reverse_shell;Equation Group hack tool leaked by ShadowBrokers- file reverse.shell.script;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;HKTL;3a571c17b75c12ce6f1d0094f049ddbb EquationGroup_sambal;Equation Group hack tool leaked by ShadowBrokers- file sambal;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;072f7c5cad731648712fe64218dbf452 EquationGroup_scanner;Equation Group hack tool leaked by ShadowBrokers- file scanner;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;HKTL;b477266f13c036c85702cd3cfb17db5f EquationGroup_scanner_output;Detects output generated by EQGRP scanner.exe;Internal Research;2017-04-17 00:00:00;75;Florian Roth;;8a160c2a16137109e3b43b75db5a20de EquationGroup_scripme;Equation Group hack tool leaked by ShadowBrokers- file scripme;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;HKTL;72b6c03c1a4d989e877824ba01d857d1 EquationGroup_seconddate_ImplantStandalone_3_0_3;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;FILE;04da62c78e20c155b8d1d88121d6e47c EquationGroup_slugger2;Equation Group hack tool leaked by ShadowBrokers- file slugger2;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;37474786e9ecf74ad2c69179f313789a EquationGroup_smash;Equation Group hack tool leaked by ShadowBrokers- file smash;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;HKTL;0f92f7586addcead7afdf9a3311aba59 EquationGroup_sshobo;Equation Group hack tool leaked by ShadowBrokers- file sshobo;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;c218f5f5a44066ee45d91e9e793c6a64 EquationGroup_store_linux_i386_v_3_3_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;FILE;c153ec3d1a475d0f6b6976a3ee73784e EquationGroup_telex;Equation Group hack tool leaked by ShadowBrokers- file telex;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;7fed1862c0540c8f9e862a9953b1bc81 EquationGroup_tmpwatch;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;;3d6a97619461d7b9be09c02e73a8b28f EquationGroup_tnmunger;Equation Group hack tool leaked by ShadowBrokers- file tnmunger;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;1a68a3abc1ad77b27d0db60d1072d332 EquationGroup_toast_v3_2_0;Equation Group hack tool leaked by ShadowBrokers- file toast_v3.2.0.1-linux;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;0a29d836c2ebeab07b324845b93c522b EquationGroup_watcher_linux_i386_v_3_3_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;FILE;e2e9500f11244768d4579bd5848e5b36 EquationGroup_watcher_linux_x86_64_v_3_3_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;FILE;1d4246458549f7684a0f93cdd1441b12 EquationGroup_watcher_solaris_i386_v_3_3_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;FILE;cb8b0bd788e50f787da569d7cc47c7bf EquationGroup_wrap_telnet;Equation Group hack tool leaked by ShadowBrokers- file wrap-telnet.sh;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;4403d1422fed835a0398fb9a0bb459fd EquationGroup_x86_linux_exactchange;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;FILE;78f8e7edc2e1fd1b50ffc548921116b3 EquationGroup_xspy;Equation Group hack tool leaked by ShadowBrokers- file xspy;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;02cf1914e6e12c5d035d5bd424acf80f EquationGroup_ys;Equation Group hack tool leaked by ShadowBrokers- file ys.auto;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;HKTL;00539eff444ec58e3afbdcb6c50af743 EquationGroup_ys_ratload;Equation Group hack tool leaked by ShadowBrokers- file ys.ratload.sh;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;1870dc7e8f54d10fbbdb4fce459736b7 Equation_Kaspersky_DoubleFantasy_1;Equation Group Malware - DoubleFantasy;http://goo.gl/ivt8EW;2015-02-16 00:00:00;75;Florian Roth;EXE,FILE,MAL;54cdc279f8015fc2aed7df399d81085d Equation_Kaspersky_EOP_Package;Equation Group Malware - EoP package and malware launcher;http://goo.gl/ivt8EW;2015-02-16 00:00:00;75;Florian Roth;EXE,FILE,MAL;60d4abef921cb655fccf09c6f201cbcd Equation_Kaspersky_EquationDrugInstaller;Equation Group Malware - EquationDrug installer LUTEUSOBSTOS;http://goo.gl/ivt8EW;2015-02-16 00:00:00;75;Florian Roth;EXE,FILE,MAL;479518d8a98bdd1d2152a94edaf25446 Equation_Kaspersky_EquationLaserInstaller;Equation Group Malware - EquationLaser Installer;http://goo.gl/ivt8EW;2015-02-16 00:00:00;75;Florian Roth;EXE,FILE,MAL;75afa4d795bc406a6ed0a137815b59fd Equation_Kaspersky_FannyWorm;Equation Group Malware - Fanny Worm;http://goo.gl/ivt8EW;2015-02-16 00:00:00;75;Florian Roth;EXE,FILE,MAL;3286dae74bc8eb305cce388dbeac18f7 Equation_Kaspersky_GROK_Keylogger;Equation Group Malware - GROK keylogger;http://goo.gl/ivt8EW;2015-02-16 00:00:00;75;Florian Roth;EXE,FILE,HKTL,MAL;49f616b083443a2cf07b3134ea564e91 Equation_Kaspersky_GreyFishInstaller;Equation Group Malware - Grey Fish;http://goo.gl/ivt8EW;2015-02-16 00:00:00;75;Florian Roth;MAL;86c4b085e4572dfba4d82c3ef5ee894b Equation_Kaspersky_HDD_reprogramming_module;Equation Group Malware - HDD reprogramming module;http://goo.gl/ivt8EW;2015-02-16 00:00:00;75;Florian Roth;EXE,FILE,MAL;5cffb0d7dc56fc9880bf40cc4ce15074 Equation_Kaspersky_SuspiciousString;Equation Group Malware - suspicious string found in sample;http://goo.gl/ivt8EW;2015-02-17 00:00:00;60;Florian Roth;EXE,FILE,MAL;b1537463111916954a88570ba5a36974 Equation_Kaspersky_TripleFantasy_1;Equation Group Malware - TripleFantasy http://goo.gl/ivt8EW;http://goo.gl/ivt8EW;2015-02-16 00:00:00;75;Florian Roth;EXE,FILE,MAL;12419495139f2c95fecb32d3d85ce666 Equation_Kaspersky_TripleFantasy_Loader;Equation Group Malware - TripleFantasy Loader;http://goo.gl/ivt8EW;2015-02-16 00:00:00;75;Florian Roth;EXE,FILE,MAL;098ee0372b5ceed483ec31f48d97ae55 EternalRocks_svchost;Detects EternalRocks Malware - file taskhost.exe;https://twitter.com/stamparm/status/864865144748298242;2017-05-18 00:00:00;75;Florian Roth;EXE,FILE,MAL;eb541e855c60ff59d778dc864d472225 EternalRocks_taskhost;Detects EternalRocks Malware - file taskhost.exe;https://twitter.com/stamparm/status/864865144748298242;2017-05-18 00:00:00;75;Florian Roth;EXE,FILE,MAL;3021c23324fe2302bdb41aa15b837b4f Exe_Cloaked_as_ThumbsDb;Detects an executable cloaked as thumbs.db - Malware;-;2014-07-18 00:00:00;50;Florian Roth;EXE,EXTVAR,FILE,MAL;dabe73be07c4808e40120a4b9f8da19f Exp_EPS_CVE20152545;Detects EPS Word Exploit CVE-2015-2545;Internal Research - ME;2017-07-19 00:00:00;70;Florian Roth;EXPLOIT,FILE,OFFICE;d8bc44ff431898d0ec449f67cc7898d1 Exploit_MS15_077_078;MS15-078 / MS15-077 exploit - generic signature;https://code.google.com/p/google-security-research/issues/detail?id=473&can=1&start=200;2015-07-21 00:00:00;75;Florian Roth;EXE,FILE;3bf5393f5551de8d98c60ae0dea9ea9b Exploit_MS15_077_078_HackingTeam;MS15-078 / MS15-077 exploit - Hacking Team code;-;2015-07-21 00:00:00;75;Florian Roth;EXE,FILE;6a330fce9d69063a7257053ea1163d1d Explosion_Generic_1;Generic Rule for Explosion/Explosive Malware - Volatile Cedar APT;not set;2015-04-03 00:00:00;70;Florian Roth;APT,FILE,GEN,MAL,MIDDLE_EAST;7176189d78db9acf3f2e25d4f8a78839 Explosion_Sample_1;Explosion/Explosive Malware - Volatile Cedar APT;http://goo.gl/5vYaNb;2015-04-03 00:00:00;70;Florian Roth;APT,FILE,MAL,MIDDLE_EAST;2ec656e895da7bc6fdf8dd4f138d1418 Explosion_Sample_2;Explosion/Explosive Malware - Volatile Cedar APT;http://goo.gl/5vYaNb;2015-04-03 00:00:00;70;Florian Roth;APT,FILE,MAL,MIDDLE_EAST;025241ffc1ca87df0d5a25aa730802a1 Explosive_EXE;Explosion/Explosive Malware - Volatile Cedar APT;-;1970-01-01 01:00:00;75;Check Point Software Technologies Inc.;APT,FILE,MAL,MIDDLE_EAST;9295dec3b56c390863c09283cd3f92fb Explosive_UA;Explosive Malware Embedded User Agent - Volatile Cedar APT http://goo.gl/HQRCdw;http://goo.gl/HQRCdw;2015-04-03 00:00:00;60;Florian Roth;APT,FILE,MAL,MIDDLE_EAST;9ea48a1a18d0cc897b51a5735db2dc10 FE_LEGALSTRIKE_MACRO;This rule is designed to identify macros with the specific encoding used in the sample 30f149479c02b741e897cdb9ecd22da7.;-;2017-06-02 00:00:00;75;Ian.Ahl@fireeye.com @TekDefense - modified by Florian Roth;;20f49f718a4278bd6d36a7ef6a22a3c4 FE_LEGALSTRIKE_RTF;Rtf Phishing Campaign leveraging the CVE 2017-0199 exploit, to point to the domain 2bunnyDOTcom;-;2017-06-02 00:00:00;75;joshua.kim@FireEye. - modified by Florian Roth;EXPLOIT,FILE;1db43b0047aac1cdf88a6cc5b26b9e30 FIN7_Backdoor_Aug17;Detects Word Dropper from Proofpoint FIN7 Report;https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscript-backdoor;2017-08-04 00:00:00;75;Florian Roth;EXE,FILE,MAL,OFFICE,RUSSIA;4b2fa16e5bc451e352ad5fefa8110582 FIN7_Dropper_Aug17;Detects Word Dropper from Proofpoint FIN7 Report;https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscript-backdoor;2017-08-04 00:00:00;75;Florian Roth;FILE,MAL,OFFICE,RUSSIA;83a4f7075ee7380a1fee40157a6e8e20 FPipe2_0;Disclosed hacktool set (old stuff) - file FPipe2.0.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;2608ab40ef3be0886ed2c3832d8d1ff4 FSO_s_EFSO_2;Webshells Auto-generated - file EFSO_2.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;981a677aecf00d635859c64cd4c3f43f FSO_s_EFSO_2_2;Webshells Auto-generated - file EFSO_2.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;981a677aecf00d635859c64cd4c3f43f FSO_s_RemExp;Webshells Auto-generated - file RemExp.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;3ec8eb48e6c2d769597406326c2e8ac9 FSO_s_RemExp_2;Webshells Auto-generated - file RemExp.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;76dee5e4423345c7d71d0d61285077e7 FSO_s_ajan;Webshells Auto-generated - file ajan.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;e7426d96d66ebf4a407fc0b1c2ab77a9 FSO_s_ajan_2;Webshells Auto-generated - file ajan.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;4fa422008a2c56c6ebd3c690d98a404b FSO_s_c99;Webshells Auto-generated - file c99.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;1f9c9a196afadc4df5a17b07f19e677d FSO_s_casus15;Webshells Auto-generated - file casus15.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;8f55ba7abaf6b503f8fbc3a349c18231 FSO_s_casus15_2;Webshells Auto-generated - file casus15.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;df31cdccbfd0546898801cb78b722f0e FSO_s_cmd;Webshells Auto-generated - file cmd.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;eda45608fabb5617dce501130936941c FSO_s_indexer;Webshells Auto-generated - file indexer.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;9c9e1135c48ccbaf12e6dfacf020f1d3 FSO_s_indexer_2;Webshells Auto-generated - file indexer.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;c4febcd3a72c61ff09c0bb155ab5bc13 FSO_s_ntdaddy;Webshells Auto-generated - file ntdaddy.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;05e6f7d444cec90a24eccec2b7b7efcc FSO_s_phpinj;Webshells Auto-generated - file phpinj.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;1ed6c1f1129e7488a930f20d2cf7ab3d FSO_s_phpinj_2;Webshells Auto-generated - file phpinj.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;22a68d5205873da411447139bcfa414b FSO_s_phvayv;Webshells Auto-generated - file phvayv.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;e2014f9a2228338eaba91ff966b79368 FSO_s_phvayv_2;Webshells Auto-generated - file phvayv.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;3084815b75c5854db8ad3cee9dceba46 FSO_s_reader;Webshells Auto-generated - file reader.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;4fbc0337997085cbfba8cc612b98cbfb FSO_s_remview;Webshells Auto-generated - file remview.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;967fd709aca6b68d3d18098b92eb0be6 FSO_s_remview_2;Webshells Auto-generated - file remview.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;64c9096d84412a83b3acc32275eae257 FSO_s_sincap;Webshells Auto-generated - file sincap.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;08779eabb953b4e451ac88323ec43c5e FSO_s_test;Webshells Auto-generated - file test.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;de5b4a2d0574a41c3764887085ed1c27 FSO_s_tool;Webshells Auto-generated - file tool.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;80ca29a5ff9e9ff0a61870a70c4dfd54 FSO_s_zehir4;Webshells Auto-generated - file zehir4.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;6036c962adcbbd0dee59eef1f437150f FSO_s_zehir4_2;Webshells Auto-generated - file zehir4.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;6a7beb2c0020f4eac967494afcb84283 FVEY_ShadowBroker_Auct_Dez16_Strings;String from the ShodowBroker Files Screenshots - Dec 2016;https://bit.no.com:43110/theshadowbrokers.bit/post/message6/;2016-12-17 00:00:00;60;Florian Roth;EXE,FILE,HKTL;873bbc7ffaa10f1f0b507a88b242868b FVEY_ShadowBroker_Gen_Readme1;Auto-generated rule;https://bit.no.com:43110/theshadowbrokers.bit/post/message6/;2016-12-17 00:00:00;75;Florian Roth;GEN,HKTL;52b9fb36e34465bc6e490a7902d85d13 FVEY_ShadowBroker_Gen_Readme2;Auto-generated rule - from files user.tool.orleansstride.COMMON, user.tool.curserazor.COMMON;https://bit.no.com:43110/theshadowbrokers.bit/post/message6/;2016-12-17 00:00:00;75;Florian Roth;GEN,HKTL;1c8865ffe7d9ff01359eff438fd5d7ad FVEY_ShadowBroker_Gen_Readme3;Auto-generated rule;https://bit.no.com:43110/theshadowbrokers.bit/post/message6/;2016-12-17 00:00:00;75;Florian Roth;GEN,HKTL;51deea13e94d2b6357a82c9afc021cef FVEY_ShadowBroker_Gen_Readme4;Auto-generated rule - from files violetspirit.README, violetspirit.README;https://bit.no.com:43110/theshadowbrokers.bit/post/message6/;2016-12-17 00:00:00;75;Florian Roth;GEN,HKTL;ea6a1d81dfa2f802395d5d0ec41a9578 FVEY_ShadowBroker_README_cup;Auto-generated rule - file README.cup.NOPEN;https://bit.no.com:43110/theshadowbrokers.bit/post/message6/;2016-12-17 00:00:00;75;Florian Roth;HKTL;9836be810f68d6f00c0b12b59239160e FVEY_ShadowBroker_eleganteagle_opscript_1_0_0;Auto-generated rule - file eleganteagle_opscript.1.0.0.6;https://bit.no.com:43110/theshadowbrokers.bit/post/message6/;2016-12-17 00:00:00;75;Florian Roth;HKTL;9d3f4373e412a042ad916e688b4aa627 FVEY_ShadowBroker_gr_gr;Auto-generated rule - file gr.notes;https://bit.no.com:43110/theshadowbrokers.bit/post/message6/;2016-12-17 00:00:00;75;Florian Roth;HKTL;efce067a4d2ecacc7032c9f15c522b18 FVEY_ShadowBroker_nopen_oneshot;Auto-generated rule - file oneshot.example;https://bit.no.com:43110/theshadowbrokers.bit/post/message6/;2016-12-17 00:00:00;75;Florian Roth;HKTL;d8c0c197bad756eb953bc02be0db1702 FVEY_ShadowBroker_opscript;Auto-generated rule - file opscript.se;https://bit.no.com:43110/theshadowbrokers.bit/post/message6/;2016-12-17 00:00:00;75;Florian Roth;HKTL;6017185446fa55d1dbab6cae7d447dfa FVEY_ShadowBroker_strifeworld;Auto-generated rule - file strifeworld.1;https://bit.no.com:43110/theshadowbrokers.bit/post/message6/;2016-12-17 00:00:00;75;Florian Roth;HKTL;a5b41af36e9531c16c32df465d928752 FVEY_ShadowBroker_user_tool;Auto-generated rule - file user.tool.elatedmonkey;https://bit.no.com:43110/theshadowbrokers.bit/post/message6/;2016-12-17 00:00:00;75;Florian Roth;HKTL;a331e21bff6a4b741fc1e45e4bbf9d34 FVEY_ShadowBroker_user_tool_dubmoat;Auto-generated rule - file user.tool.dubmoat.COMMON;https://bit.no.com:43110/theshadowbrokers.bit/post/message6/;2016-12-17 00:00:00;75;Florian Roth;HKTL;c975859064672e5fcad2239bd2744aed FVEY_ShadowBroker_user_tool_earlyshovel;Auto-generated rule - file user.tool.earlyshovel.COMMON;https://bit.no.com:43110/theshadowbrokers.bit/post/message6/;2016-12-17 00:00:00;75;Florian Roth;HKTL;c6fe8bed211cf4d5c608cb56caf91690 FVEY_ShadowBroker_user_tool_ebbisland;Auto-generated rule - file user.tool.ebbisland.COMMON;https://bit.no.com:43110/theshadowbrokers.bit/post/message6/;2016-12-17 00:00:00;75;Florian Roth;HKTL;2d6d7b363eed6912c6dcc5fbbab0f306 FVEY_ShadowBroker_user_tool_elgingamble;Auto-generated rule - file user.tool.elgingamble.COMMON;https://bit.no.com:43110/theshadowbrokers.bit/post/message6/;2016-12-17 00:00:00;75;Florian Roth;HKTL;9773e8c7311277f8b35046ca03837f08 FVEY_ShadowBroker_user_tool_envisioncollision;Auto-generated rule - file user.tool.envisioncollision.COMMON;https://bit.no.com:43110/theshadowbrokers.bit/post/message6/;2016-12-17 00:00:00;75;Florian Roth;HKTL;dcc6747b6a1cccdd6a5cf0eb4c42ff30 FVEY_ShadowBroker_user_tool_epichero;Auto-generated rule - file user.tool.epichero.COMMON;https://bit.no.com:43110/theshadowbrokers.bit/post/message6/;2016-12-17 00:00:00;75;Florian Roth;HKTL;37bca351a45aadfb47ea96ff119ccc44 FVEY_ShadowBroker_user_tool_pork;Auto-generated rule - file user.tool.pork.COMMON;https://bit.no.com:43110/theshadowbrokers.bit/post/message6/;2016-12-17 00:00:00;75;Florian Roth;HKTL;14d74a2a7835eb3b79537e0c908b3a0b FVEY_ShadowBroker_user_tool_shentysdelight;Auto-generated rule - file user.tool.shentysdelight.COMMON;https://bit.no.com:43110/theshadowbrokers.bit/post/message6/;2016-12-17 00:00:00;75;Florian Roth;HKTL;5fcb087d7fe0ff5df237b81393279ab8 FVEY_ShadowBroker_user_tool_stoicsurgeon;Auto-generated rule - file user.tool.stoicsurgeon.COMMON;https://bit.no.com:43110/theshadowbrokers.bit/post/message6/;2016-12-17 00:00:00;75;Florian Roth;HKTL;3760060db20e3c8f1b448beac75fa7be FVEY_ShadowBroker_user_tool_yellowspirit;Auto-generated rule - file user.tool.yellowspirit.COMMON;https://bit.no.com:43110/theshadowbrokers.bit/post/message6/;2016-12-17 00:00:00;75;Florian Roth;HKTL;e7168614d19166eae9e4d2aeb0742fd5 FVEY_ShadowBroker_violetspirit;Auto-generated rule - file violetspirit.README;https://bit.no.com:43110/theshadowbrokers.bit/post/message6/;2016-12-17 00:00:00;75;Florian Roth;HKTL;8071bb882cefcd3800c7fac1449fbea6 FVEY_ShadowBrokers_Jan17_Screen_Strings;Detects strings derived from the ShadowBroker's leak of Windows tools/exploits;https://bit.no.com:43110/theshadowbrokers.bit/post/message7/;2017-01-08 00:00:00;75;Florian Roth;EXE,FILE,HKTL;eb06a505f5765d49cff6dc089d791416 FakeM_Generic;Detects FakeM malware samples;http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/;2016-01-25 00:00:00;85;Florian Roth;EXE,FILE,GEN;62dd27826be63cb238ecbcc9761c0b68 Fake_AdobeReader_EXE;Detects an fake AdobeReader executable based on filesize OR missing strings in file;-;2014-09-11 00:00:00;50;Florian Roth;EXE,EXTVAR,FILE;6ed223a9a34e0217ffb36a9d7d63b2f1 Fake_FlashPlayerUpdaterService_EXE;Detects an fake AdobeReader executable based on filesize OR missing strings in file;-;2014-09-11 00:00:00;50;Florian Roth;EXE,EXTVAR,FILE;0a573e3600f055dfa5d50e550058e9c1 Fareit_Trojan_Oct15;Detects Fareit Trojan from Sep/Oct 2015 Wave;http://goo.gl/5VYtlU;2015-10-18 00:00:00;80;Florian Roth;EXE,FILE,MAL;861bf95fc9b7db9ce2b2783f4e106bac FeliksPack3___PHP_Shells_2005;Webshells Auto-generated - file 2005.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;b4cadcb3fc713e4ec393a4a72d6eb69c FeliksPack3___PHP_Shells_phpft;Webshells Auto-generated - file phpft.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;0d8e40ba444aa04df42f6f08be3afba0 FeliksPack3___PHP_Shells_r57;Webshells Auto-generated - file r57.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;abe763cfd379633d8189158b5a3ff655 FeliksPack3___PHP_Shells_ssh;Webshells Auto-generated - file ssh.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;979639d65983314f87bd93c6ec299d0d FeliksPack3___PHP_Shells_usr;Webshells Auto-generated - file usr.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;f82506e929bf3f26e278ccb8d9c5bf57 FeliksPack3___PHP_Shells_xIShell;Webshells Auto-generated - file xIShell.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;bba7b0bbffa2faa94bae172a2ae8748d FeliksPack3___Scanners_ipscan;Auto-generated rule on file ipscan.exe;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator by Florian Roth;HKTL;3824246c1082abffdff1b7d35554448e Fidelis_Advisory_Purchase_Order_pps;Detects a string found in a malicious document named Purchase_Order.pps;http://goo.gl/ZjJyti;2015-06-09 00:00:00;75;Florian Roth;;2e1c8fee28e77bdb5f6065f0e2d5337c Fidelis_Advisory_cedt370;Detects a string found in memory of malware cedt370r(3).exe;http://goo.gl/ZjJyti;2015-06-09 00:00:00;75;Florian Roth;;561913875b4d8d530d2f4e2ea5595f7e Fierce2;This signature detects the Fierce2 domain scanner;-;2014-07-06 00:00:00;60;Florian Roth;HKTL;8b025f1c2147c7c14e93a0c3c280879f Fireball_archer;Detects Fireball malware - file archer.dll;https://goo.gl/4pTkGQ;2017-06-02 00:00:00;75;Florian Roth;EXE,FILE;cd994c2a3ab39a0f0d1fbcb077060253 Fireball_de_svr;Detects Fireball malware - file de_svr.exe;https://goo.gl/4pTkGQ;2017-06-02 00:00:00;75;Florian Roth;EXE,FILE;4918450cab0b95753a56a0cb7195a85d Fireball_gubed;Detects Fireball malware - file gubed.exe;https://goo.gl/4pTkGQ;2017-06-02 00:00:00;75;Florian Roth;EXE,FILE;0bed0b435e60cb9373242d586178830e Fireball_lancer;Detects Fireball malware - file lancer.dll;https://goo.gl/4pTkGQ;2017-06-02 00:00:00;75;Florian Roth;EXE,FILE;7105126cbe2804bc84e4ebd80aca5292 Fireball_regkey;Detects Fireball malware - file regkey.exe;https://goo.gl/4pTkGQ;2017-06-02 00:00:00;75;Florian Roth;EXE,FILE;4ce88b3bed7db607d8b633b087dc5761 Fireball_winsap;Detects Fireball malware - file winsap.dll;https://goo.gl/4pTkGQ;2017-06-02 00:00:00;75;Florian Roth;EXE,FILE;01f4e60dca3447848ab83446e64cba83 FiveEyes_QUERTY_Malwareqwerty_20120;FiveEyes QUERTY Malware - file 20120.xml;http://www.spiegel.de/media/media-35668.pdf;2015-01-18 00:00:00;75;Florian Roth;MAL;ce68ef98fd0d7e9290d25252da563d6e FiveEyes_QUERTY_Malwareqwerty_20121;FiveEyes QUERTY Malware - file 20121.xml;http://www.spiegel.de/media/media-35668.pdf;2015-01-18 00:00:00;75;Florian Roth;MAL;20675c5a33fcbb81d289a3dd4dd06527 FiveEyes_QUERTY_Malwareqwerty_20123;FiveEyes QUERTY Malware - file 20123.xml;http://www.spiegel.de/media/media-35668.pdf;2015-01-18 00:00:00;75;Florian Roth;MAL;8ac6aa4b3cdebe7b16fd6c1f4991cb96 FiveEyes_QUERTY_Malwaresig_20120_cmdDef;FiveEyes QUERTY Malware - file 20120_cmdDef.xml;http://www.spiegel.de/media/media-35668.pdf;2015-01-18 00:00:00;75;Florian Roth;MAL;98190776e0f106edc063d5efb43e4432 FiveEyes_QUERTY_Malwaresig_20120_dll;FiveEyes QUERTY Malware - file 20120.dll.bin;http://www.spiegel.de/media/media-35668.pdf;2015-01-18 00:00:00;75;Florian Roth;MAL;95ac49aa25e59a6c6860894cd75dcdd5 FiveEyes_QUERTY_Malwaresig_20121_cmdDef;FiveEyes QUERTY Malware - file 20121_cmdDef.xml;http://www.spiegel.de/media/media-35668.pdf;2015-01-18 00:00:00;75;Florian Roth;MAL;2a2baaea3b522b7754109296c266a2e0 FiveEyes_QUERTY_Malwaresig_20121_dll;FiveEyes QUERTY Malware - file 20121.dll.bin;http://www.spiegel.de/media/media-35668.pdf;2015-01-18 00:00:00;75;Florian Roth;MAL;14786683533096ddd7ffd1ca359e64d8 FiveEyes_QUERTY_Malwaresig_20123_cmdDef;FiveEyes QUERTY Malware - file 20123_cmdDef.xml;http://www.spiegel.de/media/media-35668.pdf;2015-01-18 00:00:00;75;Florian Roth;MAL;28f695302224954d50a138f4e679fdf6 FiveEyes_QUERTY_Malwaresig_20123_sys;FiveEyes QUERTY Malware - file 20123.sys.bin;http://www.spiegel.de/media/media-35668.pdf;2015-01-18 00:00:00;75;Florian Roth;MAL;3bf8d87197575d4c66061baaeaf56fd5 Flash_CVE_2015_5119_APT3_leg;Exploit Sample CVE-2015-5119;-;2015-08-01 00:00:00;70;Florian Roth;EXPLOIT,FILE;c8914ad59caaa241260130270ce70de6 Foudre_Backdoor_1;Detects Foudre Backdoor;https://goo.gl/Nbqbt6;2017-08-01 00:00:00;75;Florian Roth;EXE,FILE,MAL;8caef6efbd53375b27a7f2e7005f668a Foudre_Backdoor_Component_1;Detects Foudre Backdoor;https://goo.gl/Nbqbt6;2017-08-01 00:00:00;75;Florian Roth;EXE,FILE,MAL;d66ce32cff518db81eebe31490fc4235 Foudre_Backdoor_Dropper_1;Detects Foudre Backdoor;https://goo.gl/Nbqbt6;2017-08-01 00:00:00;75;Florian Roth;EXE,FILE,MAL;9e9f387a9613c2b1e3c409aca6d2ffb2 Foudre_Backdoor_SFX;Detects Foudre Backdoor SFX;https://goo.gl/Nbqbt6;2017-08-01 00:00:00;75;Florian Roth;EXE,FILE,MAL;10c88ffe2c44252876d2df08cbf20223 FourElementSword_32DLL;Detects FourElementSword Malware - file 7a200c4df99887991c638fe625d07a4a3fc2bdc887112437752b3df5c8da79b6;https://www.arbornetworks.com/blog/asert/four-element-sword-engagement/;2016-04-18 00:00:00;75;Florian Roth;EXE,FILE,MAL;b8df1b7df580e20ef9c9a9c1c73f7d26 FourElementSword_Config_File;Detects FourElementSword Malware - file f05cd0353817bf6c2cab396181464c31c352d6dea07e2d688def261dd6542b27;https://www.arbornetworks.com/blog/asert/four-element-sword-engagement/;2016-04-18 00:00:00;75;Florian Roth;MAL;01880ac8349e00e32ce0cc757e60d83d FourElementSword_ElevateDLL;Detects FourElementSword Malware;https://www.arbornetworks.com/blog/asert/four-element-sword-engagement/;2016-04-18 00:00:00;75;Florian Roth;EXE,FILE,MAL;571b69ee80e456d988a23971685542a1 FourElementSword_ElevateDLL_2;Detects FourElementSword Malware - file 9c23febc49c7b17387767844356d38d5578727ee1150956164883cf555fe7f95;https://www.arbornetworks.com/blog/asert/four-element-sword-engagement/;2016-04-18 00:00:00;75;Florian Roth;EXE,FILE,MAL;9410dbd0e19faac56a6a45854c40a254 FourElementSword_Keyainst_EXE;Detects FourElementSword Malware - file cf717a646a015ee72f965488f8df2dd3c36c4714ccc755c295645fe8d150d082;https://www.arbornetworks.com/blog/asert/four-element-sword-engagement/;2016-04-18 00:00:00;75;Florian Roth;EXE,FILE,MAL;ea26ffca0c249ed5b6358c8eba58a984 FourElementSword_PowerShell_Start;Detects FourElementSword Malware - file 9b6053e784c5762fdb9931f9064ba6e52c26c2d4b09efd6ff13ca87bbb33c692;https://www.arbornetworks.com/blog/asert/four-element-sword-engagement/;2016-04-18 00:00:00;75;Florian Roth;MAL,SCRIPT;560bae78b69ffdbe200586cd163c2242 FourElementSword_ResN32DLL;Detects FourElementSword Malware - file bf1b00b7430899d33795ef3405142e880ef8dcbda8aab0b19d80875a14ed852f;https://www.arbornetworks.com/blog/asert/four-element-sword-engagement/;2016-04-18 00:00:00;75;Florian Roth;MAL;26dc548575d146f6e0d209449598b821 FourElementSword_T9000;Detects FourElementSword Malware - file 5f3d0a319ecc875cc64a40a34d2283cb329abcf79ad02f487fbfd6bef153943c;https://www.arbornetworks.com/blog/asert/four-element-sword-engagement/;2016-04-18 00:00:00;75;Florian Roth;EXE,FILE,MAL;b2f5321f0fd91705716d9c7200a7a3b7 FourElementSword_fslapi_dll_gui;Detects FourElementSword Malware - file 2a6ef9dde178c4afe32fe676ff864162f104d85fac2439986de32366625dc083;https://www.arbornetworks.com/blog/asert/four-element-sword-engagement/;2016-04-18 00:00:00;75;Florian Roth;EXE,FILE,MAL;bc10bd859bcd1178f4bb8943df37f05c FreeMilk_APT_Mal_1;Detects malware from FreeMilk campaign;https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeted-spear-phishing-campaign/;2017-10-05 00:00:00;75;Florian Roth;APT,EXE,FILE;889dcb4b543b828246e5933b999e018a FreeMilk_APT_Mal_2;Detects malware from FreeMilk campaign;https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeted-spear-phishing-campaign/;2017-10-05 00:00:00;75;Florian Roth;APT,EXE,FILE;45c28a8cf16054aaf514da341c88696c FreeMilk_APT_Mal_3;Detects malware from FreeMilk campaign;https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeted-spear-phishing-campaign/;2017-10-05 00:00:00;75;Florian Roth;APT,EXE,FILE;53f7a7601986ac603194075dd344f586 FreeMilk_APT_Mal_4;Detects malware from FreeMilk campaign;https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeted-spear-phishing-campaign/;2017-10-05 00:00:00;75;Florian Roth;APT,EXE,FILE;54a7157ba9c861178abd74bc8a8916e6 FreeVersion_debug;Chinese Hacktool Set - file debug.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;cb480065ffcf4fa6695aa67f53b226b2 FreeVersion_release;Chinese Hacktool Set - file release.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;d9621f81c53b9f9882cdd24cbe987ab5 Freeenki_Infostealer_Nov17;Detects Freenki infostealer malware;http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html;2017-11-28 00:00:00;75;Florian Roth;EXE,FILE;28764c814be94b3da5eaf30f035369ba Freeenki_Infostealer_Nov17_Export_Sig_Testing;Detects Freenki infostealer malware;http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html;2017-11-28 00:00:00;75;Florian Roth;EXE,FILE;2a1076aa339cba5051d57714c4923699 Fscan_Portscanner;Fscan port scanner scan output / strings;https://twitter.com/JamesHabben/status/817112447970480128;2017-01-06 00:00:00;75;Florian Roth;HKTL;5f456b582bef0885f91b11abc10530da Furtim_Parent_1;Detects Furtim Parent Malware;https://sentinelone.com/blogs/sfg-furtims-parent/;2016-07-16 00:00:00;75;Florian Roth;EXE,FILE,MAL;4fc9b24cd7f04b0de3a870d01b9239d9 Furtim_nativeDLL;Detects Furtim malware - file native.dll;MISP 3971;2016-06-13 00:00:00;75;Florian Roth;EXE,FILE;fcc7e0ae33c824452c888d52e7c24d13 GIFCloaked_Webshell_A;Looks like a webshell cloaked as GIF;-;1970-01-01 01:00:00;60;Florian Roth;FILE,WEBSHELL;9e930cf0531ffd77d0d8468e48443200 GRIZZLY_STEPPE_Malware_1;Auto-generated rule - file HRDG022184_certclint.dll;https://goo.gl/WVflzO;2016-12-29 00:00:00;75;Florian Roth;EXE,FILE,MAL;f4f0db65da77fd9d1a819766cc6a843c GRIZZLY_STEPPE_Malware_2;Auto-generated rule - file 9acba7e5f972cdd722541a23ff314ea81ac35d5c0c758eb708fb6e2cc4f598a0;https://goo.gl/WVflzO;2016-12-29 00:00:00;75;Florian Roth;EXE,FILE,MAL;c74d22aeb75463df1ab8c4ca4df543ce Gazer_certificate;Detects Tura's Gazer malware;https://www.welivesecurity.com/2017/08/30/eset-research-cyberespionage-gazer/;2017-08-30 00:00:00;75;ESET;EXE,FILE;3c6b7c28296ac682d8d9622a4efd2c87 Gazer_certificate_subject;Detects Tura's Gazer malware;https://www.welivesecurity.com/2017/08/30/eset-research-cyberespionage-gazer/;2017-08-30 00:00:00;75;ESET;EXTVAR;fd563f73c76cf0dd6f070bdbb0d48a74 Gazer_logfile_name;Detects Tura's Gazer malware;https://www.welivesecurity.com/2017/08/30/eset-research-cyberespionage-gazer/;2017-08-30 00:00:00;75;ESET;EXE,FILE;5919a7d9d507a550feb9011c1062f15f Gen_Base64_EXE;Detects Base64 encoded Executable in Executable;Internal Research;2017-04-21 00:00:00;75;Florian Roth;EXE,FILE,GEN;4c430038702234a1c17c4c632c4942f7 Gen_Net_LocalGroup_Administrators_Add_Command;Detects an executable that contains a command to add a user account to the local administrators group;Internal Research;2017-07-08 00:00:00;75;Florian Roth;EXE,FILE,GEN;06a366ba8169c06fe9434f20e760146a Gen_Trojan_Mikey;Trojan Mikey - file sample_mikey.exe;-;2015-05-07 00:00:00;70;Florian Roth;EXE,FILE,GEN,MAL;492dc399dfa7c1034629d0ce970f7a44 Generate;Chinese Hacktool Set - file Generate.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,GEN,HKTL;6fe1bcc8c105045ddf4c78516d5bdbbb Generic_Dropper;Detects Dropper PDB string in file;https://goo.gl/JAHZVL;2018-03-03 00:00:00;75;Florian Roth;EXE,FILE,GEN,MAL;e95708895c8515e5625fa1b2d02a27a3 GetUserSPNs_PS1;Auto-generated rule - file GetUserSPNs.ps1;https://github.com/skelsec/PyKerberoast;2016-05-21 00:00:00;75;Florian Roth;;321bc9b5da10324bdb1457a221db47ff GetUserSPNs_VBS;Auto-generated rule - file GetUserSPNs.vbs;https://github.com/skelsec/PyKerberoast;2016-05-21 00:00:00;75;Florian Roth;SCRIPT;b5eb4f3fd7483db06432ed04d3865105 GhostDragon_Gh0stRAT;Detects Gh0st RAT mentioned in Cylance' Ghost Dragon Report;https://blog.cylance.com/the-ghost-dragon;2016-04-23 00:00:00;75;Florian Roth;CHINA,EXE,FILE,MAL;314f371321516f1a4f0eba20922edb81 GhostDragon_Gh0stRAT_Sample2;Detects Gh0st RAT mentioned in Cylance' Ghost Dragon Report;https://blog.cylance.com/the-ghost-dragon;2016-04-23 00:00:00;75;Florian Roth;CHINA,EXE,FILE,MAL;9cf2dd913485d70f62c64220dc18cdac GhostDragon_Gh0stRAT_Sample3;Detects Gh0st RAT mentioned in Cylance' Ghost Dragon Report;https://blog.cylance.com/the-ghost-dragon;2016-04-23 00:00:00;75;Florian Roth;CHINA,MAL;15649b30c246f9f3a0d035c9b02d3800 GlassRAT_Generic;Detects GlassRAT Malware;https://blogs.rsa.com/peering-into-glassrat/;2015-11-23 00:00:00;80;Florian Roth;EXE,FILE,GEN,MAL;a67da6cd4c8b9d82705f15f246820511 GoldDragon_Aux_File;Detects export from Gold Dragon - February 2018;https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-permanent-presence-on-victims-systems/;2018-02-03 00:00:00;90;Florian Roth;CHINA;27f7bccaf84780a16ab91ccc4037fbfd GoldDragon_Ghost419_RAT;Detects Ghost419 RAT from Gold Dragon report;https://goo.gl/rW1yvZ;2018-02-03 00:00:00;75;Florian Roth;CHINA,EXE,FILE,MAL;b8dc2e479c7716472fd03d13ca14d7f6 GoldDragon_RunnignRAT;Detects Running RAT malware from Gold Dragon report;https://goo.gl/rW1yvZ;2018-02-03 00:00:00;75;Florian Roth;CHINA,EXE,FILE,MAL;a40682a7cd679c5b38e6293375905607 GoldDragon_RunningRAT;Detects Running RAT from Gold Dragon report;https://goo.gl/rW1yvZ;2018-02-03 00:00:00;75;Florian Roth;CHINA,EXE,FILE,MAL;8ed341d9704cab0e0a449968c46e5609 GoldDragon_malware_Feb18_1;Detects malware from Gold Dragon report;https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-permanent-presence-on-victims-systems/;2018-02-03 00:00:00;90;Florian Roth;CHINA,EXE,FILE;6b9e865c3d6f03743045bb450ad5ad97 GoldenEyeRansomware_Dropper_MalformedZoomit;Auto-generated rule - file b5ef16922e2c76b09edd71471dd837e89811c5e658406a8495c1364d0d9dc690;https://goo.gl/jp2SkT;2016-12-06 00:00:00;75;Florian Roth;EXE,FILE,MAL;7c942ab313a74d59c472cc86e6db54c7 GoldenEye_Ransomware_XLS;GoldenEye XLS with Macro - file Schneider-Bewerbung.xls;https://goo.gl/jp2SkT;2016-12-06 00:00:00;75;Florian Roth;CRIME,FILE;e12efdbae3c6da55c99c468d25712a08 GoodToolset_ms11011;Chinese Hacktool Set - file ms11011.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;d605f15f762fce89259fda4f68c00127 GoodToolset_ms11046;Chinese Hacktool Set - file ms11046.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;2b99f21021d9c92e9245fde198eb1cfc GoodToolset_ms11080;Chinese Hacktool Set - file ms11080.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;e81bf8edb7ebe43a15d022f0b81258d8 GoodToolset_pr;Chinese Hacktool Set - file pr.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;66fcbd7f4ee77287950347374252918d GoogleBot_UserAgent;Detects the GoogleBot UserAgent String in an Executable;Internal Research;2017-01-27 00:00:00;65;Florian Roth;EXE,FILE;162919fdd9d00538d2c1eb00422ddc9a Greenbug_Malware_1;Detects Malware from Greenbug Incident;https://goo.gl/urp4CD;2017-01-25 00:00:00;75;Florian Roth;EXE,FILE,MAL,MIDDLE_EAST;556615c892a2ef3f3de3618e53834268 Greenbug_Malware_2;Detects Backdoor from Greenbug Incident;https://goo.gl/urp4CD;2017-01-25 00:00:00;75;Florian Roth;EXE,FILE,MAL,MIDDLE_EAST;0a529b1fdfe16b2e6f0b043239d71499 Greenbug_Malware_3;Detects Backdoor from Greenbug Incident;https://goo.gl/urp4CD;2017-01-25 00:00:00;75;Florian Roth;MAL,MIDDLE_EAST;830d04460d0d17f59c98841f39ee2e80 Greenbug_Malware_4;Detects ISMDoor Backdoor;https://goo.gl/urp4CD;2017-01-25 00:00:00;75;Florian Roth;EXE,FILE,MAL,MIDDLE_EAST;f756b16a93dac0b7daa37c713582d2de Greenbug_Malware_5;Auto-generated rule;https://goo.gl/urp4CD;2017-01-25 00:00:00;75;Florian Roth;EXE,FILE,MAL,MIDDLE_EAST;894631f4a2d9649d008f12449ccbbf7b Greenbug_Malware_Nov17_1;Detects Greenbug Malware;http://www.clearskysec.com/greenbug/;2017-11-26 00:00:00;75;Florian Roth;EXE,FILE,MAL,MIDDLE_EAST;14db750969640a3ab8494229acbef741 Groups_cpassword;Groups XML contains cpassword value, which is decrypted password - key is in MSDN http://goo.gl/mHrC8P;http://www.grouppolicy.biz/2013/11/why-passwords-in-group-policy-preference-are-very-bad/;2015-09-08 00:00:00;50;Florian Roth;FILE;194d4a8f6d5d460aca5ab08db6274cc9 Gsecdump_password_dump_file;Detects a gsecdump output file;https://t.co/OLIj1yVJ4m;2018-03-06 00:00:00;65;Florian Roth;FILE;fe3173f05892024b04af1dd50a629a5d Guilin_veterans_cookie_spoofing_tool;Chinese Hacktool Set - file Guilin veterans cookie spoofing tool.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;9dade89e7bd064e5ceb1ddc96c279159 HDConfig;Webshells Auto-generated - file HDConfig.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;72d6e0b6a8ddb1948bc12412590df151 HDRoot_Sample_Jul17_1;Detects HDRoot samples;Winnti HDRoot VT;2017-07-07 00:00:00;75;Florian Roth;EXE,FILE;2e89ba094176dfd224547ad52eef782e HDRoot_Sample_Jul17_2;Detects HDRoot samples;Winnti HDRoot VT;2017-07-07 00:00:00;75;Florian Roth;EXE,FILE;e90415ce1c4c1ac4680211d436b48054 HKTL_Dsniff;Detects Dsniff hack tool;https://goo.gl/eFoP4A;2019-02-19 00:00:00;55;Florian Roth;HKTL;02926ca7741beeaf77dd4dbc505c26b0 HKTL_EmbeddedPDF;Detects Embedded PDFs which can start malicious content;https://twitter.com/infosecn1nja/status/1021399595899731968?s=12;2018-07-25 00:00:00;75;Tobias Michalski;FILE,HKTL;9595397ef6713b499df35a9cc1530720 HKTL_Lazagne_Gen_18;Detects Lazagne password extractor hacktool;https://github.com/AlessandroZ/LaZagne;2018-12-11 00:00:00;80;Florian Roth;GEN,HKTL;0ba7ad0382ef504e7d469b00ace3f8d2 HKTL_Lazagne_PasswordDumper_Dec18_1;Detects password dumper Lazagne often used by middle eastern threat groups;https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group;2018-12-11 00:00:00;85;Florian Roth;EXE,FILE,HKTL;19b29fa95bc6375a6ae34c98bec99215 HKTL_LazyCat_LogEraser;Detetcs a tool used in the Australian Parliament House network compromise;https://twitter.com/cyb3rops/status/1097423665472376832;2019-02-18 00:00:00;75;Florian Roth;HKTL;4d2ea6ce77f3c01620a0c4cfb8a5f388 HKTL_NoPowerShell;Detects NoPowerShell hack tool;https://github.com/bitsadmin/nopowershell;2018-12-28 00:00:00;75;Florian Roth;HKTL,SCRIPT;68bbae7e3cfd114d9e4803c74cc4615c HKTL_PowerKatz_Feb19_1;Detetcs a tool used in the Australian Parliament House network compromise;https://twitter.com/cyb3rops/status/1097423665472376832;2019-02-18 00:00:00;75;Florian Roth;HKTL;9dad892eb3185948cd94185fab356fa0 HKTL_PowerSploit;Detects default strings used by PowerSploit to establish persistence;https://www.hybrid-analysis.com/sample/16937e76db6d88ed0420ee87317424af2d4e19117fe12d1364fee35aa2fadb75?environmentId=100;2018-06-23 00:00:00;75;Markus Neis;HKTL;8e67b87f506dbd2236a14dfd6105859b HKTL_SqlMap;Detects sqlmap hacktool;https://github.com/sqlmapproject/sqlmap;2018-10-09 00:00:00;75;Florian Roth;HKTL;0f6a00eefaa6b2703b4a41155b28bcd3 HKTL_SqlMap_backdoor;Detects SqlMap backdoors;https://github.com/sqlmapproject/sqlmap;2018-10-09 00:00:00;75;Florian Roth;FILE,HKTL,MAL;fd9f97c93c7703763be08d02ac9126fc HKTL_Unknown_Feb19_1;Detetcs a tool used in the Australian Parliament House network compromise;https://twitter.com/cyb3rops/status/1097423665472376832;2019-02-18 00:00:00;75;Florian Roth;HKTL;72f3da6804f056fb52a5eaf0ccae6f0c HKTL_beRootexe;Detects beRoot.exe which checks common Windows missconfigurations;https://github.com/AlessandroZ/BeRoot/tree/master/Windows;2018-07-25 00:00:00;75;yarGen Rule Generator;EXE,FILE,HKTL;faf3b3b4c281fa1a35f00eba5b1215d1 HKTL_beRootexe_output;Detects the output of beRoot.exe;https://github.com/AlessandroZ/BeRoot/tree/master/Windows;2018-07-25 00:00:00;75;Tobias Michalski;HKTL;f91e861d691e7bbb698cfd3f5c9acbc7 HKTL_htran_go;Detects go based htran variant;-;2019-01-09 00:00:00;75;Jeff Beley;EXE,FILE,HKTL;6cb106df30b2d99863218849c73c4e2a HKTL_shellpop_Netcat_UDP;Detects suspicious netcat popshell;https://github.com/0x00-0x00/ShellPop;2018-05-18 00:00:00;75;Tobias Michalski;HKTL;dfccbec4acd47cde75cdff95c89a2fbf HKTL_shellpop_PHP_TCP;Detects malicious PHP shell;https://github.com/0x00-0x00/ShellPop;2018-05-18 00:00:00;75;Tobias Michalski;HKTL;2ea721bdd34b8ba87dfbe6c3a252652d HKTL_shellpop_Perl;Detects Shellpop Perl script;https://github.com/0x00-0x00/ShellPop;2018-05-18 00:00:00;75;Tobias Michalski;HKTL;4a67d90418dcdab0517a990ebe007e6c HKTL_shellpop_Powershell_TCP;Detects malicious powershell;https://github.com/0x00-0x00/ShellPop;2018-05-18 00:00:00;75;Tobias Michalski;HKTL;6d553713422049bf023e72f31389fec6 HKTL_shellpop_Python;Detects malicious python shell;https://github.com/0x00-0x00/ShellPop;2018-05-18 00:00:00;75;Tobias Michalski;HKTL,SCRIPT;e6dff79aa25dfae3ae3ed3f18cd01a8a HKTL_shellpop_TCLsh;Detects suspicious TCLsh popshell;https://github.com/0x00-0x00/ShellPop;2018-05-18 00:00:00;75;Tobias Michalski;HKTL;a17d4faead0ca2c3f967c0ad6fcd74c4 HKTL_shellpop_Telnet_TCP;Detects malicious telnet shell;https://github.com/0x00-0x00/ShellPop;2018-05-18 00:00:00;75;Tobias Michalski;HKTL;a900e181c91fde4e7a61f3bc48897ac7 HKTL_shellpop_awk;Detects suspicious AWK Shellpop;https://github.com/0x00-0x00/ShellPop;2018-05-18 00:00:00;75;Tobias Michalski;HKTL;f13a77ca8c482d7d79c3758dfec85a76 HKTL_shellpop_netcat;Detects suspcious netcat shellpop;https://github.com/0x00-0x00/ShellPop;2018-05-18 00:00:00;75;Tobias Michalski;HKTL;4ae3f2588e5d6a0ba293521ea1f928e4 HKTL_shellpop_ruby;Detects suspicious ruby shellpop;https://github.com/0x00-0x00/ShellPop;2018-05-18 00:00:00;75;Tobias Michalski;HKTL;09f35a5a9c86c0ba7211144ac044393e HKTL_shellpop_socat;Detects suspicious socat popshell;https://github.com/0x00-0x00/ShellPop;2018-05-18 00:00:00;75;Tobias Michalski;HKTL;e20bc3677fda7e480368a35b32f0f365 HScan_v1_20_PipeCmd;Chinese Hacktool Set - file PipeCmd.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;78dffe7bc36704a324aaa2ab113cab11 HScan_v1_20_hscan;Chinese Hacktool Set - file hscan.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;57bcb3432ab195c4334f510fb48720c7 HTA_Embedded;Detects an embedded HTA file;https://twitter.com/msftmmpc/status/877396932758560768;2017-06-21 00:00:00;50;Florian Roth;;f30542960e1d8208ff631623e25e0839 HTA_with_WScript_Shell;Detects WScript Shell in HTA;https://twitter.com/msftmmpc/status/877396932758560768;2017-06-21 00:00:00;80;Florian Roth;;14bdadb231881f3fe7e0fdd15f1f3b9a HTKL_BlackBone_DriverInjector;Detects BlackBone Driver injector;https://github.com/DarthTon/Blackbone;2018-09-11 00:00:00;60;Florian Roth;EXE,FILE,HKTL;8c8f2fc700ac026c8cf3e94354e2ed82 HTTPSCANNER;Chinese Hacktool Set - file HTTPSCANNER.EXE;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;3026b737f4e09a512a07653b69c3eace HYTop2006_rar_Folder_2006;Webshells Auto-generated - file 2006.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;da24bab15e1377bca46e329bfb75bc09 HYTop2006_rar_Folder_2006X2;Webshells Auto-generated - file 2006X2.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;0c1ddfe1cad9165623c985954d29bb57 HYTop2006_rar_Folder_2006X;Webshells Auto-generated - file 2006X.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;36040b91854ec313820099ba69c2215a HYTop2006_rar_Folder_2006Z;Webshells Auto-generated - file 2006Z.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;a1962038ea977bb14b735d8b5974cdd0 HYTop_AppPack_2005;Webshells Auto-generated - file 2005.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;f5cb6e080bfe294a10c50d62f6dfd270 HYTop_CaseSwitch_2005;Webshells Auto-generated - file 2005.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;8d181359912086a28c87b47fac50757c HYTop_DevPack_2005;Webshells Auto-generated - file 2005.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;748922ce8621e44385d2fef31f67e551 HYTop_DevPack_2005Red;Webshells Auto-generated - file 2005Red.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;d6e22e53c10cd5283fdcb8493769c0dc HYTop_DevPack_config;Webshells Auto-generated - file config.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;5000cb7793cb1336167fb210c3fc98e4 HYTop_DevPack_fso;Webshells Auto-generated - file fso.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;c6d14d695629fc4346190b4a7f4cea5a HYTop_DevPack_server;Webshells Auto-generated - file server.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;25db6785ca701d752af51049eda12e19 HYTop_DevPack_upload;Webshells Auto-generated - file upload.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;16da3d9a93bb30a6fac46f236a188dd4 HackTool_Producers;Hacktool Producers String;-;1970-01-01 01:00:00;50;Florian Roth (auto-filled);EXE,EXTVAR,FILE,HKTL;a636a8943abc6048126d4112cfa5dd62 HackTool_Samples;Hacktool;-;1970-01-01 01:00:00;50;Florian Roth (auto-filled);HKTL;4d5088e4cf37ed47dec8d6600d5e82c7 HackingTeam_Elevator_EXE;Hacking Team Disclosure Sample - file elevator.exe;Hacking Team Disclosure elevator.c;2015-07-07 00:00:00;70;Florian Roth;EXE,FILE;56c349f7bfa6d5269c87fff3892ce72b Hackingteam_Elevator_DLL;Hacking Team Disclosure Sample - file elevator.dll;http://t.co/EG0qtVcKLh;2015-07-07 00:00:00;70;Florian Roth;EXE,FILE;bd9c1be1e921b6957139fc26ec5733c9 Hacktool_Strings_p0wnedShell;p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedShell.cs;https://github.com/Cn33liz/p0wnedShell;2017-01-14 00:00:00;75;Florian Roth;HKTL;bb4a6e97b2e41ca757f1cfef53778bad Hacktool_This_Cruft;Detects string 'This cruft' often used in hack tools like netcat or cryptcat and also mentioned in Project Sauron report;https://goo.gl/eFoP4A;2016-08-08 00:00:00;60;Florian Roth;EXE,FILE,HKTL;6c84bc98b3fdf8f6b28acb59b6f2d734 Hacktools_CN_445_cmd;Disclosed hacktool set - file cmd.bat;-;2014-11-17 00:00:00;60;Florian Roth;FILE,HKTL;76ecaec2e7d5176644cca8e7f646958f Hacktools_CN_Burst_Blast;Disclosed hacktool set - file Blast.bat;-;2014-11-17 00:00:00;60;Florian Roth;HKTL;a0f3f5373501db261a16e37614900070 Hacktools_CN_Burst_Clear;Disclosed hacktool set - file Clear.bat;-;2014-11-17 00:00:00;60;Florian Roth;HKTL;884a3f6e94f08dd236009b7923878df6 Hacktools_CN_Burst_Start;Disclosed hacktool set - file Start.bat - DoS tool;-;2014-11-17 00:00:00;60;Florian Roth;HKTL;99da0cf9327036ccf2b660aaa3613657 Hacktools_CN_Burst_Thecard;Disclosed hacktool set - file Thecard.bat;-;2014-11-17 00:00:00;60;Florian Roth;HKTL;9766cdea682cce09fad700844716291f Hacktools_CN_Burst_pass;Disclosed hacktool set - file pass.txt;-;2014-11-17 00:00:00;60;Florian Roth;HKTL;3f8d389905d458d1561199db8a3c47f8 Hacktools_CN_Burst_sql;Disclosed hacktool set - file sql.exe;-;2014-11-17 00:00:00;60;Florian Roth;HKTL;8ed9596e0ea59e7312c7545349bccf20 Hacktools_CN_GOGOGO_Bat;Disclosed hacktool set - file GOGOGO.bat;-;2014-11-17 00:00:00;60;Florian Roth;HKTL;8fd012883c919042404c3a76a688d2c0 Hacktools_CN_Http;Disclosed hacktool set - file Http.exe;-;2014-11-17 00:00:00;60;Florian Roth;HKTL;bcb41e6687608e9529ec19ce9a9d1901 Hacktools_CN_JoHor_Posts_Killer;Disclosed hacktool set - file JoHor_Posts_Killer.exe;-;2014-11-17 00:00:00;60;Florian Roth;HKTL;8153098a93d05ded4a2fe1f0c579a742 Hacktools_CN_Panda_445;Disclosed hacktool set - file 445.rar;-;2014-11-17 00:00:00;60;Florian Roth;CHINA,HKTL;b32cf7bc389ff0184f5474078059bfcc Hacktools_CN_Panda_445TOOL;Disclosed hacktool set - file 445TOOL.rar;-;2014-11-17 00:00:00;60;Florian Roth;CHINA,HKTL;1e70e1870931db4e79da096edd296a47 Hacktools_CN_Panda_Burst;Disclosed hacktool set - file Burst.rar;-;2014-11-17 00:00:00;60;Florian Roth;CHINA,HKTL;d8b36a6f75992cfdd272877952a9dae8 Hacktools_CN_Panda_tasksvr;Disclosed hacktool set - file tasksvr.exe;-;2014-11-17 00:00:00;60;Florian Roth;CHINA,HKTL;6aeb6b7378e79b09ff0c3714096bffc2 Hacktools_CN_Panda_tesksd;Disclosed hacktool set - file tesksd.jpg;-;2014-11-17 00:00:00;60;Florian Roth;CHINA,HKTL;9ed360c83601611c077c544e7d694761 Hacktools_CN_Scan_BAT;Disclosed hacktool set - file scan.bat;-;2014-11-17 00:00:00;60;Florian Roth;HKTL;229cf2ee3796b8550ce6d515bcc05379 Hacktools_CN_WinEggDrop;Disclosed hacktool set - file s.exe;-;2014-11-17 00:00:00;60;Florian Roth;HKTL;19b36981cee7c13dd393bb4cb6426557 HawkEye_Keylogger_Feb18_1;Detects HawkEye keylogger variante observed in February 2018;https://app.any.run/tasks/ae2521dd-61aa-4bc7-b0d8-8c85ddcbfcc9;2018-02-12 00:00:00;75;Florian Roth;EXE,FILE,HKTL;71cd95d98cd9b233bd6a88a9362ff61f HawkEye_PHP_Panel;Detects HawkEye Keyloggers PHP Panel;-;2014-12-14 00:00:00;60;Florian Roth;HKTL,WEBSHELL;6afd5d0d01337139d808fa669b16701b Hermes2_1;Detects Hermes Ransomware as used in BAE report on FEIB;https://baesystemsai.blogspot.de/2017/10/taiwan-heist-lazarus-tools.html;2017-10-11 00:00:00;75;BAE;CRIME,EXE,FILE,MAL,RANSOM;937be2f1171c37c98c6255f5762bc9ff HiddenCobra_BANKSHOT_Gen;Detects Hidden Cobra BANKSHOT trojan;https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity;2017-12-26 00:00:00;75;Florian Roth;EXE,FILE,GEN,NK;c805c0b9735b2e541e02273a9b4bde2e HiddenCobra_FallChill_1;Auto-generated rule - file a606716355035d4a1ea0b15f3bee30aad41a2c32df28c2d468eafd18361d60d6;https://www.us-cert.gov/ncas/alerts/TA17-318A;2017-11-15 00:00:00;75;Florian Roth;EXE,FILE,NK;7ab0d825c7e039bbba73d37ee0194a20 HiddenCobra_FallChill_2;Auto-generated rule - file 0a118eb23399000d148186b9079fa59caf4c3faa7e7a8f91533e467ac9b6ff41;https://www.us-cert.gov/ncas/alerts/TA17-318A;2017-11-15 00:00:00;75;Florian Roth;EXE,FILE,NK;c3f6bc1bd7e8678b9bc54e518cd3be8b HiddenCobra_Rule_1;Detects Hidden Cobra Malware;https://www.us-cert.gov/ncas/alerts/TA17-164A;2017-06-13 00:00:00;75;US CERT;MAL,NK;192d2d7d294c49a58fe9502d75c15811 HiddenCobra_Rule_3;Detects Hidden Cobra Malware;https://www.us-cert.gov/ncas/alerts/TA17-164A;2017-06-13 00:00:00;75;US CERT;MAL,NK;73f6dc36836f7f4313771243a0c4e7f1 HiddenCobra_r4_wiper_1;Detects HiddenCobra Wiper;https://www.us-cert.gov/sites/default/files/publications/MAR-10135536.11.WHITE.pdf;2017-12-12 00:00:00;75;NCCIC Partner;EXE,FILE,NK;153f4da40245946b0daff8957e56fabb HiddenCobra_r4_wiper_2;Detects HiddenCobra Wiper;https://www.us-cert.gov/sites/default/files/publications/MAR-10135536.11.WHITE.pdf;2017-12-12 00:00:00;75;NCCIC Partner;EXE,FILE,NK;09d2f319f06557337e8f2ca2bc68ed22 HoneyBee_Dropper_MalDoc;Detects samples from Operation Honeybee;https://goo.gl/JAHZVL;2018-03-03 00:00:00;75;Florian Roth;FILE,MAL;29d1b5c8ab49aaeb6b5f27dcbaf6f555 HttpBrowser_RAT_Gen;Threat Group 3390 APT Sample - HttpBrowser RAT Generic;http://snip.ly/giNB;2015-08-06 00:00:00;90;Florian Roth;APT,EXE,FILE,GEN,MAL;0a8f2a2a0f107737986499287f983f53 HttpBrowser_RAT_Sample1;Threat Group 3390 APT Sample - HttpBrowser RAT Sample update.hancominc.com;http://snip.ly/giNB;2015-08-06 00:00:00;80;Florian Roth;APT,EXE,FILE,MAL;8cedf5b8a1bf22758d20e2114be87708 HttpBrowser_RAT_Sample2;Threat Group 3390 APT Sample - HttpBrowser RAT Sample;http://snip.ly/giNB;2015-08-06 00:00:00;80;Florian Roth;APT,EXE,FILE,MAL;ae192c0b376d8e405f53b48a8f492d4d HttpBrowser_RAT_dropper_Gen1;Threat Group 3390 APT Sample - HttpBrowser RAT Dropper;http://snip.ly/giNB;2015-08-06 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL;8b342ec50cc8e1ce7f6beeee253fc2e4 HttpBrowser_RAT_dropper_Gen2;Threat Group 3390 APT Sample - HttpBrowser RAT Dropper;http://snip.ly/giNB;2015-08-06 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL;b2d8dbeb89cd64c2e9c6cab362655918 IDTools_For_WinXP_IdtTool;Chinese Hacktool Set - file IdtTool.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;950abb138df278ba8ce65424df409daf IDTools_For_WinXP_IdtTool_2;Chinese Hacktool Set - file IdtTool.sys;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;9aeadab485566a8f4253e441d7febc82 IISPutScanner;Chinese Hacktool Set - file IISPutScanner.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;f42ccf0be8b1e856a7daa5ec6b4dd6fc IISPutScannesr;Chinese Hacktool Set - file IISPutScannesr.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;e4a5940830f463bee658bdba9f39d559 IMPLANT_10_v2;CozyDuke / CozyCar / CozyBear Implant by APT29;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;6cba89c6e422c5d3d225fa1db24aa084 IMPLANT_1_v1;Downrage Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;13e44d3f9f9c34807f5fd863e20479f3 IMPLANT_1_v2;Downrage Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;f14875543cbb0e586ddea978e6199870 IMPLANT_1_v3;Downrage Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;25b466eb2204fb2ae7a0e1d87f26ea13 IMPLANT_1_v4;Downrage Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;efe22cd7a541213887f0b67016c015e7 IMPLANT_1_v5;Downrage Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;a98d4678afae075e31bb0ca4bb8bcb78 IMPLANT_1_v7;Downrage Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;6d646f58a097a243eb873988d3024587 IMPLANT_2_v10;CORESHELL/SOURFACE Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;e4c0a2365583d7ae2bd491320c00fae1 IMPLANT_2_v11;CORESHELL/SOURFACE Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;6e07661f66f4f0cb14974f06980a6f64 IMPLANT_2_v12;CORESHELL/SOURFACE Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;965d8a562a80ff53eba1ddfa8f3add76 IMPLANT_2_v13;CORESHELL/SOURFACE Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;e4c0a2365583d7ae2bd491320c00fae1 IMPLANT_2_v14;CORESHELL/SOURFACE Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;28bb907a3cbfa5bdbebc97a4c358cc7e IMPLANT_2_v15;CORESHELL/SOURFACE Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;ac5b18fc969ae1e07ea3b778a83d1dda IMPLANT_2_v16;CORESHELL/SOURFACE Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;d9a4e8aa7d9cb2afb222db6a4ad28c16 IMPLANT_2_v17;CORESHELL/SOURFACE Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;a40f1e5f14add1d04a59bdd2369e34d8 IMPLANT_2_v18;CORESHELL/SOURFACE Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;a3b85933b6c4721908e4879103db9849 IMPLANT_2_v19;CORESHELL/SOURFACE Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;615ddbfcf6a2507c309774c46969860c IMPLANT_2_v1;CORESHELL/SOURFACE Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;8347799f4984f532dd6fbffd0d81dd59 IMPLANT_2_v20;CORESHELL/SOURFACE Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;51ef682ace710c59853ce43c2b3772a3 IMPLANT_2_v2;CORESHELL/SOURFACE Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;e4c0a2365583d7ae2bd491320c00fae1 IMPLANT_2_v3;CORESHELL/SOURFACE Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;a8e197f48034c0898c38376cebadd378 IMPLANT_2_v4;CORESHELL/SOURFACE Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;6e07661f66f4f0cb14974f06980a6f64 IMPLANT_2_v5;CORESHELL/SOURFACE Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;965d8a562a80ff53eba1ddfa8f3add76 IMPLANT_2_v6;CORESHELL/SOURFACE Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;dadff5ff640e4a5327bbaa5d10749f92 IMPLANT_2_v7;CORESHELL/SOURFACE Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;2f6428f0769689187689eb8d0bd5eef7 IMPLANT_2_v8;CORESHELL/SOURFACE Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;28bb907a3cbfa5bdbebc97a4c358cc7e IMPLANT_2_v9;CORESHELL/SOURFACE Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;acfb8be0cbbb4727e12e7510e901b672 IMPLANT_3_v1;X-Agent/CHOPSTICK Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,RUSSIA;6fa77568add47319ec2952ec54e68b5f IMPLANT_3_v2;X-Agent/CHOPSTICK Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;f2a148ba07e7a8eaf23e79de3657207c IMPLANT_3_v3;X-Agent/CHOPSTICK Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;79df08800fd05e0cfd619df1b57c4e21 IMPLANT_4_v10;BlackEnergy / Voodoo Bear Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;76e30591472d73da92a25bb19bd86c3d IMPLANT_4_v11;BlackEnergy / Voodoo Bear Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;c5a63ea8a25f1dee23faaaa077711d30 IMPLANT_4_v13;BlackEnergy / Voodoo Bear Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;e84cc133f0ce0f1f5d866afe1775a450 IMPLANT_4_v1;BlackEnergy / Voodoo Bear Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;fb840080d38aea8a4c90974c63d729c0 IMPLANT_4_v2;BlackEnergy / Voodoo Bear Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;750956a380b75925e9d8a0f2f79767b5 IMPLANT_4_v3_AlternativeRule;BlackEnergy / Voodoo Bear Implant by APT28;US CERT Grizzly Steppe Report;2017-02-12 00:00:00;75;Florian Roth;APT,EXE,FILE,RUSSIA;0bb9d02ef10b941dc572e513bacd91d8 IMPLANT_4_v4;BlackEnergy / Voodoo Bear Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;6544c4cf536807978a5949ddfcfae9d8 IMPLANT_4_v5;BlackEnergy / Voodoo Bear Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;0e6c1fee2847ec224c36eaf1a53495e3 IMPLANT_4_v7;BlackEnergy / Voodoo Bear Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;b5b64ef96be5b89c6814beaeac56b1f8 IMPLANT_4_v8;BlackEnergy / Voodoo Bear Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,RUSSIA;0b3ce34ba581c01c9940847bc516ae8f IMPLANT_4_v9;BlackEnergy / Voodoo Bear Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,RUSSIA;0ebf1d5bead715d9b832e475bf58e0f0 IMPLANT_5_v1;XTunnel Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,RUSSIA;ca13bf4063f2c823ab5b25ac1f05aaa4 IMPLANT_5_v2;XTunnel Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,RUSSIA;39eb6b3c5972083b00b6402d9dd6e67d IMPLANT_5_v3;XTunnel Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,RUSSIA;626e936bfee7340a2150ffbc1344f34a IMPLANT_5_v4;XTunnel Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,RUSSIA;d4678bab3784b7664a62636b38fec8df IMPLANT_6_v1;Sednit / EVILTOSS Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;4392fa953a93a065748803b75e4048af IMPLANT_6_v2;Sednit / EVILTOSS Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;339cbebc51fb082776d5971fd1bd76b4 IMPLANT_6_v3;Sednit / EVILTOSS Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;c0b0b74701f290319007ddf8554aeefa IMPLANT_6_v4;Sednit / EVILTOSS Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;50a431669aa2212f8b5b0aba5d809697 IMPLANT_6_v5;Sednit / EVILTOSS Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;7c34bc08460d4ff9c0063146f609b8ba IMPLANT_6_v6;Sednit / EVILTOSS Implant by APT28;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;b80e253e49cc11187824310baae04cd7 IMPLANT_7_v1;Implant 7 by APT29;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;c7819d6781fc33bda36fab02c5458f7a IMPLANT_8_v1;HAMMERTOSS / HammerDuke Implant by APT29;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;65;US CERT;APT,FILE,RUSSIA;b5dfb5adc530f1271fa783bff7275b2f IMPLANT_9_v1;Onion Duke Implant by APT29;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,FILE,RUSSIA;c7e3a4122634e9a7f6bdf0b5c2b14cbe IP_Stealing_Utilities;Auto-generated rule on file IP Stealing Utilities.exe;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator by Florian Roth;HKTL;367b0b4c66b040c6f45215ea17045e90 IceFog_Malware_Feb18_1;Detects IceFog malware;https://twitter.com/ClearskySec/status/968104465818669057;2018-02-26 00:00:00;75;Florian Roth;EXE,FILE,MAL;de5380f0d6d32d59c4f94a3020ca072c Impacket_Keyword;Detects Impacket Keyword in Executable;Internal Research;2017-08-04 00:00:00;60;Florian Roth;EXE,FILE,HKTL;4cba52d46a6c9b618a814217084659cc Impacket_Lateral_Movement;Detects Impacket Network Aktivity for Lateral Movement;https://github.com/CoreSecurity/impacket;2018-03-22 00:00:00;60;Markus Neis;EXE,FILE;3c01b9435d3d523d1a0c3810225c9d5d Impacket_Tools_Generic_1;Compiled Impacket Tools;https://github.com/maaaaz/impacket-examples-windows;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE,GEN;752c3234f23dafbc777de088ea5c362a Impacket_Tools_atexec;Compiled Impacket Tools;https://github.com/maaaaz/impacket-examples-windows;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE;3b367a5f7a76e0f5e91a206f5eaac957 Impacket_Tools_esentutl;Compiled Impacket Tools;https://github.com/maaaaz/impacket-examples-windows;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE;e741c8017df9a7f359ab553a487a4969 Impacket_Tools_goldenPac;Compiled Impacket Tools;https://github.com/maaaaz/impacket-examples-windows;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE;9cd96d037e21f0e56a591e90a3d32777 Impacket_Tools_ifmap;Compiled Impacket Tools;https://github.com/maaaaz/impacket-examples-windows;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE;3d5ab83b07fe194d79cb91f48d219932 Impacket_Tools_lookupsid;Compiled Impacket Tools;https://github.com/maaaaz/impacket-examples-windows;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE;099abe272f1f4f38f63f5940d46ace4b Impacket_Tools_mimikatz;Compiled Impacket Tools;https://github.com/maaaaz/impacket-examples-windows;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE;7f62c6e0fe87b53de0476abab475e3c5 Impacket_Tools_mmcexec;Compiled Impacket Tools;https://github.com/maaaaz/impacket-examples-windows;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE;857f31811354d2f9596adb3a9340cb1e Impacket_Tools_netview;Compiled Impacket Tools;https://github.com/maaaaz/impacket-examples-windows;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE;65e85c10b30e3ac7993b9e16ccbb2626 Impacket_Tools_opdump;Compiled Impacket Tools;https://github.com/maaaaz/impacket-examples-windows;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE;119f3e401c8a9daef44f2681d527f86b Impacket_Tools_psexec;Compiled Impacket Tools;https://github.com/maaaaz/impacket-examples-windows;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE;002228094a299d2fd9a38a5ebee4e8a9 Impacket_Tools_rpcdump;Compiled Impacket Tools;https://github.com/maaaaz/impacket-examples-windows;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE;7e7a35ee6029c30299b6975278e407c8 Impacket_Tools_secretsdump;Compiled Impacket Tools;https://github.com/maaaaz/impacket-examples-windows;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE;8949ccb9e0a4e7f0a3a71f9b374bdb52 Impacket_Tools_smbexec;Compiled Impacket Tools;https://github.com/maaaaz/impacket-examples-windows;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE;4b15ba763aee4a637c946c50161e95cf Impacket_Tools_smbrelayx;Compiled Impacket Tools;https://github.com/maaaaz/impacket-examples-windows;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE;9e99d921d1b8c832d88041da447c3089 Impacket_Tools_smbtorture;Compiled Impacket Tools;https://github.com/maaaaz/impacket-examples-windows;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE;9999e1f8392c0e05f54d846b3a6a458f Impacket_Tools_sniff;Compiled Impacket Tools;https://github.com/maaaaz/impacket-examples-windows;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE;6aafe17062bcf2aaa3f5dd5e9cdbd1a1 Impacket_Tools_sniffer;Compiled Impacket Tools;https://github.com/maaaaz/impacket-examples-windows;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE;d057a3d9f361df652943973e264c2526 Impacket_Tools_tracer;Compiled Impacket Tools;https://github.com/maaaaz/impacket-examples-windows;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE;a9160c997fbd60d2a45987a30d56b968 Impacket_Tools_wmiexec;Compiled Impacket Tools;https://github.com/maaaaz/impacket-examples-windows;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE;f9cbdb578991f08080256653d6606f83 Impacket_Tools_wmipersist;Compiled Impacket Tools;https://github.com/maaaaz/impacket-examples-windows;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE;a74782085f2f6709e64ac5e99b402551 Impacket_Tools_wmiquery;Compiled Impacket Tools;https://github.com/maaaaz/impacket-examples-windows;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE;965594c199c2279f786f8b76539e07cb Imphash_Malware_2_TA17_293A;Detects malware based on Imphash of malware used in TA17-293A;https://www.us-cert.gov/ncas/alerts/TA17-293A;2017-10-21 00:00:00;75;Florian Roth;EXE,FILE,MAL;16fbc1efbb567029ac6c5d41a6e1b7b0 Imphash_UPX_Packed_Malware_1_TA17_293A;Detects malware based on Imphash of malware used in TA17-293A;https://www.us-cert.gov/ncas/alerts/TA17-293A;2017-10-21 00:00:00;75;Florian Roth;EXE,FILE,MAL;f46a879344bf8363971337532a15b20c Indetectables_RAT;Detects Indetectables RAT based on strings found in research by Paul Rascagneres & Ronan Mouchoux;http://www.sekoia.fr/blog/when-a-brazilian-string-smells-bad/;2015-10-01 00:00:00;75;Florian Roth;EXE,FILE,MAL;38e427f07be5fb2a53844f0b6de008e9 Industroyer_Malware_1;Detects Industroyer related malware;https://goo.gl/x81cSy;2017-06-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;3966d7bde9684b2e7f9545d6f419f55b Industroyer_Malware_2;Detects Industroyer related malware;https://goo.gl/x81cSy;2017-06-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;6149b4f102b3e49c8c09b1548cbc97fd Industroyer_Malware_4;Detects Industroyer related malware;https://goo.gl/x81cSy;2017-06-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;de708439171fb45cddb5e3eeef7d373a Industroyer_Malware_5;Detects Industroyer related malware;https://goo.gl/x81cSy;2017-06-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;29d80ef09b2ed59741953462e6f50a90 Industroyer_Portscan_3;Detects Industroyer related custom port scaner;https://goo.gl/x81cSy;2017-06-13 00:00:00;75;Florian Roth;EXE,FILE;ce1b1e4b41117d92ba4e449478a45b82 Industroyer_Portscan_3_Output;Detects Industroyer related custom port scaner output file;https://goo.gl/x81cSy;2017-06-13 00:00:00;75;Florian Roth;;71a54e0dd41891a6722de498635e35b2 InjectionParameters;Chinese Hacktool Set - file InjectionParameters.vb;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;26a053e1abd98fb72563cdd675624229 InstGina;Disclosed hacktool set (old stuff) - file InstGina.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;9c3bbc25ead31913bd57abb3f0bd5a55 Invoke_Metasploit;Detects Invoke-Metasploit Payload;https://github.com/jaredhaight/Invoke-MetasploitPayload/blob/master/Invoke-MetasploitPayload.ps1;2017-09-23 00:00:00;75;Florian Roth;HKTL,METASPLOIT;72b357bde2605ade189a08a08e4a350d Invoke_Mimikatz;Detects Invoke-Mimikatz String;https://github.com/clymb3r/PowerShell/tree/master/Invoke-Mimikatz;2016-08-03 00:00:00;75;Florian Roth;;0fa508a3ba50e082c0ca194319a5e9de Invoke_OSiRis;Osiris Device Guard Bypass - file Invoke-OSiRis.ps1;Internal Research;2017-03-27 00:00:00;75;Florian Roth;;9a8436277af07f6ad501e8784ccedfe8 Invoke_PSImage;Detects a command to execute PowerShell from String;https://github.com/peewpw/Invoke-PSImage;2017-12-16 00:00:00;75;Florian Roth;SCRIPT;fa87ad2742d0232286d64da0b74c8371 Invoke_SMBExec;Detects Invoke-WmiExec or Invoke-SmbExec;https://github.com/Kevin-Robertson/Invoke-TheHash;2017-06-14 00:00:00;75;Florian Roth;;a2e4a70fd04d68b87334e43737e46318 Invoke_SMBExec_Invoke_WMIExec_1;Auto-generated rule - from files Invoke-SMBExec.ps1, Invoke-WMIExec.ps1;https://github.com/Kevin-Robertson/Invoke-TheHash;2017-06-14 00:00:00;75;Florian Roth;;029645dc82fd3fae36789635e19def06 Invoke_WMIExec_Gen;Auto-generated rule - from files Invoke-SMBClient.ps1, Invoke-SMBExec.ps1, Invoke-WMIExec.ps1, Invoke-WMIExec.ps1;https://github.com/Kevin-Robertson/Invoke-TheHash;2017-06-14 00:00:00;75;Florian Roth;GEN;001e9c94c3e51137b38e6211cf602a27 Invoke_WMIExec_Gen_1;Detects Invoke-WmiExec or Invoke-SmbExec;https://github.com/Kevin-Robertson/Invoke-TheHash;2017-06-14 00:00:00;75;Florian Roth;GEN;976960adf81103acb127599a8a4a26f5 Invoke_mimikittenz;Detects Mimikittenz - file Invoke-mimikittenz.ps1;https://github.com/putterpanda/mimikittenz;2016-07-19 00:00:00;90;Florian Roth;FILE;ad7ae071e1bd371cda7dde6b8e825f10 IronGate_APT_Step7ProSim_Gen;Detects IronGate APT Malware - Step7ProSim DLL;https://goo.gl/Mr6M2J;2016-06-04 00:00:00;90;Florian Roth;APT,EXE,FILE,GEN,MAL;38328b3f4797da32e1acfc1e2928e927 IronGate_PyInstaller_update_EXE;Detects a PyInstaller file named update.exe as mentioned in the IronGate APT;https://goo.gl/Mr6M2J;2016-06-04 00:00:00;60;Florian Roth;APT,EXE,FILE;8667f454f4c05442ab6e5a122f650b1a IronPanda_DNSTunClient;Iron Panda malware DnsTunClient - file named.exe;https://goo.gl/E4qia9;2015-09-16 00:00:00;80;Florian Roth;CHINA,EXE,FILE;08b505078c843ba1db1837e0f25c410a IronPanda_Malware1;Iron Panda Malware;https://goo.gl/E4qia9;2015-09-16 00:00:00;75;Florian Roth;CHINA,EXE,FILE,MAL;11de9f582ba4d3d6694c5ca9555194b7 IronPanda_Malware2;Iron Panda Malware;https://goo.gl/E4qia9;2015-09-16 00:00:00;75;Florian Roth;CHINA,EXE,FILE,MAL;478523e2ee451a9a7344f36da5341f4b IronPanda_Malware3;Iron Panda Malware;https://goo.gl/E4qia9;2015-09-16 00:00:00;75;Florian Roth;CHINA,EXE,FILE,MAL;bfa3859a2f065f646a5f15a603204572 IronPanda_Malware4;Iron Panda Malware;https://goo.gl/E4qia9;2015-09-16 00:00:00;75;Florian Roth;CHINA,EXE,FILE,MAL;8673cb97d8ab4266fec94f56deb2025c IronPanda_Malware_Htran;Iron Panda Malware Htran;https://goo.gl/E4qia9;2015-09-16 00:00:00;75;Florian Roth;CHINA,EXE,FILE,MAL;b38b00ef7f406bb84097167a2512cdd1 IronPanda_Webshell_JSP;Iron Panda Malware JSP;https://goo.gl/E4qia9;2015-09-16 00:00:00;75;Florian Roth;CHINA,MAL,WEBSHELL;5b4b7c61818bc8ad0b7ee6d4cd4a7f7f IronTiger_ASPXSpy;ASPXSpy detection. It might be used by other fraudsters;http://goo.gl/T5fSJC;1970-01-01 01:00:00;75;Cyber Safety Solutions, Trend Micro;;567f1e4f0656f6a944a1176bc28df52a IronTiger_ChangePort_Toolkit_ChangePortExe;Iron Tiger Malware - Toolkit ChangePort;http://goo.gl/T5fSJC;1970-01-01 01:00:00;75;Cyber Safety Solutions, Trend Micro;EXE,FILE,INDIA,MAL;10c2f63a9609edbdc0210ea9db527377 IronTiger_ChangePort_Toolkit_driversinstall;Iron Tiger Malware - Changeport Toolkit driverinstall;http://goo.gl/T5fSJC;1970-01-01 01:00:00;75;Cyber Safety Solutions, Trend Micro;EXE,FILE,INDIA,MAL;18a6e50c1df7d3b25734ba0755796db8 IronTiger_EFH3_encoder;Iron Tiger EFH3 Encoder;http://goo.gl/T5fSJC;1970-01-01 01:00:00;75;Cyber Safety Solutions, Trend Micro;EXE,FILE,INDIA;f732e241ea4fe85f8c3771e63a8f56ec IronTiger_GTalk_Trojan;Iron Tiger Malware - GTalk Trojan;http://goo.gl/T5fSJC;1970-01-01 01:00:00;75;Cyber Safety Solutions, Trend Micro;EXE,FILE,INDIA,MAL;33b8b7b9d5d6f6670fec37b4a8ab98ea IronTiger_GetPassword_x64;Iron Tiger Malware - GetPassword x64;http://goo.gl/T5fSJC;1970-01-01 01:00:00;75;Cyber Safety Solutions, Trend Micro;EXE,FILE,INDIA,MAL;6ae7de7140982363cf322180222cdc52 IronTiger_Gh0stRAT_variant;This is a detection for a s.exe variant seen in Op. Iron Tiger;http://goo.gl/T5fSJC;1970-01-01 01:00:00;75;Cyber Safety Solutions, Trend Micro;EXE,EXTVAR,FILE,INDIA;62bb6185fe78522f126be78226b78add IronTiger_HTTP_SOCKS_Proxy_soexe;Iron Tiger Toolset - HTTP SOCKS Proxy soexe;http://goo.gl/T5fSJC;1970-01-01 01:00:00;75;Cyber Safety Solutions, Trend Micro;EXE,FILE,HKTL,INDIA;7054a58e81065405f247dfe385511c35 IronTiger_NBDDos_Gh0stvariant_dropper;Iron Tiger Malware - NBDDos Gh0stvariant Dropper;http://goo.gl/T5fSJC;1970-01-01 01:00:00;75;Cyber Safety Solutions, Trend Micro;EXE,FILE,INDIA,MAL;1dd38542e223729f1986336fe40e2d4e IronTiger_PlugX_DosEmulator;Iron Tiger Malware - PlugX DosEmulator;http://goo.gl/T5fSJC;1970-01-01 01:00:00;75;Cyber Safety Solutions, Trend Micro;EXE,FILE,INDIA,MAL;29f8c003348899cddf4b1c4ca5906433 IronTiger_PlugX_FastProxy;Iron Tiger Malware - PlugX FastProxy;http://goo.gl/T5fSJC;1970-01-01 01:00:00;75;Cyber Safety Solutions, Trend Micro;EXE,FILE,HKTL,INDIA,MAL;ecaa9b0f19db4e9cf57069c032a09341 IronTiger_PlugX_Server;Iron Tiger Malware - PlugX Server;http://goo.gl/T5fSJC;1970-01-01 01:00:00;75;Cyber Safety Solutions, Trend Micro;EXE,FILE,INDIA,MAL;d4b7b10e258dbec974b25a69165b2cfd IronTiger_ReadPWD86;Iron Tiger Malware - ReadPWD86;http://goo.gl/T5fSJC;1970-01-01 01:00:00;75;Cyber Safety Solutions, Trend Micro;EXE,FILE,INDIA,MAL;ed58c1de9179e94e76c337089abbfdc4 IronTiger_Ring_Gh0stvariant;Iron Tiger Malware - Ring Gh0stvariant;http://goo.gl/T5fSJC;1970-01-01 01:00:00;75;Cyber Safety Solutions, Trend Micro;EXE,FILE,INDIA,MAL;8ed27ccf524f238e77d4d78a16c83af0 IronTiger_dllshellexc2010;dllshellexc2010 Exchange backdoor + remote shell;http://goo.gl/T5fSJC;1970-01-01 01:00:00;75;Cyber Safety Solutions, Trend Micro;EXE,FILE,MAL;95332a7027afc7250f264b4001943d70 IronTiger_dnstunnel;This rule detects a dns tunnel tool used in Operation Iron Tiger;http://goo.gl/T5fSJC;1970-01-01 01:00:00;75;Cyber Safety Solutions, Trend Micro;EXE,FILE,INDIA;a9e32c5e0e5806de9dc374dfaeb4698c IronTiger_wmiexec;Iron Tiger Tool - wmi.vbs detection;http://goo.gl/T5fSJC;1970-01-01 01:00:00;75;Cyber Safety Solutions, Trend Micro;INDIA;1591d900e86fc64549b7cfeadc7d5a19 IsDebug_V1_4;Chinese Hacktool Set - file IsDebug V1.4.dll;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;09baee3cc82c025d555eeb732f6a5cf4 IsmDoor_Jul17_A2;Detects IsmDoor Malware;https://twitter.com/Voulnet/status/892104753295110145;2017-08-01 00:00:00;75;Florian Roth;EXE,FILE,MAL;9024aa46fadddce3072104f6013837ac JSP_Browser_APT_webshell;VonLoesch JSP Browser used as web shell by APT groups - jsp File browser 1.1a;-;2014-10-10 00:00:00;60;Florian Roth;APT,WEBSHELL;97c14840d47a91ac80bcb5dbd6f82dee JSP_jfigueiredo_APT_webshell;JSP Browser used as web shell by APT groups - author: jfigueiredo;http://ceso.googlecode.com/svn/web/bko/filemanager/Browser.jsp;2014-12-10 00:00:00;60;Florian Roth;APT,WEBSHELL;6996bd4798b7bda37d584339f2c5597a JSP_jfigueiredo_APT_webshell_2;JSP Browser used as web shell by APT groups - author: jfigueiredo;http://ceso.googlecode.com/svn/web/bko/filemanager/;2014-12-10 00:00:00;60;Florian Roth;APT,WEBSHELL;2b0f1798ac5409b6a4a997e7a24ac11d JS_Suspicious_MSHTA_Bypass;Detects MSHTA Bypass;https://twitter.com/ItsReallyNick/status/887705105239343104;2017-07-19 00:00:00;70;Florian Roth;SCRIPT;781d13a8c9fdb4c1996a825754adff4a JS_Suspicious_Obfuscation_Dropbox;Detects PowerShell AMSI Bypass;https://twitter.com/ItsReallyNick/status/887705105239343104;2017-07-19 00:00:00;70;Florian Roth;OBFUS,SCRIPT;69550be03dd4caa9cade2b6e4a570dec JavaScript_Run_Suspicious;Detects a suspicious Javascript Run command;https://twitter.com/craiu/status/900314063560998912;2017-08-23 00:00:00;60;Florian Roth;SCRIPT;d05dcd536febf6738cf028f84fa59284 Java_Shell_js;Semi-Auto-generated - file Java Shell.js.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;628ac0a54ad99c19e1d1329d1563e04f Jc_ALL_WinEggDropShell_rar_Folder_Install_2;Disclosed hacktool set (old stuff) - file Install.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;1c949099eccee4e1dbd7fae80dc0d479 Jc_WinEggDrop_Shell;Disclosed hacktool set (old stuff) - file Jc.WinEggDrop Shell.txt;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;a759fcb1522707e516395d8faff1e84c JspWebshell_1_2_jsp;Semi-Auto-generated - file JspWebshell 1.2.jsp.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;ffb152623a412aedd48df3343bc1ac79 KA_uShell;Webshells Auto-generated - file KA_uShell.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;0458e512995804b4b6d6e31fa7ea7972 KHRAT_Malware;Detects an Imphash of KHRAT malware;https://researchcenter.paloaltonetworks.com/2017/08/unit42-updated-khrat-malware-used-in-cambodia-attacks/;2017-08-31 00:00:00;75;Florian Roth;EXE,FILE,MAL;d38075a1976cb952026e204015620408 KINS_DLL_zeus;Match default bot in KINS leaked dropper, Zeus;http://goo.gl/arPhm3;1970-01-01 01:00:00;75;AlienVault Labs aortega@alienvault.com;;785bbfbec966d1c2070045078e1b4204 KINS_dropper;Match protocol, process injects and windows exploit present in KINS dropper;http://goo.gl/arPhm3;1970-01-01 01:00:00;75;AlienVault Labs aortega@alienvault.com;;ad9d4d7c38f4ec21fe75b95fa16f106e KR_Target_Malware_Aug17;Detects malware that targeted South Korea in Aug 2017 - file MRDqsbuEqGxrgqtbXU.exe;https://twitter.com/eyalsela/status/900250203097354240;2017-08-23 00:00:00;75;Florian Roth;EXE,FILE,MAL;39fd33487a3106781f0a7858ba15dbad KasperMalware_Oct17_1;Detects Kasper Backdoor;Internal Research;2017-10-24 00:00:00;75;Florian Roth;EXE,FILE,MAL;c0ce02ce76760d2dd96578f688af2822 KeeTheft_EXE;Detects component of KeeTheft - KeePass dump tool - file KeeTheft.exe;https://github.com/HarmJ0y/KeeThief;2017-08-29 00:00:00;75;Florian Roth;EXE,FILE,HKTL;023264599ccf314f19c3679624433716 KeeTheft_Out_Shellcode;Detects component of KeeTheft - KeePass dump tool - file Out-Shellcode.ps1;https://github.com/HarmJ0y/KeeThief;2017-08-29 00:00:00;75;Florian Roth;HKTL;d24c08205aa10b61f058be56607f5409 KeeThief_PS;Detects component of KeeTheft - KeePass dump tool - file KeeThief.ps1;https://github.com/HarmJ0y/KeeThief;2017-08-29 00:00:00;75;Florian Roth;FILE,HKTL;1dfd6e704652d62558024be4ae61c0bc Kekeo_Hacktool;Detects Kekeo Hacktool;https://github.com/gentilkiwi/kekeo/releases;2017-07-21 00:00:00;75;Florian Roth;EXE,FILE,HKTL;e20502f7bd7ff67ecd64a55da07a2448 KeyBoy_876_0x4e20000;Detects KeyBoy Backdoor;https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/;2018-03-26 00:00:00;75;Markus Neis, Florian Roth;EXE,FILE,MAL;a6cfcbf0019c12adcff8b635b065c966 KeyBoy_InstallClient;Detects KeyBoy InstallClient;https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/;2018-03-26 00:00:00;75;Markus Neis, Florian Roth;EXE,FILE;88df7bec01a7632c0587ceb2d201877b KeyBoy_rasauto;Detects KeyBoy ServiceClient;https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/;2018-03-26 00:00:00;75;Markus Neis, Florian Roth;EXE,FILE;bbea488b3e42de4a6d271ba0729b1f8e KeyBoy_wab32res;Detects KeyBoy Loader wab32res.dll;https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/;2018-03-26 00:00:00;75;Markus Neis, Florian Roth;EXE,FILE;8521077ff91451e4f60b6c25d52b49b1 KeyBoys_malware_1;Detects Keyboys malware;http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-are-back-in-town.html;2017-11-02 00:00:00;75;Florian Roth;EXE,FILE;71450a89b02038c7ffb91077547782fd Keylogger_CN_APT;Keylogger - generic rule for a Chinese variant;-;2016-03-07 00:00:00;75;Florian Roth;APT,CHINA,EXE,FILE,HKTL;c280d93bc11d106aa6f7bb009c8f4c4d KiwiTaskmgr_2;Chinese Hacktool Set - file KiwiTaskmgr.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;f5c086692a803e535d33536be101ebd5 Korplug_FAST;Rule to detect Korplug/PlugX FAST variant;-;2015-08-20 00:00:00;75;Florian Roth;EXE,FILE;fff9eaa3006bd9326cdc446f0b2c4c40 Kraken_Bot_Sample;Kraken Bot Sample - file inf.bin;https://blog.gdatasoftware.com/blog/article/dissecting-the-kraken.html;2015-05-07 00:00:00;90;Florian Roth;EXE,FILE;c0df53d1c30a9f0ada1afddd2232503b Kriskynote_Mar17_1;Detects Kriskynote Malware;Internal Research;2017-03-03 00:00:00;75;Florian Roth;EXE,FILE,MAL;ec66b7b2721175e1a8d474682f096e11 Kriskynote_Mar17_2;Detects Kriskynote Malware;Internal Research;2017-03-03 00:00:00;75;Florian Roth;EXE,FILE,MAL;705712e6a5f5456013df0117ebbe5912 Kriskynote_Mar17_3;Detects Kriskynote Malware;Internal Research;2017-03-03 00:00:00;75;Florian Roth;EXE,FILE,MAL;328ed08b0e7ef903be7d95db642d402c LNK_Malicious_Nov1;Detects a suspicious LNK file;https://www.virustotal.com/en/file/ee069edc46a18698fa99b6d2204895e6a516af1a306ea986a798b178f289ecd6/analysis/;2017-11-06 00:00:00;60;Florian Roth;FILE;e1f4aa99cddc9346e7f704fd5727438c Laudanum_Tools_Generic;Laudanum Injector Tools;http://laudanum.inguardians.com/;2015-06-22 00:00:00;75;Florian Roth;GEN,HKTL,WEBSHELL;53ef2b76836889b4db91fd2bd73873ea Lazagne_PW_Dumper;Detects Lazagne PW Dumper;https://github.com/AlessandroZ/LaZagne/releases/;2018-03-22 00:00:00;70;Markus Neis / Florian Roth;HKTL;d474972f183e90b1502f6a95f2eec61b Lazarus_Dec_17_1;Detects Lazarus malware from incident in Dec 2017;https://goo.gl/8U6fY2;2017-12-20 00:00:00;75;Florian Roth;FILE,NK;88b9ff00d315152b02486a1cc2bf6cbb Lazarus_Dec_17_2;Detects Lazarus malware from incident in Dec 2017;https://goo.gl/8U6fY2;2017-12-20 00:00:00;75;Florian Roth;EXE,FILE,NK;565f5b81028a9aafd2cba6ae1131289b Lazarus_Dec_17_4;Detects Lazarus malware from incident in Dec 2017ithumb.js;https://goo.gl/8U6fY2;2017-12-20 00:00:00;75;Florian Roth;NK;7b9f0eddc2f513deeef53671876616f9 Lazarus_Dec_17_5;Detects Lazarus malware from incident in Dec 2017;https://goo.gl/8U6fY2;2017-12-20 00:00:00;75;Florian Roth;NK;313deaf84e4012c6d9aef4cfcc783830 Leviathan_CobaltStrike_Sample_1;Detects Cobalt Strike sample from Leviathan report;https://goo.gl/MZ7dRg;2017-10-18 00:00:00;75;Florian Roth;EXE,FILE;fcb16c7097fd700ecbf53244e561baa4 LightFTP_Config;Detects a light FTP server - config file;https://github.com/hfiref0x/LightFTP;2015-05-14 00:00:00;75;Florian Roth;FILE;92708cf17ba51fe1329532890b470896 LightFTP_fftp_x86_64;Detects a light FTP server;https://github.com/hfiref0x/LightFTP;2015-05-14 00:00:00;50;Florian Roth;EXE,FILE;adb6da1a73776148193cc66184a329f3 LinuxHacktool_eyes_a;Linux hack tools - file a;not set;2015-01-19 00:00:00;75;Florian Roth;HKTL,LINUX;ce6d21d7c5d0d460e898f74a8ea750d0 LinuxHacktool_eyes_mass;Linux hack tools - file mass;not set;2015-01-19 00:00:00;75;Florian Roth;HKTL,LINUX;0a890ad2583d081e9b0b69f2e1f2500b LinuxHacktool_eyes_pscan2;Linux hack tools - file pscan2;not set;2015-01-19 00:00:00;75;Florian Roth;HKTL,LINUX;038e54d10f23af15056e7a125f7f7e6a LinuxHacktool_eyes_pscan2_2;Linux hack tools - file pscan2.c;not set;2015-01-19 00:00:00;75;Florian Roth;HKTL,LINUX;8bdb7093c18e08b9383d1668b5101f14 LinuxHacktool_eyes_scanssh;Linux hack tools - file scanssh;not set;2015-01-19 00:00:00;75;Florian Roth;HKTL,LINUX;917a32d3c57b75125b85e6953321861d Linux_Portscan_Shark_1;Detects Linux Port Scanner Shark;Virustotal Research - see https://github.com/Neo23x0/Loki/issues/35;2016-04-01 00:00:00;75;Florian Roth;FILE,HKTL,LINUX;29d6a12c0f9f85963c4e16e93176304b Linux_Portscan_Shark_2;Detects Linux Port Scanner Shark;Virustotal Research - see https://github.com/Neo23x0/Loki/issues/35;2016-04-01 00:00:00;75;Florian Roth;HKTL,LINUX;81d8156f2c9c785c8ab94ed5ec81404e LiuDoor_Malware_1;Liudoor Trojan used in Terracotta APT;https://blogs.rsa.com/terracotta-vpn-enabler-of-advanced-threat-anonymity/;2015-08-04 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL;4b853827f50229be8d533e1e2bcbd2b4 LiuDoor_Malware_2;Liudoor Trojan used in Terracotta APT;https://blogs.rsa.com/terracotta-vpn-enabler-of-advanced-threat-anonymity/;2015-08-04 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL;8abecb543f4eb5fe0af9df843fdcf68e Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit_php;Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;a56ad941ebd1bcd6996fe8f856e8140e Locky_Ransomware;Detects Locky Ransomware (matches also on Win32/Kuluoz);https://goo.gl/qScSrE;2016-02-17 00:00:00;75;Florian Roth (with the help of binar.ly);CRIME,MAL,RANSOM;dc3aac29a8446becf5b60b4943fd491a LokiBot_Dropper_Packed_R11_Feb18;Auto-generated rule - file scan copy.pdf.r11;https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5;2018-02-14 00:00:00;75;Florian Roth;FILE,MAL;0a940418920de069813e9b22e0d61056 LokiBot_Dropper_ScanCopyPDF_Feb18;Auto-generated rule - file Scan Copy.pdf.com;https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5;2018-02-14 00:00:00;75;Florian Roth;EXE,FILE,MAL;fe9c3814d17893126261d25e0749c8c6 MAL_APT_Operation_ShadowHammer_MalSetup;Detects a malicious file used by BARIUM group in Operation ShadowHammer;https://securelist.com/operation-shadowhammer/89992/;2019-03-25 00:00:00;80;Florian Roth;APT,EXE,FILE;16d118342fa17f6c23faab87a32b1d3d MAL_AirdViper_Sample_Apr18_1;Detects Arid Viper malware sample;Internal Research;2018-05-04 00:00:00;75;Florian Roth;EXE,FILE,MIDDLE_EAST;a3b09a463ab2bdcfe778e6d55856c74b MAL_BackNet_Nov18_1;Detects BackNet samples;https://github.com/valsov/BackNet;2018-11-02 00:00:00;75;Florian Roth;EXE,FILE;2d0c731b8abd59f6d91fa31412ec6ea5 MAL_BurningUmbrella_Sample_10;Detects malware sample from Burning Umbrella report;https://401trg.pw/burning-umbrella/;2018-05-04 00:00:00;75;Florian Roth;EXE,FILE;658870bf26737675844b2a3bccf387d6 MAL_BurningUmbrella_Sample_11;Detects malware sample from Burning Umbrella report;https://401trg.pw/burning-umbrella/;2018-05-04 00:00:00;75;Florian Roth;FILE;69afaca58ccf27456c8ef44b173e4d08 MAL_BurningUmbrella_Sample_12;Detects malware sample from Burning Umbrella report;https://401trg.pw/burning-umbrella/;2018-05-04 00:00:00;75;Florian Roth;EXE,FILE;5fe6c422dfc8fa02b01be7b774f34256 MAL_BurningUmbrella_Sample_13;Detects malware sample from Burning Umbrella report;https://401trg.pw/burning-umbrella/;2018-05-04 00:00:00;75;Florian Roth;EXE,FILE;bbb081fb951dc8ac72d7b2a1362b199c MAL_BurningUmbrella_Sample_14;Detects malware sample from Burning Umbrella report;https://401trg.pw/burning-umbrella/;2018-05-04 00:00:00;75;Florian Roth;EXE,FILE;5d753222adbc97c18c25414108ca6604 MAL_BurningUmbrella_Sample_15;Detects malware sample from Burning Umbrella report;https://401trg.pw/burning-umbrella/;2018-05-04 00:00:00;75;Florian Roth;EXE,FILE;07d846366bd5aeb95c60366d46263d41 MAL_BurningUmbrella_Sample_16;Detects malware sample from Burning Umbrella report;https://401trg.pw/burning-umbrella/;2018-05-04 00:00:00;75;Florian Roth;EXE,FILE;a865d4418e209dd111e300d738bc4298 MAL_BurningUmbrella_Sample_17;Detects malware sample from Burning Umbrella report;https://401trg.pw/burning-umbrella/;2018-05-04 00:00:00;75;Florian Roth;EXE,FILE;050d629779c91d397321d07f41625374 MAL_BurningUmbrella_Sample_18;Detects malware sample from Burning Umbrella report;https://401trg.pw/burning-umbrella/;2018-05-04 00:00:00;75;Florian Roth;EXE,FILE;bddf113c4b8fe5d618b32e4194cbdcbf MAL_BurningUmbrella_Sample_19;Detects malware sample from Burning Umbrella report;https://401trg.pw/burning-umbrella/;2018-05-04 00:00:00;75;Florian Roth;EXE,FILE;e1030c17aefa7bb1944c95dacd03eaac MAL_BurningUmbrella_Sample_1;Detects malware sample from Burning Umbrella report;https://401trg.pw/burning-umbrella/;2018-05-04 00:00:00;75;Florian Roth;EXE,FILE;bdbf80b5431a5baa6eb44e9b0a22bab0 MAL_BurningUmbrella_Sample_20;Detects malware sample from Burning Umbrella report;https://401trg.pw/burning-umbrella/;2018-05-04 00:00:00;75;Florian Roth;EXE,FILE;f5fd49c2de9e3a74d3c4257d1c34dc80 MAL_BurningUmbrella_Sample_21;Detects malware sample from Burning Umbrella report;https://401trg.pw/burning-umbrella/;2018-05-04 00:00:00;75;Florian Roth;EXE,FILE;417a1c1b3da72756687419512131114e MAL_BurningUmbrella_Sample_22;Detects malware sample from Burning Umbrella report;https://401trg.pw/burning-umbrella/;2018-05-04 00:00:00;75;Florian Roth;EXE,FILE;3c8bcbddb3dc7f12dbf45f4ad73307a3 MAL_BurningUmbrella_Sample_2;Detects malware sample from Burning Umbrella report;https://401trg.pw/burning-umbrella/;2018-05-04 00:00:00;75;Florian Roth;EXE,FILE;3690db10a9e00a260a0e762adfd50404 MAL_BurningUmbrella_Sample_3;Detects malware sample from Burning Umbrella report;https://401trg.pw/burning-umbrella/;2018-05-04 00:00:00;75;Florian Roth;EXE,FILE;bb77559a3a161cbfff79e8bcd6a0bfce MAL_BurningUmbrella_Sample_4;Detects malware sample from Burning Umbrella report;https://401trg.pw/burning-umbrella/;2018-05-04 00:00:00;75;Florian Roth;EXE,FILE;2f499349fbd85f3855aef0f29fe176ee MAL_BurningUmbrella_Sample_6;Detects malware sample from Burning Umbrella report;https://401trg.pw/burning-umbrella/;2018-05-04 00:00:00;75;Florian Roth;EXE,FILE;2b26bc328fd1bfb10ed764147b049d71 MAL_BurningUmbrella_Sample_7;Detects malware sample from Burning Umbrella report;https://401trg.pw/burning-umbrella/;2018-05-04 00:00:00;75;Florian Roth;EXE,FILE;ffa6386e333fffa03aa83a01747f86b7 MAL_BurningUmbrella_Sample_8;Detects malware sample from Burning Umbrella report;https://401trg.pw/burning-umbrella/;2018-05-04 00:00:00;75;Florian Roth;EXE,FILE;04da79743f549ff8d1bcf6ee9387eb12 MAL_CMD_Script_Obfuscated_Feb19_1;Detects obfuscated batch script using env variable sub-strings;https://twitter.com/DbgShell/status/1101076457189793793;2019-03-01 00:00:00;75;Florian Roth;FILE,OBFUS;76fca7c0f6a35400aa98006c132d25e8 MAL_CN_FlyStudio_May18_1;Detects malware / hacktool detected in May 2018;Internal Research;2018-05-11 00:00:00;75;Florian Roth;EXE,FILE;152b3c8cfe35e0fbd19a940bf0f865b7 MAL_CrypRAT_Jan19_1;Detects CrypRAT;Internal Research;2019-01-07 00:00:00;90;Florian Roth;EXE,FILE,MAL;e5edbfef12bb6a7862c06c4ce24e4880 MAL_DNSPIONAGE_Malware_Nov18;Detects DNSpionage Malware;https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html;2018-11-30 00:00:00;75;Florian Roth;EXE,FILE,MAL;f9d4ad6ed17a2803c455f800d3a3911f MAL_ELF_LNX_Mirai_Oct10_1;Detects ELF Mirai variant;Internal Research;2018-10-27 00:00:00;75;Florian Roth;FILE,LINUX;9fe2b35f9d6fb9d5dc551cf0fb8b3a67 MAL_ELF_LNX_Mirai_Oct10_2;Detects ELF malware Mirai related;Internal Research;2018-10-27 00:00:00;75;Florian Roth;FILE,LINUX;9756cdae9051814bc60387f787d49b29 MAL_ELF_VPNFilter_1;Detects VPNFilter malware;Internal Research;2018-05-24 00:00:00;75;Florian Roth;FILE,LINUX;a1cbbc394bb8b1c191528d1ca90ff6bf MAL_ELF_VPNFilter_2;Detects VPNFilter malware;Internal Research;2018-05-24 00:00:00;75;Florian Roth;FILE,LINUX;67a6647e5aa45a28c218543894e850a4 MAL_ELF_VPNFilter_3;Detects VPNFilter malware;Internal Research;2018-05-24 00:00:00;75;Florian Roth;FILE,LINUX;3f63d2e28e130f444f94ee54da2e0dc8 MAL_Envrial_Jan18_1;Detects Encrial credential stealer malware;https://twitter.com/malwrhunterteam/status/953313514629853184;2018-01-21 00:00:00;75;Florian Roth;EXE,FILE;1473f2906f2cce3c353426b7c6aae93f MAL_ExileRAT_Feb19_1;Detects Exile RAT;https://blog.talosintelligence.com/2019/02/exilerat-shares-c2-with-luckycat.html;2019-02-04 00:00:00;75;Florian Roth;EXE,FILE,MAL;3ee4049b2bccf3722f4339f58aeb5362 MAL_Floxif_Generic;Detects Floxif Malware;Internal Research;2018-05-11 00:00:00;80;Florian Roth;EXE,FILE,GEN,MAL;06599060e22f16a5eb20403b471a4409 MAL_GandCrab_Apr18_1;Detects GandCrab malware;https://twitter.com/MarceloRivero/status/988455516094550017;2018-04-23 00:00:00;75;Florian Roth;EXE,FILE;a1cb3694dd0b06edac068fbf74a401ab MAL_HawkEye_Keylogger_Gen_Dec18;Detects HawkEye Keylogger Reborn;https://twitter.com/James_inthe_box/status/1072116224652324870;2018-12-10 00:00:00;75;Florian Roth;GEN,HKTL;e5ec95cb11e0a5f57689fcc76cb13173 MAL_Hogfish_Report_Related_Sample;Detects APT10 / Hogfish related samples;https://www.accenture.com/t20180423T055005Z__w__/se-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Analysis.pdf;2018-05-01 00:00:00;75;Florian Roth;APT,CHINA,EXE,FILE;d6d4b5dff8b5f73cf6fc3e0bcd275e7e MAL_JRAT_Oct18_1;Detects JRAT malware;Internal Research;2018-10-11 00:00:00;75;Florian Roth;FILE,MAL;75f6c0c536703a47f30a2bc9445afa45 MAL_KHRAT_script;Rule derived from KHRAT script but can match on other malicious scripts as well;https://researchcenter.paloaltonetworks.com/2017/08/unit42-updated-khrat-malware-used-in-cambodia-attacks/;2017-08-31 00:00:00;75;Florian Roth;MAL;841f1d94ddfa2b3051ea257b62ebe105 MAL_KHRAT_scritplet;Rule derived from KHRAT scriptlet;https://researchcenter.paloaltonetworks.com/2017/08/unit42-updated-khrat-malware-used-in-cambodia-attacks/;2017-08-31 00:00:00;75;Florian Roth;FILE,MAL;7ba86301cf6f3e46c20740f3a8333ed1 MAL_Kwampirs_Apr18;Kwampirs dropper and main payload components;https://www.symantec.com/blogs/threat-intelligence/orangeworm-targets-healthcare-us-europe-asia;2018-04-23 00:00:00;75;Symantec;;49aa486e152e9680f0743294813e8679 MAL_LNX_SSHDOOR_Triton;Signature detecting ;https://www.welivesecurity.com/wp-content/uploads/2018/12/ESET-The_Dark_Side_of_the_ForSSHe.pdf;2018-12-05 00:00:00;75;Marc-Etienne M.Leveille, modified by Florian Roth;FILE,LINUX;956fded15ceb060dc3ecc659afdd9de0 MAL_Metasploit_Framework_UA;Detects User Agent used in Metasploit Framework;https://github.com/rapid7/metasploit-framework/commit/12a6d67be48527f5d3987e40cac2a0cbb4ab6ce7;2018-08-16 00:00:00;65;Florian Roth;EXE,FILE,METASPLOIT;71d7054c6f564e1de62cfc38f42f8460 MAL_MuddyWater_DroppedTask_Jun18_1;Detects a dropped Windows task as used by MudyWater in June 2018;https://app.any.run/tasks/719c94eb-0a00-47cc-b583-ad4f9e25ebdb;2018-06-12 00:00:00;75;Florian Roth;FILE;db7175839835bc2e29e54302454f21fb MAL_Nitol_Malware_Jan19_1;Detects Nitol Malware;https://twitter.com/shotgunner101/status/1084602413691166721;2019-01-14 00:00:00;75;Florian Roth;EXE,FILE,MAL;01b1214e73903837f2c8e5f6fd2e608d MAL_OSX_FancyBear_Agent_Jul18_1;Detects FancyBear Agent for OSX;https://twitter.com/DrunkBinary/status/1018448895054098432;2018-07-15 00:00:00;75;Florian Roth;FILE,MACOS,RUSSIA;92f1b3d05e41b9dd965ea61bfe645e20 MAL_PE_Type_BabyShark_Loader;Detects PE Type babyShark loader mentioned in February 2019 blog post by PaloAltNetworks;https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/;2019-02-24 00:00:00;75;Florian Roth;EXE,EXTVAR,FILE;2e0971cffdf5e336ae6fdb789d120e0f MAL_RTF_Embedded_OLE_PE;Detects a suspicious string often used in PE files in a hex encoded object stream;https://www.nextron-systems.com/2018/01/22/creating-yara-rules-detect-embedded-exe-files-ole-objects/;2018-01-22 00:00:00;75;Florian Roth;FILE;589f28952cd825e33d7ff1d1c1772eb4 MAL_RedLeaves_Apr18_1;Detects RedLeaves malware;https://www.accenture.com/t20180423T055005Z__w__/se-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Analysis.pdf;2018-05-01 00:00:00;75;Florian Roth;EXE,FILE;a05436e491e372d19b16cbca108eb57b MAL_Ryuk_Ransomware;Detects strings known from Ryuk Ransomware;https://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break/;2018-12-31 00:00:00;75;Florian Roth;CRIME,EXE,FILE,MAL,RANSOM;98701b4936d6ae65267b023e00bdb632 MAL_Sednit_DelphiDownloader_Apr18_2;Detects malware from Sednit Delphi Downloader report;https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/;2018-04-24 00:00:00;75;Florian Roth;;2ab1a68fe94fd35dacc9f58542381fd1 MAL_Sednit_DelphiDownloader_Apr18_3;Detects malware from Sednit Delphi Downloader report;https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/;2018-04-24 00:00:00;75;Florian Roth;EXE,FILE;4ad0bced1f4e34cc8e8f9ea2de2753cc MAL_Turla_Agent_BTZ;Detects Turla Agent.BTZ;https://www.gdatasoftware.com/blog/2014/11/23937-the-uroburos-case-new-sophisticated-rat-identified;2018-04-12 00:00:00;75;Florian Roth;EXE,FILE,RUSSIA;d4738ae9524e241647acf057010693ab MAL_Turla_Sample_May18_1;Detects Turla samples;https://twitter.com/omri9741/status/991942007701598208;2018-05-03 00:00:00;75;Florian Roth;EXE,FILE,RUSSIA;6d0ba27773679cbf2fc67f5821a7f666 MAL_Unknown_PWDumper_Apr18_3;Detects sample from unknown sample set - IL origin;Internal Research;2018-04-06 00:00:00;75;Florian Roth;EXE,FILE,HKTL;6509d5231679ceeb1222a264a95f6093 MAL_Visel_Sample_May18_1;Detects Visel malware sample from Burning Umbrella report;https://401trg.pw/burning-umbrella/;2018-05-04 00:00:00;75;Florian Roth;EXE,FILE;3df895c601e021b54890e18c8707549c MAL_WebMonitor_RAT;Detects WebMonitor RAT;https://researchcenter.paloaltonetworks.com/2018/04/unit42-say-cheese-webmonitor-rat-comes-c2-service-c2aas/;2018-04-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;25e54e9f05a7c11521dcc9a884f8855b MAL_Winnti_Sample_May18_1;Detects malware sample from Burning Umbrella report - Generic Winnti Rule;https://401trg.pw/burning-umbrella/;2018-05-04 00:00:00;75;Florian Roth;CHINA,EXE,FILE,GEN;eb999bc4b55a5487d3737e3362bfb272 MAL_Xbash_JS_Sep18;Detects XBash malware;https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/;2018-09-18 00:00:00;75;Florian Roth;FILE;fadb40b08eb743e0f151e99bc5b5045b MAL_Xbash_PY_Sep18;Detects Xbash malware;https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/;2018-09-18 00:00:00;75;Florian Roth;FILE;cdc1944ecbd9d229ffb66027e029f9b5 MAL_Xbash_SH_Sep18;Detects Xbash malware;https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/;2018-09-18 00:00:00;75;Florian Roth;FILE;a1d2fa5cf9289ef93a69c9f7a1ed4198 MAL_unspecified_Jan18_1;Detects unspecified malware sample;Internal Research;2018-01-19 00:00:00;75;Florian Roth;MAL;53a088f662a88b8cbf6faa5c620a75f5 ME_Campaign_Malware_1;Detects malware from Middle Eastern campaign reported by Talos;http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html;2018-02-07 00:00:00;75;Florian Roth;EXE,FILE,MAL;ec6583f6d6d6876d34d35e4a61c6ac59 ME_Campaign_Malware_2;Detects malware from Middle Eastern campaign reported by Talos;http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html;2018-02-07 00:00:00;75;Florian Roth;EXE,FILE,MAL;b5cc325864903b8976a636cecf3ca7fd ME_Campaign_Malware_3;Detects malware from Middle Eastern campaign reported by Talos;http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html;2018-02-07 00:00:00;75;Florian Roth;FILE,MAL;9dd6ca5777d2d584cf595a3c5567416e ME_Campaign_Malware_4;Detects malware from Middle Eastern campaign reported by Talos;http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html;2018-02-07 00:00:00;75;Florian Roth;EXE,FILE,MAL;ddbc49108a4b4aa4f3ff6064e4503f91 ME_Campaign_Malware_5;Detects malware from Middle Eastern campaign reported by Talos;http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html;2018-02-07 00:00:00;75;Florian Roth;EXE,FILE,MAL;1a4405d9e838d5ba0fa547a5eed3ffe5 MS08_067_Exploit_Hacktools_CN;Disclosed hacktool set - file cs.exe;-;2014-11-17 00:00:00;60;Florian Roth;HKTL;21d169fddabd9e593fdff9b00219f909 MSBuild_Mimikatz_Execution_via_XML;Detects an XML that executes Mimikatz on an endpoint via MSBuild;https://gist.github.com/subTee/c98f7d005683e616560bda3286b6a0d8#file-katz-xml;2016-10-07 00:00:00;75;Florian Roth;HKTL;d4c5affa1be7d808bc30775b3baa0125 MSSqlPass;Chinese Hacktool Set - file MSSqlPass.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;c7ad5dbde500ec1c2961ba2f217ff6b4 Mal_Dropper_httpEXE_from_CAB;Detects a dropper from a CAB file mentioned in the article;https://goo.gl/13Wgy1;2016-05-25 00:00:00;60;Florian Roth;EXE,FILE,MAL;3493b2b3d6eb9886c1f28b7f60935d68 Mal_PotPlayer_DLL;Detects a malicious PotPlayer.dll;https://goo.gl/13Wgy1;2016-05-25 00:00:00;70;Florian Roth;EXE,FILE;ed81a39d085b61d1a2ec6ff8dbb03c60 Mal_http_EXE;Detects trojan from APT report named http.exe;https://goo.gl/13Wgy1;2016-05-25 00:00:00;80;Florian Roth;APT,EXE,FILE;e9d09cae1326861c54399c3893e87ba6 Malicious_BAT_Strings;Detects a string also used in Netwire RAT auxilliary;https://pastebin.com/8qaiyPxs;2018-01-05 00:00:00;60;Florian Roth;MAL;6d73f24f709bda8388f8972fdd3a196f Malicious_SFX1;SFX with voicemail content;http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3950;2015-07-20 00:00:00;75;Florian Roth;FILE;d88d47919b0ee26a0ffbed2a56558725 Malicious_SFX2;SFX with adobe.exe content;http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3950;2015-07-20 00:00:00;75;Florian Roth;EXE,FILE;38ad418f21b5b45e0929a2efe232ddb3 Malware_Floxif_mpsvc_dll;Malware - Floxif;Internal Research;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE,MAL;1b12342c5f193d0105cd3b3c6b11111d Malware_JS_powershell_obfuscated;Unspecified malware - file rechnung_3.js;Internal Research;2017-03-24 00:00:00;75;Florian Roth;MAL,OBFUS;d05457605a9bbca34711f5ef85f5858c Malware_MsUpdater_String_in_EXE;MSUpdater String in Executable;VT Analysis;2015-06-03 00:00:00;50;Florian Roth;EXE,FILE,MAL;66f32a4600929b84ebcfffc8a06d1f2d Malware_QA_1177;VT Research QA uploaded malware - file 1177.vbs;VT Research QA;2016-08-29 00:00:00;80;Florian Roth;FILE,MAL;26deb049d1fff4920697923d81970553 Malware_QA_get_The_FucKinG_IP;VT Research QA uploaded malware - file get The FucKinG IP.exe;VT Research QA;2016-08-29 00:00:00;80;Florian Roth;EXE,FILE,MAL;64d9ad3382c32ecfa570297dd6609fd2 Malware_QA_not_copy;VT Research QA uploaded malware - file not copy.exe;VT Research QA;2016-08-29 00:00:00;80;Florian Roth;EXE,FILE,MAL;6d288671603d06b96c868787895533f1 Malware_QA_tls;VT Research QA uploaded malware - file tls.exe;VT Research QA;2016-08-29 00:00:00;80;Florian Roth;EXE,FILE,MAL;d1a91cac10548e7a6cc189137ae584ad Malware_QA_update;VT Research QA uploaded malware - file update.exe;VT Research QA;2016-08-29 00:00:00;80;Florian Roth;EXE,FILE,MAL;44e4e17251d3eabbb5c7c8265ecaf65d Malware_QA_update_test;VT Research QA uploaded malware - file update_.exe;VT Research QA;2016-08-29 00:00:00;80;Florian Roth;EXE,EXTVAR,FILE,MAL;d1abdc9a8641e7ef123090d3312c7834 Malware_QA_vqgk;VT Research QA uploaded malware - file vqgk.dll;VT Research QA;2016-08-29 00:00:00;80;Florian Roth;EXE,FILE,MAL;9f2b5b9bb991f4d5bdbb4ab8229627ce MarathonTool;Chinese Hacktool Set - file MarathonTool.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;3e74d8fbab426bbbc6aa0f101865f7bd MarathonTool_2;Chinese Hacktool Set - file MarathonTool.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;37cd7001e0a4b6f496edbbfaa67ce64b Metasploit_Loader_RSMudge;Detects a Metasploit Loader by RSMudge - file loader.exe;https://github.com/rsmudge/metasploit-loader;2016-04-20 00:00:00;75;Florian Roth;EXE,FILE,METASPLOIT;7fd97b5f0691841e958b7c484768cad5 Methodology_Artificial_UserAgent_IE_Win7;Looking for hard-coded User-Agent string that has been present in *several* APT37 and suspected APT37 malware families. Lots of DPRK activity. Someone is re-using code, or perhaps some mal dev has a favorite. This will also catch a boatload of other stuff.;-;1970-01-01 01:00:00;75;Steve Miller aka @stvemillertime;APT,FILE;48b45a2303731a0e1b8fbb39882ecc55 Miari_2_May17;Detects Mirai Malware;Internal Research;2017-05-12 00:00:00;75;Florian Roth;FILE,MAL;2cb0aafa06ccb1aa700af48af986162e Microcin_Sample_1;Malware sample mentioned in Microcin technical report by Kaspersky;https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf;2017-09-26 00:00:00;75;Florian Roth;EXE,FILE,MAL;ddb59d0e95372a286d4f0a90a2977b0e Microcin_Sample_2;Malware sample mentioned in Microcin technical report by Kaspersky;https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf;2017-09-26 00:00:00;75;Florian Roth;EXE,FILE,MAL;769582e6a23cbd98bbb5dcd2cee02886 Microcin_Sample_3;Malware sample mentioned in Microcin technical report by Kaspersky;https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf;2017-09-26 00:00:00;75;Florian Roth;EXE,FILE,MAL;8b1ed923e2af62b48d9a1f125b3ba6d6 Microcin_Sample_4;Malware sample mentioned in Microcin technical report by Kaspersky;https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf;2017-09-26 00:00:00;75;Florian Roth;EXE,FILE,MAL;209d1ef4592bbd03d1a00b3027bde864 Microcin_Sample_5;Malware sample mentioned in Microcin technical report by Kaspersky;https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf;2017-09-26 00:00:00;75;Florian Roth;EXE,FILE,MAL;c484413923079b10b50bd7468b051582 Microcin_Sample_6;Malware sample mentioned in Microcin technical report by Kaspersky;https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf;2017-09-26 00:00:00;75;Florian Roth;EXE,FILE,MAL;4cf718c5de310c200208af11294f0486 Mimikatz_Gen_Strings;Detects Mimikatz by using some special strings;Internal Research;2017-06-19 00:00:00;75;Florian Roth;EXE,FILE,GEN,HKTL;6d80063795e5abedb4128385bd79657b Mimikatz_Logfile;Detects a log file generated by malicious hack tool mimikatz;-;2015-03-31 00:00:00;80;Florian Roth;HKTL;2a1be474c623d0d66444c261b0b0921e Mimikatz_Memory_Rule_1;Detects password dumper mimikatz in memory;-;2014-12-22 00:00:00;70;Florian Roth;HKTL;fd99b65577446908d8ffa120bdd59756 Mimikatz_Memory_Rule_2;Mimikatz Rule generated from a memory dump;-;1970-01-01 01:00:00;80;Florian Roth - Florian Roth;HKTL;964d12c0ec6e0144aae80b8854fbe2aa Mimikatz_Strings;Detects Mimikatz strings;not set;2016-06-08 00:00:00;65;Florian Roth;EXE,FILE,HKTL;0165b2978a56e010701eca3c26d75e16 Mimipenguin_SH;Detects Mimipenguin Password Extractor - Linux;https://github.com/huntergregal/mimipenguin;2017-04-01 00:00:00;75;Florian Roth;LINUX;785b65fe34483abb839b943a6beac08f MiniDionis_VBS_Dropped;Dropped File - 1.vbs;https://malwr.com/analysis/ZDc4ZmIyZDI4MTVjNGY5NWI0YzE3YjIzNGFjZTcyYTY/;2015-07-21 00:00:00;75;Florian Roth;SCRIPT;5e62ce472990e8ce732a51c25ee364b1 MiniDionis_readerView;MiniDionis Malware - file readerView.exe / adobe.exe;http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3950;2015-07-20 00:00:00;75;Florian Roth;EXE,FILE,MAL;aa49afd0998b8fa048f32605c352581c MiniDumpTest_msdsc;Auto-generated rule - file msdsc.exe;https://github.com/giMini/RWMC/;2015-08-31 00:00:00;75;Florian Roth;EXE,FILE;40e0fd2960618c6f508e49d8f0d93fd8 MiniRAT_Gen_1;Detects Mini RAT malware;https://www.eff.org/deeplinks/2018/01/dark-caracal-good-news-and-bad-news;2018-01-22 00:00:00;75;Florian Roth;EXE,FILE,GEN,MAL;10c17d5bd8b17f889a95d1f820379e60 Mirai_1_May17;Detects Mirai Malware;Internal Research;2017-05-12 00:00:00;75;Florian Roth;FILE,MAL;53074ec45242535a8b3d844800d7209a Mirai_Botnet_Malware;Detects Mirai Botnet Malware;Internal Research;2016-10-04 00:00:00;75;Florian Roth;FILE,MAL;cdf11e88016230b4fd2b45690857b63f Mithozhan_Trojan;Mitozhan Trojan used in APT Terracotta;https://blogs.rsa.com/terracotta-vpn-enabler-of-advanced-threat-anonymity/;2015-08-04 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL;a95ab8a8d33cb65a1e2d95eb0d085c61 Mithril_Mithril;Webshells Auto-generated - file Mithril.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;3618525f638a57dfe94a22ba3a321b51 Mithril_dllTest;Webshells Auto-generated - file dllTest.dll;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;ff145d80a1f1668c37357f4951a00ae5 Mithril_v1_45_Mithril;Webshells Auto-generated - file Mithril.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;54122329edaa79eb20a0d48ed025527b Mithril_v1_45_dllTest;Webshells Auto-generated - file dllTest.dll;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;8c223b3b37630d22ce3d1f9526bb7b60 MockDll_Gen;Detects MockDll - regsvr DLL loader;https://goo.gl/MZ7dRg;2017-10-18 00:00:00;75;Florian Roth;EXE,FILE,GEN;0c4a1759c9d121f5ed77bf35c280a424 Molerats_Jul17_Sample_1;Detects Molerats sample - July 2017;https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html;2017-07-07 00:00:00;75;Florian Roth;EXE,FILE;3117cbf745781fbe3c26bbfdf53cbf98 Molerats_Jul17_Sample_2;Detects Molerats sample - July 2017;https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html;2017-07-07 00:00:00;75;Florian Roth;EXE,FILE;16a2418c27160a53343f97099d256e4a Molerats_Jul17_Sample_3;Detects Molerats sample - July 2017;https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html;2017-07-07 00:00:00;75;Florian Roth;EXE,FILE;b5747f67d12cbcb2a2a045682b624f9d Molerats_Jul17_Sample_4;Detects Molerats sample - July 2017;https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html;2017-07-07 00:00:00;75;Florian Roth;;b4dbd8f8f1b0eb0219e0e9ae65b3c358 Molerats_Jul17_Sample_5;Detects Molerats sample - July 2017;https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html;2017-07-07 00:00:00;75;Florian Roth;;385465559106ad34b2972f6a51e161fc Molerats_Jul17_Sample_Dropper;Detects Molerats sample dropper SFX - July 2017;https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html;2017-07-07 00:00:00;75;Florian Roth;EXE,FILE,MAL;ad1a843dde919afb56a7c4661b62651f Monsoon_APT_Malware_1;Detects malware from Monsoon APT;http://blog.fortinet.com/2017/04/05/in-depth-look-at-new-variant-of-monsoon-apt-backdoor-part-2;2017-09-08 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;b5f04265fadfca8e6c1fe8bbfa43a8fd Monsoon_APT_Malware_2;Detects malware from Monsoon APT;http://blog.fortinet.com/2017/04/05/in-depth-look-at-new-variant-of-monsoon-apt-backdoor-part-2;2017-09-08 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;a1e08ce4a31a1b6cf48df08f261611b8 MooreR_Port_Scanner;Auto-generated rule on file MooreR Port Scanner.exe;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator by Florian Roth;HKTL;e8a0331b3bcf64192e0fdc7db45b1cbb Moroccan_Spamers_Ma_EditioN_By_GhOsT_php;Semi-Auto-generated - file Moroccan Spamers Ma-EditioN By GhOsT.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;12dc695f065eb9f1299976585e7ef5ce Ms_Viru_racle;Chinese Hacktool Set - file racle.dll;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;7dbcaf614f7d01a4122dba7248ce5d4d Ms_Viru_v;Chinese Hacktool Set - file v.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;bb8eba7b37c2c8d4e3e81d4fa5cdc640 Msfpayloads_msf;Metasploit Payloads - file msf.sh;Internal Research;2017-02-09 00:00:00;75;Florian Roth;FILE,METASPLOIT;57e9bfbac53f7fae5dad3db0a7a5d118 Msfpayloads_msf_10;Metasploit Payloads - file msf.exe;Internal Research;2017-02-09 00:00:00;75;Florian Roth;EXE,FILE,METASPLOIT;a78d9893c06526720770fbd1beebd552 Msfpayloads_msf_11;Metasploit Payloads - file msf.hta;Internal Research;2017-02-09 00:00:00;75;Florian Roth;METASPLOIT;18131350f6e32055b0a01b7c58bfb8ee Msfpayloads_msf_2;Metasploit Payloads - file msf.asp;Internal Research;2017-02-09 00:00:00;75;Florian Roth;METASPLOIT;0a1985221b1cde5f82316b437f462add Msfpayloads_msf_3;Metasploit Payloads - file msf.psh;Internal Research;2017-02-09 00:00:00;75;Florian Roth;METASPLOIT;3a43f75fbb94c831f1c54baa3466648c Msfpayloads_msf_4;Metasploit Payloads - file msf.aspx;Internal Research;2017-02-09 00:00:00;75;Florian Roth;METASPLOIT;9bc51f4c650cc6c870049ee0cfd32b39 Msfpayloads_msf_5;Metasploit Payloads - file msf.msi;Internal Research;2017-02-09 00:00:00;75;Florian Roth;METASPLOIT;b0163f00481568d8bffe86061521e6df Msfpayloads_msf_6;Metasploit Payloads - file msf.vbs;Internal Research;2017-02-09 00:00:00;75;Florian Roth;METASPLOIT;175e63063471242fa838634ceed72911 Msfpayloads_msf_7;Metasploit Payloads - file msf.vba;Internal Research;2017-02-09 00:00:00;75;Florian Roth;METASPLOIT;7c79766669369184f5c83d2cc661fd07 Msfpayloads_msf_8;Metasploit Payloads - file msf.ps1;Internal Research;2017-02-09 00:00:00;75;Florian Roth;METASPLOIT;2e765466ba0bb3c1c4199f02ad6d2a11 Msfpayloads_msf_9;Metasploit Payloads - file msf.war - contents;Internal Research;2017-02-09 00:00:00;75;Florian Roth;FILE,METASPLOIT;00a136ef60d7bf67940d0546a6f3102d Msfpayloads_msf_cmd;Metasploit Payloads - file msf-cmd.ps1;Internal Research;2017-02-09 00:00:00;75;Florian Roth;METASPLOIT;b691fa04a573b4b59d1f92827649e6a5 Msfpayloads_msf_exe;Metasploit Payloads - file msf-exe.vba;Internal Research;2017-02-09 00:00:00;75;Florian Roth;METASPLOIT;66c4082681535a7bfc5d528eedc737fa Msfpayloads_msf_exe_2;Metasploit Payloads - file msf-exe.aspx;Internal Research;2017-02-09 00:00:00;75;Florian Roth;METASPLOIT;cbddf03027b5588e6652a30585761c8d Msfpayloads_msf_psh;Metasploit Payloads - file msf-psh.vba;Internal Research;2017-02-09 00:00:00;75;Florian Roth;METASPLOIT;849cac7bcbe4f186fad7c19c982faf8f Msfpayloads_msf_ref;Metasploit Payloads - file msf-ref.ps1;Internal Research;2017-02-09 00:00:00;75;Florian Roth;METASPLOIT;8226d4e88ddffb51f8fd9722dfdf1bef Msfpayloads_msf_svc;Metasploit Payloads - file msf-svc.exe;Internal Research;2017-02-09 00:00:00;75;Florian Roth;EXE,FILE,METASPLOIT;2f22d6c0722499ad261e9a77b4b3a1a5 MuddyWater_Mal_Doc_Feb18_1;Detects malicious document used by MuddyWater;Internal Research - TI2T;2018-02-26 00:00:00;75;Florian Roth;FILE,MIDDLE_EAST;65b44ffc1dd6af4c8e33554c92f3e976 MuddyWater_Mal_Doc_Feb18_2;Detects malicious document used by MuddyWater;Internal Research - TI2T;2018-02-26 00:00:00;75;Florian Roth;FILE,MIDDLE_EAST;a7ca4dcae7f011a0b66df15815fc0db1 MySQL_Web_Interface_Version_0_8_php;Semi-Auto-generated - file MySQL Web Interface Version 0.8.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;977b02aa1312a21c3cadbb2ee55f6b50 MyWScript_CompiledScript;Detects a scripte with default name Mywscript compiled with Script2Exe (can also be a McAfee tool https://community.mcafee.com/docs/DOC-4124);Internal Research;2017-07-27 00:00:00;65;Florian Roth;EXE,FILE;adab66b1a9b5bd9f71e48373e73d0725 NK_Miner_Malware_Jan18_1;Detects Noth Korean Monero Miner mentioned in AlienVault report;https://goo.gl/PChE1z;2018-01-09 00:00:00;75;Florian Roth (original rule by Chris Doman);EXE,FILE,MAL;94faaf399c450181bfb25b5d9b3a1876 NTLM_Dump_Output;NTML Hash Dump output file - John/LC format;-;2015-10-01 00:00:00;75;Florian Roth;HKTL;8b88b6407f128061ea31fe5e9c23befb NT_Addy_asp;Semi-Auto-generated - file NT Addy.asp.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;4f5a456f4dc71d4cdc97d23dc5700e2d Nanocore_RAT_Feb18_1;Detects Nanocore RAT;Internal Research - T2T;2018-02-19 00:00:00;75;Florian Roth;EXE,FILE,MAL;8a0692ead01eb2443c63e8f9465fb41d Nanocore_RAT_Feb18_2;Detects Nanocore RAT;Internal Research - T2T;2018-02-19 00:00:00;75;Florian Roth;EXE,FILE,MAL;ec22f3fcb9f9df23bee3964998dba62d Nanocore_RAT_Gen_1;Detetcs the Nanocore RAT and similar malware;https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/;2016-04-22 00:00:00;70;Florian Roth;EXE,FILE,GEN,MAL;1d44bd69611502109445fdb9cccc8efb Nanocore_RAT_Gen_2;Detetcs the Nanocore RAT;https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/;2016-04-22 00:00:00;100;Florian Roth;EXE,FILE,GEN,MAL;8b5b2a28922b321f712b16b015e7ddcc Nanocore_RAT_Sample_1;Detetcs a certain Nanocore RAT sample;https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/;2016-04-22 00:00:00;75;Florian Roth;EXE,FILE,MAL;270c2c31cd35fd6398cd09e2dabbc237 Nanocore_RAT_Sample_2;Detetcs a certain Nanocore RAT sample;https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/;2016-04-22 00:00:00;75;Florian Roth;EXE,FILE,MAL;62a7f1be90637b5b379c15b38bb89b52 Nautilus_common_strings;Rule for detection of Nautilus based on common plaintext strings;https://www.ncsc.gov.uk/alerts/turla-group-malware;2017-11-23 00:00:00;75;NCSC UK;FILE;a508ff2539b80ebad58525c1945250fa Nautilus_forensic_artificats;Rule for detection of Nautilus related strings;https://www.ncsc.gov.uk/alerts/turla-group-malware;2017-11-23 00:00:00;60;NCSC UK / Florian Roth;;ce79b8fda4014dbfd77365db92bd3593 Nautilus_modified_rc4_loop;Rule for detection of Nautilus based on assembly code for a modified RC4 loop;https://www.ncsc.gov.uk/alerts/turla-group-malware;2017-11-23 00:00:00;75;NCSC UK;FILE;4a75739d13de9bb72831e3de77aa4eec Nautilus_rc4_key;Rule for detection of Nautilus based on a hardcoded RC4 key;https://www.ncsc.gov.uk/alerts/turla-group-malware;2017-11-23 00:00:00;75;NCSC UK;FILE;e52d35afefd614943bb9a52766b04edf Ncat_Hacktools_CN;Disclosed hacktool set - file nc.exe;-;2014-11-17 00:00:00;60;Florian Roth;HKTL;6a9b2c9817938897114cba763717e615 Ncrack;This signature detects the Ncrack brute force tool;-;2014-07-06 00:00:00;60;Florian Roth;HKTL;04c1aa622882a460c8dbc8b58180f540 NetBIOS_Name_Scanner;Auto-generated rule on file NetBIOS Name Scanner.exe;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator by Florian Roth;HKTL;47b535d5740e272c7324152bb91a361b Netview_Hacktool;Network domain enumeration tool - often used by attackers - file Nv.exe;https://github.com/mubix/netview;2016-03-07 00:00:00;60;Florian Roth;EXE,FILE,HKTL;eb916b9ac4ed7885cf74f06a032b5a7f Netview_Hacktool_Output;Network domain enumeration tool output - often used by attackers - file filename.txt;https://github.com/mubix/netview;2016-03-07 00:00:00;60;Florian Roth;HKTL;405ac58333a54ffe4cc8096f59324875 Neuron_common_strings;Rule for detection of Neuron based on commonly used strings;https://www.ncsc.gov.uk/alerts/turla-group-malware;2017-11-23 00:00:00;75;NCSC UK;FILE;588116fce379be192335fab5ce1437af Neuron_standalone_signature;Rule for detection of Neuron based on a standalone signature from .NET metadata;https://www.ncsc.gov.uk/alerts/turla-group-malware;2017-11-23 00:00:00;75;NCSC UK;FILE;0c145e722abc8359ef460d0dd6456959 Nirsoft_NetResView;Detects NirSoft NetResView - utility that displays the list of all network resources;https://goo.gl/Mr6M2J;2016-06-04 00:00:00;40;Florian Roth;EXE,FILE;aaef31c5a2b2ac01bee6baff3b4a32c5 Nishang_Webshell;Detects a ASPX web shell;https://github.com/samratashok/nishang;2016-09-11 00:00:00;75;Florian Roth;FILE,WEBSHELL;fef1549a4535398f6d462156d8145681 No_PowerShell;Detects an C# executable used to circumvent PowerShell detection - file nps.exe;https://github.com/Ben0xA/nps;2016-05-21 00:00:00;80;Florian Roth;EXE,FILE,SCRIPT;7c5f8a8641ec50d3b18f5d1c8a26cf7c NotPetya_Ransomware_Jun17;Detects new NotPetya Ransomware variant from June 2017;https://goo.gl/h6iaGj;2017-06-27 00:00:00;75;Florian Roth;CRIME,EXE,FILE,MAL,RANSOM;56e424166ceac048d264f950d1ecf6ac Nshell__1__php_php;Semi-Auto-generated - file Nshell (1).php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;0e7abfec3b95f99de72767fb87180fc8 NtGodMode;Chinese Hacktool Set - file NtGodMode.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;245d5fe8bfa6e3f206861182b9557aa2 ONHAT_Proxy_Hacktool;Detects ONHAT Proxy - Htran like SOCKS hack tool used by Chinese APT groups;https://goo.gl/p32Ozf;2016-05-12 00:00:00;100;Florian Roth;APT,CHINA,EXE,FILE,HKTL;c72f98f56c4f3ccff76f40884458872c OPCLEAVER_BackDoorLogger;Keylogger used by attackers in Operation Cleaver;http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf;2014-12-02 00:00:00;70;Cylance Inc.;HKTL;5961272363f70a3a905feeca3d33b27c OPCLEAVER_CCProxy_Config;CCProxy config known from Operation Cleaver;http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf;2014-12-02 00:00:00;70;Florian Roth;HKTL;70e7f408a1fe6d4601704818a46b7acc OPCLEAVER_Jasus;ARP cache poisoner used by attackers in Operation Cleaver;http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf;2014-12-02 00:00:00;70;Cylance Inc.;;65037b109409c58451e8319b8188870f OPCLEAVER_LoggerModule;Keylogger used by attackers in Operation Cleaver;http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf;2014-12-02 00:00:00;70;Cylance Inc.;HKTL;5555aeb091bb68ed60d0565c83161a26 OPCLEAVER_NetC;Net Crawler used by attackers in Operation Cleaver;http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf;2014-12-02 00:00:00;70;Cylance Inc.;;f282e4874ce9f2036926ca195300dc58 OPCLEAVER_Parviz_Developer;Parviz developer known from Operation Cleaver;http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf;2014-12-02 00:00:00;70;Florian Roth;;d698b18bd3ecd3a53b2248580d6d22a7 OPCLEAVER_ShellCreator2;Shell Creator used by attackers in Operation Cleaver to create ASPX web shells;http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf;2014-12-02 00:00:00;70;Cylance Inc.;;444ab20d3c11df6405dd3e20f3b1d64f OPCLEAVER_SmartCopy2;Malware or hack tool used by attackers in Operation Cleaver;http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf;2014-12-02 00:00:00;70;Cylance Inc.;MAL;2c6609c9413ee5d0bcc3146b54688153 OPCLEAVER_SynFlooder;Malware or hack tool used by attackers in Operation Cleaver;http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf;2014-12-02 00:00:00;70;Cylance Inc.;MAL;330ca286e142bd7cb13207d4f1b18c16 OPCLEAVER_TinyZBot;Tiny Bot used by attackers in Operation Cleaver;http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf;2014-12-02 00:00:00;70;Cylance Inc.;;986083a8f488dbbf494ce94cea1bd75f OPCLEAVER_ZhoupinExploitCrew;Keywords used by attackers in Operation Cleaver;http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf;2014-12-02 00:00:00;70;Cylance Inc.;;8f6c4dd0eb69874f9e43f439904f46e7 OPCLEAVER_antivirusdetector;Hack tool used by attackers in Operation Cleaver;http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf;2014-12-02 00:00:00;70;Cylance Inc.;;d9e971817d28aea965f47ee79a921ac3 OPCLEAVER_csext;Backdoor used by attackers in Operation Cleaver;http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf;2014-12-02 00:00:00;70;Cylance Inc.;MAL;35e7d940d93c8945bc8d1b17b92ee830 OPCLEAVER_kagent;Backdoor used by attackers in Operation Cleaver;http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf;2014-12-02 00:00:00;70;Cylance Inc.;MAL;a5599868ea28b2ad37173040dcb0ded6 OPCLEAVER_mimikatzWrapper;Mimikatz Wrapper used by attackers in Operation Cleaver;http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf;2014-12-02 00:00:00;70;Cylance Inc.;;61253dc40a7c86a26c13f2e8ac9236ce OPCLEAVER_pvz_in;Parviz tool used by attackers in Operation Cleaver;http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf;2014-12-02 00:00:00;70;Cylance Inc.;;891595a159c750da8c769cc307430147 OPCLEAVER_pvz_out;Parviz tool used by attackers in Operation Cleaver;http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf;2014-12-02 00:00:00;70;Cylance Inc.;;6f777926a5ddc320034e2ae8f8bbeab8 OPCLEAVER_wndTest;Backdoor used by attackers in Operation Cleaver;http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf;2014-12-02 00:00:00;70;Cylance Inc.;MAL;74c34f0c3a6adfaee5ffe51988306e19 OPCLEAVER_zhCat;Network tool used by Iranian hackers and used by attackers in Operation Cleaver;http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf;2014-12-02 00:00:00;70;Cylance Inc.;;370656ef831cd7dd769d802b52de585c OPCLEAVER_zhLookUp;Hack tool used by attackers in Operation Cleaver;http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf;2014-12-02 00:00:00;70;Cylance Inc.;;73bd56ad6be5a8f3a307b642e27adf15 OPCLEAVER_zhmimikatz;Mimikatz wrapper used by attackers in Operation Cleaver;http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf;2014-12-02 00:00:00;70;Cylance Inc.;;7a7be9c298ac0d131c15ba0d4e969bee OSEditor;Chinese Hacktool Set - file OSEditor.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;899d8d35b0f3bc57aab85736c6f2d2b7 OSX_backdoor_Bella;Bella MacOS/OSX backdoor;https://twitter.com/JohnLaTwC/status/911998777182924801;2018-02-23 00:00:00;75;John Lambert @JohnLaTwC;EXTVAR,FILE,MACOS,MAL;5e593a214895460e5c77272e2dd8b40c OSX_backdoor_EvilOSX;EvilOSX MacOS/OSX backdoor;https://github.com/Marten4n6/EvilOSX, https://twitter.com/JohnLaTwC/status/966139336436498432;2018-02-23 00:00:00;75;John Lambert @JohnLaTwC;FILE,MACOS,MAL;5776524475279ccf95d39895231813e6 Obfuscated_JS_April17;Detects cloaked Mimikatz in JS obfuscation;Internal Research;2017-04-21 00:00:00;75;Florian Roth;OBFUS;e892bbc03e16003dbd2a4f03072d14ea Obfuscated_VBS_April17;Detects cloaked Mimikatz in VBS obfuscation;Internal Research;2017-04-21 00:00:00;75;Florian Roth;OBFUS,SCRIPT;9a4ac4427e4c37041a7cd8c4d50ac346 Office_AutoOpen_Macro;Detects an Microsoft Office file that contains the AutoOpen Macro function;-;2015-05-28 00:00:00;40;Florian Roth;FILE,OFFICE;13819a16fa65389b83765def5d6c1cc4 Office_OLE_DDE;Detects DDE in MS Office documents;https://blog.nviso.be/2017/10/11/detecting-dde-in-ms-office-documents/;2017-10-12 00:00:00;50;NVISO Labs;FILE,OFFICE;77ec120990cef678c372d1da97c271ea Office_OLE_DDEAUTO;Detects DDE in MS Office documents;https://blog.nviso.be/2017/10/11/detecting-dde-in-ms-office-documents/;2017-10-12 00:00:00;50;NVISO Labs;FILE,OFFICE;11a3d08f3f65fc6319e534d56ad97724 Office_as_MHTML;Detects an Microsoft Office saved as a MHTML file (false positives are possible but rare; many matches on CVE-2012-0158);https://www.trustwave.com/Resources/SpiderLabs-Blog/Malicious-Macros-Evades-Detection-by-Using-Unusual-File-Format/;2015-05-28 00:00:00;40;Florian Roth;EXPLOIT,FILE,OFFICE;a47ac19f2730b502def9be6d62e39efe OilRig_Campaign_Reconnaissance;Detects Windows discovery commands - known from OilRig Campaign;https://goo.gl/QMRZ8K;2016-10-12 00:00:00;75;Florian Roth;MIDDLE_EAST;f56454047e0f36c902c3042b1d4172fa OilRig_ISMAgent_Campaign_Samples1;Detects OilRig malware from Unit 42 report in October 2017;https://goo.gl/JQVfFP;2017-10-18 00:00:00;75;Florian Roth;FILE,MIDDLE_EAST;7b036ceda3addf668d6ec6ffbf3b54b2 OilRig_ISMAgent_Campaign_Samples2;Detects OilRig malware from Unit 42 report in October 2017;https://goo.gl/JQVfFP;2017-10-18 00:00:00;75;Florian Roth;EXE,FILE,MIDDLE_EAST;266f86b0829436fd5044ab1baf2f43fe OilRig_ISMAgent_Campaign_Samples3;Detects OilRig malware from Unit 42 report in October 2017;https://goo.gl/JQVfFP;2017-10-18 00:00:00;75;Florian Roth;EXE,FILE,MIDDLE_EAST;50424b217ff47bf5c8aeedbf608dae7d OilRig_Malware_Campaign_Gen1;Detects malware from OilRig Campaign;https://goo.gl/QMRZ8K;2016-10-12 00:00:00;75;Florian Roth;FILE,MAL,MIDDLE_EAST;788971385547af133d4d96ca27960542 OilRig_Malware_Campaign_Gen2;Detects malware from OilRig Campaign;https://goo.gl/QMRZ8K;2016-10-12 00:00:00;75;Florian Roth;FILE,MAL,MIDDLE_EAST;c7f9296f17a6a0430cb8241710d087be OilRig_Malware_Campaign_Gen3;Detects malware from OilRig Campaign;https://goo.gl/QMRZ8K;2016-10-12 00:00:00;75;Florian Roth;FILE,MAL,MIDDLE_EAST;4bc22b3706ea97d9c7595593992d42ca OilRig_Malware_Campaign_Mal1;Detects malware from OilRig Campaign;https://goo.gl/QMRZ8K;2016-10-12 00:00:00;75;Florian Roth;FILE,MAL,MIDDLE_EAST;372845575cc930b00047895bb84b63b1 OilRig_Malware_Campaign_Mal2;Detects malware from OilRig Campaign;https://goo.gl/QMRZ8K;2016-10-12 00:00:00;75;Florian Roth;FILE,MAL,MIDDLE_EAST;cc98308704253795b0e7a32beba8ddf0 OilRig_Malware_Campaign_Mal3;Detects malware from OilRig Campaign;https://goo.gl/QMRZ8K;2016-10-12 00:00:00;75;Florian Roth;MAL,MIDDLE_EAST;154c682bec6a9b548bf9620f0d4753ad OilRig_Malware_Nov17_13;-;https://twitter.com/ClearskySec/status/933280188733018113;2017-11-22 00:00:00;75;Florian Roth;EXE,FILE,MAL,MIDDLE_EAST;029d2c887abf23646b20946ecda132b9 OilRig_RGDoor_Gen1;Detects RGDoor backdoor used by OilRig group;https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-iis-backdoor-targets-middle-east/;2018-01-27 00:00:00;80;Florian Roth;EXE,FILE,MAL,MIDDLE_EAST;f72630c8f1a8e723a45bae8f51d740e1 OilRig_Strings_Oct17;Detects strings from OilRig malware and malicious scripts;https://researchcenter.paloaltonetworks.com/2017/10/unit42-oilrig-group-steps-attacks-new-delivery-documents-new-injector-trojan/;2017-10-18 00:00:00;75;Florian Roth;MIDDLE_EAST;079ee4f1e4bcee26ccf04e7975722404 Oilrig_IntelSecurityManager;Detects OilRig malware;Internal Research;2018-01-19 00:00:00;75;Eyal Sela;MIDDLE_EAST;a03f43832286f79c3512ef3c1d79233b Oilrig_IntelSecurityManager_macro;Detects OilRig malware;Internal Research;2018-01-19 00:00:00;75;Eyal Sela (slightly modified by Florian Roth);MIDDLE_EAST;5b2ed3874ded9d393cf74de48377b2e0 Oilrig_Myrtille;Detects Oilrig Myrtille RDP Browser;https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf;2018-03-22 00:00:00;75;Markus Neis;EXE,FILE;035870b67960f2d791242558e3a53232 Oilrig_PS_CnC;Powershell CnC using DNS queries;https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf;2018-03-22 00:00:00;75;Markus Neis;;48df4a66976b9a04bc0476b50f39cebe OlympicDestroyer_Gen2;Detects Olympic Destroyer malware;http://blog.talosintelligence.com/2018/02/olympic-destroyer.html;2018-02-12 00:00:00;75;Florian Roth;EXE,FILE;019f7cd4eb025b029cc70805cad64fdd OpCloudHopper_Cloaked_PSCP;Tool used in Operation Cloud Hopper - pscp.exe cloaked as rundll32.exe;https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf;2017-04-07 00:00:00;90;Florian Roth;EXTVAR;c885e3eabce842a35890f26466486e1f OpCloudHopper_Dropper_1;Detects malware from Operation Cloud Hopper;https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html;2017-04-03 00:00:00;75;Florian Roth;FILE,MAL;66cbf1ca6034281bd4a2d41cfad77e6e OpCloudHopper_Malware_10;Detects malware from Operation Cloud Hopper;https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html;2017-04-03 00:00:00;75;Florian Roth;EXE,FILE,MAL;f3e97e4cfea6022bf6bc04baf92e2c37 OpCloudHopper_Malware_11;Detects malware from Operation Cloud Hopper;https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html;2017-04-03 00:00:00;75;Florian Roth;EXE,FILE,MAL;3aacef22ab991eeabe19f7e942693555 OpCloudHopper_Malware_1;Detects malware from Operation Cloud Hopper;https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html;2017-04-03 00:00:00;75;Florian Roth;EXE,FILE,MAL;08f288ce233e219281ac8b265490a245 OpCloudHopper_Malware_2;Detects malware from Operation Cloud Hopper;https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html;2017-04-03 00:00:00;75;Florian Roth;EXE,FILE,MAL;79f6ff8f9b71f6233940482c6ee63e44 OpCloudHopper_Malware_3;Detects malware from Operation Cloud Hopper;https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html;2017-04-03 00:00:00;75;Florian Roth;EXE,FILE,MAL;64351c6dd480246e11350e2830d19786 OpCloudHopper_Malware_4;Detects malware from Operation Cloud Hopper;https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html;2017-04-03 00:00:00;75;Florian Roth;EXE,FILE,MAL;97d09c2ed24f2fb653d89024e236025e OpCloudHopper_Malware_5;Detects malware from Operation Cloud Hopper;https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html;2017-04-03 00:00:00;75;Florian Roth;EXE,FILE,MAL;815087a5f3a5afe8fbbfddeb6cf74518 OpCloudHopper_Malware_6;Detects malware from Operation Cloud Hopper;https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html;2017-04-03 00:00:00;75;Florian Roth;EXE,FILE,MAL;e789ada4588167076c0e469cc060848a OpCloudHopper_Malware_7;Detects malware from Operation Cloud Hopper;https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html;2017-04-03 00:00:00;75;Florian Roth;EXE,FILE,MAL;678f3f18f923ed6b3f5b95dbd7de3dbe OpCloudHopper_Malware_8;Detects malware from Operation Cloud Hopper;https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html;2017-04-03 00:00:00;75;Florian Roth;EXE,FILE,MAL;a16665107e7c555f4d75a918f5d1ab9d OpCloudHopper_Malware_9;Detects malware from Operation Cloud Hopper;https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html;2017-04-03 00:00:00;75;Florian Roth;EXE,FILE,MAL;6ed723e16c1600f41c8d676d212b0f95 OpCloudHopper_WindowXarBot;Malware related to Operation Cloud Hopper;https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE,MAL;9d87d471cea4b438d4b9a25c0dddd4f4 OpCloudHopper_WmiDLL_inMemory;Malware related to Operation Cloud Hopper - Page 25;https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf;2017-04-07 00:00:00;75;Florian Roth;MAL;23943bd8750e354dd929bb361314f22b OpCloudHopper_lockdown;Tools related to Operation Cloud Hopper;https://github.com/maaaaz/impacket-examples-windows;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE;1df60a216615f2c98713ffea3bc753c4 OpHoneybee_Malware_1;Detects malware from Operation Honeybee;https://goo.gl/JAHZVL;2018-03-03 00:00:00;75;Florian Roth;EXE,FILE,MAL;7881e4978955201f7067ebb33092360a OpHoneybee_MaoCheng_Dropper;Detects MaoCheng dropper from Operation Honeybee;https://goo.gl/JAHZVL;2018-03-03 00:00:00;75;Florian Roth;EXE,FILE,MAL;fd9c0d962db7d2f3b5b12cbf4ce75855 OracleScan;Chinese Hacktool Set - file OracleScan.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;01fc7202c8185d8b75dcb658c4d6007d OtherTools_servu;Chinese Hacktool Set - file svu.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,FILE,HKTL;e387f9e7347d0de0822e8fd3d156951b OtherTools_xiaoa;Chinese Hacktool Set - file xiaoa.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;41971ab200b4fa8b5267ffebd2d0fcde PAS_TOOL_PHP_WEB_KIT_mod;Detects PAS Tool PHP Web Kit;https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity;2016-12-29 00:00:00;75;US CERT - modified by Florian Roth due to performance reasons;FILE;d72b2590fda4c2097da981c53d5b79a6 PAS_Webshell_Encoded;Detects a PAS webshell;http://blog.talosintelligence.com/2017/07/the-medoc-connection.html;2017-07-11 00:00:00;80;Florian Roth;FILE,WEBSHELL;2f5087998fe89b4d66b7b135e331d0a3 PHANTASMA_php;Semi-Auto-generated - file PHANTASMA.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;8781c37ea5ee5b11297183f4e1e49c92 PHISH_02Dez2015_attach_P_ORD_C_10156_124658;Phishing Wave - file P-ORD-C-10156-124658.xls;http://myonlinesecurity.co.uk/purchase-order-124658-gina-harrowell-clinimed-limited-word-doc-or-excel-xls-spreadsheet-malware/;2015-12-02 00:00:00;75;Florian Roth;FILE;30f1eeeb7c829fd96e997e3ae2eefb22 PHISH_02Dez2015_dropped_p0o6543f_1;Phishing Wave - file p0o6543f.exe;http://myonlinesecurity.co.uk/purchase-order-124658-gina-harrowell-clinimed-limited-word-doc-or-excel-xls-spreadsheet-malware/;2015-12-02 00:00:00;75;Florian Roth;EXE,FILE;0b2a712598e2c8d0c6c21a90374cd526 PHISH_02Dez2015_dropped_p0o6543f_2;Phishing Wave used MineExplorer Game by WangLei - file p0o6543f.exe.4;http://myonlinesecurity.co.uk/purchase-order-124658-gina-harrowell-clinimed-limited-word-doc-or-excel-xls-spreadsheet-malware/;2015-12-03 00:00:00;75;Florian Roth;EXE,FILE;8e2911a66ed33108156beebd0b06c7c1 PHP_Backdoor_Connect_pl_php;Semi-Auto-generated - file PHP Backdoor Connect.pl.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;MAL,WEBSHELL;fbca35ed7b99876d07d33b1cd0fff20f PHP_Backdoor_v1;Webshells Auto-generated - file PHP Backdoor v1.php;-;1970-01-01 01:00:00;75;Florian Roth;MAL,WEBSHELL;bacfcf30031b1374cd49f6941b27b911 PHP_Cloaked_Webshell_SuperFetchExec;Looks like a webshell cloaked as GIF - http://goo.gl/xFvioC;http://goo.gl/xFvioC;1970-01-01 01:00:00;50;Florian Roth;WEBSHELL;d9f9f957b8bce16eaaf687bd0492f572 PHP_Shell_php_php;Semi-Auto-generated - file PHP Shell.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;fcab692cf40bfa5b9b34bfc5acc607ad PHP_Shell_v1_7;Webshells Auto-generated - file PHP_Shell_v1.7.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;4399cb043cee4ec15d754eee6766f8d1 PHP_Webshell_1_Feb17;Detects a simple cloaked PHP web shell;https://isc.sans.edu/diary/Analysis+of+a+Simple+PHP+Backdoor/22127;2017-02-28 00:00:00;75;Florian Roth;FILE,WEBSHELL;98f18922ec97f38f644303d7ee88d6b9 PHP_sh;Webshells Auto-generated - file sh.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;284e497c974e16baf96aa66c5e1fbbd9 PHP_shell;Webshells Auto-generated - file shell.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;536b736dfadf97fca2f3a273de76ed36 PLEAD_Downloader_Jun18_1;Detects PLEAD Downloader;https://blog.jpcert.or.jp/2018/06/plead-downloader-used-by-blacktech.html;2018-06-16 00:00:00;75;Florian Roth;EXE,FILE;c66f744e3361c17f8d1e12089bd50d22 PLUGIN_AJunk;Chinese Hacktool Set - file AJunk.dll;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;cbb7d3c13f165f5deb097645aee32601 PLUGIN_TracKid;Chinese Hacktool Set - file TracKid.dll;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;07c843cd7cb3d204ec77bf685ccca9c5 PLUGX_RedLeaves;Detects specific RedLeaves and PlugX binaries;https://www.us-cert.gov/ncas/alerts/TA17-117A;2017-03-04 00:00:00;75;US-CERT Code Analysis Team;;f9312c938f41e7cd499a5dbb92bd3fdf POSHSPY_Malware;Detects;https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html;2017-07-15 00:00:00;75;Florian Roth;MAL;292ea6f1302c1c620e5ffaf985a42971 PP_CN_APT_ZeroT_1;Detects malware from the Proofpoint CN APT ZeroT incident;https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx;2017-02-03 00:00:00;75;Florian Roth;APT,EXE,FILE;3c16bb1ee78537806593f1d726ecf845 PP_CN_APT_ZeroT_2;Detects malware from the Proofpoint CN APT ZeroT incident;https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx;2017-02-03 00:00:00;75;Florian Roth;APT,EXE,FILE;22bb723f64a52be1d67c1d405818f962 PP_CN_APT_ZeroT_3;Detects malware from the Proofpoint CN APT ZeroT incident;https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx;2017-02-03 00:00:00;75;Florian Roth;APT,FILE;2560a8096724033686e67ee343cde409 PP_CN_APT_ZeroT_4;Detects malware from the Proofpoint CN APT ZeroT incident;https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx;2017-02-03 00:00:00;75;Florian Roth;APT,EXE,FILE;cea0317a9ec70b8102b81f51963e0e83 PP_CN_APT_ZeroT_5;Detects malware from the Proofpoint CN APT ZeroT incident;https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx;2017-02-03 00:00:00;75;Florian Roth;APT,FILE;cfe5f435e3a6404aa94cb7ea0f2d763e PP_CN_APT_ZeroT_6;Detects malware from the Proofpoint CN APT ZeroT incident;https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx;2017-02-03 00:00:00;75;Florian Roth;APT,EXE,FILE;fc006d7b7414f4b287db17c57a1d20d9 PP_CN_APT_ZeroT_7;Detects malware from the Proofpoint CN APT ZeroT incident;https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx;2017-02-03 00:00:00;75;Florian Roth;APT,EXE,FILE;96b2ef6ddaf95435369b722c2a7392d9 PP_CN_APT_ZeroT_8;Detects malware from the Proofpoint CN APT ZeroT incident;https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx;2017-02-03 00:00:00;75;Florian Roth;APT,FILE;9f0df450381784fdca015009e2aac39d PP_CN_APT_ZeroT_9;Detects malware from the Proofpoint CN APT ZeroT incident;https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx;2017-02-03 00:00:00;75;Florian Roth;APT,EXE,FILE;1adca49046647f85775cc08792fcdf08 PROMETHIUM_NEODYMIUM_Malware_1;Detects PROMETHIUM and NEODYMIUM malware;https://goo.gl/8abDE6;2016-12-14 00:00:00;75;Florian Roth;EXE,FILE,MAL;2e863fc4a42b49cfa680ca6bd26908f8 PROMETHIUM_NEODYMIUM_Malware_2;Detects PROMETHIUM and NEODYMIUM malware;https://goo.gl/8abDE6;2016-12-14 00:00:00;75;Florian Roth;EXE,FILE,MAL;357f9ca78dc0fea91b8f128999b43500 PROMETHIUM_NEODYMIUM_Malware_3;Detects PROMETHIUM and NEODYMIUM malware;https://goo.gl/8abDE6;2016-12-14 00:00:00;75;Florian Roth;EXE,FILE,MAL;7e65cea6ec796e7793e698032345ff29 PROMETHIUM_NEODYMIUM_Malware_4;Detects PROMETHIUM and NEODYMIUM malware;https://goo.gl/8abDE6;2016-12-14 00:00:00;75;Florian Roth;EXE,FILE,MAL;5080296c45ddb7a3810063298368a3a8 PROMETHIUM_NEODYMIUM_Malware_5;Detects PROMETHIUM and NEODYMIUM malware;https://goo.gl/8abDE6;2016-12-14 00:00:00;75;Florian Roth;EXE,FILE,MAL;efcb13257666203517fa5aa0fafd7174 PROMETHIUM_NEODYMIUM_Malware_6;Detects PROMETHIUM and NEODYMIUM malware;https://goo.gl/8abDE6;2016-12-14 00:00:00;75;Florian Roth;EXE,FILE,MAL;accf1556411a9ff00b64aa7da987f1e7 PSAttack_EXE;PSAttack - Powershell attack tool - file PSAttack.exe;https://github.com/gdssecurity/PSAttack/releases/;2016-03-09 00:00:00;100;Florian Roth;EXE,FILE,HKTL;0f8ebb6ddb2d43b8d08e574400d1100c PSAttack_ZIP;PSAttack - Powershell attack tool - file PSAttack.zip;https://github.com/gdssecurity/PSAttack/releases/;2016-03-09 00:00:00;100;Florian Roth;FILE,HKTL;d6c45386d85d3bb52893dd98f0e6c288 PS_AMSI_Bypass;Detects PowerShell AMSI Bypass;https://gist.github.com/mattifestation/46d6a2ebb4a1f4f0e7229503dc012ef1;2017-07-19 00:00:00;65;Florian Roth;SCRIPT;d95479ddc511fbf2247532be075ec50c PScan_Portscan_1;PScan - Port Scanner;-;1970-01-01 01:00:00;50;F. Roth;HKTL;7f7a8c433de61dbe899f37401d7a821b PUA_CryptoMiner_Jan19_1;Detects Crypto Miner strings;Internal Research;2019-01-31 00:00:00;75;Florian Roth;;7c46cdd3e29ce0eec3dd617ba817f6cf PUA_LNX_XMRIG_CryptoMiner;Detects XMRIG CryptoMiner software;Internal Research;2018-06-28 00:00:00;75;Florian Roth;FILE,LINUX;dfebb470dadd3e1bfd0b1e1968107000 PUP_FancyBear_ComputraceAgent;Absolute Computrace Agent Executable;https://asert.arbornetworks.com/lojack-becomes-a-double-agent/;2018-05-01 00:00:00;75;ASERT - Arbor Networks (slightly modified by Florian Roth);EXE,FILE;c78a790969382a5ef98dad277976cfe4 PUP_InstallRex_AntiFWb;Malware InstallRex / AntiFW;-;2015-05-13 00:00:00;55;Florian Roth;EXE,FILE,MAL;a1cd7791e4c3ece7aecf257fccb6b34a Pack_InjectT;Webshells Auto-generated - file InjectT.exe;-;1970-01-01 01:00:00;75;Florian Roth;HKTL,WEBSHELL;6b47320e79b393f2560584c41c82feba Partial_Implant_ID;Detects implant from NCSC report;https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control;2018-04-06 00:00:00;75;NCSC;EXE,FILE;a7976cc49a7eba67efc1a72059839d02 PassCV_Sabre_Malware_1;PassCV Malware mentioned in Cylance Report;https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies;2016-10-20 00:00:00;75;Florian Roth;EXE,FILE,MAL;daad0a2ca7c65bc2f8393045ac33b953 PassCV_Sabre_Malware_2;PassCV Malware mentioned in Cylance Report;https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies;2016-10-20 00:00:00;75;Florian Roth;EXE,FILE,MAL;7e21a6349a5874e448ffc2d43c5f19db PassCV_Sabre_Malware_3;PassCV Malware mentioned in Cylance Report;https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies;2016-10-20 00:00:00;75;Florian Roth;EXE,FILE,MAL;ebb54c36a25bc08a558985ae076bbcff PassCV_Sabre_Malware_4;PassCV Malware mentioned in Cylance Report;https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies;2016-10-20 00:00:00;75;Florian Roth;EXE,FILE,MAL;143ff0a4c3219e375a7bb765cfddfec5 PassCV_Sabre_Malware_5;PassCV Malware mentioned in Cylance Report;https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies;2016-10-20 00:00:00;75;Florian Roth;EXE,FILE,MAL;07ac6a98fad12349f0c104d6cafdde63 PassCV_Sabre_Malware_Excalibur_1;PassCV Malware mentioned in Cylance Report;https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies;2016-10-20 00:00:00;75;Florian Roth;EXE,FILE,MAL;112ec4a29c607785bb7b5c1405b58a36 PassCV_Sabre_Malware_Signing_Cert;PassCV Malware mentioned in Cylance Report;https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies;2016-10-20 00:00:00;50;Florian Roth;EXE,FILE,MAL;9b3e1da1d13ae77c2377533069d006f2 PassCV_Sabre_Tool_NTScan;PassCV Malware mentioned in Cylance Report;https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies;2016-10-20 00:00:00;75;Florian Roth;EXE,FILE,MAL;496b560f312841437b30fb3896d731c7 PassSniffer;Disclosed hacktool set (old stuff) - file PassSniffer.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;6a4e912de55904c193f877096a7a7ed7 PassSniffer_zip_Folder_readme;Disclosed hacktool set (old stuff) - file readme.txt;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;43439c6ec6d0fa7211258bd0173288b0 PasswordPro_NTLM_DLL;Auto-generated rule - file NTLM.dll;PasswordPro;2017-08-27 00:00:00;75;Florian Roth;EXE,FILE,HKTL;342a937d9df3dadd0fe5887f4d02d241 PasswordReminder;Webshells Auto-generated - file PasswordReminder.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;6bed9e9c6403073300b020a64a29fca7 PasswordsPro;Auto-generated rule - file PasswordsPro.exe;PasswordPro;2017-08-27 00:00:00;75;Florian Roth;EXE,FILE,HKTL;c1b3ea81d16beeaee970533cb07a26b9 Pastebin_Webshell;Detects a web shell that downloads content from pastebin.com http://goo.gl/7dbyZs;http://goo.gl/7dbyZs;2015-01-13 00:00:00;70;Florian Roth;WEBSHELL;25f212d9622c34bc411fd0d94f0978e5 Payload_Exe2Hex;Detects payload generated by exe2hex;https://github.com/g0tmi1k/exe2hex;2016-01-15 00:00:00;70;Florian Roth;;707a426b0f3998308db999d34d06e37e Pc_pc2015;Chinese Hacktool Set - file pc2015.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;5651cbb54fda28dab576e2de3b614255 Pc_rejoice;Chinese Hacktool Set - file rejoice.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;1690950a8c97ed0ae6fb752094c72562 Pc_xai;Chinese Hacktool Set - file xai.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;d29460bb493b501c962925af4ed4e50b Persistence_Agent_MacOS;Detects a Python agent that establishes persistence on macOS;https://ghostbin.com/paste/mz5nf;1970-01-01 01:00:00;75;John Lambert @JohnLaTwC;FILE,MACOS,SCRIPT;ca7e38e44cadc90be6a8ed2153501577 PhpShell;Webshells Auto-generated - file PhpShell.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;f30ab4dfe629f32a644b8dc1272147ad Phyton_Shell_py;Semi-Auto-generated - file Phyton Shell.py.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;4388daa4cbc7f63d463150b9ce124df3 Ping_Command_in_EXE;Detects an suspicious ping command execution in an executable;Internal Research;2016-11-03 00:00:00;60;Florian Roth;EXE,FILE;a95f24ce64632b83205a8a8f97ff2fcf Pirpi_1609_A;Detects Pirpi Backdoor - and other malware (generic rule);http://goo.gl/igxLyF;2016-09-08 00:00:00;75;Florian Roth;EXE,FILE,MAL;b4b7e337b1e641c942fcb2c3e910f9ab Pirpi_1609_B;Detects Pirpi Backdoor;http://goo.gl/igxLyF;2016-09-08 00:00:00;75;Florian Roth;EXE,FILE,MAL;37e771945b4ec74ca63c48993a31dc2d PlugX_J16_Gen2;Detects PlugX Malware Samples from June 2016;VT Research;2016-06-08 00:00:00;75;Florian Roth;EXE,FILE,MAL;83646ed9e41706f8c041b82fed34b529 PlugX_J16_Gen;Detects PlugX Malware samples from June 2016;VT Research;2016-06-08 00:00:00;75;Florian Roth;EXE,FILE,GEN,MAL;094d34874121d556cb002e6a43907346 PlugX_NvSmartMax_Gen;Threat Group 3390 APT Sample - PlugX NvSmartMax Generic;http://snip.ly/giNB;2015-08-06 00:00:00;70;Florian Roth;APT,EXE,FILE,GEN;df2d1bff9a74e9816e1036bbe0e3cca6 PoS_Malware_MalumPOS;Used to detect MalumPOS memory dumper;-;2015-05-25 00:00:00;75;Trend Micro, Inc.;MAL;bace8b0acb940602c80323e6611563df PoS_Malware_MalumPOS_Config;MalumPOS Config File;http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-malumpos-targets-hotels-and-other-us-industries/;2015-06-25 00:00:00;75;Florian Roth;EXTVAR,MAL;c850ecd21ce9e216491d1e4841f856e8 PoisonIvy_Generic_3;PoisonIvy RAT Generic Rule;-;2015-05-14 00:00:00;75;Florian Roth;EXE,FILE,GEN,MAL;d328e9cfec40ad7165205c45f75f6a98 PoisonIvy_RAT_ssMUIDLL;Detects PoisonIvy RAT DLL mentioned in Palo Alto Blog in April 2016;http://goo.gl/WiwtYT;2016-04-22 00:00:00;75;Florian Roth (with the help of yarGen and Binarly);EXE,FILE,MAL;a5639d3f4a75db637e71ed863d3b265d PoisonIvy_Sample_5;Detects PoisonIvy RAT sample set;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;EXE,FILE,MAL;27964b182c4d499dd07553c9b2c9f969 PoisonIvy_Sample_6;Detects PoisonIvy RAT sample set;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;EXE,FILE,MAL;8d96097435d40c03eb06faf0fc66c1fc PoisonIvy_Sample_7;Detects PoisonIvy RAT sample set;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;EXE,FILE,MAL;1fa64afa8039473aa7d78c09185d4dcf PoisonIvy_Sample_APT;Detects a PoisonIvy APT malware group;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;APT,EXE,FILE;90058a251417bae9d1acb97dabc47fef PoisonIvy_Sample_APT_2;Detects a PoisonIvy Malware;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL;e22c13963b1026ed0fcc8b8dea77344c PoisonIvy_Sample_APT_3;Detects a PoisonIvy Malware;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL;0c0a66a68a80c08a83a022b4fc46e1f6 PoisonIvy_Sample_APT_4;Detects a PoisonIvy Sample APT;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;APT,EXE,FILE;e4d80dd1dedeedb8ede74ae9b78eb747 PortRacer;Auto-generated rule on file PortRacer.exe;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator by Florian Roth;HKTL;a35418145e60d16c183ece3ceba8b278 PortScanner;Auto-generated rule on file PortScanner.exe;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator by Florian Roth;HKTL;72ce56115aee4b2f7b5ddaa5456d7607 PoseidonGroup_MalDoc_1;Detects Poseidon Group - Malicious Word Document;https://securelist.com/blog/research/73673/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/;2016-02-09 00:00:00;80;Florian Roth;FILE,OFFICE;9bceecc0da91439cde483376c77087b9 PoseidonGroup_MalDoc_2;Detects Poseidon Group - Malicious Word Document;https://securelist.com/blog/research/73673/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/;2016-02-09 00:00:00;70;Florian Roth;FILE,OFFICE;f886f4bd346a463de03e14c170eab16b PoseidonGroup_Malware;Detects Poseidon Group Malware;https://securelist.com/blog/research/73673/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/;2016-02-09 00:00:00;85;Florian Roth;EXE,FILE,MAL;c788eaa9dae39d1d31b7f6910e774162 PowerShdll;Detects hack tool PowerShdll;https://github.com/p3nt4/PowerShdll;2017-08-03 00:00:00;75;Florian Roth;;5123079ea0d28aa987071c708c4e1140 PowerShell_Case_Anomaly;Detects obfuscated PowerShell hacktools;https://twitter.com/danielhbohannon/status/905096106924761088;2017-08-11 00:00:00;70;Florian Roth;OBFUS,SCRIPT;0ea7d44eb533b104fac3b1bc8a8cd269 PowerShell_Emp_Eval_Jul17_A1;Detects suspicious sample with PowerShell content ;PowerShell Empire Eval;2017-07-27 00:00:00;75;Florian Roth;EXE,FILE,SCRIPT;4e7880c7622c27bcf0c5e04619f15879 PowerShell_Emp_Eval_Jul17_A2;Detects suspicious sample with PowerShell content ;PowerShell Empire Eval;2017-07-27 00:00:00;75;Florian Roth;EXE,FILE,SCRIPT;4c752c597d8c3a319901aa6ee0735bd3 PowerShell_ISESteroids_Obfuscation;Detects PowerShell ISESteroids obfuscation;https://twitter.com/danielhbohannon/status/877953970437844993;2017-06-23 00:00:00;75;Florian Roth;OBFUS,SCRIPT;e40c9648874e86136bb44852d5e4d4ec PowerShell_JAB_B64;Detects base464 encoded $ sign at the beginning of a string;https://twitter.com/ItsReallyNick/status/980915287922040832;2018-04-02 00:00:00;60;Florian Roth;SCRIPT;a3d7993cee55dbaed475a0ce551062ea PowerShell_Mal_HackTool_Gen;Detects PowerShell hack tool samples - generic PE loader;Internal Research;2017-11-02 00:00:00;75;Florian Roth;GEN,HKTL,SCRIPT;111886d3511eeef5dff5e328bd686135 PowerShell_Suite_Eidolon;Detects PowerShell Suite Eidolon script - file Start-Eidolon.ps1;https://github.com/FuzzySecurity/PowerShell-Suite;2017-12-27 00:00:00;75;Florian Roth;FILE,SCRIPT;a930332d686ee27e385a839cb0d23c26 PowerShell_Suite_Hacktools_Gen_Strings;Detects strings from scripts in the PowerShell-Suite repo;https://github.com/FuzzySecurity/PowerShell-Suite;2017-12-27 00:00:00;75;Florian Roth;GEN,SCRIPT;c054953c2a313abed276db2f60c305a6 PowerShell_Susp_Parameter_Combo;Detects PowerShell invocation with suspicious parameters;https://goo.gl/uAic1X;2017-03-12 00:00:00;60;Florian Roth;ANOMALY,SCRIPT;52cdea0c983cae62e9d8ca3bf497d3d7 PowerShell_in_Word_Doc;Detects a powershell and bypass keyword in a Word document;Internal Research - ME;2017-06-27 00:00:00;50;Florian Roth;FILE,OFFICE,SCRIPT;54f05e36c14d39ad8b83b7bbc4bd8ce0 Powerkatz_DLL_Generic;Detects Powerkatz - a Mimikatz version prepared to run in memory via Powershell (overlap with other Mimikatz versions is possible);PowerKatz Analysis;2016-02-05 00:00:00;80;Florian Roth;EXE,FILE,GEN;64da045ef05b6f27216f9710c37786fd Powershell_Attack_Scripts;Powershell Attack Scripts;-;2016-03-09 00:00:00;70;Florian Roth;HKTL;55f5f534fbdd6acef0424f11ad673371 Powershell_Netcat;Detects a Powershell version of the Netcat network hacking tool;-;2014-10-10 00:00:00;60;Florian Roth;HKTL;1bd48741d1e9a01f94eaebfd8d632e6a Prikormka;-;-;1970-01-01 01:00:00;75;-;EXTVAR,REQ_PRIVATE;9321d3a0b7490d6d9d5ea8924093d083 ProPort_zip_Folder_ProPort;Auto-generated rule on file ProPort.exe;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator by Florian Roth;HKTL;4ace211713e214a904185a3cb2d98d8c ProcessInjector_Gen;Detects a process injection utility that can be used ofr good and bad purposes;https://github.com/cuckoosandbox/monitor/blob/master/bin/inject.c;2018-04-23 00:00:00;60;Florian Roth;EXE,FILE,GEN,HKTL;60cecb6e31198bb728d89e2789b36f46 Project1;Chinese Hacktool Set - file Project1.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;2947fb47f69c98fa6746054de6a7b090 ProjectM_CrimsonDownloader;Detects ProjectM Malware - file dc8bd60695070152c94cbeb5f61eca6e4309b8966f1aa9fdc2dd0ab754ad3e4c;http://researchcenter.paloaltonetworks.com/2016/03/unit42-projectm-link-found-between-pakistani-actor-and-operation-transparent-tribe/;2016-03-26 00:00:00;75;Florian Roth;EXE,FILE,MAL;28e2590553bc525851502e19a7ac4f1f ProjectM_DarkComet_1;Detects ProjectM Malware - file cc488690ce442e9f98bac651218f4075ca36c355d8cd83f7a9f5230970d24157;http://researchcenter.paloaltonetworks.com/2016/03/unit42-projectm-link-found-between-pakistani-actor-and-operation-transparent-tribe/;2016-03-26 00:00:00;75;Florian Roth;EXE,FILE,MAL;6d0ebbf65f5e61c6024ec9d07f93cf91 Pupy_Backdoor;Detects Pupy backdoor;https://github.com/n1nj4sec/pupy-binaries;2017-08-11 00:00:00;75;Florian Roth;EXE,FILE,MAL;bab0f20bacc6d524ab474b9d34edea3a PwDump;PwDump 6 variant;-;2014-04-24 00:00:00;70;Marc Stroebel;HKTL;70a27411f65538a9b21829f41095318b PwDump_B;Detects a tool used by APT groups - file PwDump.exe;http://goo.gl/igxLyF;2016-09-08 00:00:00;75;Florian Roth;APT,EXE,FILE,HKTL;d424c9dc593ae76f85d29ceb3ec20603 QQBrowser;Not malware but suspicious browser - file QQBrowser.exe;https://goo.gl/4pTkGQ;2017-06-02 00:00:00;50;Florian Roth;EXE,FILE;3a8add557b5d4287bea9f3fc41eab8dc QQ_zip_Folder_QQ;Disclosed hacktool set (old stuff) - file QQ.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;2de77a858d518a0a9551cab2bf8cb6bb QuarksPwDump_Gen;Detects all QuarksPWDump versions;-;2015-09-29 00:00:00;80;Florian Roth;GEN,HKTL;361b37066f8dc0952f15d9d3f7e7becf Quasar_RAT_1;Detects Quasar RAT;https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE,MAL;af44fc8c42377d91843afe7d2f35c93a Quasar_RAT_2;Detects Quasar RAT;https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE,MAL;d8bba788903f2f780dd1c4d39b0264ad Quasar_RAT_Jan18_1;Detects Quasar RAT;https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/;2018-01-29 00:00:00;75;Florian Roth;EXE,FILE,MAL;f2eb9597aff70686e9b2b1946dc34584 Query_Javascript_Decode_Function;Detects malware mentioned in TA18-074A;-;1970-01-01 01:00:00;75;other;;2ab53fdf8d76be5dc4b3f6a4ef5e881f Query_XML_Code_MAL_DOC_PT_2;Detects malware mentioned in TA18-074A;-;1970-01-01 01:00:00;75;other;FILE;67a7f44c74b9179e3ea93bfe8e9473a2 RAT_AAR;Detects AAR RAT;http://malwareconfig.com/stats/AAR;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;a306245540f7002b6ddd9e6d80712c78 RAT_Adzok;Detects Adzok RAT;http://malwareconfig.com/stats/Adzok;2015-05-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;fbd894f517e8b0d1c698a1d821ea986d RAT_Ap0calypse;Detects Ap0calypse RAT;http://malwareconfig.com/stats/Ap0calypse;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;9d58adf7ef08895eb7a16bf19aef3292 RAT_Arcom;Detects Arcom RAT;http://malwareconfig.com/stats/Arcom;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;e8297bf2b043ac7141417896d49d8d5a RAT_Bandook;Detects Bandook RAT;http://malwareconfig.com/stats/bandook;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;15a841b35410c70ec909c1b8b865e350 RAT_BlackNix;Detects BlackNix RAT;http://malwareconfig.com/stats/BlackNix;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;ec8fb07a31cde3ca070710ae4bf59ab4 RAT_BlackShades;Detects BlackShades RAT;http://blog.cylance.com/a-study-in-bots-blackshades-net;2014-04-06 00:00:00;75;Brian Wallace (@botnet_hunter);MAL;418d806fe9d6686646bbc433d0d46b3c RAT_BlueBanana;Detects BlueBanana RAT;http://malwareconfig.com/stats/BlueBanana;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;a5022d1e509327a750286d8b8074cf83 RAT_Bozok;Detects Bozok RAT;http://malwareconfig.com/stats/Bozok;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;7b127ab2a9ef34ce567b04628a8a409d RAT_ClientMesh;Detects ClientMesh RAT;http://malwareconfig.com/stats/ClientMesh;2014-06-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net> (slightly modified by Florian Roth to improve performance);MAL;7891246ee384a40f660a7107d86d099a RAT_CyberGate;Detects CyberGate RAT;http://malwareconfig.com/stats/CyberGate;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;07987888abcbb0373ca55061a61ba411 RAT_DarkComet;Detects DarkComet RAT;http://malwareconfig.com/stats/DarkComet;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;8d8233a29fd6db35be27520d5fe482aa RAT_DarkRAT;Detects DarkRAT;http://malwareconfig.com/stats/DarkRAT;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;fbaa94978a3339be661d0298b085814a RAT_Greame;Detects Greame RAT;http://malwareconfig.com/stats/Greame;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;1b74932abe0b0bff2bd777a36b0f055e RAT_HawkEye;Detects HawkEye RAT;http://malwareconfig.com/stats/HawkEye;2015-06-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;4c252d2693fe9eb8e651c904e67bf3d9 RAT_Imminent;Detects Imminent RAT;http://malwareconfig.com/stats/Imminent;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;99656fdf3a4552add06c1c886df3d0ab RAT_Infinity;Detects Infinity RAT;http://malwareconfig.com/stats/Infinity;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;fa3bbcd30e5109ed88a257955e124d62 RAT_JavaDropper;Detects JavaDropper RAT;http://malwareconfig.com/stats/JavaDropper;2015-10-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net> (slightly modified by Florian Roth to improve performance);MAL;e122da42c6300e44a48a8d776d616d03 RAT_LostDoor;Detects LostDoor RAT;http://malwareconfig.com/stats/LostDoor;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;61faa56a4c8146d1b2b9026fccdedb19 RAT_LuminosityLink;Detects LuminosityLink RAT;http://malwareconfig.com/stats/LuminosityLink;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;c58371c88a4b85d92909e7e0fcbccbc0 RAT_LuxNet;Detects LuxNet RAT;http://malwareconfig.com/stats/LuxNet;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;c55487fbdf87e62099e32b5c8a1d3d8d RAT_NetWire;Detects NetWire RAT;http://malwareconfig.com/stats/NetWire;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net> & David Cannings;MAL;df9f47c7490ba357d861b5bbb9cc225f RAT_Pandora;Detects Pandora RAT;http://malwareconfig.com/stats/Pandora;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;835db1e550e7276ddbfa5074af1d4290 RAT_Paradox;Detects Paradox RAT;http://malwareconfig.com/stats/Paradox;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;46b73aafbc7eab48dcb755a053a9092b RAT_Plasma;Detects Plasma RAT;http://malwareconfig.com/stats/Plasma;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;5a11d3053ced09b506516dcbfae6a890 RAT_PoisonIvy;Detects PoisonIvy RAT;http://malwareconfig.com/stats/PoisonIvy;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;de1090753a4be8b0b219b5d776dc7dd6 RAT_PredatorPain;Detects PredatorPain RAT;http://malwareconfig.com/stats/PredatorPain;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;f7424a8cc166234368ef10c04b7bc9bf RAT_Punisher;Detects Punisher RAT;http://malwareconfig.com/stats/Punisher;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;b44bd865375af51cf4c71effb8bbdf01 RAT_PythoRAT;Detects Python RAT;http://malwareconfig.com/stats/PythoRAT;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL,SCRIPT;410130fdcb7364c7b5f2cedbb95ce081 RAT_QRat;Detects QRAT;http://malwareconfig.com;2015-08-06 00:00:00;75;Kevin Breen @KevTheHermit;MAL;d0c1434b1d4771ddd8d0984d9ef5bf70 RAT_Sakula;Detects Sakula v1.0 RAT;http://blog.airbuscybersecurity.com/public/YFR/sakula_v1x.yara;2015-10-13 00:00:00;75;Airbus Defence and Space Cybersecurity CSIRT - Yoann Francou / NCC Group David Cannings;EXE,FILE,MAL;2a21511dd726187c32de1faf9d457b6c RAT_ShadowTech;Detects ShadowTech RAT;http://malwareconfig.com/stats/ShadowTech;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;d94cb66a00839e41d8770d49d5b66c24 RAT_SmallNet;Detects SmallNet RAT;http://malwareconfig.com/stats/SmallNet;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;3b6f5bec88bf6d117c4e420dd75bfd6b RAT_SpyGate;Detects SpyGate RAT;http://malwareconfig.com/stats/SpyGate;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;14fba8e488520b3f1dba1b769b9b2186 RAT_Sub7Nation;Detects Sub7Nation RAT;http://malwareconfig.com/stats/Sub7Nation;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net> (slightly modified by Florian Roth to improve performance);MAL;6e6ea397a253bd1555f40d5fd5ea131e RAT_Vertex;Detects Vertex RAT;http://malwareconfig.com/stats/Vertex;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;c0083b96ee11ff45898303ed862f93f6 RAT_VirusRat;Detects VirusRAT;http://malwareconfig.com/stats/VirusRat;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;f99006eb88945e6177dc285386fa7c51 RAT_Xtreme;Detects Xtreme RAT;http://malwareconfig.com/stats/Xtreme;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;10687c6e5c64322c7528ed2d16a69068 RAT_adWind;Detects Adwind RAT;http://malwareconfig.com/stats/adWind;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;dd659802f7eb51598668a9e0bd00e87b RAT_njRat;Detects njRAT;http://malwareconfig.com/stats/njRat;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;00a26b95aa92d2e252a2f3bee14d39e8 RAT_unrecom;Detects unrecom RAT;http://malwareconfig.com/stats/unrecom;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;200618ec265fef0fcde114264cbfb4bf RAT_xRAT;Detects xRAT;http://malwareconfig.com/stats/xRat;2014-04-06 00:00:00;75;Kevin Breen <kevin@techanarchy.net>;MAL;99656fdf3a4552add06c1c886df3d0ab RDP_Brute_Strings;Detects RDP brute forcer from NCSC report;https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control;2018-04-06 00:00:00;75;NCSC;;f5be15452c1e912628c54df68d6b8b40 REDLEAVES_CoreImplant_UniqueStrings;Strings identifying the core REDLEAVES RAT in its deobfuscated state;https://www.us-cert.gov/ncas/alerts/TA17-117A;1970-01-01 01:00:00;75;USG;MAL,OBFUS;2723ca091b4215392abc9cf8236a24ef REDLEAVES_DroppedFile_ImplantLoader_Starburn;Detect the DLL responsible for loading and deobfuscating the DAT file containing shellcode and core REDLEAVES RAT;https://www.us-cert.gov/ncas/alerts/TA17-117A;1970-01-01 01:00:00;75;USG;MAL;8b1b3cceada4b1497d3ef70ed8910227 REDLEAVES_DroppedFile_ObfuscatedShellcodeAndRAT_handkerchief;Detect obfuscated .dat file containing shellcode and core REDLEAVES RAT;https://www.us-cert.gov/ncas/alerts/TA17-117A;1970-01-01 01:00:00;75;USG;MAL,OBFUS;ed8268e74d315aa6836ac0d54c8f109f ROKRAT_Dropper_Nov17;Detects dropper for ROKRAT malware;http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html;2017-11-28 00:00:00;75;Florian Roth;EXE,FILE,MAL;0c0f26a803abe8b938036658a4078a24 ROKRAT_Malware;Detects ROKRAT Malware;http://blog.talosintelligence.com/2017/04/introducing-rokrat.html;2017-04-03 00:00:00;75;Florian Roth;EXE,FILE,MAL;71c35c3903aba57a19e211e2cf9802d3 ROKRAT_Nov17_1;Detects ROKRAT malware;Internal Research;2017-11-28 00:00:00;75;Florian Roth;EXE,FILE,MAL;e6ca51add94e378794045665634a8b3e RUAG_Bot_Config_File;Detects a specific config file used by malware in RUAG APT case;https://goo.gl/N5MEj0;1970-01-01 01:00:00;60;Florian Roth;APT,FILE;b4135aa113df1c9403c390baa3e8e1ba RUAG_Cobra_Config_File;Detects a config text file used by malware Cobra in RUAG case;https://goo.gl/N5MEj0;1970-01-01 01:00:00;60;Florian Roth;FILE,NK;4329482e57a3cc6ac143559d5654ec5e RUAG_Cobra_Malware;Detects a malware mentioned in the RUAG Case called Carbon/Cobra;https://goo.gl/N5MEj0;1970-01-01 01:00:00;60;Florian Roth;EXE,FILE,MAL,NK;9a30aa4c11b1ab858c016e07ccaa8310 RUAG_Exfil_Config_File;Detects a config text file used in data exfiltration in RUAG case;https://goo.gl/N5MEj0;1970-01-01 01:00:00;60;Florian Roth;FILE;718e926c8bfd7412ecb06d371ed85761 RUAG_Tavdig_Malformed_Executable;Detects an embedded executable with a malformed header - known from Tavdig malware;https://goo.gl/N5MEj0;1970-01-01 01:00:00;60;Florian Roth;EXE,FILE;e16cd17470718414cebd80c69b8a736c Radmin_Hash;Chinese Hacktool Set - file Radmin_Hash.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;9ae2c4f14981a318799a43538bbe7e57 RangeScan;Disclosed hacktool set (old stuff) - file RangeScan.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;cbf554061021d842c14dc6ff0aae195a Ransom_LockerGoga_Mar19_1;Detects LockerGoga ransomware binaries;https://www.nrk.no/norge/skreddersydd-dobbeltangrep-mot-hydro-1.14480202;2019-03-19 00:00:00;75;Florian Roth;EXE,FILE,MAL,RANSOM;ece0483614c79b6a6895fccec2ab336f ReactOS_cmd_valid;ReactOS cmd.exe with correct file name - maybe packed with software or part of hacker toolset;http://www.elifulkerson.com/articles/suzy-sells-cmd-shells.php;2014-05-11 00:00:00;30;Florian Roth;HKTL;e1d135670931d2a0ffad7ea37667c6ef Reader_asp;Semi-Auto-generated - file Reader.asp.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;8c63ed354bbf0b6bf271d52ed08f35e3 Reaver3_Malware_Nov17_1;Detects Reaver malware mentioned in PaloAltoNetworks report;https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/;2017-11-11 00:00:00;75;Florian Roth;EXE,FILE,MAL;fbcef4eef2ca404c6e0e1cc8afe4bed2 Reaver3_Malware_Nov17_2;Detects Reaver malware mentioned in PaloAltoNetworks report;https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/;2017-11-11 00:00:00;75;Florian Roth;EXE,FILE,MAL;575c1a0f94a4dd2f4e92cbe404a4531d Reaver3_Malware_Nov17_3;Detects Reaver malware mentioned in PaloAltoNetworks report;https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/;2017-11-11 00:00:00;75;Florian Roth;EXE,FILE,MAL;5f2b493c3894a32b50d6156ac2ceb061 ReconCommands_in_File;Detects various recon commands in a single file;https://twitter.com/haroonmeer/status/939099379834658817;2017-12-11 00:00:00;40;Florian Roth;;8e3f594f562cdc4b6f167ee60bf0fc43 Recon_Commands_Windows_Gen1;Detects a set of reconnaissance commands on Windows systems;Internal Research;2017-07-10 00:00:00;60;Florian Roth;KEYWORD;af4e21bd7a8bc0843d71acc23a93ed42 ReflectiveLoader;Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended;Internal Research;1970-01-01 01:00:00;60;Florian Roth (auto-filled);EXE,FILE;1fd7c7f6b3176d9a1035b1a1d68140d2 Reflective_DLL_Loader_Aug17_1;Detects Reflective DLL Loader;Internal Research;2017-08-20 00:00:00;75;Florian Roth;EXE,FILE;9038b82b917ab5625a2a6e23808e66c2 Reflective_DLL_Loader_Aug17_2;Detects Reflective DLL Loader - suspicious - Possible FP could be program crack;Internal Research;2017-08-20 00:00:00;60;Florian Roth;EXE,FILE;dd8911ec43dd2ba1562ea427b01ca65b Reflective_DLL_Loader_Aug17_3;Detects Reflective DLL Loader;Internal Research;2017-08-20 00:00:00;75;Florian Roth;EXE,FILE;b2404b2c04b0abb6f06cec0151340b78 Reflective_DLL_Loader_Aug17_4;Detects Reflective DLL Loader;Internal Research;2017-08-20 00:00:00;75;Florian Roth;EXE,FILE;2eb359adff2ca6ac13d54d042e1da906 Regin_APT_KernelDriver_Generic_A;Generic rule for Regin APT kernel driver Malware - Symantec http://t.co/qu53359Cb2;-;2014-11-23 00:00:00;75;@Malwrsignatures - included in APT Scanner THOR;APT,EXE,FILE,GEN,MAL;552e13461211053888703f49d4b8845a Regin_APT_KernelDriver_Generic_B;Generic rule for Regin APT kernel driver Malware - Symantec http://t.co/qu53359Cb2;-;2014-11-23 00:00:00;75;@Malwrsignatures - included in APT Scanner THOR;APT,EXE,FILE,GEN,MAL;a35c93cae83a841091c3ba66a7ed7665 Regin_APT_KernelDriver_Generic_C;Generic rule for Regin APT kernel driver Malware - Symantec http://t.co/qu53359Cb2;-;2014-11-23 00:00:00;75;@Malwrsignatures - included in APT Scanner THOR;APT,EXE,FILE,GEN,MAL;b380dcf311e5e5739c6f32e10a837791 Regin_Related_Malware;Malware Sample - maybe Regin related;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;MAL;52496acb2cabc8fc2e7daef38beb0c09 Regin_Sample_1;Auto-generated rule - file-3665415_sys;-;2014-11-26 00:00:00;75;@MalwrSignatures;;0eab7e5a64388a9164f5e1594de33ccb Regin_Sample_2;Auto-generated rule - file hiddenmod_hookdisk_and_kdbg_8949d000.bin;-;2014-11-26 00:00:00;75;@MalwrSignatures;;cf0116df8fdd0628a40c1db4c39f8bc8 Regin_Sample_3;Detects Regin Backdoor sample fe1419e9dde6d479bd7cda27edd39fafdab2668d498931931a2769b370727129;-;2014-11-27 00:00:00;75;@Malwrsignatures;FILE,MAL;6b13613577b7791ab5edd68115c8b599 Regin_Sample_Set_1;Auto-generated rule - file SHF-000052 and ndisips.sys;-;2014-11-26 00:00:00;75;@MalwrSignatures;;ea59dd9cf4e9be722c2bedfdc57c7720 Regin_Sample_Set_2;Detects Regin Backdoor sample;-;2014-11-27 00:00:00;75;@MalwrSignatures;MAL;f94231bc02aee731ed76562e583301d4 Regin_sig_svcsstat;Detects svcstat from Regin report - file svcsstat.exe_sample;-;2014-11-26 00:00:00;75;@MalwrSignatures;;14b579590f609eb92d335baed2c72494 Rehashed_RAT_1;Detects malware from Rehashed RAT incident;https://blog.fortinet.com/2017/09/05/rehashed-rat-used-in-apt-campaign-against-vietnamese-organizations;2017-09-08 00:00:00;75;Florian Roth;EXE,FILE,MAL;15526a903b3e22acae7754bf54a10d98 Rehashed_RAT_2;Detects malware from Rehashed RAT incident;https://blog.fortinet.com/2017/09/05/rehashed-rat-used-in-apt-campaign-against-vietnamese-organizations;2017-09-08 00:00:00;75;Florian Roth;EXE,FILE,MAL;70b9fd72775c6fa868c819e580a6040e Rehashed_RAT_3;Detects malware from Rehashed RAT incident;https://blog.fortinet.com/2017/09/05/rehashed-rat-used-in-apt-campaign-against-vietnamese-organizations;2017-09-08 00:00:00;75;Florian Roth;EXE,FILE,MAL;6749588122377de88f6f39ad88cf96a3 Release_dllTest;Webshells Auto-generated - file dllTest.dll;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;0265bdb7f5d5fca45ee68c3a81f32cf8 RemCom_RemoteCommandExecution;Detects strings from RemCom tool;https://goo.gl/tezXZt;2017-12-28 00:00:00;50;Florian Roth;HKTL;7d2f1910425736b7e1185a717e446133 RemExp_asp;Semi-Auto-generated - file RemExp.asp.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;99538f26f7158d7c4497ce7cac4d0ec1 Rem_View_php_php;Semi-Auto-generated - file Rem View.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;c8b71fdebb0e5e13446d7b4ab27f3c24 RemoteCmd;Detects a remote access tool used by APT groups - file RemoteCmd.exe;http://goo.gl/igxLyF;2016-09-08 00:00:00;75;Florian Roth;APT,EXE,FILE;dfa2313b7c62c2aa21e9487e1c99e54a RemoteExec_Tool;Remote Access Tool used in APT Terracotta;https://blogs.rsa.com/terracotta-vpn-enabler-of-advanced-threat-anonymity/;2015-08-04 00:00:00;75;Florian Roth;APT,EXE,FILE;5bfde6a69f576f4479d1a5ef0a7f3bad Reveal_MemoryCredentials;Auto-generated rule - file Reveal-MemoryCredentials.ps1;https://github.com/giMini/RWMC/;2015-08-31 00:00:00;75;Florian Roth;;8e6a0dcc31eec6caae8aba5dc2efa069 RevengeRAT_Sep17;Detects RevengeRAT malware;Internal Research;2017-09-04 00:00:00;75;Florian Roth;EXE,FILE,MAL;81d8787bba5a242fccd29fbf2221e518 RkNTLoad;Webshells Auto-generated - file RkNTLoad.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;111db0e4417c6ff3278d24ae98589a52 RocketKitten_Keylogger;Detects Keylogger used in Rocket Kitten APT;https://goo.gl/SjQhlp;2015-09-01 00:00:00;75;Florian Roth;APT,EXE,FILE,HKTL,MIDDLE_EAST;371e10680c2cec64629c2d671001e2f1 Rombertik_CarbonGrabber;Detects CarbonGrabber alias Rombertik - file Copy#064046.scr;http://blogs.cisco.com/security/talos/rombertik;2015-05-05 00:00:00;75;Florian Roth;EXE,FILE;9ead69ddd32e5db41809c3996151cdda Rombertik_CarbonGrabber_Builder;Detects CarbonGrabber alias Rombertik Builder - file Builder.exe;http://blogs.cisco.com/security/talos/rombertik;2015-05-05 00:00:00;75;Florian Roth;EXE,FILE;c6535efaae6732fe098ce2cf098107ba Rombertik_CarbonGrabber_Builder_Server;Detects CarbonGrabber alias Rombertik Builder Server - file Server.exe;http://blogs.cisco.com/security/talos/rombertik;2015-05-05 00:00:00;75;Florian Roth;EXE,FILE;58ae753ac4f58140e43888ca3e27b1c5 Rombertik_CarbonGrabber_Panel;Detects CarbonGrabber alias Rombertik Panel - file index.php;http://blogs.cisco.com/security/talos/rombertik;2015-05-05 00:00:00;75;Florian Roth;;63ab76e8e846781141b9dfb464c10398 Rombertik_CarbonGrabber_Panel_InstallScript;Detects CarbonGrabber alias Rombertik panel install script - file install.php;http://blogs.cisco.com/security/talos/rombertik;2015-05-05 00:00:00;75;Florian Roth;;d4e855a0e13a6762c6bfa3b63f60d3bd RottenPotato_Potato;Detects a component of privilege escalation tool Rotten Potato - file Potato.exe;https://github.com/foxglovesec/RottenPotato;2017-02-07 00:00:00;90;Florian Roth;EXE,FILE;be54bbe28b6c8d7fbda4dd525f684be9 SAM_Hive_Backup;Detects a SAM hive backup file;https://github.com/gentilkiwi/mimikatz/wiki/module-~-lsadump;2015-03-31 00:00:00;60;Florian Roth;EXTVAR,FILE;6c935acbe2c1cc41f02e36c792e73c73 SCT_Scriptlet_in_Temp_Inet_Files;Detects a scriptlet file in the temporary Internet files (see regsvr32 AppLocker bypass);http://goo.gl/KAB8Jw;2016-04-26 00:00:00;75;Florian Roth;EXTVAR,FILE;422c490c2b55ea132885ff2edd79c444 SFXRAR_Acrotray;Most likely a malicious file acrotray in SFX RAR / CloudDuke APT 5442.1.exe, 5442.2.exe;https://www.f-secure.com/weblog/archives/00002822.html;2015-07-22 00:00:00;70;Florian Roth;APT,EXE,FILE,RUSSIA;1f9afe05b73968799caf3c015a9f0f18 SHIFU_Banking_Trojan;Detects SHIFU Banking Trojan;http://goo.gl/52n8WE;2015-10-31 00:00:00;70;Florian Roth;EXE,FILE,MAL;029a7d58e425a2f08afb031b87b203e5 SLServer_campaign_code;Searches for the related campaign code.;-;2016-04-18 00:00:00;75;Matt Brooks, @cmatthewbrooks;FILE;02ade1eaea0bac9e74086fd5dbb51d44 SLServer_command_and_control;Searches for the C2 server.;-;2016-04-18 00:00:00;75;Matt Brooks, @cmatthewbrooks;FILE;4ce76481034d5ef2ac10cfd8e2f20f9e SLServer_dialog_remains;Searches for related dialog remnants.;-;2016-04-18 00:00:00;75;Matt Brooks, @cmatthewbrooks / modified by Florian Roth;FILE;b3901b72799c0dd18aae12ed54da9821 SLServer_mutex;Searches for the mutex.;-;2016-04-18 00:00:00;75;Matt Brooks, @cmatthewbrooks;FILE;b6cd1d5a8d26d6f2d6d21f80f8de8cfb SLServer_unknown_string;Searches for a unique string.;-;2016-04-18 00:00:00;75;Matt Brooks, @cmatthewbrooks;FILE;af7fd981f96874bebda96e9d360855e3 SNOWGLOBE_Babar_Malware;Detects the Babar Malware used in the SNOWGLOBE attacks - file babar.exe;http://motherboard.vice.com/read/meet-babar-a-new-malware-almost-certainly-created-by-france;2015-02-18 00:00:00;80;Florian Roth;EXE,FILE,MAL;183c725591cbbb67a1b0b280dccffbe8 SQLCracker;Chinese Hacktool Set - file SQLCracker.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;d72f12da7b9ac7e7aa16be5cbaccc86d SQLMap;This signature detects the SQLMap SQL injection tool;-;2014-07-06 00:00:00;60;Florian Roth;HKTL;98e627b7d61a419bf070a77bb567a129 SQLTools;Chinese Hacktool Set - file SQLTools.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;db6030b4038bac7431602eeceffb2811 STNC_php_php;Semi-Auto-generated - file STNC.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;8f8dd0097027f710c7fa991ef2432bd6 SUSP_Bad_PDF;Detects PDF that embeds code to steal NTLM hashes;Internal Research;2018-05-03 00:00:00;75;Florian Roth, Markus Neis;FILE,SUSP;e31e105385471c2664b7c061aedac9cf SUSP_CMD_Var_Expansion;Detects Office droppers that include a variable expansion string;https://twitter.com/asfakian/status/1044859525675843585;2018-09-26 00:00:00;60;Florian Roth;FILE,OFFICE,SUSP;7c1163971a89e1921c1a486baaa5072a SUSP_ELF_LNX_UPX_Compressed_File;Detects a suspicious ELF binary with UPX compression;Internal Research;2018-12-12 00:00:00;40;Florian Roth;FILE,LINUX,SUSP;4052342a830f55f02a949b76de1267e3 SUSP_ELF_Tor_Client;Detects VPNFilter malware;Internal Research;2018-05-24 00:00:00;75;Florian Roth;FILE,LINUX,SUSP;208d049ce35e555a893e38f8bb0ff700 SUSP_EnableContent_String_Gen;Detects suspicious string that asks to enable active content in Office Doc;Internal Research;2019-02-12 00:00:00;75;Florian Roth;FILE,GEN,OFFICE,SUSP;70c79e8178d4628e5dc5a7c76b13b1f6 SUSP_Imphash_PassRevealer_PY_EXE;Detects an imphash used by password revealer and hack tools;Internal Research;2018-04-06 00:00:00;40;Florian Roth;EXE,FILE,HKTL,SUSP;29e5ad98ad6f8a1588eb37b4d2ad0238 SUSP_JAVA_Class_with_VBS_Content;Detects a JAVA class file with strings known from VBS files;https://www.menlosecurity.com/blog/a-jar-full-of-problems-for-financial-services-companies;2019-01-03 00:00:00;60;Florian Roth;FILE,SCRIPT,SUSP;2d8cb05f3262ed4c4b1ee1b99129f4d2 SUSP_Katz_PDB;Detects suspicious PDB in file;Internal Research;2019-02-04 00:00:00;75;Florian Roth;EXE,FILE,HKTL,SUSP;4e8343e402d3ffa838b2401bec6e5b05 SUSP_LNK_Big_Link_File;Detects a suspiciously big LNK file - maybe with embedded content;Internal Research;2018-05-15 00:00:00;65;Florian Roth;FILE,SUSP;2434620a156275a9b7ede3a822bed7a4 SUSP_LNK_File_AppData_Roaming;Detects a suspicious link file that references to AppData Roaming;https://www.fireeye.com/blog/threat-research/2018/05/deep-dive-into-rig-exploit-kit-delivering-grobios-trojan.html;2018-05-16 00:00:00;50;Florian Roth;FILE,SUSP;f1e9fd4cba6619454d2e6162c84bd181 SUSP_LNK_File_PathTraversal;Detects a suspicious link file that references a file multiple folders lower than the link itself;https://www.fireeye.com/blog/threat-research/2018/05/deep-dive-into-rig-exploit-kit-delivering-grobios-trojan.html;2018-05-16 00:00:00;40;Florian Roth;FILE,SUSP;f731f5d681534f95c3e18ca4f8879588 SUSP_LNK_SuspiciousCommands;Detects LNK file with suspicious content;-;2018-09-18 00:00:00;60;Florian Roth;FILE,SUSP;27c8f30ffb31c9bb67693cf4cfc1a033 SUSP_LNK_lnkfileoverRFC;detect APT lnk files that run double extraction and launch routines with autoruns;-;2018-09-18 00:00:00;75;@Grotezinfosec, modified by Florian Roth;APT,FILE,SUSP;3715aa6f3090a5820cc72255523a6cde SUSP_Macro_StarOffice;Suspicious macro in StarOffice;https://twitter.com/JohnLaTwC/status/1093259873993732096;2019-02-06 00:00:00;60;John Lambert @JohnLaTwC;FILE,OFFICE,SUSP;22ee481b4dc7047678fd9fb99687b4f6 SUSP_Microsoft_7z_SFX_Combo;Detects a suspicious file that has a Microsoft copyright and is a 7z SFX;Internal Research;2018-09-16 00:00:00;75;Florian Roth;ANOMALY,EXE,FILE,SUSP;a3a9108b18f27c38e1a8cf2c36bcf24b SUSP_Microsoft_Copyright_String_Anomaly_2;Detects Floxif Malware;Internal Research;2018-05-11 00:00:00;60;Florian Roth;EXE,FILE,MAL,SUSP;0248c1ff2608c6f314257bfee2cb2883 SUSP_Microsoft_RAR_SFX_Combo;Detects a suspicious file that has a Microsoft copyright and is a RAR SFX;Internal Research;2018-09-16 00:00:00;75;Florian Roth;ANOMALY,EXE,FILE,SUSP;a6aa52a1aeb7cfe07781bd8fd979f1ff SUSP_Modified_SystemExeFileName_in_File;Detecst a variant of a system file name often used by attackers to cloak their activity;https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group;2018-12-11 00:00:00;65;Florian Roth;EXE,FILE,SUSP;82b7ee96542c85910d615a2f83340a37 SUSP_Obfuscted_PowerShell_Code;Detects obfuscated PowerShell Code;https://twitter.com/silv0123/status/1073072691584880640;2018-12-13 00:00:00;75;Florian Roth;OBFUS,SCRIPT,SUSP;9486565bca8c5af0c51f0ad8dcc8358d SUSP_Office_Dropper_Strings;Detects Office droppers that include a notice to enable active content;Internal Research;2018-09-13 00:00:00;75;Florian Roth;FILE,MAL,OFFICE,SUSP;c16fb85c66f239c0a37d86f222f3838f SUSP_PDB_Strings_Keylogger_Backdoor;Detects PDB strings used in backdoors or keyloggers;Internal Research;2018-03-23 00:00:00;65;Florian Roth;EXE,FILE,HKTL,MAL,SUSP;8d52995e69499575c48870a5e015c3bb SUSP_PiratedOffice_2007;Detects an Office document that was created with a pirated version of MS Office 2007;https://twitter.com/pwnallthethings/status/743230570440826886?lang=en;2018-12-04 00:00:00;40;Florian Roth;FILE,OFFICE,SUSP;5f735a9d72877ccd134931a727082232 SUSP_PowerShell_IEX_Download_Combo;Detects strings found in sample from CN group repo leak in October 2018;https://twitter.com/JaromirHorejsi/status/1047084277920411648;2018-10-04 00:00:00;75;Florian Roth;ANOMALY,SCRIPT,SUSP;e4c7e99f1968611d133183bab2996022 SUSP_PowerShell_String_K32_RemProcess;Detects suspicious PowerShell code that uses Kernel32, RemoteProccess handles or shellcode;https://github.com/nccgroup/redsnarf;2018-03-31 00:00:00;75;Florian Roth;FILE,SCRIPT,SUSP;80e6addb6d5b52ccc4ef6ff7ee8218b2 SUSP_Powershell_ShellCommand_May18_1;Detects a supcicious powershell commandline;https://github.com/0x00-0x00/ShellPop;2018-05-18 00:00:00;75;Tobias Michalski;HKTL,SUSP;e7b7619775c90a8d973214fb149a8b1f SUSP_Putty_Unnormal_Size;Detects a putty version with a size different than the one provided by Simon Tatham (could be caused by an additional signature or malware);Internal Research;2019-01-07 00:00:00;50;Florian Roth;EXE,FILE,SUSP;741f7d491478d22036feb4ad09919355 SUSP_RAR_with_PDF_Script_Obfuscation;Detects RAR file with suspicious .pdf extension prefix to trick users;Internal Research;2019-04-06 00:00:00;75;Florian Roth;FILE,OBFUS,SUSP;d4b1823ab0ea714a6c2d166c792541ce SUSP_RTF_Header_Anomaly;Detects malformed RTF header often used to trick mechanisms that check for a full RTF header;https://twitter.com/ItsReallyNick/status/975705759618158593;2019-01-20 00:00:00;75;Florian Roth;FILE,SUSP;283653751850fd301eaaf090edb31f1b SUSP_Renamed_Dot1Xtray;Detects a legitimate renamed dot1ctray.exe, which is often used by PlugX for DLL side-loading;Internal Research;2018-11-15 00:00:00;75;Florian Roth;EXE,EXTVAR,FILE,SUSP;11a3af23d9945c66524cb6f60545f8f1 SUSP_SFX_RunProgram_WScript;Detects suspicious SFX as used by Gamaredon group;Internal Research;2018-09-27 00:00:00;75;Florian Roth;EXE,FILE,SUSP;7406550f49d81846af5b6eeba58ffa45 SUSP_Scheduled_Task_BigSize;Detects suspiciously big scheduled task XML file as seen in combination with embedded base64 encoded PowerShell code;Internal Research;2018-12-06 00:00:00;75;Florian Roth;FILE,SCRIPT,SUSP;7d1e4d8baeb5d9ba9a9d07c84afaaa4c SUSP_Script_Obfuscation_Char_Concat;Detects strings found in sample from CN group repo leak in October 2018;https://twitter.com/JaromirHorejsi/status/1047084277920411648;2018-10-04 00:00:00;75;Florian Roth;OBFUS,SUSP;dcc29ae427be97b48072b002c9a3197d SUSP_Size_of_ASUS_TuningTool;Detects an ASUS tuning tool with a suspicious size;https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/;2018-10-17 00:00:00;60;Florian Roth;EXE,FILE,SUSP;877ecec366fd74453e4622c84b1137f2 SUSP_Win32dll_String;Detects suspicious string in executables;https://medium.com/@Sebdraven/apt-sidewinder-changes-theirs-ttps-to-install-their-backdoor-f92604a2739;2018-10-24 00:00:00;75;Florian Roth;SUSP;6cbeb34cdd69c3482eaf472fa94ec97f SUSP_WordDoc_VBA_Macro_Strings;Detects suspicious strings in Word Doc that indcate malicious use of VBA macros;Internal Research;2019-02-12 00:00:00;60;Florian Roth;FILE,OFFICE,SCRIPT,SUSP;578e795fe8211e16b625a652410e4b85 SUSP_XMRIG_String;Detects a suspicious XMRIG crypto miner executable string in filr;Internal Research;2018-12-28 00:00:00;75;Florian Roth;EXE,FILE,SUSP;79c20663f29d32bdaa0806d8ad45f355 SUSP_autocad_lsp_malware;Recognizes malicious autocad files written in LISP;-;2019-02-04 00:00:00;75;John Lambert @JohnLaTwC;FILE,MAL,SUSP;2eb94ea2a4c876479eecb5609d77bace SUSP_certificate_payload;Detects payloads that pretend to be certificates;https://blog.nviso.be/2018/08/02/powershell-inside-a-certificate-part-3/;2018-08-02 00:00:00;50;Didier Stevens, Florian Roth;FILE,SUSP;e5ec1f0dd359cc6ceb9be6d900e60958 SUSP_shellpop_Bash;Detects susupicious bash command;https://github.com/0x00-0x00/ShellPop;2018-05-18 00:00:00;75;Tobias Michalski;HKTL,SUSP;0f2f02f4710c4b99717c88c8c857ea31 SVG_LoadURL;Detects a tiny SVG file that loads an URL (as seen in CryptoWall malware infections);http://goo.gl/psjCCc;2015-05-24 00:00:00;50;Florian Roth;;297f927a2adf5cf789f789d3f8802876 S_MultiFunction_Scanners_s;Chinese Hacktool Set - file s.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;b0e83c4f048f21a76a79c3383cfdde8c Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php;Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;5d4914a5634d049554b64b5f16965c94 Safe_Mode_Bypass_PHP_4_4_2_and_PHP_5_1_2_php;Semi-Auto-generated - file Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;cbc0b6e310fefbe3cf6fc574ddf7d6d6 Sality_Malware_Oct16;Detects an unspecififed malware - October 2016;Internal Research;2016-10-08 00:00:00;80;Florian Roth;EXE,FILE,MAL;3d3d4e84fbc3ae5f763e7fbe0b153bbd Saudi_Phish_Trojan;Detects a trojan used in Saudi Aramco Phishing;https://goo.gl/Z3JUAA;2017-10-12 00:00:00;75;Florian Roth;EXE,FILE,MAL;4401ceb9763de9044acecbc30ae86bcb ScanBox_Malware_Generic;Scanbox Chinese Deep Panda APT Malware http://goo.gl/MUUfjv and http://goo.gl/WXUQcP;-;2015-02-28 00:00:00;75;Florian Roth;APT,CHINA,GEN,MAL;1d04717f065176c0fbdb39ce2dfd7ddd Scarcruft_malware_Feb18_1;Detects Scarcruft malware - February 2018;https://twitter.com/craiu/status/959477129795731458;2018-02-03 00:00:00;90;Florian rootpath;EXE,FILE;f35dc7716fc3dea291748271c4b13750 SeDLL_Javascript_Decryptor;Detects SeDll - DLL is used for decrypting and executing another JavaScript backdoor such as Orz;https://goo.gl/MZ7dRg;2017-10-18 00:00:00;75;Florian Roth;EXE,FILE,MAL;fba106c49d4ff77baa3b6a9fb38fe6d8 SeaDuke_Sample;SeaDuke Malware - file 3eb86b7b067c296ef53e4857a74e09f12c2b84b666fc130d1f58aec18bc74b0d;http://goo.gl/MJ0c2M;2015-07-14 00:00:00;70;Florian Roth;EXE,FILE,MAL,RUSSIA;d8999772c91dd2950801b5b270f91c2d SecurityXploded_Producer_String;Detects hacktools by SecurityXploded;http://securityxploded.com/browser-password-dump.php;2017-07-13 00:00:00;60;Florian Roth;EXE,FILE,HKTL;4476c6ab666e84e049501aa47fa16e59 Servantshell;Detects Servantshell malware;https://tinyurl.com/jmp7nrs;2017-02-02 00:00:00;70;Arbor Networks ASERT Nov 2015;EXE,FILE;e2ede7d8968d16f7fd601b30faee92a1 SetupBDoor;Webshells Auto-generated - file SetupBDoor.exe;-;1970-01-01 01:00:00;75;Florian Roth;MAL,WEBSHELL;9e1512124f625c40e2aa0f65fb0eddcc ShadowPad_nssock2;Detects malicious nssock2.dll from ShadowPad incident - file nssock2.dll;https://securelist.com/shadowpad-in-corporate-networks/81432/;2017-08-15 00:00:00;75;Florian Roth;EXE,FILE;9a3d68a3ade02d3e00b5738f61c8e297 Shamoon2_ComComp;Detects Shamoon 2.0 Communication Components;https://goo.gl/jKIfGB;2016-12-01 00:00:00;70;Florian Roth (with Binar.ly);EXE,FILE,MIDDLE_EAST;e751182f5c9bdb90ac0c24730c64e015 Shamoon2_Wiper;Detects Shamoon 2.0 Wiper Component;https://goo.gl/jKIfGB;2016-12-01 00:00:00;70;Florian Roth;EXE,FILE,MIDDLE_EAST;a6447177a8e7461b725a752e7a2489d8 Shamoon_Disttrack_Dropper;Detects Shamoon 2.0 Disttrack Dropper;https://goo.gl/jKIfGB;2016-12-01 00:00:00;70;Florian Roth;EXE,FILE,MAL,MIDDLE_EAST;9eeac6827ac5fbedb6139d2291eeba22 SharpCat;Detects command shell SharpCat - file SharpCat.exe;https://github.com/Cn33liz/SharpCat;2016-06-10 00:00:00;75;Florian Roth;EXE,FILE;cb6b28395b5d370ea4ac33c3bbd0df5f Sharpire;Auto-generated rule - file Sharpire.exe;https://github.com/0xbadjuju/Sharpire;2017-09-23 00:00:00;75;Florian Roth;EXE,FILE,HKTL;af83750796220002e169740cc58ad9c1 ShellCrew_StreamEx_1;Auto-generated rule - file 81f411415aefa5ad7f7ed2365d9a18d0faf33738617afc19215b69c23f212c07;https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar;2017-02-10 00:00:00;75;Florian Roth;EXE,FILE;44059c9bb021dbf159b5c34fd0a4dfc5 ShellCrew_StreamEx_1_msi;Auto-generated rule - file msi.dll;https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar;2017-02-10 00:00:00;75;Florian Roth;EXE,FILE;7e8c2a69aa211038a75505cd1326d478 ShellCrew_StreamEx_1_msi_dll;Auto-generated rule - file msi.dll.eng;https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar;2017-02-10 00:00:00;75;Florian Roth;FILE;68f86b69d38f8cc64468665e86ae7a11 Shell_Asp;Chinese Hacktool Set Webshells - file Asp.html;http://tools.zjqhr.com/;2015-06-14 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;2c15b1de91807aadc28bb1cc9f5258d6 Shifu_Banking_Trojan;Detects Shifu Banking Trojan;https://securityintelligence.com/shifu-masterful-new-banking-trojan-is-attacking-14-japanese-banks/;2015-09-01 00:00:00;75;Florian Roth;EXE,FILE,MAL;7513c4a0aec0365cd29c46fe0ad7973d Sig_RemoteAdmin_1;Detects strings from well-known APT malware;Internal Research;2017-12-03 00:00:00;45;Florian Roth;APT,EXE,FILE,HKTL;7df0125ffc867d1635ecc3f36c4e1785 Silence_malware_1;Detects malware sample mentioned in the Silence report on Securelist;https://securelist.com/the-silence/83009/;2017-11-01 00:00:00;75;Florian Roth;EXE,FILE;2fe00228c7f61644ae594898b5275219 Silence_malware_2;Detects malware sample mentioned in the Silence report on Securelist;https://securelist.com/the-silence/83009/;2017-11-01 00:00:00;75;Florian Roth;EXE,FILE;e38f1402a1263a17e0cac05cba23f1b9 SimAttacker___Vrsion_1_0_0___priv8_4_My_friend_php;Semi-Auto-generated - file SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;4809109057249cdf09cc40e9e8b18337 SimShell_1_0___Simorgh_Security_MGZ_php;Semi-Auto-generated - file SimShell 1.0 - Simorgh Security MGZ.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;3331eb9cc05889b0f918349bec9e5d09 Simple_PHP_BackDooR;Webshells Auto-generated - file Simple_PHP_BackDooR.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;d6ce909fa562c5987d556ebc0ad1f4bc Sincap_php_php;Semi-Auto-generated - file Sincap.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;e5cc523957637149a0a094a134d2ca3e Sleep_Timer_Choice;Detects malware from NCSC report;https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control;2018-04-06 00:00:00;75;NCSC;EXE,FILE;9a74e73bfded804dc0a2c05a564b4676 Slingshot_APT_Malware_1;Detects malware from Slingshot APT;https://securelist.com/apt-slingshot/84312/;2018-03-09 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;c51e9ed0d1f0dc1ba03736c59655279e Slingshot_APT_Malware_2;Detects malware from Slingshot APT;https://securelist.com/apt-slingshot/84312/;2018-03-09 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;2851b18981c7241d29a82c2a7aed911f Slingshot_APT_Malware_3;Detects malware from Slingshot APT;https://securelist.com/apt-slingshot/84312/;2018-03-09 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;8e0fa34cb8b4cd39d3572f05ce7bf481 Slingshot_APT_Malware_4;Detects malware from Slingshot APT;https://securelist.com/apt-slingshot/84312/;2018-03-09 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;e123bb2724f6b06981f3def1a527a3fc Slingshot_APT_Minisling;Detects malware from Slingshot APT;https://securelist.com/apt-slingshot/84312/;2018-03-09 00:00:00;75;Florian Roth;APT,EXE,FILE;fa4196dfdc7819f93abff8916a2f2370 Slingshot_APT_Ring0_Loader;Detects malware from Slingshot APT;https://securelist.com/apt-slingshot/84312/;2018-03-09 00:00:00;75;Florian Roth;APT,EXE,FILE;2000cb940b6139d1f0a7e90a4b8ad74c Slingshot_APT_Spork_Downloader;Detects malware from Slingshot APT;https://securelist.com/apt-slingshot/84312/;2018-03-09 00:00:00;75;Florian Roth;APT,EXE,FILE;92f0ae2e94325e6244f3012b86d425d5 Smartniff;Chinese Hacktool Set - file Smartniff.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;1fff8c42d015a321564fd25d8be4bc51 SnakeTurla_Install_SH;Detects Snake / Turla Sample;https://goo.gl/QaOh4V;2017-05-04 00:00:00;75;Florian Roth;FILE,RUSSIA;cc7e98e02db1e1898c7f99f08e5eed16 SnakeTurla_Installd_SH;Detects Snake / Turla Sample;https://goo.gl/QaOh4V;2017-05-04 00:00:00;75;Florian Roth;FILE,RUSSIA;076d333c251302f0dc3b97c0ab2a75fd SnakeTurla_Malware_May17_1;Detects Snake / Turla Sample;https://goo.gl/QaOh4V;2017-05-04 00:00:00;75;Florian Roth;FILE,MAL,RUSSIA;e64ab97dfe01aaa1af4aa873848ca267 SnakeTurla_Malware_May17_2;Detects Snake / Turla Sample;https://goo.gl/QaOh4V;2017-05-04 00:00:00;75;Florian Roth;FILE,MAL,RUSSIA;2d99c25e58be7a88478024b96a8d157b SnakeTurla_Malware_May17_3;Detects Snake / Turla Sample;https://goo.gl/QaOh4V;2017-05-04 00:00:00;75;Florian Roth;FILE,MAL,RUSSIA;d11143ddb82de91d69ef8c575a1b8b35 SnakeTurla_Malware_May17_4;Detects Snake / Turla Sample;https://goo.gl/QaOh4V;2017-05-04 00:00:00;75;Florian Roth;FILE,MAL,RUSSIA;4dae54c925ce8a1b61002b9100dc0310 SndVol_ANOMALY;Anomaly rule looking for certain strings in a system file (maybe false positive on certain systems) - file SndVol.exe;not set;2015-03-16 00:00:00;75;Florian Roth;ANOMALY,EXTVAR,REQ_PRIVATE,SUSP;9b81e915501f032dae537af5e56c8277 Sniffer_analyzer_SSClone_1210_full_version;Chinese Hacktool Set - file Sniffer analyzer SSClone 1210 full version.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;8d6eded396110038a3bf1288d1f9fcf6 SoakSoak_Infected_Wordpress;Detects a SoakSoak infected Wordpress site http://goo.gl/1GzWUX;http://goo.gl/1GzWUX;2014-12-15 00:00:00;60;Florian Roth;OFFICE,WEBSHELL;ae0273466952fb5899a5eef34cf5121c Sofacy_AZZY_Backdoor_HelperDLL;Dropped C&C helper DLL for AZZY 4.3;https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/;2015-12-04 00:00:00;75;Florian Roth;EXE,FILE,MAL,RUSSIA;9633e2bb889f3bb7ed2bb332b5981d55 Sofacy_AZZY_Backdoor_Implant_1;AZZY Backdoor Implant 4.3 - Sample 1;https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/;2015-12-04 00:00:00;75;Florian Roth;EXE,FILE,MAL,RUSSIA;8e08f404cbc943c9b61bf55e4efaa936 Sofacy_Bundestag_Batch;Sofacy Bundestags APT Batch Script;http://dokumente.linksfraktion.de/inhalt/report-orig.pdf;2015-06-19 00:00:00;70;Florian Roth;APT,RUSSIA;87a07da93f25cb0b1bcc4cf38963d75b Sofacy_Campaign_Mal_Feb18_cdnver;Detects Sofacy malware;https://twitter.com/ClearskySec/status/960924755355369472;2018-02-07 00:00:00;75;Florian Roth;EXE,FILE,RUSSIA;f33cf799f92109d2249f2adbf8912538 Sofacy_CollectorStealer_Gen1;Generic rule to detect Sofacy Malware Collector Stealer;https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/;2015-12-04 00:00:00;75;Florian Roth;EXE,FILE,GEN,MAL,RUSSIA;320a8c4dd6ad40cf6a222872fb93b110 Sofacy_CollectorStealer_Gen2;File collectors / USB stealers - Generic;https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/;2015-12-04 00:00:00;75;Florian Roth;EXE,FILE,GEN,RUSSIA;79c69dd60ce892112bf1a6b2e6b5659d Sofacy_CollectorStealer_Gen3;File collectors / USB stealers - Generic;https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/;2015-12-04 00:00:00;75;Florian Roth;EXE,FILE,GEN,RUSSIA;0747aafbcacb322a7843ea369bd1a0ad Sofacy_Fybis_ELF_Backdoor_Gen1;Detects Sofacy Fysbis Linux Backdoor_Naikon_APT_Sample1;http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/;2016-02-13 00:00:00;80;Florian Roth;APT,FILE,LINUX,MAL,RUSSIA;1d45ed1deb42371c07abe06fbe61306b Sofacy_Fysbis_ELF_Backdoor_Gen2;Detects Sofacy Fysbis Linux Backdoor;http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/;2016-02-13 00:00:00;80;Florian Roth;FILE,LINUX,MAL,RUSSIA;1ebf1a2a541d126435243e64bebe5bcf Sofacy_Jun16_Sample1;Detects Sofacy Malware mentioned in PaloAltoNetworks APT report;http://goo.gl/mzAa97;2016-06-14 00:00:00;85;Florian Roth;APT,EXE,FILE,MAL,RUSSIA;e4369712d5cd76271664023b132d9529 Sofacy_Jun16_Sample2;Detects Sofacy Malware mentioned in PaloAltoNetworks APT report;http://goo.gl/mzAa97;2016-06-14 00:00:00;85;Florian Roth;APT,EXE,FILE,MAL,RUSSIA;56028fb4348377290d1040278b0e6535 Sofacy_Jun16_Sample3;Detects Sofacy Malware mentioned in PaloAltoNetworks APT report;http://goo.gl/mzAa97;2016-06-14 00:00:00;85;Florian Roth;APT,EXE,FILE,MAL,RUSSIA;d455bf85511ad1b62fce95aaf7234a9a Sofacy_Mal2;Sofacy Group Malware Sample 2;http://dokumente.linksfraktion.de/inhalt/report-orig.pdf;2015-06-19 00:00:00;70;Florian Roth;EXE,FILE,MAL,RUSSIA;7c26b52c02228536c3c110686e625fff Sofacy_Mal3;Sofacy Group Malware Sample 3;http://dokumente.linksfraktion.de/inhalt/report-orig.pdf;2015-06-19 00:00:00;70;Florian Roth;EXE,FILE,MAL,RUSSIA;b26495941e6e9513a488210e4827853a Sofacy_Malware_AZZY_Backdoor_1;AZZY Backdoor - Sample 1;https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/;2015-12-04 00:00:00;75;Florian Roth;EXE,FILE,MAL,RUSSIA;c48ef6d314d2b34d736a1c5cba5e08a5 Sofacy_Malware_StrangeSpaces;Detetcs strange strings from Sofacy malware with many spaces;https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/;2015-12-04 00:00:00;75;Florian Roth;EXE,FILE,MAL,RUSSIA;f38dd724ab6dbd70680a55fac6b8a3d2 Sofacy_Oct17_1;Detects Sofacy malware reported in October 2017;http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html;2017-10-23 00:00:00;75;Florian Roth;EXE,FILE,RUSSIA;e7843dbb6e25d553856ac1e727a85dba Sofacy_Oct17_2;Detects Sofacy malware reported in October 2017;http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html;2017-10-23 00:00:00;75;Florian Roth;EXE,FILE,RUSSIA;01fa400317774bee99273b16214bfb17 Sofacy_Trojan_Loader_Feb18_1;Sofacy Activity Feb 2018;https://www.reverse.it/sample/e3399d4802f9e6d6d539e3ae57e7ea9a54610a7c4155a6541df8e94d67af086e?environmentId=100;2018-03-01 00:00:00;75;Florian Roth;EXE,FILE,MAL,RUSSIA;236d4994c0251bf578f3f9e417958616 Sphinx_Moth_cudacrt;sphinx moth threat group file cudacrt.dll;www.kudelskisecurity.com;2015-08-06 00:00:00;75;Kudelski Security - Nagravision SA;EXE,FILE;d502c7f5c0852c84fa9577dd49b93c2d Sphinx_Moth_h2t;sphinx moth threat group file h2t.dat;www.kudelskisecurity.com;2015-08-06 00:00:00;75;Kudelski Security - Nagravision SA (modified by Florian Roth);EXE,FILE;31e80a659c3e68201fb719dd233c7900 Sphinx_Moth_iastor32;sphinx moth threat group file iastor32.exe;www.kudelskisecurity.com;2015-08-06 00:00:00;75;Kudelski Security - Nagravision SA;EXE,FILE;c1947154d982687ac228b7a276c9678a Sphinx_Moth_kerberos32;sphinx moth threat group file kerberos32.dll;www.kudelskisecurity.com;2015-08-06 00:00:00;75;Kudelski Security - Nagravision SA (modified by Florian Roth);EXE,FILE;e53e6a49d6839b3a87f6d08429e67091 Sphinx_Moth_kerberos64;sphinx moth threat group file kerberos64.dll;www.kudelskisecurity.com;2015-08-06 00:00:00;75;Kudelski Security - Nagravision SA (modified by Florian Roth);EXE,FILE;e43e3baf39b8fb550a81f2ed90454f6a Sphinx_Moth_nvcplex;sphinx moth threat group file nvcplex.dat;www.kudelskisecurity.com;2015-08-06 00:00:00;75;Kudelski Security - Nagravision SA;EXE,FILE;0239ab675cecf319d7240ac73be9265d SplitJoin_V1_3_3_rar_Folder_3;Disclosed hacktool set (old stuff) - file splitjoin.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;ac25e8c7953de30a7887ccd55431f352 SqlDbx_zhs;Chinese Hacktool Set - file SqlDbx_zhs.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;1dbf66fc1e7be98eae5780e2c9ee0c02 StealthWasp_s_Basic_PortScanner_v1_2;Auto-generated rule on file StealthWasp's Basic PortScanner v1.2.exe;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator by Florian Roth;HKTL;c441ed23b05b0403ddc27905656a57e2 StegoKatz;Encoded Mimikatz in other file types;https://goo.gl/jWPBBY;2015-09-11 00:00:00;70;Florian Roth;;fd1a1336c374b4fb3becad053c5d4470 StoneDrill;Detects malware from StoneDrill threat report;https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/;2017-03-07 00:00:00;75;Florian Roth;EXE,FILE,MIDDLE_EAST;6c78e0292ca27cd9e6bfc83257102317 StoneDrill_BAT_1;Rule to detect Batch file from StoneDrill report;https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/;1970-01-01 01:00:00;75;Florian Roth;FILE,MIDDLE_EAST;769284956c5e9fe219ad2f39fd49d0af StoneDrill_Malware_2;Detects malware from StoneDrill threat report;https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/;2017-03-07 00:00:00;75;Florian Roth;EXE,FILE,MAL,MIDDLE_EAST;c0f33936dafe4c1151d2665646ae8d0e StoneDrill_Service_Install;Rule to detect Batch file from StoneDrill report;https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/;1970-01-01 01:00:00;75;Florian Roth;MIDDLE_EAST;7db335ec3db5560107d7724d26d91c89 StoneDrill_VBS_1;Detects malware from StoneDrill threat report;https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/;2017-03-07 00:00:00;75;Florian Roth;MIDDLE_EAST,SCRIPT;ea4fd67066a84799d5d5c4b42f319818 StoneDrill_main_sub;Rule to detect StoneDrill (decrypted) samples;https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/;1970-01-01 01:00:00;75;Kaspersky Lab;FILE,MIDDLE_EAST;f8e95a1a42f2cad0ed411bb57c3f83f9 StoneDrill_ntssrvr32;Detects malware from StoneDrill threat report;https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/;2017-03-07 00:00:00;75;Florian Roth;EXE,FILE,MIDDLE_EAST;334f70d8287bd1bdf2c3a32b287e3fac StreamEx_ShellCrew;Detects a ;https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar;2017-02-09 00:00:00;80;Cylance;;37f1c675c0b219433486b191c7ac47db StuxNet_Malware_1;Stuxnet Sample - file malware.exe;Internal Research;2016-07-09 00:00:00;75;Florian Roth;MAL;28e22abcfccf736aefa1c5e69c1bb9ec StuxNet_dll;Stuxnet Sample - file dll.dll;Internal Research;2016-07-09 00:00:00;75;Florian Roth;EXE,FILE;1fda4e52c3b2a3a18c1688ba912ec7a6 Stuxnet_Malware_2;Stuxnet Sample - file 63e6b8136058d7a06dfff4034b4ab17a261cdf398e63868a601f77ddd1b32802;Internal Research;2016-07-09 00:00:00;75;Florian Roth;EXE,FILE,MAL;0b85f172255e76d5d38236d5e745915d Stuxnet_Malware_3;Stuxnet Sample - file ~WTR4141.tmp;Internal Research;2016-07-09 00:00:00;75;Florian Roth;EXE,FILE,MAL;71db1865eae739f98c2c96de0047000f Stuxnet_Malware_4;Stuxnet Sample - file 0d8c2bcb575378f6a88d17b5f6ce70e794a264cdc8556c8e812f0b5f9c709198;Internal Research;2016-07-09 00:00:00;75;Florian Roth;EXE,FILE,MAL;cd22b5c9434eeb93ac793444cc98e7de Stuxnet_Shortcut_to;Stuxnet Sample - file Copy of Shortcut to.lnk;Internal Research;2016-07-09 00:00:00;75;Florian Roth;FILE;7e2f91cdf7b0a55b9b77656905b684d6 Stuxnet_maindll_decrypted_unpacked;Stuxnet Sample - file maindll.decrypted.unpacked.dll_;Internal Research;2016-07-09 00:00:00;75;Florian Roth;;b07a6dd29358301d38c75be58835f3fd Stuxnet_s7hkimdb;Stuxnet Sample - file s7hkimdb.dll;Internal Research;2016-07-09 00:00:00;75;Florian Roth;EXE,FILE;74df3588963db776f733d5678a63629d Suckfly_Nidiran_Gen_1;Detects Suckfly Nidiran Trojan;https://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates;2018-01-28 00:00:00;75;Florian Roth;EXE,FILE,GEN,MAL;171722d7db6f3a7fa05e094a123e3f6e Suckfly_Nidiran_Gen_2;Detects Suckfly Nidiran Trojan;https://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates;2018-01-28 00:00:00;75;Florian Roth;EXE,FILE,GEN,MAL;ea0ceae36712ef05cb902b84d97d4812 Suckfly_Nidiran_Gen_3;Detects Suckfly Nidiran Trojan;https://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates;2018-01-28 00:00:00;75;Florian Roth;EXE,FILE,GEN,MAL;664b38ad4af5129e5ba7ff1459a9a9c6 SunOrcal_Malware_Nov17_1;Detects Reaver malware mentioned in PaloAltoNetworks report;https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/;2017-11-11 00:00:00;75;Florian Roth;EXE,FILE,MAL;67205f071c60516398227ad1733a7134 SuperScan4;Auto-generated rule on file SuperScan4.exe;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator by Florian Roth;HKTL;a5ea5ef3952d0862d6042f32f34d25c6 Susp_Indicators_EXE;Detects packed NullSoft Inst EXE with characteristics of NetWire RAT;https://pastebin.com/8qaiyPxs;2018-01-05 00:00:00;60;Florian Roth;FILE,MAL;aa3013e12793b0b66febe9e587b38bb0 Susp_PowerShell_Sep17_1;Detects suspicious PowerShell script in combo with VBS or JS ;Internal Research;2017-09-30 00:00:00;60;Florian Roth;SCRIPT;a06561bfd6d7954b20d08c962be5584c Susp_PowerShell_Sep17_2;Detects suspicious PowerShell script in combo with VBS or JS ;Internal Research;2017-09-30 00:00:00;75;Florian Roth;FILE,SCRIPT;9f959a750519450736bdec639faed105 Suspicious_AutoIt_by_Microsoft;Detects a AutoIt script with Microsoft identification;Internal Research - VT;2017-12-14 00:00:00;60;Florian Roth;EXE,FILE;b1ab19499a3bc25877a2c0033f156769 Suspicious_BAT_Strings;Detects a string also used in Netwire RAT auxilliary;https://pastebin.com/8qaiyPxs;2018-01-05 00:00:00;60;Florian Roth;MAL;096288f1c59e2d39359bac6c492e8783 Suspicious_JS_script_content;Detects suspicious statements in JavaScript files;Research on Leviathan https://goo.gl/MZ7dRg;2017-12-02 00:00:00;70;Florian Roth;SCRIPT;c4ff8b7f0a9876c0151b731812a220cc Suspicious_PowerShell_Code_1;Detects suspicious PowerShell code;Internal Research;2017-02-22 00:00:00;60;Florian Roth;SCRIPT;c7d67bd9c5e2af871beaee2f841be620 Suspicious_PowerShell_WebDownload_1;Detects suspicious PowerShell code that downloads from web sites;Internal Research;2017-02-22 00:00:00;60;Florian Roth;SCRIPT;2b698db643c0d3613aa4dfd35f5b6b61 Suspicious_Script_Running_from_HTTP;Detects a suspicious ;https://www.hybrid-analysis.com/sample/a112274e109c5819d54aa8de89b0e707b243f4929a83e77439e3ff01ed218a35?environmentId=100;2017-08-20 00:00:00;50;Florian Roth;;9aea42700ef9b213c29a5e46d66c2707 Suspicious_Size_chrome_exe;Detects uncommon file size of chrome.exe;-;2015-12-21 00:00:00;60;Florian Roth;EXE,EXTVAR,FILE;6c72d59dab450e4929dfc4d9f9e9de3c Suspicious_Size_csrss_exe;Detects uncommon file size of csrss.exe;-;2015-12-21 00:00:00;60;Florian Roth;EXE,EXTVAR,FILE;f0a250c305180729278e5eb73dd32e4a Suspicious_Size_explorer_exe;Detects uncommon file size of explorer.exe;-;2015-12-21 00:00:00;60;Florian Roth;EXE,EXTVAR,FILE;95082eda1cadc052e1967d974ece09bf Suspicious_Size_firefox_exe;Detects uncommon file size of firefox.exe;-;2015-12-21 00:00:00;60;Florian Roth;EXE,EXTVAR,FILE;b3a5a70652057f334fc818a110efe609 Suspicious_Size_iexplore_exe;Detects uncommon file size of iexplore.exe;-;2015-12-21 00:00:00;60;Florian Roth;EXE,EXTVAR,FILE;b0957b83e22c8e5561edb6b8a3e25ac5 Suspicious_Size_igfxhk_exe;Detects uncommon file size of igfxhk.exe;-;2015-12-21 00:00:00;60;Florian Roth;EXE,EXTVAR,FILE;187e40d82d4acbf71bce459af350df38 Suspicious_Size_java_exe;Detects uncommon file size of java.exe;-;2015-12-21 00:00:00;60;Florian Roth;EXE,EXTVAR,FILE;8dfb790413e4c8e65e5705844ce1973d Suspicious_Size_lsass_exe;Detects uncommon file size of lsass.exe;-;2015-12-21 00:00:00;60;Florian Roth;EXE,EXTVAR,FILE;6f52d255c6f1a702d591eacc111dffd7 Suspicious_Size_rundll32_exe;Detects uncommon file size of rundll32.exe;-;2015-12-23 00:00:00;60;Florian Roth;EXE,EXTVAR,FILE;50f572aa9ac04739c15e48a7e2b663e6 Suspicious_Size_servicehost_dll;Detects uncommon file size of servicehost.dll;-;2015-12-23 00:00:00;60;Florian Roth;EXE,EXTVAR,FILE;f753d55c8975223c3f57dbe21139e075 Suspicious_Size_smss_exe;Detects uncommon file size of smss.exe;-;2015-12-23 00:00:00;60;Florian Roth;EXE,EXTVAR,FILE;9c5b6b04b8028b9a74c539bee18024e2 Suspicious_Size_spoolsv_exe;Detects uncommon file size of spoolsv.exe;-;2015-12-23 00:00:00;60;Florian Roth;EXE,EXTVAR,FILE;2c7920d6862050fb0399aabc49a32aca Suspicious_Size_svchost_exe;Detects uncommon file size of svchost.exe;-;2015-12-21 00:00:00;60;Florian Roth;EXE,EXTVAR,FILE;1a3a12a2135e83b6f547d7adf0f703c9 Suspicious_Size_taskhost_exe;Detects uncommon file size of taskhost.exe;-;2015-12-23 00:00:00;60;Florian Roth;EXE,EXTVAR,FILE;6289839a09908cf668596fda8471aa01 Suspicious_Size_wininit_exe;Detects uncommon file size of wininit.exe;-;2015-12-23 00:00:00;60;Florian Roth;EXE,EXTVAR,FILE;47b765ada4ccb737a431b6dd7059821b Suspicious_Size_winlogon_exe;Detects uncommon file size of winlogon.exe;-;2015-12-21 00:00:00;60;Florian Roth;EXE,EXTVAR,FILE;4ca18eae8a30fc1ad6ee48545d348145 SwitchSniffer;Chinese Hacktool Set - file SwitchSniffer.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;e315b09aa94a1e4210b172db191f10a1 Sword1_5;Chinese Hacktool Set - file Sword1.5.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;2a4fc08892f1dea781e0560ece174ebb SysInterals_PipeList_NameChanged;Detects NirSoft PipeList;https://goo.gl/Mr6M2J;2016-06-04 00:00:00;90;Florian Roth;EXE,EXTVAR,FILE;0e6e7da59744c2deecf14acd1dae4219 SysInternals_Tool_Anomaly;SysInternals Tool Anomaly - does not contain Mark Russinovich as author;Internal Research;2016-12-06 00:00:00;50;Florian Roth;EXE,FILE;cddeac6cfa8f9d025ab09b0b44d0fd5b TA17_293A_Hacktool_Exploit_MS16_032;Auto-generated rule - file 9b97290300abb68fb48480718e6318ee2cdd4f099aa6438010fb2f44803e0b58;https://www.us-cert.gov/ncas/alerts/TA17-293A;2017-10-21 00:00:00;75;Florian Roth;HKTL;af8e49c50dab76951d47787644989925 TA17_293A_Hacktool_PS_1;Auto-generated rule - file 72a28efb6e32e653b656ca32ccd44b3111145a695f6f6161965deebbdc437076;https://www.us-cert.gov/ncas/alerts/TA17-293A;2017-10-21 00:00:00;75;Florian Roth;HKTL;30d6588fb949da248592a7e6e35ae7a5 TA17_293A_Hacktool_Touch_MAC_modification;Auto-generated rule - file 070d7082a5abe1112615877214ec82241fd17e5bd465e24d794a470f699af88e;https://www.us-cert.gov/ncas/alerts/TA17-293A;2017-10-21 00:00:00;75;Florian Roth;EXE,FILE,HKTL;503935641379608c91828dae522a88fd TA17_293A_Query_Javascript_Decode_Function;-;https://www.us-cert.gov/ncas/alerts/TA17-293A;1970-01-01 01:00:00;75;other (modified by Florian Roth);;2ab53fdf8d76be5dc4b3f6a4ef5e881f TA17_293A_Query_XML_Code_MAL_DOC;-;https://www.us-cert.gov/ncas/alerts/TA17-293A;1970-01-01 01:00:00;75;other (modified by Florian Roth);FILE;4c881a7123ebbb20350f9966af923e68 TA17_293A_Query_XML_Code_MAL_DOC_PT_2;-;https://www.us-cert.gov/ncas/alerts/TA17-293A;1970-01-01 01:00:00;75;other (modified by Florian Roth);FILE;67a7f44c74b9179e3ea93bfe8e9473a2 TA17_293A_energetic_bear_api_hashing_tool;Energetic Bear API Hashing Tool;-;1970-01-01 01:00:00;75;CERT RE Team;EXE,FILE,RUSSIA;2e53603ebc893a0e2babe154026c8656 TA17_293A_malware_1;inveigh pen testing tools & related artifacts;https://www.us-cert.gov/ncas/alerts/TA17-293A;2017-07-17 00:00:00;75;US-CERT Code Analysis Team (modified by Florian Roth);;b0bc1690ae0009f1e4a41a7e3fa5a17a TA17_318A_rc4_stack_key_fallchill;HiddenCobra FallChill - rc4_stack_key;https://www.us-cert.gov/ncas/alerts/TA17-318B;2017-11-15 00:00:00;75;US CERT;FILE,NK;6750afdec3e7d80db3ed7debf698ac37 TA17_318A_success_fail_codes_fallchill;HiddenCobra FallChill - success_fail_codes;https://www.us-cert.gov/ncas/alerts/TA17-318B;2017-11-15 00:00:00;75;US CERT;FILE,NK;c07efde31f931d489088e5fcf3f6e331 TA17_318B_volgmer;Malformed User Agent in Volgmer malware;https://www.us-cert.gov/ncas/alerts/TA17-318B;2017-11-15 00:00:00;75;US CERT;FILE;707e4be5aafdcfdb2f866ca2c2afc525 TA18_074A_screen;Detects malware mentioned in TA18-074A;https://www.us-cert.gov/ncas/alerts/TA18-074A;2018-03-16 00:00:00;75;Florian Roth;EXE,FILE;8856226c92431fc35f2f523d6fd0e8de TA18_074A_scripts;Detects malware mentioned in TA18-074A;https://www.us-cert.gov/ncas/alerts/TA18-074A;2018-03-16 00:00:00;75;Florian Roth;;15e9e3122af3d2155ccd51db2f34284b TA459_Malware_May17_1;Detects TA459 related malware;https://goo.gl/RLf9qU;2017-05-31 00:00:00;75;Florian Roth;FILE,MAL;1873db263183fe132c6b0dc6a4509572 TA459_Malware_May17_2;Detects TA459 related malware;https://goo.gl/RLf9qU;2017-05-31 00:00:00;75;Florian Roth;EXE,FILE,MAL;e54af08137beca67bdf30509009cb44d TRITON_ICS_FRAMEWORK;TRITON framework recovered during Mandiant ICS incident response;https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html;1970-01-01 01:00:00;75;nicholas.carr @itsreallynick;;9d8a900242d6c3aacbad519b78d10a9a TSCookie_RAT;Detects TSCookie RAT;http://blog.jpcert.or.jp/2018/03/malware-tscooki-7aa0.html;2018-03-06 00:00:00;75;Florian Roth;EXE,FILE,MAL;48c004c851054e842d3c6ca5e2596262 TeleBots_CredRaptor_Password_Stealer;Detects TeleBots malware - CredRaptor Password Stealer;https://goo.gl/4if3HG;2016-12-14 00:00:00;75;Florian Roth;EXE,FILE,MAL;7a9a731281c8b7b94f4ace05862302b6 TeleBots_IntercepterNG;Detects TeleBots malware - IntercepterNG;https://goo.gl/4if3HG;2016-12-14 00:00:00;75;Florian Roth;EXE,FILE;a6ae30b0672398537e60091e180d3621 TeleBots_KillDisk_1;Detects TeleBots malware - KillDisk;https://goo.gl/4if3HG;2016-12-14 00:00:00;75;Florian Roth;EXE,FILE;3c684760edcaed20657a8528fb09c608 TeleBots_KillDisk_2;Detects TeleBots malware - KillDisk;https://goo.gl/4if3HG;2016-12-14 00:00:00;75;Florian Roth;EXE,FILE;619e060c8196d5dd9df2b7f471cc393f TeleBots_VBS_Backdoor_1;Detects TeleBots malware - VBS Backdoor;https://goo.gl/4if3HG;2016-12-14 00:00:00;75;Florian Roth;FILE,MAL,SCRIPT;bace9bddef25c42c1aeb80d628bbd7e5 TeleBots_VBS_Backdoor_2;Detects TeleBots malware - VBS Backdoor;https://goo.gl/4if3HG;2016-12-14 00:00:00;75;Florian Roth;FILE,MAL,SCRIPT;b259c8d9a0c75a655c4dc4ff5be098bf TeleBots_Win64_Spy_KeyLogger_G;Detects TeleBots malware - Win64 Spy KeyLogger G;https://goo.gl/4if3HG;2016-12-14 00:00:00;75;Florian Roth;EXE,FILE;5416c337442a31256d14b5c624a4c1a5 TeleDoor_Backdoor;Detects the TeleDoor Backdoor as used in Petya Attack in June 2017;https://goo.gl/CpfJQQ;2017-07-05 00:00:00;75;Florian Roth;EXE,FILE,MAL,RANSOM;5c47701790d58c1a3dc110c11d0f6bc4 TempRacer;Detects privilege escalation tool - file TempRacer.exe;http://www.darknet.org.uk/2016/03/tempracer-windows-privilege-escalation-tool/;2016-03-30 00:00:00;75;Florian Roth;EXE,FILE;444fc985676383a5c230ddbd371478a0 Test_php_php;Semi-Auto-generated - file Test.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;575d6621bd1ac5ce7b8265751c43e4f3 ThreatGroup3390_C2;Threat Group 3390 APT - C2 Server;http://snip.ly/giNB;2015-08-06 00:00:00;60;Florian Roth;APT,EXE,FILE;71a3c27eb214d148ef959c401fa7f56d ThreatGroup3390_Strings;Threat Group 3390 APT - Strings;http://snip.ly/giNB;2015-08-06 00:00:00;60;Florian Roth;APT;4cbfc616994285a689e1162ced8b605f TidePool_Malware;Detects TidePool malware mentioned in Ke3chang report by Palo Alto Networks;http://goo.gl/m2CXWR;2016-05-24 00:00:00;75;Florian Roth;EXE,FILE,MAL;83cde3c24a6049da490ead989c06d2a5 Tiny_Network_Tool_Generic;Tiny tool with suspicious function imports. (Rule based on WinEggDrop Scanner samples);-;2014-08-10 00:00:00;40;Florian Roth;EXE,FILE,GEN,HKTL;ba73058cbb7abaf4b72d6e50d3a22a3f Tofu_Backdoor;Detects Tofu Trojan;https://www.cylance.com/en_us/blog/the-deception-project-a-new-japanese-centric-threat.html;2017-02-28 00:00:00;75;Cylance;MAL;8b0bc525138b76084451dd500471cd56 Tool_asp;Semi-Auto-generated - file Tool.asp.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;a1e577e5a60f2f83005087ccf5515009 Tools_2014;Chinese Hacktool Set - file 2014.jsp;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;2f71c74b78406e0fbb4e804e3bff1f9c Tools_2015;Chinese Hacktool Set - file 2015.jsp;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;e752709d4e82ba4a03537285858d1cd4 Tools_cmd;Chinese Hacktool Set - file cmd.jSp;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;27c22317a09e7438817750ace9bcea30 Tools_scan;Chinese Hacktool Set - file scan.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;eb42635c5d6161746b1fa2899e78738b Tools_unknown;Chinese Hacktool Set - file unknown.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;174aafcdc856dc5432209095fcbe84f7 Tools_xport;Chinese Hacktool Set - file xport.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;02223614d37c280168d594f4dcd07892 TopHat_BAT;Auto-generated rule - file cgen.bat;https://researchcenter.paloaltonetworks.com/2018/01/unit42-the-tophat-campaign-attacks-within-the-middle-east-region-using-popular-third-party-services/#appendix;2018-01-29 00:00:00;75;Florian Roth;;deca5eb94fb296d708cfdae725ad8e34 TopHat_Malware_Jan18_1;Detects malware from TopHat campaign;https://researchcenter.paloaltonetworks.com/2018/01/unit42-the-tophat-campaign-attacks-within-the-middle-east-region-using-popular-third-party-services/#appendix;2018-01-29 00:00:00;75;Florian Roth;EXE,FILE,MAL;8936ebb268801ef85f9639d309d69a5e TopHat_Malware_Jan18_2;Auto-generated rule - file e.exe;https://researchcenter.paloaltonetworks.com/2018/01/unit42-the-tophat-campaign-attacks-within-the-middle-east-region-using-popular-third-party-services/#appendix;2018-01-29 00:00:00;75;Florian Roth;EXE,FILE,MAL;9073fce95160eb5d15212bd6910a7253 Triton_trilog;Detects Triton APT malware - file trilog.exe;https://goo.gl/vtQoCQ;2017-12-14 00:00:00;75;Florian Roth;APT,EXE,FILE;60051ea34a065dbc2e1e80f00baff4dd TrojanDownloader;Trojan Downloader - Flash Exploit Feb15;http://goo.gl/wJ8V1I;2015-02-11 00:00:00;60;Florian Roth;MAL;793ccdf9dead6254474d3ceaaec9fa58 Trojan_ISMRAT_gen;ISM RAT;https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/february/ism-rat/;1970-01-01 01:00:00;75;Ahmed Zaki;FILE,MAL;54c9feebf896f96ef6736b6263793b02 Trojan_Win32_Adupib;Adupib SSL Backdoor;-;1970-01-01 01:00:00;75;Microsoft;MAL;c7a6f308dadc7f9243ded9908f76a42f Trojan_Win32_Dipsind_B;Dipsind Family;-;1970-01-01 01:00:00;75;Microsoft;MAL;9a5156afd69076e0b12497bddaa7167a Trojan_Win32_PlaKeylog_B;Keylogger component;-;1970-01-01 01:00:00;75;Microsoft;HKTL,MAL;18ebceaa52fb9401e72e360c4a7433c0 Trojan_Win32_PlaLsaLog;Loader / possible incomplete LSA Password Filter;-;1970-01-01 01:00:00;75;Microsoft;MAL;49c45d971d6dc0931173ef9f6aa5930b Trojan_Win32_PlaSrv;Hotpatching Injector;-;1970-01-01 01:00:00;75;Microsoft;HKTL,MAL;3ef35de6e8feb171398c9384e9a909aa Trojan_Win32_Plabit;Installer component;-;1970-01-01 01:00:00;75;Microsoft;MAL;66bd8613311e8bafcf8e2a9d6f62b412 Trojan_Win32_Placisc2;Dipsind variant;-;1970-01-01 01:00:00;75;Microsoft;MAL;10ad5d2c95a0fb4be9006e09a8cea1be Trojan_Win32_Placisc3;Dipsind variant;-;1970-01-01 01:00:00;75;Microsoft;MAL;b67774ec3d21094f43158eceb6fd551f Trojan_Win32_Placisc4;Installer for Dipsind variant;-;1970-01-01 01:00:00;75;Microsoft;MAL;49bb909fd8110319a769db4f0ef423a8 Trojan_Win32_Plagicom;Installer component;-;1970-01-01 01:00:00;75;Microsoft;MAL;0556c52a53b0c94d4066ed7fe867885a Trojan_Win32_Plagon;Dipsind variant;-;1970-01-01 01:00:00;75;Microsoft;MAL;f939f978e0642336688eee82a300e84d Trojan_Win32_Plainst2;Zc tool;-;1970-01-01 01:00:00;75;Microsoft;MAL;d6df02ca867587d65a409faae650c8c2 Trojan_Win32_Plainst;Installer component;-;1970-01-01 01:00:00;75;Microsoft;MAL;5a1fa0ad786a2adf1ec4b88be93c51d6 Trojan_Win32_Plakelog;Raw-input based keylogger;-;1970-01-01 01:00:00;75;Microsoft;HKTL,MAL;ab422137cac47037e998b17c8adcd752 Trojan_Win32_Plaklog;Hook-based keylogger;-;1970-01-01 01:00:00;75;Microsoft;HKTL,MAL;b95652fe0cd865478dfa98c9e72f2aa0 Trojan_Win32_Plakpeer;Zc tool v2;-;1970-01-01 01:00:00;75;Microsoft;MAL;1b9d54792835de3b0f601cb0f4ded253 Trojan_Win32_Plakpers;Injector / loader component;-;1970-01-01 01:00:00;75;Microsoft;HKTL,MAL;e7f8e092cdea19e881c413728a1f94c0 Trojan_Win32_Plapiio;JPin backdoor;-;1970-01-01 01:00:00;75;Microsoft;MAL;2180c059f25ae9741b82c9a440d004e1 Trojan_Win32_Plaplex;Variant of the JPin backdoor;-;1970-01-01 01:00:00;75;Microsoft;MAL;1dbdc9d4cb59d79821857bf323f6d1c9 Trojan_Win32_Platual;Installer component;-;1970-01-01 01:00:00;75;Microsoft;MAL;8296e42cd04475f02f964156d5756608 TurlaMosquito_Mal_1;Detects malware sample from Turla Mosquito report;https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf;2018-02-22 00:00:00;75;Florian Roth;EXE,FILE,RUSSIA;727f55bfcaece96cce1b1522e761beb9 TurlaMosquito_Mal_2;Detects malware sample from Turla Mosquito report;https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf;2018-02-22 00:00:00;75;Florian Roth;EXE,FILE,RUSSIA;e61b480ad856a1c9faa3fbe05d4c89da TurlaMosquito_Mal_3;Detects malware sample from Turla Mosquito report;https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf;2018-02-22 00:00:00;75;Florian Roth;EXE,FILE,RUSSIA;1072204aa49b4b53d643bbd0e1cb53ba TurlaMosquito_Mal_4;Detects malware sample from Turla Mosquito report;https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf;2018-02-22 00:00:00;75;Florian Roth;EXE,FILE,RUSSIA;05eeef2b4696db27aaee7b10fd75943f TurlaMosquito_Mal_5;Detects malware sample from Turla Mosquito report;https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf;2018-02-22 00:00:00;75;Florian Roth;EXE,FILE,RUSSIA;363f83194e110f17a877fd70ecf582d6 TurlaMosquito_Mal_6;Detects malware sample from Turla Mosquito report;https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf;2018-02-22 00:00:00;75;Florian Roth;EXE,FILE,RUSSIA;2cd1317774544fb2db23fd0a3b21b481 TurlaMosquito_Mal_7;Detects malware sample from Turla Mosquito report;https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf;2018-02-22 00:00:00;75;Florian Roth;EXE,FILE,RUSSIA;97c3c889e4e17cb4ef3f37b075d039ee Turla_APT_Malware_Gen1;Detects Turla malware (based on sample used in the RUAG APT case);https://www.govcert.admin.ch/blog/22/technical-report-about-the-ruag-espionage-case;2016-06-09 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL,RUSSIA;378d747a8b1d50f9e8a633ea9772dc0b Turla_APT_Malware_Gen2;Detects Turla malware (based on sample used in the RUAG APT case);https://www.govcert.admin.ch/blog/22/technical-report-about-the-ruag-espionage-case;2016-06-09 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL,RUSSIA;8d2782742892856d8c1acd6fea08365d Turla_APT_Malware_Gen3;Detects Turla malware (based on sample used in the RUAG APT case);https://www.govcert.admin.ch/blog/22/technical-report-about-the-ruag-espionage-case;2016-06-09 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL,RUSSIA;2ca12d50f35b0a3dd61f9ab225d24fcb Turla_APT_srsvc;Detects Turla malware (based on sample used in the RUAG APT case);https://www.govcert.admin.ch/blog/22/technical-report-about-the-ruag-espionage-case;2016-06-09 00:00:00;75;Florian Roth;APT,EXE,FILE,RUSSIA;9a65217e2c2f000a82a7e970a2423316 Turla_KazuarRAT;Detects Turla Kazuar RAT described by DrunkBinary;https://twitter.com/DrunkBinary/status/982969891975319553;2018-04-08 00:00:00;75;Markus Neis / Florian Roth;EXE,FILE,MAL,RUSSIA;ab3353bc76cde790d9d81e8b32e6adda Turla_Mal_Script_Jan18_1;Detects Turla malicious script;https://ghostbin.com/paste/jsph7;2018-01-19 00:00:00;75;Florian Roth;RUSSIA;ef37261925ac30cf911b149dbb71c943 Txt_Sql;Chinese Hacktool Set - Webshells - file Sql.txt;http://tools.zjqhr.com/;2015-06-14 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;8fa7274db66e2e87e18d2dca17f4c646 Txt_asp1;Chinese Hacktool Set - Webshells - file asp1.txt;http://tools.zjqhr.com/;2015-06-14 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;c6dc0646aabb1c6f72bd7190df1f4905 Txt_asp;Chinese Hacktool Set - Webshells - file asp.txt;http://tools.zjqhr.com/;2015-06-14 00:00:00;75;Florian Roth;CHINA,FILE,HKTL,WEBSHELL;3087ed42affc59da61074c956b9cbc4a Txt_aspx1;Chinese Hacktool Set - Webshells - file aspx1.txt;http://tools.zjqhr.com/;2015-06-14 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;976f3a2d1dc4386f6d690f10d576a977 Txt_aspx;Chinese Hacktool Set - Webshells - file aspx.jpg;http://tools.zjqhr.com/;2015-06-14 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;8fd060db4dff085aafd95878ac8048f6 Txt_aspxlcx;Chinese Hacktool Set - Webshells - file aspxlcx.txt;http://tools.zjqhr.com/;2015-06-14 00:00:00;75;Florian Roth;CHINA,FILE,HKTL,WEBSHELL;321475d45d8961f00040cfb59c9f8d5d Txt_aspxtag;Chinese Hacktool Set - Webshells - file aspxtag.txt;http://tools.zjqhr.com/;2015-06-14 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;be5197be879593e336d9eacc4cd1d39b Txt_ftp;Chinese Hacktool Set - Webshells - file ftp.txt;http://tools.zjqhr.com/;2015-06-14 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;306be15e84b1753ac2fb84e74398f243 Txt_hello;Chinese Hacktool Set - Webshells - file hello.txt;http://tools.zjqhr.com/;2015-06-14 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;340e1aa11e31fe4cb2af1487501105af Txt_jsp;Chinese Hacktool Set - Webshells - file jsp.txt;http://tools.zjqhr.com/;2015-06-14 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;dfdab06d5cdf7a403b8ecf41eaf8c735 Txt_jspcmd;Chinese Hacktool Set - Webshells - file jspcmd.txt;http://tools.zjqhr.com/;2015-06-14 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;31e6f775d75c45c836510f95de6582ad Txt_lcx;Chinese Hacktool Set - Webshells - file lcx.c;http://tools.zjqhr.com/;2015-06-14 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;c170895cff3910d4e3bbd54a4a1ac640 Txt_php;Chinese Hacktool Set - Webshells - file php.txt;http://tools.zjqhr.com/;2015-06-14 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;9c1647795392ad77e6c495cf932d11ae Txt_php_2;Chinese Hacktool Set - Webshells - file php.html;http://tools.zjqhr.com/;2015-06-14 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;3a32b2ca6a06fd3383f24d4a35eab171 Txt_shell;Chinese Hacktool Set - Webshells - file shell.c;http://tools.zjqhr.com/;2015-06-14 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;fc0edc8bf5396970210522da938968dd Txt_xiao;Chinese Hacktool Set - Webshells - file xiao.txt;http://tools.zjqhr.com/;2015-06-14 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;e8441f74856ea3d68a3f2e39e0bd46a1 Typical_Malware_String_Transforms;Detects typical strings in a reversed or otherwise modified form;Internal Research;2016-07-31 00:00:00;60;Florian Roth;EXE,FILE,MAL;495b5bbeee3e6ca4a40fa9b527941cc9 Tzddos_DDoS_Tool_CN;Disclosed hacktool set - file tzddos;-;2014-11-17 00:00:00;60;Florian Roth;HKTL;0951f1d147e0d88ff5e5a130057de058 UACElevator;UACElevator bypassing UAC - file UACElevator.exe;https://github.com/MalwareTech/UACElevator;2015-05-14 00:00:00;75;Florian Roth;EXE,FILE;f7be5a94c923e915ba6adb5346f171a3 UACME_Akagi;Rule to detect UACMe - abusing built-in Windows AutoElevate backdoor;https://github.com/hfiref0x/UACME;2015-05-14 00:00:00;60;Florian Roth;MAL;f38734da4427adc7679421863eb9810f UACME_Akagi_2;Detects Windows User Account Control Bypass - from files Akagi32.exe, Akagi64.exe;https://github.com/hfiref0x/UACME;2017-02-03 00:00:00;80;Florian Roth;EXE,FILE;26b20569c1f315363b7c07b3664ff069 UBoatRAT;Detects UBoat RAT Samples;https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-east-asia/;2017-11-29 00:00:00;75;Florian Roth;EXE,FILE,MAL;a2c11337ee1733789a4f7c455a5093bf UBoatRAT_Dropper;Detects UBoatRAT Dropper;https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-east-asia/;2017-11-29 00:00:00;75;Florian Roth;EXE,FILE,MAL;ca9d065de135e2f1fee9f73c713423f0 URL_File_Local_EXE;Detects an .url file that points to a local executable;https://twitter.com/malwareforme/status/915300883012870144;2017-10-04 00:00:00;60;Florian Roth;;cc10db7c91677347a4eb04993e6b33dc UnPack_rar_Folder_InjectT;Disclosed hacktool set (old stuff) - file InjectT.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;9e1e1c2bb13ec00569071012dd3e3a7b UnPack_rar_Folder_TBack;Disclosed hacktool set (old stuff) - file TBack.DLL;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;ebca59b5c623c397f400e822068ae447 Unauthorized_Proxy_Server_RAT;-;https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity;1970-01-01 01:00:00;75;US-CERT Code Analysis Team;HKTL,MAL;a6199f843025912efe9434015ce1434a Unidentified_Malware_Two;Unidentified Implant by APT29;https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE;2017-02-10 00:00:00;85;US CERT;APT,MAL,RUSSIA;d4f1cb1966f4e9fc388e506c978e2154 Unit78020_Malware_1;Detects malware by Chinese APT PLA Unit 78020 - Specific Rule - msictl.exe;http://threatconnect.com/camerashy/?utm_campaign=CameraShy;2015-09-24 00:00:00;75;Florian Roth;APT,CHINA,EXE,FILE,MAL;65d433751af588375650541429136607 Unit78020_Malware_Gen1;Detects malware by Chinese APT PLA Unit 78020 - Generic Rule;http://threatconnect.com/camerashy/?utm_campaign=CameraShy;2015-09-24 00:00:00;75;Florian Roth;APT,CHINA,EXE,FILE,GEN,MAL;83728ac064469e96e2777f4cfec7f8f8 Unit78020_Malware_Gen2;Detects malware by Chinese APT PLA Unit 78020 - Generic Rule;http://threatconnect.com/camerashy/?utm_campaign=CameraShy;2015-09-24 00:00:00;75;Florian Roth;APT,CHINA,EXE,FILE,GEN,MAL;56f9cfa9fcc5650cc824c3cac9d9ee87 Unit78020_Malware_Gen3;Detects malware by Chinese APT PLA Unit 78020 - Generic Rule - Chong;http://threatconnect.com/camerashy/?utm_campaign=CameraShy;2015-09-24 00:00:00;75;Florian Roth;APT,CHINA,EXE,FILE,GEN,MAL;94206241e8087036f47f47591f2d4c67 Universal_Exploit_Strings;Detects a group of strings often used in exploit codes;not set;2017-12-02 00:00:00;50;Florian Roth;SCRIPT;30d5be6afd352ecd58a10c4d232a55ce Unknown_0f06c5d1b32f4994c3b3abf8bb76d5468f105167;Detects a web shell;https://github.com/bartblaze/PHP-backdoors;2016-09-10 00:00:00;75;Florian Roth;FILE,WEBSHELL;9786d434fceed0b4472ec44c1bdf3c03 Unknown_8af033424f9590a15472a23cc3236e68070b952e;Detects a web shell;https://github.com/bartblaze/PHP-backdoors;2016-09-10 00:00:00;75;Florian Roth;FILE,WEBSHELL;69303ba6ed5d249b9b6ad47d5eadfe7a Unknown_Malware_Sample_Jul17_2;Detects unknown malware sample with pastebin RAW URL;https://goo.gl/iqH8CK;2017-08-01 00:00:00;75;Florian Roth;EXE,FILE,MAL;6828e5bbbc31415b3953a5d895653ddf Unpack_Injectt;Webshells Auto-generated - file Injectt.exe;-;1970-01-01 01:00:00;75;Florian Roth;HKTL,WEBSHELL;9e55eca932dfedcf3f76fa20c39dfa54 Unpack_TBack;Webshells Auto-generated - file TBack.dll;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;66c8120ded1dddd71d7079603591c3e2 Unspecified_Malware_Jul17_1A;Detects samples of an unspecified malware - July 2017;Winnti HDRoot VT;2017-07-07 00:00:00;75;Florian Roth;EXE,FILE,MAL;fe9788d0c0d535d06769cd625a8a6548 Unspecified_Malware_Jul17_2C;Unspecified Malware - CN relation;https://goo.gl/CX3KaY;2017-07-18 00:00:00;75;Florian Roth;EXE,FILE,MAL;3cb5ffb17f3800d93b233d594f536514 Unspecified_Malware_Oct16_A;Detects an unspecififed malware - October 2016;Internal Research;2016-10-08 00:00:00;80;Florian Roth;EXE,FILE,MAL;f8e83052a02b677675403c53328332a6 Unspecified_Malware_Oct16_C;Detects an unspecififed malware - October 2016;Internal Research;2016-10-08 00:00:00;80;Florian Roth;EXE,FILE,MAL;2adf625019818624251c6d1dbc8cbe85 Unspecified_Malware_Oct16_D;Detects unspecified malware - October 2016;Internal Research;2016-10-08 00:00:00;75;Florian Roth;EXE,FILE,MAL;087fac9f775e126e18a6c2920657a8e5 Unspecified_Malware_Oct16_E;Detects unspecified Malware - October 2016;Internal Research;2016-10-08 00:00:00;75;Florian Roth;EXE,FILE,MAL;87ad2567a5091dabb40fb1877158b1ae Unspecified_Malware_Sep1_A1;Detects malware from DrqgonFly APT report;https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group;2017-09-12 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;810c6910e163417fa85235890dc32b50 Upatre_Hazgurut;Detects Upatre malware - file hazgurut.exe;https://weankor.vxstream-sandbox.com/sample/6b857ef314938d37997c178ea50687a281d8ff9925f0c4e70940754643e2c0e3?environmentId=7;2015-10-13 00:00:00;70;Florian Roth;EXE,FILE;11ebae2755c049c35e5a1e491cc6f2bd UploadShell_98038f1efa4203432349badabad76d44337319a6;Detects a web shell;https://github.com/bartblaze/PHP-backdoors;2016-09-10 00:00:00;75;Florian Roth;FILE,WEBSHELL;36659474d392b6d55f570eec009ecefa User_Function_String;Detects user function string from NCSC report;https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control;2018-04-06 00:00:00;75;NCSC;;68e4e5d5ef2d24dcbd0d49a2d180d005 Utilman_ANOMALY;Abnormal utilman.exe - typical strings not found in file;-;2014-01-06 00:00:00;70;Florian Roth;ANOMALY,EXTVAR,REQ_PRIVATE,SUSP;4cbe73bb63792729fa42aab6b643bff1 VBS_Obfuscated_Mal_Feb18_1;Detects malicious obfuscated VBS observed in February 2018;https://goo.gl/zPsn83;2018-02-12 00:00:00;75;Florian Roth;OBFUS,SCRIPT;fbf6d1d25ee8ee07562fac5e81687dfa VBS_WMIExec_Tool_Apr17_1;Tools related to Operation Cloud Hopper;https://github.com/maaaaz/impacket-examples-windows;2017-04-07 00:00:00;75;Florian Roth;SCRIPT;1f5e0ae048d3984556ffaa80a0e15bbb VBS_dropper_script_Dec17_1;Detects a supicious VBS script that drops an executable;Internal Research;2018-01-01 00:00:00;80;Florian Roth;SCRIPT;519fa7f7c61808fce2bc2aa4e415023e VBScript_Favicon_File;VBScript cloaked as Favicon file used in Leviathan incident;https://goo.gl/MZ7dRg;2017-10-18 00:00:00;75;Florian Roth;FILE,SCRIPT;548165824a2ddeb6c693174bdfc84139 VSSown_VBS;Detects VSSown.vbs script - used to export shadow copy elements like NTDS to take away and crack elsewhere;-;2015-10-01 00:00:00;75;Florian Roth;HKTL,SCRIPT;ca9257eef68fa327b3865265928cf463 VUBrute_VUBrute;PoS Scammer Toolbox - http://goo.gl/xiIphp - file VUBrute.exe;-;2014-11-22 00:00:00;70;Florian Roth;HKTL;bbf4a422971cef1da4c996283a8af182 VUBrute_config;PoS Scammer Toolbox - http://goo.gl/xiIphp - file config.ini;http://goo.gl/xiIphp;2014-11-22 00:00:00;70;Florian Roth;HKTL;d757bd1fda340d339a43ffb8287e6b82 VUL_JQuery_FileUpload_CVE_2018_9206;Detects JQuery File Upload vulnerability CVE-2018-9206;https://www.zdnet.com/article/zero-day-in-popular-jquery-plugin-actively-exploited-for-at-least-three-years/;2018-10-19 00:00:00;75;Florian Roth;EXPLOIT;28925d8af31a8138b76c7c48e4313ef7 Venom_Rootkit;Venom Linux Rootkit;https://security.web.cern.ch/security/venom.shtml;2017-01-12 00:00:00;75;Florian Roth;LINUX,MAL;cb0709e616a18f2ab1143873246e5ed4 Vermin_Keylogger_Jan18_1;Detects Vermin Keylogger;https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/;2018-01-29 00:00:00;75;Florian Roth;EXE,FILE,HKTL;4723c8efae6af8af658fd0fcbc417901 VisualDiscovery_Lonovo_Superfish_SSL_Hijack;Lenovo Superfish SSL Interceptor - file VisualDiscovery.exe;https://twitter.com/4nc4p/status/568325493558272000;2015-02-19 00:00:00;75;Florian Roth / improved by kbandla;EXE,FILE;f618145eeaaf2afc9d2b36fcfb24f012 Volgmer_Malware;Detects Volgmer malware as reported in US CERT TA17-318B;https://www.us-cert.gov/ncas/alerts/TA17-318B;2017-11-15 00:00:00;75;Florian Roth;EXE,FILE,MAL;1cf972d589090c8e8f25a6425a7d098b WAF_Bypass;Chinese Hacktool Set - file WAF-Bypass.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;fb69bb3f21d24c1e36273a950466bb73 WCE_Modified_1_1014;Modified (packed) version of Windows Credential Editor;-;1970-01-01 01:00:00;70;Florian Roth;HKTL;8025184cbea2802be6c716f2aa911079 WCE_in_memory;Detects Windows Credential Editor (WCE) in memory (and also on disk);Internal Research;2016-08-28 00:00:00;80;Florian Roth;HKTL;634fcb7acfe59de1147b96df09f6cee9 WEB_INF_web;Laudanum Injector Tools - file web.xml;http://laudanum.inguardians.com/;2015-06-22 00:00:00;75;Florian Roth;HKTL,WEBSHELL;7fc1f640aa35aacf5f07e14c341921f1 WINNTI_KingSoft_Moz_Confustion;Detects Barium sample with Copyright confusion;https://www.virustotal.com/en/file/070ee4a40852b26ec0cfd79e32176287a6b9d2b15e377281d8414550a83f6496/analysis/;2018-04-13 00:00:00;75;Markus Neis;EXE,FILE;d99e3cbd6c04f4c0625308a5e27bf2cd WMI_vbs;WMI Tool - APT;-;2013-11-29 00:00:00;70;Florian Roth;APT,HKTL;2d511d99db6bceb2d613a8c0cf008fff WMImplant;Auto-generated rule - file WMImplant.ps1;https://www.fireeye.com/blog/threat-research/2017/03/wmimplant_a_wmi_ba.html;2017-03-24 00:00:00;75;Florian Roth;;adc75bc617b696d5841da9e5defa27a6 WPR_Asterisk_Hook_Library;Windows Password Recovery - file ast64.dll;Internal Research;2017-03-15 00:00:00;75;Florian Roth;EXE,FILE,HKTL;bde1934575725ec07bc9c4255e7fab50 WPR_Passscape_Loader;Windows Password Recovery - file ast.exe;Internal Research;2017-03-15 00:00:00;75;Florian Roth;EXE,FILE,HKTL;837c3f402e649d6c5b0f509d796ace7b WPR_WindowsPasswordRecovery_EXE;Windows Password Recovery - file wpr.exe;Internal Research;2017-03-15 00:00:00;75;Florian Roth;EXE,FILE,HKTL;2d158b363dc0e46bbd3759876da9c507 WPR_WindowsPasswordRecovery_EXE_64;Windows Password Recovery - file ast64.exe;Internal Research;2017-03-15 00:00:00;75;Florian Roth;EXE,FILE,HKTL;f52f483c554297b636d73fff985e9243 WPR_loader_DLL;Windows Password Recovery - file loader64.dll;Internal Research;2017-03-15 00:00:00;75;Florian Roth;EXE,FILE,HKTL;869c6eb3c630c7fe5b50d41af80dfbb2 WPR_loader_EXE;Windows Password Recovery - file loader.exe;Internal Research;2017-03-15 00:00:00;75;Florian Roth;EXE,FILE,HKTL;884f9f84d792713bb0e20f176475a18f WSOShell_0bbebaf46f87718caba581163d4beed56ddf73a7;Detects a web shell;https://github.com/bartblaze/PHP-backdoors;2016-09-10 00:00:00;75;Florian Roth;FILE,WEBSHELL;8bfc6e21b0cfcec87a84c4cdc543f10f WScriptShell_Case_Anomaly;Detects obfuscated wscript.shell commands;Internal Research;2017-09-11 00:00:00;60;Florian Roth;OBFUS;4d85d134f0f8cd2521b5160910a125af WScript_Shell_PowerShell_Combo;Detects malware from Middle Eastern campaign reported by Talos;http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html;2018-02-07 00:00:00;50;Florian Roth;ANOMALY,SCRIPT;b8cc1daa7a53a303934ab6441df1fae8 WSockExpert;Chinese Hacktool Set - file WSockExpert.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;b06738b43d14a160009c3ebaf8dc1083 WannCry_BAT;Detects WannaCry Ransomware BATCH File;https://goo.gl/HG2j5T;2017-05-12 00:00:00;75;Florian Roth;CRIME,FILE,MAL,RANSOM;8c2743895ec9c21d4cb4ddd16be53678 WannCry_m_vbs;Detects WannaCry Ransomware VBS;https://goo.gl/HG2j5T;2017-05-12 00:00:00;75;Florian Roth;CRIME,FILE,MAL,RANSOM,SCRIPT;7c9f066f546a35bd791670c63fa29f80 WannaCry_RansomNote;Detects WannaCry Ransomware Note;https://goo.gl/HG2j5T;2017-05-12 00:00:00;75;Florian Roth;CRIME,FILE,MAL,RANSOM;533239936565763106cdb41b0df37155 WannaCry_Ransomware;Detects WannaCry Ransomware;https://goo.gl/HG2j5T;2017-05-12 00:00:00;75;Florian Roth (with the help of binar.ly);CRIME,EXE,FILE,MAL,RANSOM;813683d3aa5c224ca0cbb83ec856cf77 WannaCry_Ransomware_Gen;Detects WannaCry Ransomware;https://www.us-cert.gov/ncas/alerts/TA17-132A;2017-05-12 00:00:00;75;Florian Roth (based on rule by US CERT);CRIME,EXE,FILE,GEN,MAL,RANSOM;350882850aa0264087686aafcabc111e WaterBug_fa_malware;Symantec Waterbug Attack - FA malware variant;http://t.co/rF35OaAXrl;2015-01-22 00:00:00;75;Symantec Security Response;;3260ea5197e722bc9e4f08f81821613f WaterBug_sav;Symantec Waterbug Attack - SAV Malware;http://t.co/rF35OaAXrl;2015-01-22 00:00:00;75;Symantec Security Response;MAL;c617aff48fccbe38bbb77ebf59746a9e WaterBug_turla_dropper;Symantec Waterbug Attack - Trojan Turla Dropper;http://t.co/rF35OaAXrl;2015-01-22 00:00:00;75;Symantec Security Response;MAL,RUSSIA;ba0553a40c31e587b684526850f71002 WaterBug_wipbot_2013_core;Symantec Waterbug Attack - Trojan.Wipbot core + core; garbage appended data (PDF Exploit leftovers) + wipbot dropper; fake AdobeRd32 Error;http://t.co/rF35OaAXrl;2015-01-22 00:00:00;75;Symantec Security Response;MAL;c1cad9cb8a92981801401c19699885ff WaterBug_wipbot_2013_core_PDF;Symantec Waterbug Attack - Trojan.Wipbot 2014 core PDF;http://t.co/rF35OaAXrl;2015-01-22 00:00:00;75;Symantec Security Response;FILE,MAL;c68d0a4e4fc8c1cc7f0d6e1cc2a1f368 WaterBug_wipbot_2013_dll;Symantec Waterbug Attack - Trojan.Wipbot 2014 Down.dll component;http://t.co/rF35OaAXrl;2015-01-22 00:00:00;75;Symantec Security Response;MAL;a899568a57584979d251dae3309d22c6 Waterbear_10_Jun17;Detects malware from Operation Waterbear;https://goo.gl/L9g9eR;2017-06-23 00:00:00;75;Florian Roth;EXE,FILE;f02572c4f1f22fa9d537891c9487ac62 Waterbear_11_Jun17;Detects malware from Operation Waterbear;https://goo.gl/L9g9eR;2017-06-23 00:00:00;75;Florian Roth;EXE,FILE;e7f5e5affa5ea61578175717212adca7 Waterbear_12_Jun17;Detects malware from Operation Waterbear;https://goo.gl/L9g9eR;2017-06-23 00:00:00;75;Florian Roth;EXE,FILE;ece90c9469f607af6ed978fadd8fedc6 Waterbear_13_Jun17;Detects malware from Operation Waterbear;https://goo.gl/L9g9eR;2017-06-23 00:00:00;75;Florian Roth;EXE,FILE;a64ad8654c020362cf9b23e6708a2aae Waterbear_14_Jun17;Detects malware from Operation Waterbear;https://goo.gl/L9g9eR;2017-06-23 00:00:00;75;Florian Roth;EXE,FILE;9d3a60f21dd5273b0f1112e597aa5e5a Waterbear_1_Jun17;Detects malware from Operation Waterbear;https://goo.gl/L9g9eR;2017-06-23 00:00:00;75;Florian Roth;EXE,FILE;da12e8bbdb9bff68563dc29b4f30f379 Waterbear_2_Jun17;Detects malware from Operation Waterbear;https://goo.gl/L9g9eR;2017-06-23 00:00:00;75;Florian Roth;EXE,FILE;39befe16ad2f4728465eccc6f1a2d12b Waterbear_4_Jun17;Detects malware from Operation Waterbear;https://goo.gl/L9g9eR;2017-06-23 00:00:00;75;Florian Roth;EXE,FILE;bb28036a98c272612c684e85668f5bf5 Waterbear_5_Jun17;Detects malware from Operation Waterbear;https://goo.gl/L9g9eR;2017-06-23 00:00:00;75;Florian Roth;FILE;33eeb76f3e9e7258d5dfc9386ad446a9 Waterbear_6_Jun17;Detects malware from Operation Waterbear;https://goo.gl/L9g9eR;2017-06-23 00:00:00;75;Florian Roth;EXE,FILE;b00343474b1d8b5aef8ae573c18f0fb1 Waterbear_7_Jun17;Detects malware from Operation Waterbear;https://goo.gl/L9g9eR;2017-06-23 00:00:00;75;Florian Roth;EXE,FILE;c7f8a0b016f37ee4d13e643269b7ba0b Waterbear_8_Jun17;Detects malware from Operation Waterbear;https://goo.gl/L9g9eR;2017-06-23 00:00:00;75;Florian Roth;EXE,FILE;bcb9155330b570c1c0644cd7f6678bb2 Waterbear_9_Jun17;Detects malware from Operation Waterbear;https://goo.gl/L9g9eR;2017-06-23 00:00:00;75;Florian Roth;EXE,FILE;3224ffea601940bad27ab05940c6dfa9 WebCrack4_RouterPasswordCracking;Chinese Hacktool Set - file WebCrack4-RouterPasswordCracking.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;9b8787adb3ffde114a5b882d54039305 WebShell_5786d7d9f4b0df731d79ed927fb5a124195fc901;Detects a web shell;https://github.com/bartblaze/PHP-backdoors;2016-09-10 00:00:00;75;Florian Roth;FILE,WEBSHELL;97e21ccd95557e830dcc1bf78395a769 WebShell_AK_74_Security_Team_Web_Shell_Beta_Version;PHP Webshells Github Archive - file AK-74 Security Team Web Shell Beta Version.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;50104da4f2517412997e248744a69114 WebShell_Ayyildiz_Tim___AYT__Shell_v_2_1_Biz;PHP Webshells Github Archive - file Ayyildiz Tim -AYT- Shell v 2.1 Biz.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;1bbf8cba3b9ff1bbf203b542a83b0c3f WebShell_C99madShell_v__2_0_madnet_edition;PHP Webshells Github Archive - file C99madShell v. 2.0 madnet edition.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;63e2f195c606a27cb31ff1da03050e08 WebShell_CasuS_1_5;PHP Webshells Github Archive - file CasuS 1.5.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;017ebbce8936c692b5ec79e9cc007e73 WebShell_CmdAsp_asp_php;PHP Webshells Github Archive - file CmdAsp.asp.php.txt;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;e362c5ce618b052d9ff426af1568f5de WebShell_DTool_Pro;PHP Webshells Github Archive - file DTool Pro.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;87268234792d8462caeed57ff4239ddc WebShell_GFS;PHP Webshells Github Archive - from files GFS web-shell ver 3.1.7 - PRiV8.php, Predator.php, GFS_web-shell_ver_3.1.7_-_PRiV8.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;529049a1df8fd71b1a345d3ebb7ce3a2 WebShell_Gamma_Web_Shell;PHP Webshells Github Archive - file Gamma Web Shell.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;3390f06d8f9fef10316ccef5b362ec94 WebShell_Generic_1609_A;Auto-generated rule;https://github.com/bartblaze/PHP-backdoors;2016-09-10 00:00:00;75;Florian Roth;FILE,GEN,WEBSHELL;ede500790f055d8678cd8250d10387c8 WebShell_Generic_PHP_10;PHP Webshells Github Archive - from files Cyber Shell.php, cybershell.php, Cyber Shell (v 1.0).php, PHPRemoteView.php;-;1970-01-01 01:00:00;75;Florian Roth;GEN,WEBSHELL;159ee05abd9aa04427babc56d8f6be25 WebShell_Generic_PHP_11;PHP Webshells Github Archive - from files rootshell.php, Rootshell.v.1.0.php, s72 Shell v1.1 Coding.php, s72_Shell_v1.1_Coding.php;-;1970-01-01 01:00:00;75;Florian Roth;GEN,WEBSHELL;12919b32631e38b4b45edd8c508d4bb0 WebShell_Generic_PHP_1;PHP Webshells Github Archive - from files Dive Shell 1.0;-;1970-01-01 01:00:00;75;Florian Roth;GEN,WEBSHELL;d6783a15dddd826d3f24246296a98130 WebShell_Generic_PHP_2;PHP Webshells Github Archive - from files CrystalShell v.1.php, load_shell.php, Loaderz WEB Shell.php, stres.php;-;1970-01-01 01:00:00;75;Florian Roth;GEN,WEBSHELL;032f17e52814cd4f0b44274fda1222c2 WebShell_Generic_PHP_3;PHP Webshells Github Archive;-;1970-01-01 01:00:00;75;Florian Roth;GEN,WEBSHELL;b692b63f01266df71db381cf551bf965 WebShell_Generic_PHP_4;PHP Webshells Github Archive - from files CrystalShell v.1.php, load_shell.php, nshell.php, Loaderz WEB Shell.php, stres.php;-;1970-01-01 01:00:00;75;Florian Roth;GEN,WEBSHELL;1af35831edcffcaa60458a6173207e53 WebShell_Generic_PHP_6;PHP Webshells Github Archive;-;1970-01-01 01:00:00;75;Florian Roth;GEN,WEBSHELL;16e768d3f667254bc49c6f1502f73b78 WebShell_Generic_PHP_7;PHP Webshells Github Archive;-;1970-01-01 01:00:00;75;Florian Roth;GEN,WEBSHELL;3a953b96dd0ff9d07129854dc554ffb5 WebShell_Generic_PHP_8;PHP Webshells Github Archive;-;1970-01-01 01:00:00;75;Florian Roth;GEN,WEBSHELL;4c3f918935055c7b05068668dc6b23c2 WebShell_Generic_PHP_9;PHP Webshells Github Archive - from files KAdot Universal Shell v0.1.6.php, KAdot_Universal_Shell_v0.1.6.php, KA_uShell 0.1.6.php;-;1970-01-01 01:00:00;75;Florian Roth;GEN,WEBSHELL;d992f22007d1cda3b4f964bd567b9c90 WebShell_JexBoss_JSP_1;Detects JexBoss JSPs;Internal Research;2018-11-08 00:00:00;75;Florian Roth;FILE,WEBSHELL;bf0dff0ad831c0fe9000e96d9cd3c4e5 WebShell_JexBoss_WAR_1;Detects JexBoss versions in WAR form;Internal Research;2018-11-08 00:00:00;75;Florian Roth;FILE,WEBSHELL;32621519a4c08d5453423bba3e51ca59 WebShell_JspWebshell_1_2;PHP Webshells Github Archive - file JspWebshell_1.2.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;ce4660802786bb793007dad924ea0d44 WebShell_JspWebshell_1_2_2;PHP Webshells Github Archive - file JspWebshell 1.2.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;ccd78f40cfeed86744c5e2f821a177d5 WebShell_Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit;PHP Webshells Github Archive - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;ae0b78e3af538bcbde0b4384ebb55489 WebShell_Moroccan_Spamers_Ma_EditioN_By_GhOsT;PHP Webshells Github Archive - file Moroccan Spamers Ma-EditioN By GhOsT.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;6b5a190f4c9d86db1a09559aae57783f WebShell_NCC_Shell;PHP Webshells Github Archive - file NCC-Shell.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;150f197e031fb9726acce43aabce15bf WebShell_NTDaddy_v1_9;PHP Webshells Github Archive - file NTDaddy v1.9.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;3d7a1eefd5b9e6c337939e00346ef134 WebShell_PHANTASMA;PHP Webshells Github Archive - file PHANTASMA.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;fc9ffa8f82dfebf7d68cd107f12d61ab WebShell_PHP_Web_Kit_v3;Detects PAS Tool PHP Web Kit;https://github.com/wordfence/grizzly;2016-01-01 00:00:00;75;Florian Roth;FILE;cc88ada76efa2268f305a9f588c12a51 WebShell_PHP_Web_Kit_v4;Detects PAS Tool PHP Web Kit;https://github.com/wordfence/grizzly;2016-01-01 00:00:00;75;Florian Roth;FILE;a86d493242c2dfe7d87fb09bdc9c4ae3 WebShell_PhpSpy_Ver_2006;PHP Webshells Github Archive - file PhpSpy Ver 2006.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;dd634e5b2f407e7624642f3e97df675f WebShell_RemExp_asp_php;PHP Webshells Github Archive - file RemExp.asp.php.txt;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;9d6280c7c989612d619b1cf88a696b58 WebShell_STNC_WebShell_v0_8;PHP Webshells Github Archive - file STNC WebShell v0.8.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;ab5472327886e9dd3e280c8e256641bb WebShell_Safe_Mode_Bypass_PHP_4_4_2_and_PHP_5_1_2;PHP Webshells Github Archive - file Safe_Mode_Bypass_PHP_4.4.2_and_PHP_5.1.2.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;421dfbf14c6815fff260fd840dc08598 WebShell_Safe_Mode_Bypass_PHP_4_4_2_and_PHP_5_1_2_2;PHP Webshells Github Archive - file Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;f27ba76dc9ae6c9d9354f866298565e7 WebShell_SimAttacker___Vrsion_1_0_0___priv8_4_My_friend;PHP Webshells Github Archive - file SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;33a59325b17453cf25c590b666f43955 WebShell_Simple_PHP_backdoor_by_DK;PHP Webshells Github Archive - file Simple_PHP_backdoor_by_DK.php;-;1970-01-01 01:00:00;75;Florian Roth;MAL,WEBSHELL;c1940c24c3fa0582d22ee590924611ec WebShell_Sincap_1_0;PHP Webshells Github Archive - file Sincap 1.0.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;83c694f5da63c5486c202db37324f3d3 WebShell_Uploader;PHP Webshells Github Archive - file Uploader.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;d567d030234c75006a180c809b0e7471 WebShell_Web_shell__c_ShAnKaR;PHP Webshells Github Archive - file Web-shell (c)ShAnKaR.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;1be444895c6ed1492cefa380b4135441 WebShell_WinX_Shell;PHP Webshells Github Archive - file WinX Shell.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;9464afb4ced119e48a540ca9b0c27d98 WebShell_Worse_Linux_Shell;PHP Webshells Github Archive - file Worse Linux Shell.php;-;1970-01-01 01:00:00;75;Florian Roth;LINUX,WEBSHELL;782fcabcfa49411693c1d4b706685cde WebShell_ZyklonShell;PHP Webshells Github Archive - file ZyklonShell.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;19617f2e9555dc4c63a129d416bb9ee7 WebShell__Ajax_PHP_Command_Shell_Ajax_PHP_Command_Shell_soldierofallah;PHP Webshells Github Archive - from files Ajax_PHP Command Shell.php, Ajax_PHP_Command_Shell.php, soldierofallah.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;925a72ea67264772862696155c10be0a WebShell__CrystalShell_v_1_erne_stres;PHP Webshells Github Archive - from files CrystalShell v.1.php, erne.php, stres.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;417a11e60e24a6a5cd62bfedd32d8fad WebShell__CrystalShell_v_1_sosyete_stres;PHP Webshells Github Archive - from files CrystalShell v.1.php, sosyete.php, stres.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;ca2c1e7d527bbc4e646c87facc46e087 WebShell__Cyber_Shell_cybershell_Cyber_Shell__v_1_0_;PHP Webshells Github Archive - from files Cyber Shell.php, cybershell.php, Cyber Shell (v 1.0).php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;0a46120152c6af42c60ccde83aa09771 WebShell__PH_Vayv_PHVayv_PH_Vayv;PHP Webshells Github Archive - from files PH Vayv.php, PHVayv.php, PH_Vayv.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;27a49d20dddd3c73d7769a9ad4338e0d WebShell__PH_Vayv_PHVayv_PH_Vayv_klasvayv_asp_php;PHP Webshells Github Archive - from files PH Vayv.php, PHVayv.php, PH_Vayv.php, klasvayv.asp.php.txt;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;a4be5f22d27b5d846a7f66f93d39a3f4 WebShell__Small_Web_Shell_by_ZaCo_small_zaco_zacosmall;PHP Webshells Github Archive - from files Small Web Shell by ZaCo.php, small.php, zaco.php, zacosmall.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;83db1a6fff21310afa749d817523db08 WebShell__findsock_php_findsock_shell_php_reverse_shell;PHP Webshells Github Archive - from files findsock.c, php-findsock-shell.php, php-reverse-shell.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;b5c5705c3dc1e33c9f8a12f6dcde3c14 WebShell_aZRaiLPhp_v1_0;PHP Webshells Github Archive - file aZRaiLPhp v1.0.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;50fe95b80de17f2fb09385ee3f090c53 WebShell_accept_language;PHP Webshells Github Archive - file accept_language.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;809e525f0e08cbfd15afdf79079c6300 WebShell_b374k_mini_shell_php_php;PHP Webshells Github Archive - file b374k-mini-shell-php.php.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;a2cdb2889f1ba26d1f46531ee38cd61e WebShell_b374k_php;PHP Webshells Github Archive - file b374k.php.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;38ace66cba2c59b06706f34d57ea8b62 WebShell_backupsql;PHP Webshells Github Archive - file backupsql.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;b689e449e2d31a2d4aea847d5253e1d5 WebShell_c99_locus7s;PHP Webshells Github Archive - file c99_locus7s.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;2fb4ad77e1be74a0738112ce661bbac4 WebShell_c99_madnet;PHP Webshells Github Archive - file c99_madnet.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;86be7d02c6b35187fd7167d9d84f0f10 WebShell_cgi;Semi-Auto-generated - file WebShell.cgi.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;317b67e7d08dfaee7374e6afa2a38c54 WebShell_cgitelnet;PHP Webshells Github Archive - file cgitelnet.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;bdbbd0abf9d6bcac2fe1c7194e1f7c1c WebShell_dC3_Security_Crew_Shell_PRiV;PHP Webshells Github Archive - file dC3_Security_Crew_Shell_PRiV.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;ee2b2a2e4b18f7fe5b1d1d479fa9f5b1 WebShell_dC3_Security_Crew_Shell_PRiV_2;PHP Webshells Github Archive - file dC3 Security Crew Shell PRiV.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;b7ef4c57f22c320da3c14bc1e74d9125 WebShell_ftpsearch;PHP Webshells Github Archive - file ftpsearch.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;57e0c47e9d44d6725d36f22e49eae6a0 WebShell_g00nshell_v1_3;PHP Webshells Github Archive - file g00nshell-v1.3.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;f66a86c6e276f855b810f867af02d514 WebShell_go_shell;PHP Webshells Github Archive - file go-shell.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;25f866e6559b10c335573ea9826deaf4 WebShell_h4ntu_shell__powered_by_tsoi_;PHP Webshells Github Archive - file h4ntu shell [powered by tsoi].php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;eb36987be4d8b57d33f1f07272c56563 WebShell_hiddens_shell_v1;PHP Webshells Github Archive - file hiddens shell v1.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;904ca614620ebfae9c69cf603a7315c3 WebShell_indexer_asp_php;PHP Webshells Github Archive - file indexer.asp.php.txt;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;8b14c23369beb2f868ba959016dc4c01 WebShell_ironshell;PHP Webshells Github Archive - file ironshell.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;ebcfb75330c3136c9c1121e514508a4f WebShell_lamashell;PHP Webshells Github Archive - file lamashell.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;fc5b92ea89fd906ecb012e342bb0f104 WebShell_mysql_tool;PHP Webshells Github Archive - file mysql_tool.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;8778953a48f28f952d7cb94dcc007683 WebShell_php_backdoor;PHP Webshells Github Archive - file php-backdoor.php;-;1970-01-01 01:00:00;75;Florian Roth;MAL,WEBSHELL;2cf396e696ce70775f00492414263243 WebShell_php_include_w_shell;PHP Webshells Github Archive - file php-include-w-shell.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;6a3fc7dd69e02b6bcb18546557ba34f9 WebShell_php_webshells_529;PHP Webshells Github Archive - file 529.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;b0982567c9960f81c146b94db40a71ac WebShell_php_webshells_MyShell;PHP Webshells Github Archive - file MyShell.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;8f3efa58eb587d80a878fff506c3c5f5 WebShell_php_webshells_NGH;PHP Webshells Github Archive - file NGH.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;9410d51c2483a182c062449699c06941 WebShell_php_webshells_README;PHP Webshells Github Archive - file README.md;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;2b3d89c532ee7cdd3c52d24c76307479 WebShell_php_webshells_aspydrv;PHP Webshells Github Archive - file aspydrv.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;1de71ea788ef65c400eb65f56095f019 WebShell_php_webshells_cpanel;PHP Webshells Github Archive - file cpanel.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;234d11715d2244da484f88ecd78fa627 WebShell_php_webshells_cw;PHP Webshells Github Archive - file cw.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;9891877cd463756cfd76ce0b73a857e2 WebShell_php_webshells_kral;PHP Webshells Github Archive - file kral.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;abeb315a64b2b589e4cac2b8f6e29e1e WebShell_php_webshells_lolipop;PHP Webshells Github Archive - file lolipop.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;6cd0d1d725030ab165708b6a7b75ee02 WebShell_php_webshells_lostDC;PHP Webshells Github Archive - file lostDC.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;f0f35c1b6082b370b58ba9ceb1180752 WebShell_php_webshells_matamu;PHP Webshells Github Archive - file matamu.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;d1be64679f57d6a902b9e5c988e39cc8 WebShell_php_webshells_myshell;PHP Webshells Github Archive - file myshell.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;75e0996064865a8ec052a2b05bff3e11 WebShell_php_webshells_pHpINJ;PHP Webshells Github Archive - file pHpINJ.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;b323af8124302e78b974dc47649f3c7f WebShell_php_webshells_pws;PHP Webshells Github Archive - file pws.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;7c563b9a8e521908dc06378d00913b3b WebShell_php_webshells_spygrup;PHP Webshells Github Archive - file spygrup.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;ea7cb42edba8bd3ca9f14307300e427b WebShell_php_webshells_tryag;PHP Webshells Github Archive - file tryag.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;c9432ea060a98459c3a6fa0b024c213c WebShell_qsd_php_backdoor;PHP Webshells Github Archive - file qsd-php-backdoor.php;-;1970-01-01 01:00:00;75;Florian Roth;MAL,WEBSHELL;fcfbb44a6978c6ad949e12902fb8ce3e WebShell_reader_asp_php;PHP Webshells Github Archive - file reader.asp.php.txt;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;11ef4d90b0af00029138274e54bcb0f7 WebShell_ru24_post_sh;PHP Webshells Github Archive - file ru24_post_sh.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;1c83448f7ceb20eb5ceb4380c97899d6 WebShell_safe0ver;PHP Webshells Github Archive - file safe0ver.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;4b2bb8798085f20c6d64cd02e70e297b WebShell_simattacker;PHP Webshells Github Archive - file simattacker.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;0ad0556e77845535abe82a9e5bddcdd7 WebShell_simple_backdoor;PHP Webshells Github Archive - file simple-backdoor.php;-;1970-01-01 01:00:00;75;Florian Roth;MAL,WEBSHELL;e7bb8d19a080cf9bdeb599f907c5e83a WebShell_simple_cmd;PHP Webshells Github Archive - file simple_cmd.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;6a1955be5f07a7f80089c9f743c2b97d WebShell_toolaspshell;PHP Webshells Github Archive - file toolaspshell.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;1d0385ed447cab331a35f487514b869d WebShell_webshells_zehir4;Webshells Github Archive - file zehir4;-;1970-01-01 01:00:00;55;Florian Roth;WEBSHELL;5bb1822ce4aa7123fa9578ff8dff4dd2 WebShell_zehir4_asp_php;PHP Webshells Github Archive - file zehir4.asp.php.txt;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;1e2c75e3c69355ab6badbe3a83f551b4 Webshell_27_9_acid_c99_locus7s;Detects Webshell - rule generated from from files 27.9.txt, acid.php, c99_locus7s.txt;https://github.com/nikicat/web-malware-collection;2016-01-11 00:00:00;70;Florian Roth;WEBSHELL;83ff295cb22da8538bbcde7d14ae1d95 Webshell_27_9_c66_c99;Detects Webshell - rule generated from from files 27.9.txt, c66.php, c99-shadows-mod.php, c99.php ...;https://github.com/nikicat/web-malware-collection;2016-01-11 00:00:00;70;Florian Roth;WEBSHELL;0c3be143afdee2b992461429e58f6820 Webshell_AcidPoison;Detects Poison Sh3ll - Webshell;https://github.com/nikicat/web-malware-collection;2016-01-11 00:00:00;70;Florian Roth;WEBSHELL;4c95cf63e249a0be0f90bbe2cac45e98 Webshell_Ayyildiz;Detects Webshell;https://github.com/nikicat/web-malware-collection;2016-01-11 00:00:00;70;Florian Roth;WEBSHELL;a9368b48de4848ebf5c512cc51a7e3b2 Webshell_Backdoor_PHP_Agent_r57_mod_bizzz_shell_r57;Detects Webshell - rule generated from from files Backdoor.PHP.Agent.php, r57.mod-bizzz.shell.txt ...;https://github.com/nikicat/web-malware-collection;2016-01-11 00:00:00;70;Florian Roth;MAL,WEBSHELL;f23916ba63c407a61abd55a4ef5aacec Webshell_Caterpillar_ASPX;Volatile Cedar Webshell - from file caterpillar.aspx;http://goo.gl/emons5;2015-04-03 00:00:00;75;Florian Roth;MIDDLE_EAST,WEBSHELL;63bfca160217bbd4794c9d52d24f19a7 Webshell_FOPO_Obfuscation_APT_ON_Nov17_1;Detects malware from NK APT incident DE;Internal Research - ON;2017-11-17 00:00:00;75;Florian Roth;APT,FILE,OBFUS,WEBSHELL;f362727b1b624a24491ed5832467914e Webshell_Insomnia;Insomnia Webshell - file InsomniaShell.aspx;http://www.darknet.org.uk/2014/12/insomniashell-asp-net-reverse-shell-bind-shell/;2014-12-09 00:00:00;80;Florian Roth;WEBSHELL;cbace10396a58a0b2a7cc226dfbadc96 Webshell_Tiny_JSP_2;Detects a tiny webshell - chine chopper;-;2015-12-05 00:00:00;100;Florian Roth;FILE,WEBSHELL;0dd195a4b546fca4aa502660c4bcc4da Webshell_acid_AntiSecShell_3;Detects Webshell Acid;https://github.com/nikicat/web-malware-collection;2016-01-11 00:00:00;70;Florian Roth;WEBSHELL;cd5447c88da4b263e1db8d155496e652 Webshell_acid_FaTaLisTiCz_Fx_fx_p0isoN_sh3ll_x0rg_byp4ss_256;Detects Webshell;https://github.com/nikicat/web-malware-collection;2016-01-11 00:00:00;70;Florian Roth;WEBSHELL;b8e9068c00ffac2c32bd171a1c7ecd94 Webshell_and_Exploit_CN_APT_HK;Webshell and Exploit Code in relation with APT against Honk Kong protesters;-;2014-10-10 00:00:00;50;Florian Roth;APT,WEBSHELL;aa24085f67cb0949939760ef0cc2a3d0 Webshell_c100;Detects Webshell - rule generated from from files c100 v. 777shell;https://github.com/nikicat/web-malware-collection;2016-01-11 00:00:00;70;Florian Roth;WEBSHELL;1b68f3d546cb543d8bd0cec31ddd5343 Webshell_c99_4;Detects C99 Webshell;https://github.com/nikicat/web-malware-collection;2016-01-11 00:00:00;70;Florian Roth;WEBSHELL;0c5e4c8fdd2b7d0feb92a9d49d34b479 Webshell_r57shell_2;Detects Webshell R57;https://github.com/nikicat/web-malware-collection;2016-01-11 00:00:00;70;Florian Roth;WEBSHELL;ac3ceefafcb233a1ab99ba90867ac7c0 Webshell_zehir;Detects Webshell - rule generated from from files elmaliseker.asp, zehir.asp, zehir.txt, zehir4.asp, zehir4.txt;https://github.com/nikicat/web-malware-collection;2016-01-11 00:00:00;70;Florian Roth;WEBSHELL;e5852688ee73f2d29ad5af86b3bca3f2 Weevely_Webshell;Weevely Webshell - Generic Rule - heavily scrambled tiny web shell;http://www.ehacking.net/2014/12/weevely-php-stealth-web-backdoor-kali.html;2014-12-14 00:00:00;60;Florian Roth;FILE,GEN,WEBSHELL;8990f2659ca78fa1d77339c65ded1593 WildNeutron_Sample_10;Wild Neutron APT Sample Rule - file 1d3bdabb350ba5a821849893dabe5d6056bf7ba1ed6042d93174ceeaa5d6dad7;https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/;2015-07-10 00:00:00;60;Florian Roth;APT,EXE,FILE;837a18a90cf3a6e82c0febaab7f136bf WildNeutron_Sample_1;Wild Neutron APT Sample Rule - file 2b5065a3d0e0b8252a987ef5f29d9e1935c5863f5718b83440e68dc53c21fa94;https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/;2015-07-10 00:00:00;60;Florian Roth;APT,EXE,FILE;152c96b723a1d3025e369fb52063ce6f WildNeutron_Sample_2;Wild Neutron APT Sample Rule - file 8d80f9ef55324212759f4b6070cb8fce18a008ae9dd8b9598553206654d13a6f;https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/;2015-07-10 00:00:00;60;Florian Roth;APT,EXE,FILE;50b5f9f5ea47c1263db73377013de8ef WildNeutron_Sample_3;Wild Neutron APT Sample Rule - file c2c761cde3175f6e40ed934f2e82c76602c81e2128187bab61793ddb3bc686d0;https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/;2015-07-10 00:00:00;60;Florian Roth;APT,EXE,FILE;008cc716c4f7504790d338c1254d6b1e WildNeutron_Sample_4;Wild Neutron APT Sample Rule - file b4005530193bc523d3e0193c3c53e2737ae3bf9f76d12c827c0b5cd0dcbaae45;https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/;2015-07-10 00:00:00;60;Florian Roth;APT,EXE,FILE;ee94174890bee2674650b207cd689a80 WildNeutron_Sample_5;Wild Neutron APT Sample Rule - file 1604e36ccef5fa221b101d7f043ad7f856b84bf1a80774aa33d91c2a9a226206;https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/;2015-07-10 00:00:00;60;Florian Roth;APT,EXE,FILE;1251806a41c60057fc34d2da10b9d63d WildNeutron_Sample_6;Wild Neutron APT Sample Rule - file 4bd548fe07b19178281edb1ee81c9711525dab03dc0b6676963019c44cc75865;https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/;2015-07-10 00:00:00;60;Florian Roth;APT,EXE,FILE;5f2f17e3406a71e8486b3cd845666ff3 WildNeutron_Sample_7;Wild Neutron APT Sample Rule - file a14d31eb965ea8a37ebcc3b5635099f2ca08365646437c770212d534d504ff3c;https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/;2015-07-10 00:00:00;60;Florian Roth;APT,EXE,FILE;7e8a9b9408ca77637aacdd8083adb770 WildNeutron_Sample_9;Wild Neutron APT Sample Rule - file 781eb1e17349009fbae46aea5c59d8e5b68ae0b42335cb035742f6b0f4e4087e;https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/;2015-07-10 00:00:00;60;Florian Roth;APT,EXE,FILE;5f502b3bafe069724953dccaa5f3732b WildNeutron_javacpl;Wild Neutron APT Sample Rule;https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/;2015-07-10 00:00:00;60;Florian Roth;APT,EXE,FILE;52d4d7e377e37d0716fb729b0e6322a4 WiltedTulip_Matryoshka_RAT;Detects Matryoshka RAT used in Operation Wilted Tulip;http://www.clearskysec.com/tulip;2017-07-23 00:00:00;75;Florian Roth;EXE,FILE,MAL;8d4d22d2f1bed7e55d1a8321f7f5605c WiltedTulip_Netsrv_netsrvs;Detects sample from Operation Wilted Tulip;http://www.clearskysec.com/tulip;2017-07-23 00:00:00;75;Florian Roth;EXE,FILE;f14e23cde811af2b1894fece8fb82141 WiltedTulip_ReflectiveLoader;Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip;http://www.clearskysec.com/tulip;2017-07-23 00:00:00;75;Florian Roth;EXE,FILE;903b49f48f3839e7e4f4160ec7f6b372 WiltedTulip_SilverlightMSI;Detects powershell tool call Get_AD_Users_Logon_History used in Operation Wilted Tulip;http://www.clearskysec.com/tulip;2017-07-23 00:00:00;75;Florian Roth;;5727badf7477a3e4ca17756f51890b65 WiltedTulip_Tools_back;Detects Chrome password dumper used in Operation Wilted Tulip;http://www.clearskysec.com/tulip;2017-07-23 00:00:00;75;Florian Roth;EXE,FILE;88a6cf8324f1203b86aeb85a874056fc WiltedTulip_Tools_clrlg;Detects Windows eventlog cleaner used in Operation Wilted Tulip - file clrlg.bat;http://www.clearskysec.com/tulip;2017-07-23 00:00:00;75;Florian Roth;;299110a0dfc05c80ac9cb50a36ef7e4c WiltedTulip_WindowsTask;Detects hack tool used in Operation Wilted Tulip - Windows Tasks;http://www.clearskysec.com/tulip;2017-07-23 00:00:00;75;Florian Roth;;e72bad7c35f15d04e31f120ff89b61ea WiltedTulip_Windows_UM_Task;Detects a Windows scheduled task as used in Operation Wilted Tulip;http://www.clearskysec.com/tulip;2017-07-23 00:00:00;75;Florian Roth;;8733677d146ca5e1bf6852bbb0d96155 WiltedTulip_Zpp;Detects hack tool used in Operation Wilted Tulip;http://www.clearskysec.com/tulip;2017-07-23 00:00:00;75;Florian Roth;EXE,FILE;b33682b2cd91fee91ea3f27b4181e9bb WiltedTulip_matryoshka_Injector;Detects hack tool used in Operation Wilted Tulip;http://www.clearskysec.com/tulip;2017-07-23 00:00:00;75;Florian Roth;EXE,FILE;506d959ff30835da357a46dc423f5a0b WiltedTulip_powershell;Detects powershell script used in Operation Wilted Tulip;http://www.clearskysec.com/tulip;2017-07-23 00:00:00;75;Florian Roth;;b8d51b15ffe31dff178aa64b92012424 WiltedTulip_tdtess;Detects malicious service used in Operation Wilted Tulip;http://www.clearskysec.com/tulip;2017-07-23 00:00:00;75;Florian Roth;EXE,FILE;c27755eaf3e81b3935cd2b7cb6eefacc WiltedTulip_vminst;Detects malware used in Operation Wilted Tulip;http://www.clearskysec.com/tulip;2017-07-23 00:00:00;75;Florian Roth;EXE,FILE;244de6fd531745d524839ae9f1ee0f96 Win32_Buzus_Softpulse;Trojan Buzus / Softpulse;-;2015-05-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;0a10ae34405275d82d305e6193a1e997 Win32_klock;Chinese Hacktool Set - file klock.dll;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;bb5e68a60442c5facb11fa53cd6e1b9f Win7Elevatev2;Detects Win7Elevate - Windows UAC bypass utility;http://www.pretentiousname.com/misc/W7E_Source/Win7Elevate_Inject.cpp.html;2015-05-14 00:00:00;60;Florian Roth;EXE,FILE;e9c2b16ba4bdc3d54ccff320b20d71c5 WinAgent_BadPatch_1;Detects samples mentioned in BadPatch report;https://goo.gl/RvDwwA;2017-10-20 00:00:00;75;Florian Roth;EXE,FILE;b3cbff0ebcf22563407abd2e2ebe69f8 WinAgent_BadPatch_2;Detects samples mentioned in BadPatch report;https://goo.gl/RvDwwA;2017-10-20 00:00:00;75;Florian Roth;EXE,FILE;c559f8ce3011b8844b13655544dcc14f WinDivert_Driver;Detects WinDivert User-Mode packet capturing driver;https://www.reqrypt.org/windivert.html;2017-10-02 00:00:00;40;Florian Roth;EXE,FILE;0f5a674281b5e8763ead6328591d209d WinEggDropShellFinal_zip_Folder_InjectT;Disclosed hacktool set (old stuff) - file InjectT.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;beb86006716b4a2811117bcc77bb5094 WinPayloads_Payload;Detects WinPayloads Payload;https://github.com/nccgroup/Winpayloads;2017-07-11 00:00:00;75;Florian Roth;EXE,FILE;e8b4e9185dec26768880712bf7656203 WinPayloads_PowerShell;Detects WinPayloads PowerShell Payload;https://github.com/nccgroup/Winpayloads;2017-07-11 00:00:00;75;Florian Roth;SCRIPT;5a94c96abf12debc7daef552562f9186 WinRAR_SFX_Anomaly;Detects WinRAR SFX content with the product name of major vendor's tools (sus);-;2016-03-24 00:00:00;30;Florian Roth;EXE,FILE;434b885d8d8650738ac064d4b106a33e WinX_Shell_html;Semi-Auto-generated - file WinX Shell.html.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;4024a3fad1e084d6cb207be55a4b8278 Win_PrivEsc_ADACLScan4_3;Detects a tool that can be used for privilege escalation - file ADACLScan4.3.ps1;https://adaclscan.codeplex.com/;2016-06-02 00:00:00;60;Florian Roth;;fb157df74f83433b8799c576fb9b93d4 Win_PrivEsc_folderperm;Detects a tool that can be used for privilege escalation - file folderperm.ps1;http://www.greyhathacker.net/?p=738;2016-06-02 00:00:00;80;Florian Roth;;c6d020fdb2c341ca2319e1e610c6203e Win_PrivEsc_gp3finder_v4_0;Detects a tool that can be used for privilege escalation - file gp3finder_v4.0.exe;http://grimhacker.com/2015/04/10/gp3finder-group-policy-preference-password-finder/;2016-06-02 00:00:00;80;Florian Roth;EXE,FILE;63f3b51f6b461d3a91d62f5ada2f4fd0 WindosShell_s1;Detects simple Windows shell - file s1.exe;https://github.com/odzhan/shells/;2016-03-26 00:00:00;75;Florian Roth;EXE,FILE;696bd9788bb5d9549ea26861ec08b1f8 WindowsCredentialEditor;Windows Credential Editor;-;1970-01-01 01:00:00;90;Florian Roth (auto-filled);HKTL;f56b3ce4a69a80f06dc07523a7f13ecc WindowsShell_Gen2;Detects simple Windows shell - from files s3.exe, s4.exe;https://github.com/odzhan/shells/;2016-03-26 00:00:00;75;Florian Roth;EXE,FILE;7e8ce55a412666c827f553ea51794f9a WindowsShell_Gen;Detects simple Windows shell - from files keygen.exe, s1.exe, s2.exe, s3.exe, s4.exe;https://github.com/odzhan/shells/;2016-03-26 00:00:00;75;Florian Roth;EXE,FILE,GEN;016cbe8ed8958d9102f43e491a317323 WindowsShell_s3;Detects simple Windows shell - file s3.exe;https://github.com/odzhan/shells/;2016-03-26 00:00:00;75;Florian Roth;EXE,FILE;cb59debe3b7fc26213e26e0e2a53322d WindowsShell_s4;Detects simple Windows shell - file s4.exe;https://github.com/odzhan/shells/;2016-03-26 00:00:00;75;Florian Roth;EXE,FILE;9fe2d575007cc0bf1cb9e157b7a03280 Winexe_RemoteExecution;Winexe tool used by Sofacy group several APT cases;http://dokumente.linksfraktion.de/inhalt/report-orig.pdf;2015-06-19 00:00:00;70;Florian Roth;APT,EXE,FILE,RUSSIA;27644d19608d8f49660c3ffa4ed05120 Winnti_NlaifSvc;Winnti sample - file NlaifSvc.dll;https://goo.gl/VbvJtL;2017-01-25 00:00:00;75;Florian Roth;CHINA,EXE,FILE;d907f81c64da800aa980444b8f2e2e33 Winnti_fonfig;Winnti sample - file fonfig.exe;https://goo.gl/VbvJtL;2017-01-25 00:00:00;75;Florian Roth;CHINA,EXE,FILE;3e8af97d002ec3396b31754762bc508d Winnti_malware_FWPK;Detects a Winnti malware - FWPKCLNT.SYS;VTI research;2015-10-10 00:00:00;75;Florian Roth;CHINA,EXE,FILE;cfb4375bfea67ded293f982e694a68d8 Winnti_malware_Nsiproxy;Detects a Winnti rootkit;-;2015-10-10 00:00:00;75;Florian Roth;CHINA,EXE,FILE;dd12b43a7020dac3b83fb691a60510b9 Winnti_malware_StreamPortal_Gen;Detects a Winnti malware - Streamportal;VTI research;2015-10-10 00:00:00;75;Florian Roth;CHINA,EXE,FILE,GEN;1babba12643d522ec9869c192e786a26 Winnti_malware_UpdateDLL;Detects a Winnti malware - Update.dll;VTI research;2015-10-10 00:00:00;75;Florian Roth;CHINA,EXE,FILE;d394a36c721f84e9049a0a401faf7a14 Winnti_signing_cert;Detects a signing certificate used by the Winnti APT group;https://securelist.com/analysis/publications/72275/i-am-hdroot-part-1/;2015-10-10 00:00:00;75;Florian Roth;APT,CHINA,EXE,FILE;7f516b615d90fb27c00bd394bf85389d WoolenGoldfish_Generic_1;Detects a operation Woolen-Goldfish sample - http://goo.gl/NpJpVZ;http://goo.gl/NpJpVZ;2015-03-25 00:00:00;90;Florian Roth;GEN;74d1b02f71a242892c438474ca9b1889 WoolenGoldfish_Generic_2;Detects a operation Woolen-Goldfish sample - http://goo.gl/NpJpVZ;http://goo.gl/NpJpVZ;2015-03-25 00:00:00;90;Florian Roth;GEN;ca2f74641174924e9780e0a9dbb9e472 WoolenGoldfish_Generic_3;Detects a operation Woolen-Goldfish sample - http://goo.gl/NpJpVZ;http://goo.gl/NpJpVZ;2015-03-25 00:00:00;90;Florian Roth;GEN;69ddee0248af0613c2cad86c4ee57d4f WoolenGoldfish_Sample_1;Detects a operation Woolen-Goldfish sample - http://goo.gl/NpJpVZ;http://goo.gl/NpJpVZ;2015-03-25 00:00:00;60;Florian Roth;;2e2435291d817a44efd22e532d202b8c WordDoc_PowerShell_URLDownloadToFile;Detects Word Document with PowerShell URLDownloadToFile;https://www.arbornetworks.com/blog/asert/additional-insights-shamoon2/;2017-02-23 00:00:00;75;Florian Roth;FILE,OFFICE,SCRIPT;87d9fd8b804fb0024aa59fd9841fdfcb Wordpress_Config_Webshell_Preprend;Webshell that uses standard Wordpress wp-config.php file and appends the malicious code in front of it;Internal Research;2017-06-25 00:00:00;65;Florian Roth;FILE,OFFICE,WEBSHELL;497072fdd28e57d7884131d3bf1e52f9 Worse_Linux_Shell_php;Semi-Auto-generated - file Worse Linux Shell.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;LINUX,WEBSHELL;0c45de75272c42db9e783d417cace562 XMRIG_Monero_Miner;Detects Monero mining software;https://github.com/xmrig/xmrig/releases;2018-01-04 00:00:00;75;Florian Roth;EXE,FILE;72a3185a8d1fe6ea931f33242f3e33cf XMRIG_Monero_Miner_Config;Auto-generated rule - from files config.json, config.json;https://github.com/xmrig/xmrig/releases;2018-01-04 00:00:00;75;Florian Roth;FILE;cc7530e0cacabcf9ad370c91f9e8d822 XOR_4byte_Key;Detects an executable encrypted with a 4 byte XOR (also used for Derusbi Trojan);http://blog.airbuscybersecurity.com/post/2015/11/Newcomers-in-the-Derusbi-family;2015-12-15 00:00:00;60;Florian Roth;EXE,FILE,MAL;803a44769d6e517b4e83b320955fe96f XScanLib;Chinese Hacktool Set - file XScanLib.dll;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;ed014cfe2e5173965671acf14f479f0a XYZCmd_zip_Folder_Readme;Disclosed hacktool set (old stuff) - file Readme.txt;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;db0bca050550d48a9ee9638e2bfdd275 XYZCmd_zip_Folder_XYZCmd;Disclosed hacktool set (old stuff) - file XYZCmd.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;e88a6c504c780cecd67a8924053a9aee Xtreme_RAT_Gen_Imp;Detects XTREME sample analyzed in September 2017;Internal Research;2017-09-27 00:00:00;75;Florian Roth;EXE,FILE,GEN,MAL;b6eda61d28d9e53ed455b9ac4b5f4e7f Xtreme_Sep17_1;Detects XTREME sample analyzed in September 2017;Internal Research;2017-09-27 00:00:00;75;Florian Roth;EXE,FILE;10343d0e7b1acac9862f527b67ec5852 Xtreme_Sep17_2;Detects XTREME sample analyzed in September 2017;Internal Research;2017-09-27 00:00:00;75;Florian Roth;EXE,FILE;8e02c951f2bdb5ba33bee83aed95bf51 Xtreme_Sep17_3;Detects XTREME sample analyzed in September 2017;Internal Research;2017-09-27 00:00:00;75;Florian Roth;EXE,FILE;74f6e84cecfb523dbfc7553f80386786 Ysoserial_Payload;Ysoserial Payloads;https://github.com/frohoff/ysoserial;2017-02-04 00:00:00;75;Florian Roth;FILE;c09b748a4000de9c47f75f4b2ea7fde3 Ysoserial_Payload_3;Ysoserial Payloads - from files JavassistWeld1.bin, JBossInterceptors.bin;https://github.com/frohoff/ysoserial;2017-02-04 00:00:00;75;Florian Roth;FILE;5b94086ac1d2f8b5e59a31ea5abbf526 Ysoserial_Payload_C3P0;Ysoserial Payloads - file C3P0.bin;https://github.com/frohoff/ysoserial;2017-02-04 00:00:00;75;Florian Roth;FILE;91f08fe0780be9cd747e0f093afa444b Ysoserial_Payload_MozillaRhino1;Ysoserial Payloads - file MozillaRhino1.bin;https://github.com/frohoff/ysoserial;2017-02-04 00:00:00;75;Florian Roth;FILE;8934c8ff15926773a414f894c703daa9 Ysoserial_Payload_Spring1;Ysoserial Payloads - file Spring1.bin;https://github.com/frohoff/ysoserial;2017-02-04 00:00:00;75;Florian Roth;;3fe632c1a293ef89c1bef75d4e0348bd ZXshell2_0_rar_Folder_ZXshell;Webshells Auto-generated - file ZXshell.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;f842fc3bed421692fcdb9240353220e5 ZXshell2_0_rar_Folder_nc;Webshells Auto-generated - file nc.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;8517e6ed9f214e8c3c1c42f5d583b4e8 ZXshell2_0_rar_Folder_zxrecv;Webshells Auto-generated - file zxrecv.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;3ef71ed450d328d9e0feea55e66045f8 ZXshell_20171211_chrsben;Detects ZxShell variant surfaced in Dec 17;https://goo.gl/snc85M;2017-12-11 00:00:00;75;Florian Roth;EXE,FILE;eed3c0ffa0ec4c09d70013689a2920f9 Z_WebShell;Detects Z Webshell from NCSC report;https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control;2018-04-06 00:00:00;75;NCSC;WEBSHELL;3493cb5d4fe894a69ac536083b6649cc Zehir_4_asp;Semi-Auto-generated - file Zehir 4.asp.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;e15d702876107fd0881539486635eea7 Zeus_Panda;Detects ZEUS Panda Malware;https://cyberwtf.files.wordpress.com/2017/07/panda-whitepaper.pdf;2017-08-04 00:00:00;75;Florian Roth;CHINA,EXE,FILE,MAL;c997e355f805a1b7482632128a590f91 ZxShell_Jul17;Detects a ZxShell - CN threat group;https://blogs.rsa.com/cat-phishing/;2017-07-08 00:00:00;75;Florian Roth;;960b51abe999993e2f37b97c00aab61c ZxShell_Related_Malware_CN_Group_Jul17_1;Detects a ZxShell related sample from a CN threat group;https://blogs.rsa.com/cat-phishing/;2017-07-08 00:00:00;75;Florian Roth;EXE,FILE,MAL;f2b44d07a0b6c373f9951254481ecfff ZxShell_Related_Malware_CN_Group_Jul17_2;Detects a ZxShell related sample from a CN threat group;https://blogs.rsa.com/cat-phishing/;2017-07-08 00:00:00;75;Florian Roth;EXE,FILE,MAL;dd08b6b16c23daef88f18ba2b8dd4bd9 ZxShell_Related_Malware_CN_Group_Jul17_3;Detects a ZxShell related sample from a CN threat group;https://blogs.rsa.com/cat-phishing/;2017-07-08 00:00:00;75;Florian Roth;EXE,FILE,MAL;30989b54ed29b1db81ea655e983445b7 _1_c2007_php_php_c100_php;Semi-Auto-generated - from files 1.txt, c2007.php.php.txt, c100.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;e43084c84635549f7f50eca296fd0b4d _Bitchin_Threads_;Auto-generated rule on file =Bitchin Threads=.exe;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator by Florian Roth;HKTL;3b86a6f8825e7083eab4afbb3af8f843 _Crystal_php_nshell_php_php_load_shell_php_php;Semi-Auto-generated - from files Crystal.php.txt, nshell.php.php.txt, load_shell.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;c1a03efe1675d593f9108cd96583448a _FsHttp_FsPop_FsSniffer;Disclosed hacktool set (old stuff) - from files FsHttp.exe, FsPop.exe, FsSniffer.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;cf2001eb5116303a54bf781c26c675e8 _GFS_web_shell_ver_3_1_7___PRiV8_php_nshell_php_php_gfs_sh_php_php;Semi-Auto-generated - from files GFS web-shell ver 3.1.7 - PRiV8.php.txt, nshell.php.php.txt, gfs_sh.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;7bb145b7877dfc1206fe93a637d68a38 _Project1_Generate_rejoice;Chinese Hacktool Set - from files Project1.exe, Generate.exe, rejoice.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,GEN,HKTL;486f0d74834ccf318cad9740e912d523 _antichat_php_php_Fatalshell_php_php_a_gedit_php_php;Semi-Auto-generated - from files antichat.php.php.txt, Fatalshell.php.php.txt, a_gedit.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;5e161a2593b908528348c012c3c9dfed _c99shell_v1_0_php_php_c99php_1_c2007_php_php_c100_php;Semi-Auto-generated - from files c99shell_v1.0.php.php.txt, c99php.txt, 1.txt, c2007.php.php.txt, c100.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;bb7d59556f0cedac80654c518da6649d _c99shell_v1_0_php_php_c99php_SsEs_php_php;Semi-Auto-generated - from files c99shell_v1.0.php.php.txt, c99php.txt, SsEs.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;7c6d773da2ae0ed8976987173e00082d _c99shell_v1_0_php_php_c99php_SsEs_php_php_ctt_sh_php_php;Semi-Auto-generated - from files c99shell_v1.0.php.php.txt, c99php.txt, SsEs.php.php.txt, ctt_sh.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;65288469ad3865934ffcd8413f50130a _hscan_hscan_hscangui;Chinese Hacktool Set - from files hscan.exe, hscan.exe, hscangui.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;b2c687416b0d1a0020d158f081ed4f4b _iissample_nesscan_twwwscan;Disclosed hacktool set (old stuff) - from files iissample.exe, nesscan.exe, twwwscan.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;f28759a4f74124ccb50d8034018c60b8 _network_php_php_xinfo_php_php_nfm_php_php;Semi-Auto-generated - from files network.php.php.txt, xinfo.php.php.txt, nfm.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;6a15337a5b5f258f0f6524a8bd89bcbf _nixrem_php_php_c99shell_v1_0_php_php_c99php_NIX_REMOTE_WEB_SHELL_v_0_5_alpha_Lite_Public_Version_php;Semi-Auto-generated ;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;ffb0670cce0f2393933d727cd431b8c0 _nst_php_php_cybershell_php_php_img_php_php_nstview_php_php;Semi-Auto-generated - from files nst.php.php.txt, cybershell.php.php.txt, img.php.php.txt, nstview.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;6a8c264aefbc7e8960610e58bada86b1 _nst_php_php_img_php_php_nstview_php_php;Semi-Auto-generated - from files nst.php.php.txt, img.php.php.txt, nstview.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;7758881dee28a22bd65401fcc6bdca98 _r577_php_php_SnIpEr_SA_Shell_php_r57_php_php;Semi-Auto-generated - from files r577.php.php.txt, SnIpEr_SA Shell.php.txt, r57.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;44fbe588ded3fd0f3aa5d4a6be71dca5 _r577_php_php_SnIpEr_SA_Shell_php_r57_php_php_r57_Shell_php_php_spy_php_php_s_php_php;Semi-Auto-generated ;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;af988fac2ee4dfb7620d573a3d5e1f9a _r577_php_php_SnIpEr_SA_Shell_php_r57_php_php_spy_php_php_s_php_php;Semi-Auto-generated ;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;f10b293babd8ce3b828ac3e8017ad709 _r577_php_php_r57_Shell_php_php_spy_php_php_s_php_php;Semi-Auto-generated - from files r577.php.php.txt, r57 Shell.php.php.txt, spy.php.php.txt, s.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;fc8ee53d148790ad11b9e21b800bdd39 _r577_php_php_r57_php_php_r57_Shell_php_php_spy_php_php_s_php_php;Semi-Auto-generated - from files r577.php.php.txt, r57.php.php.txt, r57 Shell.php.php.txt, spy.php.php.txt, s.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;ef49567df458dc7467bad2330331b64e _r577_php_php_r57_php_php_spy_php_php_s_php_php;Semi-Auto-generated - from files r577.php.php.txt, r57.php.php.txt, spy.php.php.txt, s.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;b2c3481854c2fa4f9fa24ee07c6e613f _r577_php_php_spy_php_php_s_php_php;Semi-Auto-generated - from files r577.php.php.txt, spy.php.php.txt, s.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;f69397664d172ab9fb7c7e1bc008c94d _root_040_zip_Folder_deploy;Webshells Auto-generated - file deploy.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;6b9600be33255412e22b78c54fefd5c5 _w_php_php_c99madshell_v2_1_php_php_wacking_php_php;Semi-Auto-generated - from files w.php.php.txt, c99madshell_v2.1.php.php.txt, wacking.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;8a3ea0d41750d24520651c9fc416b720 _w_php_php_c99madshell_v2_1_php_php_wacking_php_php_1_SpecialShell_99_php_php;Semi-Auto-generated ;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;99cb2910ffee953cf6106e85af0b0213 _w_php_php_c99madshell_v2_1_php_php_wacking_php_php_SpecialShell_99_php_php;Semi-Auto-generated ;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;d26d4758dffa42540238470a2c1caa63 _w_php_php_c99madshell_v2_1_php_php_wacking_php_php_SsEs_php_php_SpecialShell_99_php_php;Semi-Auto-generated ;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;94c2e7d5738706d351b5f4d505ed725a _w_php_php_c99madshell_v2_1_php_php_wacking_php_php_c99shell_v1_0_php_php_SpecialShell_99_php_php;Semi-Auto-generated ;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;bee0874fa73137a54db30cce325376a3 _w_php_php_c99madshell_v2_1_php_php_wacking_php_php_c99shell_v1_0_php_php_c99php;Semi-Auto-generated ;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;4cd370556f92383a4785a462c79296c4 _w_php_php_c99madshell_v2_1_php_php_wacking_php_php_c99shell_v1_0_php_php_c99php_SpecialShell_99_php_php;Semi-Auto-generated ;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;6bf97758674f6932c51d4d0cf37af64c _w_php_php_c99madshell_v2_1_php_php_wacking_php_php_dC3_Security_Crew_Shell_PRiV_php_SpecialShell_99_php_php;Semi-Auto-generated ;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;97561d90e6eaa54fdf32eacc703d59f4 _w_php_php_wacking_php_php_SpecialShell_99_php_php;Semi-Auto-generated - from files w.php.php.txt, wacking.php.php.txt, SpecialShell_99.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;f659e35bc92b391c76af8961621a5e57 _w_php_php_wacking_php_php_SsEs_php_php_SpecialShell_99_php_php;Semi-Auto-generated - from files w.php.php.txt, wacking.php.php.txt, SsEs.php.php.txt, SpecialShell_99.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;983feefe34d938d7dd87dd9526c6f66a _w_php_php_wacking_php_php_c99shell_v1_0_php_php_c99php_SpecialShell_99_php_php;Semi-Auto-generated ;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;7537792708c503bc0e74a34e04bfe387 _wacking_php_php_1_SpecialShell_99_php_php_c100_php;Semi-Auto-generated - from files wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt, c100.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;18ca643a48a6c107e299dabd81aa4025 aZRaiLPhp_v1_0_php;Semi-Auto-generated - file aZRaiLPhp v1.0.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;8cf24ef49a7b9802a62516a3a461b10b adjustcr;Webshells Auto-generated - file adjustcr.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;a41a32d8e9d2779db71000386598b4fb admin_ad;Webshells Auto-generated - file admin-ad.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;89f7075a5ab3211b094a681bea8553c0 ak74shell_php_php;Semi-Auto-generated - file ak74shell.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;93ba01efa20fb9a454a4a51e7f2230a7 aolipsniffer;Auto-generated rule on file aolipsniffer.exe;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator by Florian Roth;HKTL;f65e9b997245392cff7c00685a4a2dc4 apt28_win_zebrocy_golang_loader_modified;Detects unpacked modified APT28/Sofacy Zebrocy Golang.;https://www.vkremez.com/2018/12/lets-learn-progression-of-apt28sofacy.html;2018-12-25 00:00:00;75;@VK_Intel;APT,EXE,FILE,RUSSIA;4db41162514cab4d2401924a2d8ff70c apt_ProjectSauron_MyTrampoline;Rule to detect ProjectSauron MyTrampoline module;https://securelist.com/blog/;1970-01-01 01:00:00;75;-;FILE;28035368a7809dc0fdbac49cffd8077f apt_ProjectSauron_encrypted_LSA;Rule to detect ProjectSauron encrypted LSA samples;https://securelist.com/blog/;1970-01-01 01:00:00;75;-;EXTVAR,FILE;217cb2f14d48929959b4000738e447af apt_ProjectSauron_encrypted_SSPI;Rule to detect encrypted ProjectSauron SSPI samples;https://securelist.com/blog/;1970-01-01 01:00:00;75;-;EXTVAR,FILE;6a9285f65d1db311a3daa4720d60bafb apt_ProjectSauron_encrypted_container;Rule to detect ProjectSauron samples encrypted container;https://securelist.com/blog/;1970-01-01 01:00:00;75;-;EXTVAR,FILE;ab20df1e8d3673b596300c32721e8d85 apt_ProjectSauron_encryption;Rule to detect ProjectSauron string encryption;https://securelist.com/blog/;1970-01-01 01:00:00;75;-;;b44e22742066f68f6487ec67e603b088 apt_ProjectSauron_generic_pipe_backdoor;Rule to detect ProjectSauron generic pipe backdoors;https://securelist.com/blog/;1970-01-01 01:00:00;75;-;FILE,MAL;f4802bcfd2d29151d15a4ada9de50639 apt_ProjectSauron_pipe_backdoor;Rule to detect ProjectSauron pipe backdoors;https://securelist.com/blog/;1970-01-01 01:00:00;75;-;FILE,MAL;b03ff7feeb50c1ce5ac40fc49c6f5fd8 apt_RU_MoonlightMaze_IRIX_exploit_GEN;Rule to detect Irix exploits from David Hedley used by Moonlight Maze hackers;https://en.wikipedia.org/wiki/Moonlight_Maze;2017-03-27 00:00:00;75;Kaspersky Lab;FILE;f5382f15d590e8b7d4db2582a5c3f145 apt_RU_MoonlightMaze_cle_tool;Rule to detect Moonlight Maze 'cle' log cleaning tool;https://en.wikipedia.org/wiki/Moonlight_Maze;2017-03-27 00:00:00;75;Kaspersky Lab;;bf55697ac9d8952505ca20018a078885 apt_RU_MoonlightMaze_customlokitools;Rule to detect Moonlight Maze Loki samples by custom attacker-authored strings;https://en.wikipedia.org/wiki/Moonlight_Maze;2017-03-15 00:00:00;75;Kaspersky Lab;;e7cbfcde5583b7e0472f0bf40456cca3 apt_RU_MoonlightMaze_customsniffer;Rule to detect Moonlight Maze sniffer tools;https://en.wikipedia.org/wiki/Moonlight_Maze;2017-03-15 00:00:00;75;Kaspersky Lab;;39fece5cd3f66002b3c15103774ceaaa apt_RU_MoonlightMaze_de_tool;Rule to detect Moonlight Maze 'de' and 'deg' tunnel tool;https://en.wikipedia.org/wiki/Moonlight_Maze;2017-03-27 00:00:00;75;Kaspersky Lab;;0df4635deb993f330e8e420861343201 apt_RU_MoonlightMaze_encrypted_keylog;Rule to detect Moonlight Maze encrypted keylogger logs;https://en.wikipedia.org/wiki/Moonlight_Maze;2017-03-27 00:00:00;75;Kaspersky Lab;FILE,HKTL;e4925f70d4b6f9ea4e155b547cae9068 apt_RU_MoonlightMaze_u_logcleaner;Rule to detect log cleaners based on utclean.c;https://en.wikipedia.org/wiki/Moonlight_Maze;2017-03-27 00:00:00;75;Kaspersky Lab;FILE;35b9ff29a1ead717afc1325de27636c7 apt_RU_MoonlightMaze_wipe;Rule to detect log cleaner based on wipe.c;https://en.wikipedia.org/wiki/Moonlight_Maze;2017-03-27 00:00:00;75;Kaspersky Lab;FILE;770a97bf75c94625579c0efece5008de apt_RU_MoonlightMaze_xk_keylogger;Rule to detect Moonlight Maze 'xk' keylogger;https://en.wikipedia.org/wiki/Moonlight_Maze;2017-03-27 00:00:00;75;Kaspersky Lab;HKTL;b4a90854d2ae42bcd04156f07fd4e795 apt_backspace;Detects APT backspace;-;2015-05-14 00:00:00;75;Bit Byte Bitten;APT,EXE,FILE;8b8939a20ee046b8a1e709f12de183a4 apt_duqu2_drivers;Rule to detect Duqu 2.0 drivers;-;1970-01-01 01:00:00;75;-;FILE;ed8dfb7339d0182e66eb026c0e543612 apt_duqu2_loaders;Rule to detect Duqu 2.0 samples;-;1970-01-01 01:00:00;75;-;EXE,FILE;2504f4f9bb56ddfdcae097ba1874e0d6 apt_equation_cryptotable;Rule to detect the crypto library used in Equation group malware;https://securelist.com/blog/;1970-01-01 01:00:00;75;-;;1113d9250bb6388fd75226479aebd8e0 apt_equation_doublefantasy_genericresource;Rule to detect DoubleFantasy encoded config http://goo.gl/ivt8EW;http://securelist.com/blog/research/68750/equation-the-death-star-of-malware-galaxy/;1970-01-01 01:00:00;75;-;;73303480172f14f0ba47ad3e31d078c5 apt_equation_equationlaser_runtimeclasses;Rule to detect the EquationLaser malware;https://securelist.com/blog/;1970-01-01 01:00:00;75;-;;d4ddb620e02e00c09390704fcaeba0cd apt_equation_exploitlib_mutexes;Rule to detect Equation group's Exploitation library http://goo.gl/ivt8EW;http://securelist.com/blog/research/68750/equation-the-death-star-of-malware-galaxy/;1970-01-01 01:00:00;75;-;;ba262131482ebc7db3dadf6135b09053 apt_equation_keyword;Rule to detect Equation group's keyword in executable file;http://securelist.com/blog/research/68750/equation-the-death-star-of-malware-galaxy/;1970-01-01 01:00:00;75;Florian Roth (auto-filled);EXE,FILE;ba178f21aa42b409c8afc2f70d59eaff apt_hellsing_implantstrings;detection for Hellsing implants;-;2015-04-07 00:00:00;75;Costin Raiu, Kaspersky Lab;;b2d60797f37691ee8f58fd237979b0e0 apt_hellsing_installer;detection for Hellsing xweber/msger installers;-;2015-04-07 00:00:00;75;Costin Raiu, Kaspersky Lab;;6c83582f80d2baec697c6e0abad4a2c7 apt_hellsing_irene;detection for Hellsing msger irene installer;-;2015-04-07 00:00:00;75;Costin Raiu, Kaspersky Lab;;e03e9290afec0ec22f57c93ed5d3dfe0 apt_hellsing_msgertype2;detection for Hellsing msger type 2 implants;-;2015-04-07 00:00:00;75;Costin Raiu, Kaspersky Lab;;f5a1fd8f46c824cecc59a1cd90010c0b apt_hellsing_proxytool;detection for Hellsing proxy testing tool;-;2015-04-07 00:00:00;75;Costin Raiu, Kaspersky Lab;;c230366df2c8b2f81481c061f31b770c apt_hellsing_xkat;detection for Hellsing xKat tool;-;2015-04-07 00:00:00;75;Costin Raiu, Kaspersky Lab;;ed43036b6eea1b76a549da86dcbce89d apt_nix_elf_Derusbi_Linux_SharedMemCreation;Detects Derusbi Backdoor ELF Shared Memory Creation;https://github.com/fideliscyber/indicators/tree/master/FTA-1021;2016-02-29 00:00:00;75;Fidelis Cybersecurity;FILE,LINUX,MAL;22f73ca3d74eafda566d6d2caf386dc0 apt_nix_elf_Derusbi_Linux_Strings;Detects Derusbi Backdoor ELF Strings;https://github.com/fideliscyber/indicators/tree/master/FTA-1021;2016-02-29 00:00:00;75;Fidelis Cybersecurity;FILE,LINUX,MAL;06c0e30de9972dcdacd9904822a35cba apt_nix_elf_derusbi;Detects Derusbi Backdoor ELF;https://github.com/fideliscyber/indicators/tree/master/FTA-1021;2016-02-29 00:00:00;75;Fidelis Cybersecurity;FILE,LINUX,MAL;6d40cfbc0f9a2ac7e29b3a621a14b949 apt_nix_elf_derusbi_kernelModule;Detects Derusbi Backdoor ELF Kernel Module;https://github.com/fideliscyber/indicators/tree/master/FTA-1021;2016-02-29 00:00:00;75;Fidelis Cybersecurity;FILE,LINUX,MAL;2a17463a160d2664b0b9816902dba965 apt_regin_hopscotch;Rule to detect Regin's Hopscotch module;https://securelist.com/blog/research/68438/an-analysis-of-regins-hopscotch-and-legspin/;1970-01-01 01:00:00;75;-;;84a6edd47dd93400fd3b2b12d7bee960 apt_regin_legspin;Rule to detect Regin's Legspin module;https://securelist.com/blog/research/68438/an-analysis-of-regins-hopscotch-and-legspin/;1970-01-01 01:00:00;75;-;;e5110a9053d5441e82b15e0b51a16715 apt_sofacy_xtunnel;Sofacy Malware - German Bundestag;-;1970-01-01 01:00:00;75;Claudio Guarnieri;FILE,MAL,RUSSIA;1aac372eb15549aa24b8e9c044cd415f apt_win32_dll_rat_1a53b0cp32e46g0qio7;Detects Inocnation Malware;https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_FINAL.pdf;1970-01-01 01:00:00;75;Fidelis Cybersecurity;FILE,MAL;9c85215b3a9c9de02465e755a0597b58 apt_win32_dll_rat_hiZorRAT;-;https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_FINAL.pdf;1970-01-01 01:00:00;75;Florian Roth (auto-filled);FILE;b3170c66e4b5ac089b93d8e30043685e apt_win_exe_trojan_derusbi;Detects Derusbi Backdoor Win32;https://github.com/fideliscyber/indicators/tree/master/FTA-1021;2016-02-29 00:00:00;75;Fidelis Cybersecurity;FILE,MAL;33ed8f69b5389a16f9f539275b25a20f arpsniffer;Chinese Hacktool Set - file arpsniffer.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;31f46e300a8ead01d5c5421ffcf906c3 asp_dns;Laudanum Injector Tools - file dns.asp;http://laudanum.inguardians.com/;2015-06-22 00:00:00;75;Florian Roth;HKTL,WEBSHELL;d5a8cfb12bb0ecc1ddd7b5126f1ff196 asp_file;Laudanum Injector Tools - file file.asp;http://laudanum.inguardians.com/;2015-06-22 00:00:00;75;Florian Roth;FILE,HKTL,WEBSHELL;f38f963b29b0a628b0e998c5a8fee04e asp_proxy;Laudanum Injector Tools - file proxy.asp;http://laudanum.inguardians.com/;2015-06-22 00:00:00;75;Florian Roth;HKTL,WEBSHELL;70b32b75e6362e33119e9c3f42fa5a11 asp_shell;Laudanum Injector Tools - file shell.asp;http://laudanum.inguardians.com/;2015-06-22 00:00:00;75;Florian Roth;HKTL,WEBSHELL;0e237cf83024ed46fe19c16f03cee10f aspbackdoor_EDIR;Disclosed hacktool set (old stuff) - file EDIR.ASP;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;db89228c505bba6761615cbc3090854c aspbackdoor_EDIT;Disclosed hacktool set (old stuff) - file EDIT.ASP;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;574e82d970ca7559065e15d1eafb5eab aspbackdoor_asp1;Disclosed hacktool set (old stuff) - file asp1.txt;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;b96dac044f14fee89fbcdedce27c31df aspbackdoor_asp3;Disclosed hacktool set (old stuff) - file asp3.txt;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;f30e3eb63a1c756b122fa86f13667152 aspbackdoor_asp4;Disclosed hacktool set (old stuff) - file asp4.txt;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;23a607db76341d347fe86f93f0987878 aspbackdoor_entice;Disclosed hacktool set (old stuff) - file entice.asp;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;5a26fbd0e633333eb339e72823d307c7 aspbackdoor_ipclear;Disclosed hacktool set (old stuff) - file ipclear.vbs;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;6a7bd79646b46a0590e83b60f18bb0c0 aspbackdoor_regdll;Disclosed hacktool set (old stuff) - file regdll.asp;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;70e00ffb48bcfad69212f6c3df5694ab aspfile1;Disclosed hacktool set (old stuff) - file aspfile1.asp;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;bf97ea456d979e265b3949f85606d535 aspfile2;Disclosed hacktool set (old stuff) - file aspfile2.asp;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;98715c4588eb380ecfa76c75c223fb53 aspx_shell;Laudanum Injector Tools - file shell.aspx;http://laudanum.inguardians.com/;2015-06-22 00:00:00;75;Florian Roth;HKTL,WEBSHELL;62fd554b7cd4de08f115b2841c9039d5 aspydrv_asp;Semi-Auto-generated - file aspydrv.asp.txt;-;1970-01-01 01:00:00;60;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;46c92548c6802f51b4f5f6c48da467ea b374k_back_connect;Detects privilege escalation tool;Internal Analysis;2016-08-18 00:00:00;80;Florian Roth;EXE,FILE;407bb57ac443844d316c5b0f03f4633a backdoor1_php;Semi-Auto-generated - file backdoor1.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;MAL,WEBSHELL;7686df6b5f61f28074319300cb32fe10 backdoorfr_php;Semi-Auto-generated - file backdoorfr.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;MAL,WEBSHELL;106ce8c20763c9c102802d965841e9ea backup_php_often_with_c99shell;Semi-Auto-generated - file backup.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;32597959ac5f6336ac407af571ccfc63 backupsql_php_often_with_c99shell;Semi-Auto-generated - file backupsql.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;f8116d12c5c31d335443a04769cb13c3 bdcli100;Webshells Auto-generated - file bdcli100.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;ef7bf3c3b893fa9975e2c6ca39a2d05a bin_Client;Webshells Auto-generated - file Client.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;bf47211e7975d9d786e86f739e1a89a9 bin_ndisk;Hacking Team Disclosure Sample - file ndisk.sys;https://www.virustotal.com/en/file/a03a6ed90b89945a992a8c69f716ec3c743fa1d958426f4c50378cca5bef0a01/analysis/1436184181/;2015-07-07 00:00:00;100;Florian Roth;EXE,FILE;9eaa0655065e036099f30d8e0edf6cca bin_wuaus;Webshells Auto-generated - file wuaus.dll;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;25eb93935257324620e3cdf7c94ccb4e binder2_binder2;Webshells Auto-generated - file binder2.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;d17b245a8dfd7e1fe7bac306882277e5 blackenergy3_installer;Matches unique code block for import name construction ;https://www.f-secure.com/documents/996508/1030745/blackenergy_whitepaper.pdf;2015-05-29 00:00:00;75;Mike Schladt;;1f2732586d1e4c8f555836d455bea0a5 by063cli;Webshells Auto-generated - file by063cli.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;4450a07a34acc926d52c2cb32fcc74fc by064cli;Webshells Auto-generated - file by064cli.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;e85d80f72cc8a21976fc4128e4de10c8 byloader;Webshells Auto-generated - file byloader.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;6dea6ae8eb9d5367d448b576c48214cd byshell063_ntboot;Webshells Auto-generated - file ntboot.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;434bbea7196cde8e04ce731235888b42 byshell063_ntboot_2;Webshells Auto-generated - file ntboot.dll;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;df39b15b0694565ccc0d6f050e6b3876 c99madshell_v2_0_php_php;Semi-Auto-generated - file c99madshell_v2.0.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;a93bef08df55d00b512777d6aa9fc2c9 c99shell;Webshells Auto-generated - file c99shell.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;dfc4b5028a0d1956096a17f8d171a24e cachedump;Detects a tool used by APT groups - from files cachedump.exe, cachedump64.exe;http://goo.gl/igxLyF;2016-09-08 00:00:00;75;Florian Roth;APT,EXE,FILE,HKTL;636450218951b5fc4b6a3438821d6d32 carbon_metadata;Turla Carbon malware;https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-stage-backdoor/;2017-03-30 00:00:00;75;ESET Research;RUSSIA;fdeb3c40083baeffca2229d8ed2bd57f ce_enfal_cmstar_debug_msg;Detects the static debug strings within CMSTAR;http://goo.gl/JucrP9;2015-05-10 00:00:00;75;rfalcone;EXE,FILE;12232a5ed0f968d7364799de4ac6b187 cfm_shell;Laudanum Injector Tools - file shell.cfm;http://laudanum.inguardians.com/;2015-06-22 00:00:00;75;Florian Roth;HKTL,WEBSHELL;dc6f1a7debe0324351fc0cd1f5450446 cgi_python_py;Semi-Auto-generated - file cgi-python.py.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;d81ef24a1d5264043dc027f51d83c093 cgis4_cgis4;Auto-generated rule on file cgis4.exe;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator by Florian Roth;HKTL;4667226178621f26a22b36b9b4badaf7 chrome_elf;Detects Fireball malware - file chrome_elf.dll;https://goo.gl/4pTkGQ;2017-06-02 00:00:00;75;Florian Roth;EXE,FILE;db765df357ecc7380951d7dfb85b6b01 churrasco;Chinese Hacktool Set - file churrasco.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;3046162de9ac33671d4b1b8e073eb31e clean_apt15_patchedcmd;This is a patched CMD. This is the CMD that RoyalCli uses.;-;1970-01-01 01:00:00;75;Ahmed Zaki;FILE;c515c94d988e8c312ad547d114f1c39b clearlog;Detects Fireball malware - file clearlog.dll;https://goo.gl/4pTkGQ;2017-06-02 00:00:00;75;Florian Roth;EXE,FILE;71bb3c680d745046d2304dbf0f316d4c cmdShell;Webshells Auto-generated - file cmdShell.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;9bde77119c4f40302e7489199b74e2d8 cmd_asp_5_1_asp;Semi-Auto-generated - file cmd-asp-5.1.asp.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;c3e67edcbaff7500f30094cd422d57eb cmdjsp_jsp;Semi-Auto-generated - file cmdjsp.jsp.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;7d5e12f321f2eead9e89c7c7daabc9ea cndcom_cndcom;Chinese Hacktool Set - file cndcom.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;c774a5754c6d3277d43bb49e45dd5813 commands;Webshells Auto-generated - file commands.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;c45c81593244f6ad9ad99b25c086b1e1 conhost_ANOMALY;Anomaly rule looking for certain strings in a system file (maybe false positive on certain systems) - file conhost.exe;not set;2015-03-16 00:00:00;75;Florian Roth;ANOMALY,EXTVAR,REQ_PRIVATE,SUSP;6000fd3d5de836d9bc4e5b7e55c0926d connectback2_pl;Semi-Auto-generated - file connectback2.pl.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;3aebcc815380f3f2ab69ef4b004e98fe connector;Webshells Auto-generated - file connector.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;149bda77d8b676f5f935255723e5456b crack_Loader;Auto-generated rule on file Loader.exe;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator by Florian Roth;HKTL;c74cb54c7cb0c579851683beb7b43486 crime_ole_loadswf_cve_2018_4878;Detects CVE-2018-4878;hxxps://www[.]krcert[.]or[.kr/data/secNoticeView.do?bulletin_writing_sequence=26998;1970-01-01 01:00:00;75;Vitali Kremez, Flashpoint;EXPLOIT;4f93240ed5de8ad1cbe93d0719aeddf6 crime_win_rat_AlienSpy;Alien Spy Remote Access Trojan;-;2015-04-04 00:00:00;75;General Dynamics Fidelis Cybersecurity Solutions - Threat Research Team;FILE,MAL;075aa1c10a9cc5f7e79a9cddb5a78e91 csh_php_php;Semi-Auto-generated - file csh.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;8837657cf099791938128b4bf969ce6c csrss_ANOMALY;Anomaly rule looking for certain strings in a system file (maybe false positive on certain systems) - file csrss.exe;not set;2015-03-16 00:00:00;75;Florian Roth;ANOMALY,EXTVAR,REQ_PRIVATE,SUSP;03d348dd675cc7a09fb126bbfbc9c05f custom_ssh_backdoor_server;Custome SSH backdoor based on python and paramiko - file server.py;https://goo.gl/S46L3o;2015-05-14 00:00:00;75;Florian Roth;MAL;25d016ee3d9bf64a6343b857a415c494 cyberlords_sql_php_php;Semi-Auto-generated - file cyberlords_sql.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;ba8a510b4de92ef4cf7ab015674499be cyclotron;Chinese Hacktool Set - file cyclotron.sys;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;b8e7fed1fa94e26ac9ecf660665df956 datPcShare;Chinese Hacktool Set - file datPcShare.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;593dd2af262cc16a4e886322deb29e36 dat_NaslLib;Chinese Hacktool Set - file NaslLib.dll;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;2fa3d0c5b58f509b508242fc88a5ff38 dat_report;Chinese Hacktool Set - file report.dll;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;77f62cd039a24bd4baec30cfee4c71d0 dat_xpf;Chinese Hacktool Set - file xpf.sys;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;4a0f6e59e6dc01c7df5ac5696708ddb8 dbexpora;Chinese Hacktool Set - file dbexpora.dll;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;298f48a95251fe707d37b72df2c0c036 dbgiis6cli;Webshells Auto-generated - file dbgiis6cli.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;f6e468162f8eaf5e24d1d27d93790c87 dbgntboot;Webshells Auto-generated - file dbgntboot.dll;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;772f08355c18840712fc1d844ce34458 derusbi_kernel;Derusbi Driver version;-;2015-12-09 00:00:00;75;Airbus Defence and Space Cybersecurity CSIRT - Fabien Perigaud;FILE;eb91ac39dc4f1929b35f8b5fa550dff7 derusbi_linux;Derusbi Server Linux version;-;2015-12-09 00:00:00;75;Airbus Defence and Space Cybersecurity CSIRT - Fabien Perigaud;LINUX;581b9af4dc8734a0be16b722c408cf90 dll_PacketX;Chinese Hacktool Set - file PacketX.dll - ActiveX wrapper for WinPcap packet capture library;http://tools.zjqhr.com/;2015-06-13 00:00:00;50;Florian Roth;CHINA,EXE,FILE,HKTL;56285a1918eb7fae593fa6272cc59de3 dll_Reg;Chinese Hacktool Set - file Reg.bat;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,SCRIPT;2a877bf7526e2afe4d21fb479151141f dll_UnReg;Chinese Hacktool Set - file UnReg.bat;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,SCRIPT;a106773454143a1048cb0680104f5b5c dnscat2_Hacktool;Detects dnscat2 - from files dnscat, dnscat2.exe;https://downloads.skullsecurity.org/dnscat2/;2016-05-15 00:00:00;75;Florian Roth;EXE,FILE,HKTL;15f0257a6725f8a15961acd03ff8dc8b doskey_ANOMALY;Anomaly rule looking for certain strings in a system file (maybe false positive on certain systems) - file doskey.exe;not set;2015-03-16 00:00:00;75;Florian Roth;ANOMALY,EXTVAR,REQ_PRIVATE,SUSP;0d7bab04a1ad5def9e50448a64a9fb3d down_rar_Folder_down;Webshells Auto-generated - file down.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;ae84061906bf1f6aad4485136c2ac196 dubseven_dropper_dialog_remains;Searches for related dialog remnants. How rude.;-;2016-04-18 00:00:00;75;Matt Brooks, @cmatthewbrooks;FILE;63221ed9d4dbd4eb4774fc4b6fd3a8ef dubseven_dropper_registry_checks;Searches for registry keys checked for by the dropper;-;2016-04-18 00:00:00;75;Matt Brooks, @cmatthewbrooks;FILE;90b594aa86fb3bbf1a868ac3b9dc532a dubseven_file_set;Searches for service files loading UP007;-;2016-04-18 00:00:00;75;Matt Brooks, @cmatthewbrooks;FILE;a69faef356dc674e9bcfd722b574cdc2 eBayId_index3;Webshells Auto-generated - file index3.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;04e3891aef9473f5f3a4036bec85ebd4 elmaliseker;Webshells Auto-generated - file elmaliseker.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;f9d0fc959dfec3f1117b6c84fce24a09 elmaliseker_asp;Semi-Auto-generated - file elmaliseker.asp.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;74600daa6ce6e926142009ad1fb6c490 epathobj_exp32;Chinese Hacktool Set - file epathobj_exp32.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;0e99fe766d0d4b60ef3731e2e8497195 epathobj_exp64;Chinese Hacktool Set - file epathobj_exp64.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;7771231155bc12199abdca015a5b9189 exploit_ole_stdolelink;StdOleLink, potential 0day in April 2017;-;1970-01-01 01:00:00;55;David Cannings;EXTVAR;544e7758f31b2839b2945b646cbe4f2c explorer_ANOMALY;Abnormal explorer.exe - typical strings not found in file;-;2014-05-27 00:00:00;55;Florian Roth;ANOMALY,EXTVAR,REQ_PRIVATE,SUSP;7163770a8a8ed46cb7e948e205b7da24 f3_diy;Chinese Hacktool Set - file diy.asp;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,FILE,HKTL,WEBSHELL;6949576e7997139b23b8a8f912039c26 fgexec;Detects a tool used by APT groups - file fgexec.exe;http://goo.gl/igxLyF;2016-09-08 00:00:00;75;Florian Roth;APT,EXE,FILE,HKTL;5aa34e6a2a246aaca730872c20aff1c8 fmlibraryv3;Webshells Auto-generated - file fmlibraryv3.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;d424ffff5da3ebb326aac25dc839b070 fuckphpshell_php;Semi-Auto-generated - file fuckphpshell.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;99954b88ccf69bfbc9ad465b5ca23987 gen_exploit_CVE_2017_10271_WebLogic;Exploit for CVE-2017-10271 (Oracle WebLogic);https://github.com/c0mmand3rOpSec/CVE-2017-10271, https://www.fireeye.com/blog/threat-research/2018/02/cve-2017-10271-used-to-deliver-cryptominers.html;2018-03-21 00:00:00;75;John Lambert @JohnLaTwC;EXPLOIT,FILE;c8a340f36766b7e9b2f16571e057c21b gen_macro_ShellExecute_action;VBA macro technique to call ShellExecute to launch payload;https://twitter.com/StanHacked/status/1075088449768693762;2019-01-08 00:00:00;75;John Lambert @JohnLaTwC;FILE,SCRIPT;813ed48ebeea6aaab4d3e722c7217e38 gen_malware_MacOS_plist_suspicious;Suspicious PLIST files in MacOS (possible malware persistence);https://objective-see.com/blog/blog_0x3A.html;2018-12-14 00:00:00;75;John Lambert @JohnLaTwC;EXTVAR,MAL,REQ_PRIVATE;75110e0eb2b87275bee4d307ef997476 gen_python_reverse_shell;Python Base64 encoded reverse shell;https://www.virustotal.com/en/file/9ec5102bcbabc45f2aa7775464f33019cfbe9d766b1332ee675957c923a17efd/analysis/;2018-02-24 00:00:00;75;John Lambert @JohnLaTwC;FILE,SCRIPT;c9b51843fd4344ddc90fdb5314f6a0ca gen_unicorn_obfuscated_powershell;PowerShell payload obfuscated by Unicorn toolkit;https://github.com/trustedsec/unicorn/;2018-04-03 00:00:00;75;John Lambert @JohnLaTwC;FILE,OBFUS,SCRIPT;29e2d77799fc7f0f412c0fdb5ba51dac generic_carbon;Turla Carbon malware;https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-stage-backdoor/;2017-03-30 00:00:00;75;ESET Research;EXE,FILE,RUSSIA;61547e466d6d640af139d664b61bf30d generic_shellcode_downloader_specific;Detects Doorshell from NCSC report;https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control;2018-04-06 00:00:00;75;NCSC;EXTVAR,FILE;8f3f45945b6aee0782d0ea9bcd5a45f5 genhash_genhash;Auto-generated rule - file genhash.exe;http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit;2015-07-10 00:00:00;80;Florian Roth;EXE,FILE;2ea2658d93c0360e2e529a779865c8ba gina_zip_Folder_gina;Disclosed hacktool set (old stuff) - file gina.dll;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;f5059ba99f12ce06372d80c9bcfe3160 git_CVE_2017_9800_poc;Detects a CVE-2017-9800 exploitation attempt;https://twitter.com/mzbat/status/895811803325898753;2017-08-11 00:00:00;60;Florian Roth;EXPLOIT;9e52cf2e6b8dddd8133901810abcf9d0 glassRAT;Detects GlassRAT by RSA (modified by Florian Roth - speed improvements);-;2015-11-03 00:00:00;75;RSA RESEARCH;MAL;0dd040086ce93ef6115762b088223ff8 h4ntu_shell__powered_by_tsoi_;Semi-Auto-generated - file h4ntu shell [powered by tsoi].txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;79c16815b63984713315f04934e85c0f hatman;Matches the known samples of the HatMan malware.;https://ics-cert.us-cert.gov/MAR-17-352-01-HatMan%E2%80%94Safety-System-Targeted-Malware;2017-12-19 00:00:00;75;DHS/NCCIC/ICS-CERT;EXTVAR;b43c452b01655f6e7aa995edfc4faafd hatman_combined;Detects Hatman malware;https://ics-cert.us-cert.gov/MAR-17-352-01-HatMan%E2%80%94Safety-System-Targeted-Malware;2017-12-19 00:00:00;75;DHS/NCCIC/ICS-CERT;EXTVAR,REQ_PRIVATE;7c442be330289212d93a64fff24075b5 hatman_compiled_python;Detects Hatman malware;https://ics-cert.us-cert.gov/MAR-17-352-01-HatMan%E2%80%94Safety-System-Targeted-Malware;2017-12-19 00:00:00;75;DHS/NCCIC/ICS-CERT;EXTVAR,REQ_PRIVATE;4586d225600b945ca119260f73d2e1e7 hatman_injector;Detects Hatman malware;https://ics-cert.us-cert.gov/MAR-17-352-01-HatMan%E2%80%94Safety-System-Targeted-Malware;2017-12-19 00:00:00;75;DHS/NCCIC/ICS-CERT;EXTVAR,REQ_PRIVATE;528e5e2c1b05a57b779f16d400fb1504 hatman_payload;Detects Hatman malware;https://ics-cert.us-cert.gov/MAR-17-352-01-HatMan%E2%80%94Safety-System-Targeted-Malware;2017-12-19 00:00:00;75;DHS/NCCIC/ICS-CERT;EXTVAR,REQ_PRIVATE;528e5e2c1b05a57b779f16d400fb1504 hidshell_php_php;Semi-Auto-generated - file hidshell.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;904ca614620ebfae9c69cf603a7315c3 hkdoor_backdoor;Hacker's Door Backdoor;https://www.cylance.com/en_us/blog/threat-spotlight-opening-hackers-door.html;1970-01-01 01:00:00;75;Cylance Inc.;EXE,FILE,MAL;2888cb6f3755d7e4a3d055a5839d9696 hkdoor_backdoor_dll;Hacker's Door Backdoor DLL;https://www.cylance.com/en_us/blog/threat-spotlight-opening-hackers-door.html;1970-01-01 01:00:00;75;Cylance Inc.;EXE,FILE,MAL;1ab777d959b8d40ae9a40eb451180b7f hkdoor_driver;Hacker's Door Driver;-;1970-01-01 01:00:00;75;Florian Roth (auto-filled);EXE,FILE;315d255ff35c1f7980ceca52e67d8f06 hkdoor_dropper;Hacker's Door Dropper;https://www.cylance.com/en_us/blog/threat-spotlight-opening-hackers-door.html;1970-01-01 01:00:00;75;Cylance Inc.;EXE,EXTVAR,FILE,MAL;4a0ca23791dd6152ad1218114833019a hkdoordll;Webshells Auto-generated - file hkdoordll.dll;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;f1e11459c8270b51a47f07b13e80b1ed hkmjjiis6;Chinese Hacktool Set - file hkmjjiis6.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;b5b3007ff00a3a6aa2b1f5d48e16b40e hkshell_hkrmv;Webshells Auto-generated - file hkrmv.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;4d1b37249572244f24b6ab20824075a3 hkshell_hkshell;Webshells Auto-generated - file hkshell.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;fcb80556f55c67d0ac62d83f85be7fac hscan_gui;Chinese Hacktool Set - file hscan-gui.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;0c7dddd1550b362413c4e8110c3a0b50 hscangui;Chinese Hacktool Set - file hscangui.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;dc8f25d27462c1dc05c5f97276f54ce1 hxdef100;Webshells Auto-generated - file hxdef100.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;fd32e9af3fd138858084c6747dd6abce hxdef100_2;Webshells Auto-generated - file hxdef100.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;9849cde8b19e0c04c6e5aed33f07f47e hydra_7_3_hydra;Chinese Hacktool Set - file hydra.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;21a8cf5d4ddb240f32a808d207271888 hydra_7_4_1_hydra;Chinese Hacktool Set - file hydra.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;feb856f503401a7a14d71a98f7521b2d iKAT_Tool_Generic;Generic Rule for hack tool iKAT files gpdisable.exe, kitrap0d.exe, uacpoc.exe;http://ikat.ha.cked.net/Windows/functions/ikatfiles.html;2014-05-11 00:00:00;55;Florian Roth;GEN,HKTL;95fd369240eaf891b33588c6ef3f9318 iKAT_cmd_as_dll;iKAT toolset file cmd.dll ReactOS file cloaked;http://ikat.ha.cked.net/Windows/functions/ikatfiles.html;2014-05-11 00:00:00;65;Florian Roth;HKTL;06699ab4b03bb6af63478ceaa6a6658b iKAT_command_lines_agent;iKAT hack tools set agent - file ikat.exe;http://ikat.ha.cked.net/Windows/functions/ikatfiles.html;2014-05-11 00:00:00;75;Florian Roth;HKTL;90b87fbe08aeab845a2b3802a1ed6457 iKAT_priv_esc_tasksch;Task Schedulder Local Exploit - Windows local priv-esc using Task Scheduler, published by webDevil. Supports Windows 7 and Vista.;http://ikat.ha.cked.net/Windows/functions/ikatfiles.html;2014-05-11 00:00:00;75;Florian Roth;HKTL;0db6047cbc9747face3a71a917cdf436 iKAT_revelations;iKAT hack tool showing the content of password fields - file revelations.exe;http://ikat.ha.cked.net/Windows/functions/ikatfiles.html;2014-05-11 00:00:00;75;Florian Roth;HKTL;82c5743854c09d67937ba39b6d3a0fb3 iKAT_startbar;Tool to hide unhide the windows startbar from command line - iKAT hack tools - file startbar.exe;http://ikat.ha.cked.net/Windows/functions/ikatfiles.html;2014-05-11 00:00:00;50;Florian Roth;HKTL;216bdb1439d9e1168cbe45a297776a23 iKAT_tools_nmap;Generic rule for NMAP - based on NMAP 4 standalone;http://ikat.ha.cked.net/Windows/functions/ikatfiles.html;2014-05-11 00:00:00;50;Florian Roth;GEN,HKTL;2621b155f0e5c9d56fd97d8227e6cd11 iKAT_wmi_rundll;This exe will attempt to use WMI to Call the Win32_Process event to spawn rundll - file wmi_rundll.exe;http://ikat.ha.cked.net/Windows/functions/ikatfiles.html;2014-05-11 00:00:00;65;Florian Roth;HKTL;3cb042b0f99767c80534fb7302a518ba iMHaPFtp;Webshells Auto-generated - file iMHaPFtp.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;9a23329aef398de1643cafc6d0d80770 iam_alt_iam_alt;Auto-generated rule - file iam-alt.exe;http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit;2015-07-10 00:00:00;80;Florian Roth;EXE,FILE;75e468f01861240ca46c11a73e155791 iam_iam;Auto-generated rule - file iam.exe;http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit;2015-07-10 00:00:00;80;Florian Roth;EXE,FILE;2dfbf2fbfd432b39293b298c5682eedc iam_iamdll;Auto-generated rule - file iamdll.dll;http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit;2015-07-10 00:00:00;80;Florian Roth;EXE,FILE;9f48a4d122248218866830a3cd967f85 icyfox007v1_10_rar_Folder_asp;Webshells Auto-generated - file asp.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;da4367606fc0395ce48eaedac0d40023 iexplore_ANOMALY;Abnormal iexplore.exe - typical strings not found in file;-;2014-04-23 00:00:00;55;Florian Roth;ANOMALY,EXTVAR,REQ_PRIVATE,SUSP;1188f9594966d9c2173630898dffce1a indexer_asp;Semi-Auto-generated - file indexer.asp.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;370fb08eef1e108af5f5c21b29cca45c install_get_persistent_filenames;EQGRP Toolset Firewall - file install_get_persistent_filenames;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;18597aad06dd41e9cf3edb8627fe57ac installer;Webshells Auto-generated - file installer.cmd;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;2fa2ad4563d3279b808bc08730d65a98 ipsearcher;Chinese Hacktool Set - file ipsearcher.dll;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;b6b6712c2c368141ebacc661260e93fa ironshell_php;Semi-Auto-generated - file ironshell.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;0c8d0b6b3b8100959d754b19fb3d9f13 item_301;Chinese Hacktool Set - file item-301.php;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;b4553ee100a90d0ea090a91400c80852 item_old;Chinese Hacktool Set - file item-old.php;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;a86155d0a85add9fe9be4f68e1247a8b jsp_cmd;Laudanum Injector Tools - file cmd.war;http://laudanum.inguardians.com/;2015-06-22 00:00:00;75;Florian Roth;FILE,HKTL,WEBSHELL;6e9c053b2db030a98610ac35e7b7b9f9 jsp_reverse_jsp;Semi-Auto-generated - file jsp-reverse.jsp.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;5ee8a54b0374704e4c8a067068804fb3 jspshall_jsp;Semi-Auto-generated - file jspshall.jsp.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;781984c33389d8239cf3cab50b8176eb kacak_asp;Semi-Auto-generated - file kacak.asp.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;456ff4a7a91f4da651319e3022be42c5 kappfree;Chinese Hacktool Set - file kappfree.dll;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;2e5f8f088011422a2d283684314897f8 kappfree_2;Chinese Hacktool Set - file kappfree.dll;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;b360d8fb7637100d5ba68fc327880436 karmaSMB;Compiled Impacket Tools;https://github.com/maaaaz/impacket-examples-windows;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE;92fe607b1b475a931f14d8b0a69ea5ce kelloworld_2;Chinese Hacktool Set - file kelloworld.dll;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;a16b74bbee70dd31cfe2460561eb8ac3 kerberoast_PY;Auto-generated rule - file kerberoast.py;https://github.com/skelsec/PyKerberoast;2016-05-21 00:00:00;75;Florian Roth;;db5cb8e44b835ce2cd3028bfa509a025 kiwi_tools;Chinese Hacktool Set;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;712107766e167b996c47c99918eee561 kiwi_tools_gentil_kiwi;Chinese Hacktool Set;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;3f8eff1759d7da877dff6ad9906dfded klasvayv_asp;Semi-Auto-generated - file klasvayv.asp.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;2bd75bdc2f511cdacd82557430388115 lamashell_php;Semi-Auto-generated - file lamashell.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;1e3d2e387c194edef63980abbc9a780d lamescan3;Chinese Hacktool Set - file lamescan3.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;8c2528da235f8bf4ee4077b6ef9acf4a laudanum;Laudanum Injector Tools - file laudanum.php;http://laudanum.inguardians.com/;2015-06-22 00:00:00;75;Florian Roth;HKTL,WEBSHELL;68c95e5905d86aa622e954fed85349f6 lazaruswannacry;Rule based on shared code between Feb 2017 Wannacry sample and Lazarus backdoor from Feb 2015 discovered by Neel Mehta;https://twitter.com/neelmehta/status/864164081116225536;2017-05-15 00:00:00;75;Costin G. Raiu, Kaspersky Lab;FILE,MAL,NK,RANSOM;bd8fe0a10869c2164ed47fe11609e871 lnk_detect;Detects malicious LNK file from NCSC report;https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control;2018-04-06 00:00:00;75;NCSC;FILE;ef173f984427761c31820f50cc6596aa loki2crypto;Rule to detect hardcoded DH modulus used in 1996/1997 Loki2 sourcecode; #ifdef STRONG_CRYPTO /* 384-bit strong prime */;https://en.wikipedia.org/wiki/Moonlight_Maze;2017-03-21 00:00:00;75;Costin Raiu, Kaspersky Lab;;3ffa9692450dce83bff0d6b1614f796e lsadump;LSA dump programe (bootkey/syskey) - pwdump and others;-;1970-01-01 01:00:00;80;Benjamin DELPY (gentilkiwi);EXE,EXTVAR,FILE;7d883028fe5b01bb170a696635205c9a lsass_ANOMALY;Anomaly rule looking for certain strings in a system file (maybe false positive on certain systems) - file lsass.exe;not set;2015-03-16 00:00:00;75;Florian Roth;ANOMALY,EXTVAR,REQ_PRIVATE,SUSP;6de1a35b6ea13be71ec3ce64baefd368 lsremora;Detects a tool used by APT groups;http://goo.gl/igxLyF;2016-09-08 00:00:00;75;Florian Roth;APT,EXE,FILE,HKTL;fe8c425425ed93eed1e2732290440b48 lurm_safemod_on_cgi;Semi-Auto-generated - file lurm_safemod_on.cgi.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;cbb8cdf15b1454ef556415f787a709da magnify_ANOMALY;Abnormal magnify.exe (Magnifier) - typical strings not found in file;-;2014-01-06 00:00:00;55;Florian Roth;ANOMALY,EXTVAR,REQ_PRIVATE,SUSP;7ebc4f239bd3b0c91541a89b838fc399 maindll_mutex;Matches on the maindll mutex;-;2016-04-18 00:00:00;75;Matt Brooks, @cmatthewbrooks;FILE;7e9aa5d5dac442cbe576f23730f564a3 malrtf_ole2link;Detect weaponized RTF documents with OLE2Link exploit;-;1970-01-01 01:00:00;75;@h3x2b <tracker _AT h3x.eu>;FILE;f1e691c58c8250ea7450ffa1901ce17c malware_apt15_exchange_tool;This is a an exchange enumeration/hijacking tool used by an APT 15;-;1970-01-01 01:00:00;75;Ahmed Zaki;APT,FILE;9a750c1f8ae6e5859bb4848297b1c134 malware_apt15_generic;Find generic data potentially relating to AP15 tools;-;1970-01-01 01:00:00;75;David Cannings;;2e592d5d7630faf07239b6561e9db05b malware_apt15_royalcli_1;Generic strings found in the Royal CLI tool;-;1970-01-01 01:00:00;75;David Cannings;FILE,GEN;05b65da919e071c06561c0c9f2760b2d malware_apt15_royalcli_2;APT15 RoyalCli backdoor;-;1970-01-01 01:00:00;75;Nikolaos Pantazopoulos;APT,FILE,MAL;59ec8e38463f5259395c146db509ea55 malware_apt15_royaldll;DLL implant, originally rights.dll and runs as a service;-;1970-01-01 01:00:00;75;David Cannings;;fc0995094c570c8b0985b22f5781b5c8 malware_apt15_royaldll_2;DNS backdoor used by APT15;-;1970-01-01 01:00:00;75;Ahmed Zaki;APT,FILE,MAL;0f86b9753a269e00ab61e2fce336735d malware_sakula_memory;Sakula malware - strings after unpacking (memory rule);-;1970-01-01 01:00:00;75;David Cannings;;84dca55538bb8e72fa854bff207b3e5f malware_sakula_shellcode;Sakula shellcode - taken from decoded setup.msi but may not be unique enough to identify Sakula;-;1970-01-01 01:00:00;75;David Cannings;;e16dac83956a234f4cea66f300f00d20 malware_sakula_xorloop;XOR loops from Sakula malware;-;1970-01-01 01:00:00;75;David Cannings;;298ae70c25c7a60fddf48d67655bd50a merlinAgent;Detects Merlin agent;https://github.com/Ne0nd0g/merlin;2017-12-26 00:00:00;75;Hilko Bengen;;d6c2a72433c81aa2752b6e9d30193286 mimikatz;mimikatz;-;1970-01-01 01:00:00;75;Benjamin DELPY (gentilkiwi);HKTL;d81aebbd2de3cbfa6919f9badbbb3306 mimikatz_kirbi_ticket;KiRBi ticket for mimikatz;-;1970-01-01 01:00:00;75;Benjamin DELPY (gentilkiwi);FILE;bdf8732a06da797a18140b5cbb1f766c mimikatz_lsass_mdmp;LSASS minidump file for mimikatz;-;1970-01-01 01:00:00;75;Benjamin DELPY (gentilkiwi);EXTVAR,FILE;ee584c914bc2c5d52ca450a612f4db9a mimipenguin_1;Detects Mimipenguin hack tool;https://github.com/huntergregal/mimipenguin;2017-07-08 00:00:00;75;Florian Roth;FILE;0181089749930a9d85b7ddb04aaf9725 mimipenguin_2;Detects Mimipenguin hack tool;https://github.com/huntergregal/mimipenguin;2017-07-08 00:00:00;75;Florian Roth;FILE;b7942816b5ae00188294101a6ec11d78 ms10048_x64;Chinese Hacktool Set - file ms10048-x64.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;54ac93e2d46d3047d2f20c841211e7e2 ms10048_x86;Chinese Hacktool Set - file ms10048-x86.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;925da43346f39314f49dd87da5371a42 ms11080_withcmd;Chinese Hacktool Set - file ms11080_withcmd.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;0bb8bc61c2767f2ee718bf241887c9fd msi_dll_Anomaly;Detetcs very small and supicious msi.dll;https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar;2017-02-10 00:00:00;75;Florian Roth;EXE,EXTVAR,FILE;1d576fa4cffe5b60ba29e4a51502c20a mswin_check_lm_group;Chinese Hacktool Set - file mswin_check_lm_group.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;94b26263646b42303edd528cc0290898 multiple_php_webshells;Semi-Auto-generated - from files multiple_php_webshells;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;40043c79942f4fdac240752066560c3e multiple_php_webshells_2;Semi-Auto-generated ;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;52be6ddcb48702c0f70c63724c1bd1d0 myshell_php_php;Semi-Auto-generated - file myshell.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;345b2927ef2dff24cf7033ec0f444f2d mysql_php_php;Semi-Auto-generated - file mysql.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;fec8ad70a2458b33bcabb3d1551fffd9 mysql_pwd_crack;Chinese Hacktool Set - file mysql_pwd_crack.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;5856627847855b675e8a66a67a50a140 mysql_shell_php;Semi-Auto-generated - file mysql_shell.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;17480783154b67d617c06169faed44b9 mysql_tool_php_php;Semi-Auto-generated - file mysql_tool.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;b5a9a1972df53fd74b9389e02efd4545 mysqlfast;Chinese Hacktool Set - file mysqlfast.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;d451ea12d7a1aab5bde2d776a05a5eb6 narrator_ANOMALY;Abnormal narrator.exe - typical strings not found in file;-;2014-01-06 00:00:00;55;Florian Roth;ANOMALY,EXTVAR,REQ_PRIVATE,SUSP;e341d3c6edc5d865508ac98fc77bf2b9 ngh_php_php;Semi-Auto-generated - file ngh.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;a6b3f52e0e94d2a1b30f760fe13daa53 notepad_ANOMALY;Abnormal notepad.exe - typical strings not found in file;-;2014-01-06 00:00:00;55;Florian Roth;ANOMALY,EXTVAR,REQ_PRIVATE,SUSP;25fd6f2b5b4bf72e35c04c2adcc3cb13 nstview_nstview;Webshells Auto-generated - file nstview.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;4ca227ff2e6d2196b995fbb7db25afd6 oracle_data;Chinese Hacktool Set - file oracle_data.php;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;90271fb2dcfa3542e59b7adc063f61a3 osk_ANOMALY;Abnormal osk.exe (On Screen Keyboard) - typical strings not found in file;-;2014-01-06 00:00:00;55;Florian Roth;ANOMALY,EXTVAR,REQ_PRIVATE,SUSP;3596194f79d589ad48fa6db351425906 p0wnedAmsiBypass;p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedAmsiBypass.cs;https://github.com/Cn33liz/p0wnedShell;2017-01-14 00:00:00;75;Florian Roth;;a92e749a34bf888473ae0590d34cd46c p0wnedBinaries;p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedBinaries.cs;https://github.com/Cn33liz/p0wnedShell;2017-01-14 00:00:00;75;Florian Roth;;8ffcf4bdd6d1e6c8957f6c8c65fc44ac p0wnedExploits;p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedExploits.cs;https://github.com/Cn33liz/p0wnedShell;2017-01-14 00:00:00;75;Florian Roth;;542ccac3dd766fdee131837cd54834c7 p0wnedListenerConsole;p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedListenerConsole.cs;https://github.com/Cn33liz/p0wnedShell;2017-01-14 00:00:00;75;Florian Roth;;ddf9c4ff41035811a5f157ebad77a3b1 p0wnedPotato;p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedPotato.cs;https://github.com/Cn33liz/p0wnedShell;2017-01-14 00:00:00;75;Florian Roth;;ebc24781bc4666c2662100aeaae92870 p0wnedPowerCat;p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedPowerCat.cs;https://github.com/Cn33liz/p0wnedShell;2017-01-14 00:00:00;75;Florian Roth;FILE;7ace65a2eae32371ec8674528b460864 p0wnedShell_outputs;p0wnedShell Runspace Post Exploitation Toolkit - from files p0wnedShell.cs, p0wnedShell.cs;https://github.com/Cn33liz/p0wnedShell;2017-01-14 00:00:00;75;Florian Roth;;fae77efe2e7e7f3c63fcba229f86e3ca p0wnedShellx64;p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedShellx64.exe;https://github.com/Cn33liz/p0wnedShell;2017-01-14 00:00:00;75;Florian Roth;;730f17f9e2a9688b3fd10a5e5ab53057 pHpINJ_php_php;Semi-Auto-generated - file pHpINJ.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;951fa65e193e930ef4024b613e262d05 packager_cve2017_11882;Attempts to exploit CVE-2017-11882 using Packager;https://github.com/rxwx/CVE-2017-11882/blob/master/packager_exec_CVE-2017-11882.py;1970-01-01 01:00:00;60;Rich Warren;EXPLOIT,FILE;864e2d071c88012cb04b967e10737265 peek_a_boo;Webshells Auto-generated - file peek-a-boo.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;a500511b6f373c3d36c4c013b2e09026 perlbot_pl;Semi-Auto-generated - file perlbot.pl.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;683e74691dfe8fb4bc8f59f510aaf901 perlcmd_zip_Folder_cmd;Disclosed hacktool set (old stuff) - file cmd.cgi;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;663437b6444291829eae4422f3658e90 php_backdoor_php;Semi-Auto-generated - file php-backdoor.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;MAL,WEBSHELL;6e2fd04a7e806b751bee2aed9c9998ac php_dns;Laudanum Injector Tools - file dns.php;http://laudanum.inguardians.com/;2015-06-22 00:00:00;75;Florian Roth;HKTL,WEBSHELL;d96e1c5b7792bd77e1f59fd5538f1333 php_file;Laudanum Injector Tools - file file.php;http://laudanum.inguardians.com/;2015-06-22 00:00:00;75;Florian Roth;HKTL,WEBSHELL;ad099cbdfd204f43228377d3a4c5371e php_include_w_shell_php;Semi-Auto-generated - file php-include-w-shell.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;8aaf2cf4575288addafd226fcc6bd0ab php_killnc;Laudanum Injector Tools - file killnc.php;http://laudanum.inguardians.com/;2015-06-22 00:00:00;75;Florian Roth;HKTL,WEBSHELL;b4c8b03a8d5a30175c71e0295bec8b56 php_reverse_shell;Laudanum Injector Tools - file php-reverse-shell.php;http://laudanum.inguardians.com/;2015-06-22 00:00:00;75;Florian Roth;HKTL,WEBSHELL;42a825b987cc17df62a7ea73c71460b0 php_reverse_shell_2;Laudanum Injector Tools - file php-reverse-shell.php;http://laudanum.inguardians.com/;2015-06-22 00:00:00;75;Florian Roth;HKTL,WEBSHELL;4fc3f94177b77131fafaafd524a66608 php_shell;Laudanum Injector Tools - file shell.php;http://laudanum.inguardians.com/;2015-06-22 00:00:00;75;Florian Roth;HKTL,WEBSHELL;6da2d517970e4670d16558c039c39048 phpbackdoor15_php;Semi-Auto-generated - file phpbackdoor15.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;MAL,WEBSHELL;a07874355143ea871ead29c9e6c48916 phpjackal_php;Semi-Auto-generated - file phpjackal.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;942b41fe182c956ce17d8694f40a1295 phpshell17_php;Semi-Auto-generated - file phpshell17.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;ea09df759c584050beb2a560c05cec62 phpshell;Webshells Auto-generated - file phpshell.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;ba56db176aeba6b3c14ac8e3d8e14769 phpshell_3;Webshells Auto-generated - file phpshell.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;0c60c8ef00859867686346f3aa400966 phpspy_2005_full;Webshells Auto-generated - file phpspy_2005_full.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;7608eac06b29f3bf023404247788aa4e phvayvv_php_php;Semi-Auto-generated - file phvayvv.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;759aed6a70c98e3af49fc872b5db8db1 portlessinst;Webshells Auto-generated - file portlessinst.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;949324e3547a81565aebbb303cb68e6d portscan;Auto-generated rule on file portscan.exe;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator by Florian Roth;HKTL;05eb3b63f970d40cbd939361ad69e05b portscanner;Chinese Hacktool Set - file portscanner.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;447ce7e8937ddc42b833d9c31dc5f3af power_pe_injection;PowerShell with PE Reflective Injection;-;1970-01-01 01:00:00;75;Benjamin DELPY (gentilkiwi);HKTL,SCRIPT;6a47798d77ed935f790562515be60443 ps1_toolkit_Inveigh_BruteForce;Auto-generated rule - file Inveigh-BruteForce.ps1;https://github.com/vysec/ps1-toolkit;2016-09-04 00:00:00;80;Florian Roth;FILE;41ec377c3bf7d124759b11a50c0d695b ps1_toolkit_Inveigh_BruteForce_2;Auto-generated rule - from files Inveigh-BruteForce.ps1;https://github.com/vysec/ps1-toolkit;2016-09-04 00:00:00;80;Florian Roth;FILE;5d826453ea990d0644e9e9fa8c58564c ps1_toolkit_Inveigh_BruteForce_3;Auto-generated rule - from files Inveigh-BruteForce.ps1;https://github.com/vysec/ps1-toolkit;2016-09-04 00:00:00;80;Florian Roth;FILE;0ac9563f4bba15363810cee1964e428f ps1_toolkit_Invoke_Mimikatz;Auto-generated rule - file Invoke-Mimikatz.ps1;https://github.com/vysec/ps1-toolkit;2016-09-04 00:00:00;80;Florian Roth;FILE;3ebee750a46049174ef3c383de38edc9 ps1_toolkit_Invoke_Mimikatz_RelfectivePEInjection;Auto-generated rule - from files Invoke-Mimikatz.ps1, Invoke-RelfectivePEInjection.ps1;https://github.com/vysec/ps1-toolkit;2016-09-04 00:00:00;80;Florian Roth;FILE,HKTL;765f37fe067a3dab6f32b23a4bf15595 ps1_toolkit_Invoke_RelfectivePEInjection;Auto-generated rule - file Invoke-RelfectivePEInjection.ps1;https://github.com/vysec/ps1-toolkit;2016-09-04 00:00:00;80;Florian Roth;FILE,HKTL;12c940e6c6c71be6c6d08dfc6675c6b6 ps1_toolkit_Invoke_Shellcode;Auto-generated rule - file Invoke-Shellcode.ps1;https://github.com/vysec/ps1-toolkit;2016-09-04 00:00:00;80;Florian Roth;FILE;b9c8b751388471dc73c72bb5119267c7 ps1_toolkit_Persistence;Auto-generated rule - file Persistence.ps1;https://github.com/vysec/ps1-toolkit;2016-09-04 00:00:00;80;Florian Roth;FILE;c176c4fc6c316f6bb03b9c6b07bf1c16 ps1_toolkit_Persistence_2;Auto-generated rule - from files Persistence.ps1;https://github.com/vysec/ps1-toolkit;2016-09-04 00:00:00;80;Florian Roth;FILE;077ecc62b9c52a0325ff5ad121c85692 ps1_toolkit_PowerUp;Auto-generated rule - file PowerUp.ps1;https://github.com/vysec/ps1-toolkit;2016-09-04 00:00:00;80;Florian Roth;FILE;d510e0ac614e929ed688cf2a408d0c9d ps1_toolkit_PowerUp_2;Auto-generated rule - from files PowerUp.ps1;https://github.com/vysec/ps1-toolkit;2016-09-04 00:00:00;80;Florian Roth;FILE;9cb5e53bf21a45907b6e2ce43ce87e5b pstgdump;Detects a tool used by APT groups - file pstgdump.exe;http://goo.gl/igxLyF;2016-09-08 00:00:00;75;Florian Roth;APT,EXE,FILE,HKTL;6a82cd50d7dd5c507b0656dafc3f5eb4 pw_inspector;Chinese Hacktool Set - file pw-inspector.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;cdb2585b1cd68ce4c169bfd8e44b3ea2 pw_inspector_2;Chinese Hacktool Set - file pw-inspector.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;1bdcca68966bd00abe175670ec2cdf8f pwreveal;Webshells Auto-generated - file pwreveal.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;ca8c8baa39a5215b66a9eaf1f0e2bc8c pws_php_php;Semi-Auto-generated - file pws.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;be11b634606769c76147e4a5c7e28c60 r57shell;Webshells Auto-generated - file r57shell.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;a6077a01a9dcaf3a64c8d2ec117af836 r57shell_2;Webshells Auto-generated - file r57shell.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;2c04cc037142c3b6b828bfcd6e13b46c r57shell_3;Webshells Auto-generated - file r57shell.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;c48e6dbb726c1b6f21416caa9c698621 r57shell_php_php;Semi-Auto-generated - file r57shell.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;acaae5d6584082641ebadd401dc6e2f7 rdrbs084;Webshells Auto-generated - file rdrbs084.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;3a47ef444392c24690dbb7fd4b072e9e rdrbs100;Webshells Auto-generated - file rdrbs100.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;0a28fb077018400e4fe9bbecfde38da1 reDuhServers_reDuh;Chinese Hacktool Set - file reDuh.jsp;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;9b013a288dfe671ae7b7c07280f5cb55 reDuhServers_reDuh_2;Chinese Hacktool Set - file reDuh.php;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;8cb4ec6b7aba4bd99d7a582cab34e23c reDuhServers_reDuh_3;Chinese Hacktool Set - file reDuh.aspx;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;8d58a95adde8aaf74ba16b15bce45c43 redSails_EXE;Detects Red Sails Hacktool by WinDivert references;https://github.com/BeetleChunks/redsails;2017-10-02 00:00:00;75;Florian Roth;EXE,FILE,HKTL;da9633674219be99df24384fa40bab11 redSails_PY;Detects Red Sails Hacktool - Python;https://github.com/BeetleChunks/redsails;2017-10-02 00:00:00;75;Florian Roth;HKTL,SCRIPT;ba2ac36ab55b1fd16f004ba9f391cf25 remsec_encrypted_api;Detects malware from Symantec's Strider APT report;http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets;2016-08-08 00:00:00;80;-;APT;b024f49d9cb512d3940bc0a11fe81b1e remsec_executable_blob_32;Detects malware from Symantec's Strider APT report;http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets;2016-08-08 00:00:00;80;-;APT;6e3788ae7fcaf7eb034b8e6042e2a8bc remsec_executable_blob_64;Detects malware from Symantec's Strider APT report;http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets;2016-08-08 00:00:00;80;-;APT;4bda5ee34825e74c106c025e5d3e0202 remsec_executable_blob_parser;Detects malware from Symantec's Strider APT report;http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets;2016-08-08 00:00:00;80;-;APT;e64888015557a8c1aa0a7862c9e1050f remsec_packer_A;Detects malware from Symantec's Strider APT report;http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets;2016-08-08 00:00:00;80;-;APT;f3dc9970614b0e5064ad54fa057bc98e remsec_packer_B;Detects malware from Symantec's Strider APT report;http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets;2016-08-08 00:00:00;80;-;APT;bd1348bc9da44f5f6285008016a9fdb1 remview_2003_04_22;Webshells Auto-generated - file remview_2003_04_22.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;8a1ac7b751dea2905126d7f186276097 rknt_zip_Folder_RkNT;Webshells Auto-generated - file RkNT.dll;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;0fdb9d6d3cccdb430939e16caade61cd rootshell_php;Semi-Auto-generated - file rootshell.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;b79b77cdbc546dd0ce00e3b7c969ef89 rst_sql_php_php;Semi-Auto-generated - file rst_sql.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;e127e7259bae8d4ffb0f1664d53cebb2 rtf_CVE_2018_0802;Attempts to exploit CVE-2018-0802;http://www.freebuf.com/vuls/159789.html;1970-01-01 01:00:00;75;Rich Warren;EXPLOIT,FILE;f7983a99816c9ed0a2acdec918d58183 rtf_cve2017_11882;Attempts to identify the exploit CVE 2017 11882;https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about;1970-01-01 01:00:00;60;John Davison;EXPLOIT,EXTVAR;bdf84cc2d7a4edd1bd57d059dc03e442 rtf_cve2017_11882_ole;Attempts to identify the exploit CVE 2017 11882;https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about;1970-01-01 01:00:00;60;John Davison;EXPLOIT,EXTVAR;eea52fd013d7c4303989b807e48ec498 ru24_post_sh_php_php;Semi-Auto-generated - file ru24_post_sh.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;a675dfafaa10712724c493a62908a59a s4u;Detects s4u executable which allows the creation of a cmd.exe with the context of any user without requiring the password. - file s4u.exe;https://github.com/aurel26/s-4-u-for-windows;2015-06-05 00:00:00;50;Florian Roth;EXE,FILE;c9c9889458ed606219f46245264978a9 s72_Shell_v1_1_Coding_html;Semi-Auto-generated - file s72 Shell v1.1 Coding.html.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;a8ee0bc1ba69596223e98243c72a6aac samrdump;Compiled Impacket Tools;https://github.com/maaaaz/impacket-examples-windows;2017-04-07 00:00:00;75;Florian Roth;EXE,FILE;5e96e0b06512d99abb7eafb98ba5b41d saphpshell;Webshells Auto-generated - file saphpshell.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;95a9d2ad334d2794635c07fc0cd88bdc sbin_squid;Chinese Hacktool Set - file squid.bat;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,SCRIPT;ee36e47017ff4e95fed04600df3a046d scanarator;Auto-generated rule on file scanarator.exe;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator by Florian Roth;HKTL;87c4e398ff13b8b2031b190d9e359147 scanarator_iis;Auto-generated rule on file iis.exe;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator by Florian Roth;HKTL;0c278ea50fd9d3f2a77fe070e4b7a805 scanms_scanms;Chinese Hacktool Set - file scanms.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;b52342e86243eef95bab5f4c69b3f3d6 screencap;Webshells Auto-generated - file screencap.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;a76ba0244b2433fcd30b75443deacc80 sekurlsa;Chinese Hacktool Set - file sekurlsa.dll;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;1bc9e68ca2af99669bd4f5093a2f1355 sendmail;Webshells Auto-generated - file sendmail.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;d05bbad6f9578191272f0a2ce56c5cc7 servpw;Detects a tool used by APT groups - file servpw.exe;http://goo.gl/igxLyF;2016-09-08 00:00:00;75;Florian Roth;APT,EXE,FILE,HKTL;4c44aaef2888b360d207a57fb67437d7 sethc_ANOMALY;Sethc.exe has been replaced - Indicates Remote Access Hack RDP;http://www.emc.com/collateral/white-papers/h12756-wp-shell-crew.pdf;2014-01-23 00:00:00;70;F. Roth;ANOMALY,EXTVAR,REQ_PRIVATE,SUSP;3a2b06a084c94fe67fb4a3abcf1c7ecb settings;Laudanum Injector Tools - file settings.php;http://laudanum.inguardians.com/;2015-06-22 00:00:00;75;Florian Roth;HKTL,WEBSHELL;b47d626ae356dc4c0dd040958709198d sh_php_php;Semi-Auto-generated - file sh.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;e01c8646407e3f4678e9b5fd16facd9e shankar_php_php;Semi-Auto-generated - file shankar.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;c8f3c397d5512ee9f2bcb4be2df8ce36 shell_php_php;Semi-Auto-generated - file shell.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;272a8811ce64e09ddc615de3973d53b6 shellbot_pl;Semi-Auto-generated - file shellbot.pl.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;3642f641e6a14409ac69dc6fd111d9bf shells_PHP_wso;Semi-Auto-generated - file wso.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;9f2f0bbf599ffee29f61aa5ade30da16 shelltools_g0t_root_Fport;Webshells Auto-generated - file Fport.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;0964cabd2682e343c353308669db3bbd shelltools_g0t_root_HideRun;Webshells Auto-generated - file HideRun.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;120316ce56132d4a69a362f39d8edff0 shelltools_g0t_root_resolve;Webshells Auto-generated - file resolve.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;546fa9e85dfe31e9c5dd1066c65b8001 shelltools_g0t_root_uptime;Webshells Auto-generated - file uptime.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;e8898784bde96cd7a9364aa15947395d shelltools_g0t_root_xwhois;Webshells Auto-generated - file xwhois.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;9d1bf505e9aabba382bad47760be67a2 shimrat;Detects ShimRat and the ShimRat loader;-;2015-11-20 00:00:00;75;Yonathan Klijnsma (yonathan.klijnsma@fox-it.com);;396f77d8723852b35b60f81bfb8201e3 shimratreporter;Detects ShimRatReporter;-;2015-11-20 00:00:00;75;Yonathan Klijnsma (yonathan.klijnsma@fox-it.com);;9b3af667d98539f002370d084c255a2c sig_2005Gray;Webshells Auto-generated - file 2005Gray.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;9644f4707175a1b578cf3a9badb84698 sig_2008_php_php;Semi-Auto-generated - file 2008.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;f31e48cac7b568f19e12e886b7cea249 sig_238_2323;Disclosed hacktool set (old stuff) - file 2323.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;671ecf0f8b6451bc5c1aa9822e3b2e4d sig_238_FPipe;Disclosed hacktool set (old stuff) - file FPipe.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;3db253e4e8432bb8bb5015730f7e2b11 sig_238_Glass2k;Disclosed hacktool set (old stuff) - file Glass2k.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;109ddfa900feb5cc832d6dde9a9faeb4 sig_238_RunAsEx;Disclosed hacktool set (old stuff) - file RunAsEx.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;ee5690ee979328383c1f9dcaaf43c2c8 sig_238_TELNET;Disclosed hacktool set (old stuff) - file TELNET.EXE from Windows ME;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;24094ccb0fee5134ebe3042e422a7ce7 sig_238_TFTPD32;Disclosed hacktool set (old stuff) - file TFTPD32.EXE;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;308719a15261f0bc7bc3f807152f3d77 sig_238_cmd_2;Disclosed hacktool set (old stuff) - file cmd.jsp;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;7107159672bd9af551b33f201449f635 sig_238_concon;Disclosed hacktool set (old stuff) - file concon.com;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;ffbccd48a9a7dbdba2c7e92818b342c1 sig_238_eee;Disclosed hacktool set (old stuff) - file eee.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;55a284e8eaa2e6966d56a14e52a6b5ed sig_238_findoor;Disclosed hacktool set (old stuff) - file findoor.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;7800fd8cc8ca0466391049c268dc2337 sig_238_fscan;Disclosed hacktool set (old stuff) - file fscan.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;cf9a542f748189c5207853f0e1a7b079 sig_238_gina;Disclosed hacktool set (old stuff) - file gina.reg;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;3f0138e7977aae0c86a0a8174f9e0a33 sig_238_hunt;Disclosed hacktool set (old stuff) - file hunt.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;30a573a5939b5db3587379f1f48383fe sig_238_iecv;Disclosed hacktool set (old stuff) - file iecv.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;ef78d13c83964ded149079e505de6151 sig_238_letmein;Disclosed hacktool set (old stuff) - file letmein.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;0797c03e127ff981c82de2e25d679d05 sig_238_listip;Disclosed hacktool set (old stuff) - file listip.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;79d94d763d652bdabb4ea2e6b4fe2f05 sig_238_nbtdump;Disclosed hacktool set (old stuff) - file nbtdump.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;12788ca834543dd859ee6c13a8f8d9d3 sig_238_sqlcmd;Disclosed hacktool set (old stuff) - file sqlcmd.exe;-;2014-11-23 00:00:00;40;Florian Roth;HKTL;95a458be072e67dced4c92ac44754be8 sig_238_token;Disclosed hacktool set (old stuff) - file token.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;f7664d9b3f1d9c5af0c430f5fc2a51a8 sig_238_webget;Disclosed hacktool set (old stuff) - file webget.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;83377684db249cd55e2554876b9b15b6 sig_238_xsniff;Disclosed hacktool set (old stuff) - file xsniff.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;2826aa5f80e3131170948e146cd8e2a4 simple_backdoor_php;Semi-Auto-generated - file simple-backdoor.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;MAL,WEBSHELL;0c4d010ae5103be4eb5aa9668ef32c40 simple_cmd_html;Semi-Auto-generated - file simple_cmd.html.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;1311c071f586a80bfeddd4c76c0dc9e6 skeleton_key_injected_code;Skeleton Key injected Code http://goo.gl/aAk3lN;http://goo.gl/aAk3lN;2015-01-13 00:00:00;70;Dell SecureWorks Counter Threat Unit;;c48f8678fa4e261ff3c866d096b1a811 skeleton_key_patcher;Skeleton Key Patcher from Dell SecureWorks Report http://goo.gl/aAk3lN;http://goo.gl/aAk3lN;2015-01-13 00:00:00;70;Dell SecureWorks Counter Threat Unit;;5ad6d5137045cb7a6002d5002ca1f891 small_php_php;Semi-Auto-generated - file small.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;965ed0d82c6ec8a5f34d35f7f9cb173b snifferport;Disclosed hacktool set (old stuff) - file snifferport.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;57f6c1a9143a787af4cd6ad9ebb51a18 splitjoin;Disclosed hacktool set (old stuff) - file splitjoin.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;8a902f9061cbe6e54d0164113a9d270e sql1433_SQL;Chinese Hacktool Set - file SQL.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;c8b27c20e2caa14c82de301f709714f2 sql1433_Start;Chinese Hacktool Set - file Start.bat;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,SCRIPT;e784fede5918b947dff3cced4d3c26df sql1433_creck;Chinese Hacktool Set - file creck.bat;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,FILE,HKTL,SCRIPT;90b1b02de23c86a8e01282976c6e3ce2 sql_php_php;Semi-Auto-generated - file sql.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;310b671f2fdcdceaa54d34e74c106af8 sqlcheck;Disclosed hacktool set (old stuff) - file sqlcheck.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;8631df6b99424cb3ddbccfca271e9711 stealth_Stealth;Auto-generated rule on file Stealth.exe;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator by Florian Roth;HKTL;242f24ffca176521cca4169262cfeca7 subTee_nativecmd;NativeCmd - used by various threat groups;https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/;2015-07-10 00:00:00;40;Florian Roth;EXE,FILE;fa3bc97508d5b59a667e73793141677e superscan3_0;Disclosed hacktool set (old stuff) - file superscan3.0.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;829decbab49f42e23a685d5f2ec467ba susp_file_enumerator_with_encrypted_resource_101;Generic detection for samples that enumerate files with encrypted resource called 101;https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/;1970-01-01 01:00:00;75;-;EXTVAR,FILE,GEN;3ed00faaf9f60ca3fce42daf625d22f2 svchost_ANOMALY;Abnormal svchost.exe - typical strings not found in file;-;2014-04-23 00:00:00;55;Florian Roth;ANOMALY,EXTVAR,REQ_PRIVATE,SUSP;a53bc1a64613fa7269958fb51de965cb svchostdll;Webshells Auto-generated - file svchostdll.dll;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;74a33ea842195c13a98124cad9978aa4 taskmgr_ANOMALY;Anomaly rule looking for certain strings in a system file (maybe false positive on certain systems) - file taskmgr.exe;not set;2015-03-16 00:00:00;75;Florian Roth;ANOMALY,EXTVAR,REQ_PRIVATE,SUSP;ce28b3e636b792dfb173eb815840cc44 telnet_cgi;Semi-Auto-generated - file telnet.cgi.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;caa1f6ec7d8cb95421c74829761537f7 telnet_pl;Semi-Auto-generated - file telnet.pl.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;77a38a261ee4bb41ff20cae0251972be telnetd_pl;Semi-Auto-generated - file telnetd.pl.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;eee6760bf5a9f11145c5dc7008692d85 templatr;Chinese Hacktool Set - file templatr.php;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;2cfe692b5b0641931a272a133b5f4635 thelast_index3;Webshells Auto-generated - file index3.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;33ddfb4d11bc86e2d85a35a3b24face6 thelast_orice2;Webshells Auto-generated - file orice2.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;eb7b29485f01ae1f0c9ab2bc696d91c5 tools_NTCmd;Chinese Hacktool Set - file NTCmd.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;d7246b437634f7133081f76de2a68cf8 tools_Sqlcmd;Chinese Hacktool Set - file Sqlcmd.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;acaa57fceebfa8b196b20ee49b3dc93e trigger_drop;Chinese Hacktool Set - file trigger_drop.php;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;b1336b4b6722c4aad2a7f417e3b8829f trigger_modify;Chinese Hacktool Set - file trigger_modify.php;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;2606a5120e7f259adda923febcc83375 turla_png_dropper;Detects the PNG Dropper used by the Turla group;https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/november/turla-png-dropper-is-back/;2018-11-23 00:00:00;75;Ben Humphrey;FILE,MAL,RUSSIA;de95b6ccb16010b9cac218bf9641f013 turla_png_reg_enum_payload;Payload that has most recently been dropped by the Turla PNG Dropper;https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/november/turla-png-dropper-is-back/;2018-11-23 00:00:00;75;Ben Humphrey;FILE,MAL,RUSSIA;5290cd0791a4a647c04d8210dba5f305 u_uay;Webshells Auto-generated - file uay.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;56334026e41589dbfc413f90cbee100e unknown2;Chinese Hacktool Set - file unknown2.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;985c293e6b9290ddcb038435e0f16d24 update_PcInit;Chinese Hacktool Set - file PcInit.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;609bac9924ed77c25c2f6cbba2d9b423 update_PcMain;Chinese Hacktool Set - file PcMain.dll;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;ea78325118cd0a1ab10ec174e60f5641 uploader_php_php;Semi-Auto-generated - file uploader.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;83dcb76c67b773f9e81691e942d76e0b users_list;Chinese Hacktool Set - file users_list.php;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;38c7e45e246856c6e1725c7753a407cc ustrrefadd;Chinese Hacktool Set - file ustrrefadd.dll;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;955b7d6fe9ebfa6ebd2636b3b7a28eb1 vanquish;Webshells Auto-generated - file vanquish.dll;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;4209abc853dd8ef9c8e37a471b0f4e6f vanquish_2;Webshells Auto-generated - file vanquish.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;abd86a8bb6422e31452b2dad7a55b600 w3d_php_php;Semi-Auto-generated - file w3d.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;21bd2dc4c3f4f3a004bcc9ed68c68806 warfiles_cmd;Laudanum Injector Tools - file cmd.jsp;http://laudanum.inguardians.com/;2015-06-22 00:00:00;75;Florian Roth;HKTL,WEBSHELL;cdad72832b932dac4dbfd85b6a0893be wce;wce;-;1970-01-01 01:00:00;75;Benjamin DELPY (gentilkiwi);HKTL;98aa231cf9be88d463643ecf47f27bc1 webadmin;Webshells Auto-generated - file webadmin.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;5a4acc5c646179485c605f11e3e206d0 webshell;Webshells Auto-generated - file webshell.php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;950f8e671a7a88e9ee3e1c950b078542 webshell_000_403_807_a_c5_config_css_dm_he1p_JspSpy_JspSpyJDK5_JspSpyJDK51_luci_jsp_xxx;Web Shell;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;a4cc76d290fa4869c337385bb451d52e webshell_000_403_807_a_c5_config_css_dm_he1p_xxx;Web Shell;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;dd27874f04432efcd85aeff768d219c8 webshell_000_403_c5_config_myxx_queryDong_spyjsp2010_zend;Web Shell - from files 000.jsp, 403.jsp, c5.jsp, config.jsp, myxx.jsp, queryDong.jsp, spyjsp2010.jsp, zend.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;5e36749288d10bc4ef7038398c4aed3f webshell_000_403_c5_queryDong_spyjsp2010;Web Shell - from files 000.jsp, 403.jsp, c5.jsp, queryDong.jsp, spyjsp2010.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;03fbf125dede8dae1110e6a4be93aea2 webshell_000_403_c5_queryDong_spyjsp2010_t00ls;Web Shell - from files 000.jsp, 403.jsp, c5.jsp, queryDong.jsp, spyjsp2010.jsp, t00ls.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;6c52e36458d84e9be08f0a5a5c65be3c webshell_2008_2009lite_2009mssql;Web Shell - from files 2008.php, 2009lite.php, 2009mssql.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;cd0588c25fb5ffaeb4b399d68707cc47 webshell_2008_2009mssql_phpspy_2005_full_phpspy_2006_arabicspy_hkrkoz;Web Shell;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;74d49566d3d7c64db92dd876f112c4d0 webshell_201_3_ma_download;Web Shell - from files 201.jsp, 3.jsp, ma.jsp, download.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;ecf460f20e6edaee75a143760f9122c9 webshell_2_520_icesword_job_ma1;Web Shell - from files 2.jsp, 520.jsp, icesword.jsp, job.jsp, ma1.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;4e8d48ea6ae64fdf4ee19470460a74cd webshell_2_520_icesword_job_ma1_ma4_2;Web Shell - from files 2.jsp, 520.jsp, icesword.jsp, job.jsp, ma1.jsp, ma4.jsp, 2.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;bfa84e29f9da5eeac734789090f3d8f7 webshell_2_520_job_JspWebshell_1_2_ma1_ma4_2;Web Shell - from files 2.jsp, 520.jsp, job.jsp, JspWebshell 1.2.jsp, ma1.jsp, ma4.jsp, 2.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;09ee241af75eb75e86904b7ca17f18e7 webshell_2_520_job_ma1_ma4_2;Web Shell - from files 2.jsp, 520.jsp, job.jsp, ma1.jsp, ma4.jsp, 2.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;4c692caa3a3f52ea4c3c14834300b269 webshell_400_in_JFolder_jfolder01_jsp_leo_warn_webshell_nc;Web Shell - from files 400.jsp, in.jsp, JFolder.jsp, jfolder01.jsp, jsp.jsp, leo.jsp, warn.jsp, webshell-nc.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;a4434b684bff453b21d0647a3fe2d354 webshell_404_data_in_JFolder_jfolder01_jsp_suiyue_warn;Web Shell - from files 404.jsp, data.jsp, in.jsp, JFolder.jsp, jfolder01.jsp, jsp.jsp, suiyue.jsp, warn.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;13c78a4daf9b8c0ec56fc2a63e781294 webshell_404_data_in_JFolder_jfolder01_xxx;Web Shell;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;53a734bb370e2676f3a7c7f3a451cc3d webshell_404_data_suiyue;Web Shell - from files 404.jsp, data.jsp, suiyue.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;1fa3b8d156f22772ce6b87bb13e97d23 webshell_807_a_css_dm_he1p_JspSpy_xxx;Web Shell;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;df491ccfe9e804918b1e5a52151316b3 webshell_807_dm_JspSpyJDK5_m_cofigrue;Web Shell - from files 807.jsp, dm.jsp, JspSpyJDK5.jsp, m.jsp, cofigrue.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;0f104480341785196c9a3eba43ec910f webshell_ASP_RemExp;Web Shell - file RemExp.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;1d77481829996e3353103580647bc9af webshell_ASP_aspydrv;Web Shell - file aspydrv.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;2201714b6dd748b8d7fc9d366bf40d5d webshell_ASP_cmd;Web Shell - file cmd.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;211a8cc7788568995026679d7e7dacef webshell_ASP_tool;Web Shell - file tool.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;d1538ad5380aa67886cdbf7ed8bd128c webshell_ASP_zehir4;Web Shell - file zehir4.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;aa16deefbdafc06b10e5a0d11ae3c766 webshell_ASP_zehir;Web Shell - file zehir.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;779a43415a80215f54a1fd0cffbcea07 webshell_Ani_Shell;Web Shell - file Ani-Shell.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;6afe0288c7d0939d6ad1e74c4dfdffe7 webshell_Antichat_Shell_v1_3_2;Web Shell - file Antichat Shell v1.3.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;191d47fda801e1416dbe8fd1236215e1 webshell_B374kPHP_B374k;Web Shell - file B374k.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;ab254e2f3711e46747cad42b0a12af46 webshell_C99madShell_v_3_0_smowu;Web Shell - file smowu.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;36a1c4c9dcdc61d88733fa690c5d5f86 webshell_Crystal_Crystal;Web Shell - file Crystal.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;1ee75519da607047b5a8770250cf7799 webshell_DarkBlade1_3_asp_indexx;Web Shell - file indexx.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;a1571f2501255e2e497aa4ce79fdb088 webshell_Dive_Shell_1_0_Emperor_Hacking_Team_xxx;Web Shell;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;fb03c1fddd075f702a73605a80865153 webshell_Dx_Dx;Web Shell - file Dx.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;eaba0e9c1da7c89f4cfefe12bdfef60e webshell_ELMALISEKER_Backd00r;Web Shell - file ELMALISEKER Backd00r.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;2b097be5d7b869a17e420b8d6ffaf68b webshell_Expdoor_com_ASP;Web shells - generated from file Expdoor.com ASP.asp;-;2014-03-28 00:00:00;70;Florian Roth;WEBSHELL;d099b99eace9fa517753848a45f6e79f webshell_GetPostpHp;Web shells - generated from file GetPostpHp.php;-;2014-03-28 00:00:00;70;Florian Roth;WEBSHELL;d26460d63f484f8927f10028c29545b6 webshell_Inderxer;Web Shell - file Inderxer.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;466afb4b556a3ed903ea52af91df2343 webshell_Java_Shell;Web Shell - file Java Shell.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;6ad1bd34e7c2e9eccc10528542508d61 webshell_JspSpy_JspSpyJDK5_JspSpyJDK51_luci_jsp_spy2009_m_ma3_xxx;Web Shell;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;c1c626fb06b9feb301da38662792d8ed webshell_Jspspyweb;Web Shell - file Jspspyweb.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;9723c6c53e5386dbe44b06964f38bdd2 webshell_Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit;Web Shell - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;fa25ccb0d0bcd794f9fe062ae895991b webshell_Macker_s_Private_PHPShell;Web Shell - file Macker's Private PHPShell.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;f670add79de4481d9b4e04da40738df5 webshell_MySQL_Web_Interface_Version_0_8;Web Shell - file MySQL Web Interface Version 0.8.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;7e0986b901c9f243894464b80aa3c6fb webshell_Mysql_interface_v1_0;Web Shell - file Mysql interface v1.0.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;1f940f598a9df629fd3018290d2eef2a webshell_NIX_REMOTE_WEB_SHELL_NIX_REMOTE_WEB_xxx1;Web Shell;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;a533ec78337d2ff197cceddca4c8f762 webshell_NIX_REMOTE_WEB_SHELL_nstview_xxx;Web Shell;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;aa5357e0bcc7f63c60058e674a0626c9 webshell_NetworkFileManagerPHP;Web Shell - file NetworkFileManagerPHP.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;bd86310d4c0b248c02aed6dc133a06f3 webshell_PHPJackal_v1_5;Web Shell - file PHPJackal v1.5.php;-;2014-01-28 00:00:00;70;Florian Roth;MIDDLE_EAST,WEBSHELL;f63f52e45dcbabb3463ff5d1535e2dcb webshell_PHPRemoteView;Web Shell - file PHPRemoteView.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;68755941ac4aab316b5a574803ce817b webshell_PHP_150;Web Shell - file 150.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;adf584f9270838b287081062c22c39c0 webshell_PHP_404;Web Shell - file 404.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;9eff1facd3c52a4ee0992b75805dc6e2 webshell_PHP_G5;Web Shell - file G5.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;e693b363792cd0c35ad7dd0a67b7fe84 webshell_PHP_Shell_x3;Web Shell - file PHP Shell.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;4c372c1fdf23c566c53b27706b867e30 webshell_PHP_a;Web Shell - file a.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;ed9889061fe343988666e49754a4f744 webshell_PHP_b37;Web Shell - file b37.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;183a7b6ad4b1167e670e5d6650fdd62f webshell_PHP_bug_1_;Web Shell - file bug (1).php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;7dbb92ca492e5a8adde049c6c29c1696 webshell_PHP_c37;Web Shell - file c37.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;7e835561088f94d1628a1125585d5d7d webshell_PHP_co;Web Shell - file co.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;acdd1d6b9559a57281814d3630bf48bf webshell_PHP_g00nv13;Web Shell - file g00nv13.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;0b48701b763acc39c3d23f9070c51334 webshell_PHP_r57142;Web Shell - file r57142.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;285877c89bdf6d3edd5b2ebc77dade02 webshell_PHP_redcod;Web Shell - file redcod.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;b10ee9348abc0854fa24499e91570560 webshell_PHP_sql;Web Shell - file sql.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;cac31b27a36888a9460745392d9e46e5 webshell_PH_Vayv_PH_Vayv;Web Shell - file PH Vayv.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;dbcfd1e193abf474a55193052e0a1422 webshell_Private_i3lue;Web Shell - file Private-i3lue.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;75d1972644446cdd0b56fc2b1444df6c webshell_Safe_Mode_Bypass_PHP_4_4_2_and_PHP_5_1_2;Web Shell - file Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;33eafe8c869fc7c5d1dc8a8e6341df4b webshell_Safe_mode_breaker;Web Shell - file Safe mode breaker.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;8177dc10eac6c2c8b4223cedf869e917 webshell_Server_Variables;Web Shell - file Server Variables.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;aa9e0a7954c80b096d5c1397a2725b94 webshell_Shell_ci_Biz_was_here_c100_v_xxx;Web Shell;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;623759504bc19d29fe8caf2352cef8bc webshell_SimAttacker_Vrsion_1_0_0_priv8_4_My_friend;Web Shell - file SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;15f969f53299f8c220b2082d6d230355 webshell_Sst_Sheller;Web Shell - file Sst-Sheller.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;f58d3009c1cf544c6be25b77de12347c webshell_WinX_Shell;Web Shell - file WinX Shell.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;198d62118c8164c87c32476ba9772efd webshell_Worse_Linux_Shell;Web Shell - file Worse Linux Shell.php;-;2014-01-28 00:00:00;70;Florian Roth;LINUX,WEBSHELL;5ae199f8f19f8de463b833933db56a75 webshell_aZRaiLPhp_v1_0;Web Shell - file aZRaiLPhp v1.0.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;51c64eb8cada38f38e2e41f4c0a0faf2 webshell_asp_01;Web Shell - file 01.asp;-;2014-01-28 00:00:00;50;Florian Roth;WEBSHELL;e39cd0f39cfab33e253b80225b79a8ad webshell_asp_1;Web Shell - file 1.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;45863b96497b37263ff50e897877de6b webshell_asp_1d;Web Shell - file 1d.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;d8bac65c652fe36463fbbc3cbe913af5 webshell_asp_404;Web Shell - file 404.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;aad7824aba00cf3886a8b7e6653d32c5 webshell_asp_Ajan;Web Shell - file Ajan.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;fa2ae5d2c0868cd81f99612a075274de webshell_asp_EFSO_2;Web Shell - file EFSO_2.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;5977fb30118d107926d4d0ad23d4307f webshell_asp_Rader;Web Shell - file Rader.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;6024973eb718117b1f98a8c2711e626b webshell_asp_ajn;Web Shell - file ajn.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;3f0ab52e3b126bff37e5042080690af0 webshell_asp_cmd;Web Shell - file cmd.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;02bb3a4ffd84c27eddb801f4071a17f6 webshell_asp_cmdasp;Web Shell - file cmdasp.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;eda45608fabb5617dce501130936941c webshell_asp_dabao;Web Shell - file dabao.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;23aa8ab104fd5fc7748d9f66546dda0e webshell_asp_ice;Web Shell - file ice.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;67a614edf29c4ce1f95b8940adf2aa68 webshell_asp_list;Web Shell - file list.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;0878d931645b87ccc6594e75cace0d23 webshell_asp_ntdaddy;Web Shell - file ntdaddy.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;d265857efe821e476e616cb740f57176 webshell_asp_shell;Web Shell - file shell.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;2984a99d766e43fc7f02f10109b4f9e8 webshell_asp_up;Web Shell - file up.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;8bd34f4c957915e13d9edbed8751ff61 webshell_browser_201_3_400_in_JFolder_jfolder01_jsp_leo_ma_warn_webshell_nc_download;Web Shell;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;04529b2eaceba8523cc4fb18dbbd510e webshell_browser_201_3_ma_download;Web Shell - from files browser.jsp, 201.jsp, 3.jsp, ma.jsp, download.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;ab2e5aef5f0665e593d68bdf73ca7584 webshell_browser_201_3_ma_ma2_download;Web Shell - from files browser.jsp, 201.jsp, 3.jsp, ma.jsp, ma2.jsp, download.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;a061718b5231d72c8f0a99edeba93fc4 webshell_bypass_iisuser_p;Web shells - generated from file bypass-iisuser-p.asp;-;2014-03-28 00:00:00;70;Florian Roth;WEBSHELL;2b081d5bb88e869eaccd23f15df333f3 webshell_c99_Shell_ci_Biz_was_here_c100_v_xxx;Web Shell;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;e25cc383d7991c407f02f73dd26de4d2 webshell_c99_c66_c99_shadows_mod_c99shell;Web Shell - from files c99.php, c66.php, c99-shadows-mod.php, c99shell.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;9680bfe04c3f38a92a26dabea154f156 webshell_c99_c99shell_c99_c99shell;Web Shell - from files c99.php, c99shell.php, c99.php, c99shell.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;2f7bbe9d541bb654db95f62f678472cd webshell_c99_c99shell_c99_w4cking_Shell_xxx;Web Shell;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;ffdb873ed4da2940541771465456818e webshell_c99_generic;Semi-Auto-generated ;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;64f8db001787c75ad9d3a2e618e829dd webshell_c99_locus7s_c99_w4cking_xxx;Web Shell;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;8cab68ca8f928e765e8935e5f2d3015f webshell_c99_madnet_smowu;Web Shell - file smowu.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;46f96345db2a86d2ab3872c134dd1df8 webshell_caidao_shell_404;Web Shell - file 404.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;68727cd27d1f2db85ffbc5b4219da150 webshell_caidao_shell_guo;Web Shell - file guo.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;040ddcec845239c7252b2dc932ce57e4 webshell_caidao_shell_hkmjj;Web Shell - file hkmjj.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;4494f7bf8503abbdbf168183c3a488fc webshell_caidao_shell_ice;Web Shell - file ice.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;e7017d29e581fd82557b47d5fb121a9c webshell_caidao_shell_ice_2;Web Shell - file ice.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;e28d3df93eaa7a382c371fd84ffd469a webshell_caidao_shell_mdb;Web Shell - file mdb.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;ba857dbe84f1caedb65ec10d0cbcd0d1 webshell_cihshell_fix;Web Shell - file cihshell_fix.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;c4ba8ced33f662438127932c8bd6a7dc webshell_cmd_asp_5_1;Web Shell - file cmd-asp-5.1.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;a4d0817f3e815d984a1f2f3c7310b9f8 webshell_cmd_win32;Web Shell - file cmd_win32.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;ce25ed207dfe366958e8bd18be9f2b7a webshell_config_myxx_zend;Web Shell - from files config.jsp, myxx.jsp, zend.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;5828d058b26c402d7105e88399fa660a webshell_cpg_143_incl_xpl;Web Shell - file cpg_143_incl_xpl.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;e49dfc808d7c5c9e3cc662fa53b7ccf5 webshell_customize;Web Shell - file customize.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;b81930efa29ca2c6a52b452f87bdf1ca webshell_dev_core;Web shells - generated from file dev_core.php;-;2014-03-28 00:00:00;70;Florian Roth;WEBSHELL;63a3289dc1aac64d4113bc285f77b170 webshell_drag_system;Web Shell - file system.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;a253bc2c548c9f463c80d710d80fd916 webshell_e8eaf8da94012e866e51547cd63bb996379690bf;Detects a web shell;https://github.com/bartblaze/PHP-backdoors;2016-09-10 00:00:00;75;Florian Roth;FILE,WEBSHELL;932ada53abd9853e82637abe4315051c webshell_elmaliseker_2;Web Shell - file elmaliseker.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;941c4f6e060383f0dd2daadf92532721 webshell_gfs_sh_r57shell_r57shell127_SnIpEr_SA_xxx;Web Shell;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;18735da5f7ca992c3427b3e155c0b1a9 webshell_ghost_source_icesword_silic;Web Shell - from files ghost_source.php, icesword.php, silic.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;4afec5bdd4ba5e384281245bb46b05b4 webshell_h4ntu_shell_powered_by_tsoi_;Web Shell - file h4ntu shell [powered by tsoi].php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;4c8b83c32a3e3da359ca45f505d5ad7b webshell_he1p_JspSpy_nogfw_ok_style_1_JspSpy1;Web Shell - from files he1p.jsp, JspSpy.jsp, nogfw.jsp, ok.jsp, style.jsp, 1.jsp, JspSpy.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;8b0aba454321225669be14d70b89ea2f webshell_iMHaPFtp_2;Web Shell - file iMHaPFtp.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;378715da456c8060dec8d47e97484d28 webshell_in_JFolder_jfolder01_jsp_leo_warn;Web Shell - from files in.jsp, JFolder.jsp, jfolder01.jsp, jsp.jsp, leo.jsp, warn.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;1c8f5413d5cd5464617336fcb9dec33d webshell_ironshell;Web Shell - file ironshell.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;2758dea20c5f8d4ffafd7d9392b0c8bd webshell_itsec_PHPJackal_itsecteam_shell_jHn;Web Shell - from files itsec.php, PHPJackal.php, itsecteam_shell.php, jHn.php;-;2014-01-28 00:00:00;70;Florian Roth;MIDDLE_EAST,WEBSHELL;c420153747ce88bb95708a8f2d0f85fe webshell_itsec_itsecteam_shell_jHn;Web Shell - from files itsec.php, itsecteam_shell.php, jHn.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;40f0538fde1618d9b10b80238632366f webshell_jspShell;Web Shell - file jspShell.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;c87a356220ac19e0af9cddc2780e8576 webshell_jsp_12302;Web Shell - file 12302.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;0716535baaa04c57f4a20244c172b751 webshell_jsp_123;Web Shell - file 123.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;2b74f8b750e6a1df39ba8aaf454f8540 webshell_jsp_IXRbE;Web Shell - file IXRbE.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;f516f2b5bacd8c4019333b916386f950 webshell_jsp_action;Web Shell - file action.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;1a449f2028f4ac9312cebb937318ba27 webshell_jsp_asd;Web Shell - file asd.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;1baba7b0759700a2b652ac0fd48f7dc3 webshell_jsp_cmd;Web Shell - file cmd.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;84178173ea2f100a55d510319874944a webshell_jsp_cmdjsp;Web Shell - file cmdjsp.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;ea7e4035038723b792891074c66b92ed webshell_jsp_cmdjsp_2;Web Shell - file cmdjsp.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;3fe3f584e712db6653e980b90f8c1cb8 webshell_jsp_guige02;Web Shell - file guige02.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;46c297fe343f653124581551f2c31428 webshell_jsp_guige;Web Shell - file guige.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;3d0a58f12af7fba6c11b7aa354ac5839 webshell_jsp_hsxa1;Web Shell - file hsxa1.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;35915b4a9c22ec9061af74850a2e7fa2 webshell_jsp_hsxa;Web Shell - file hsxa.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;35915b4a9c22ec9061af74850a2e7fa2 webshell_jsp_inback3;Web Shell - file inback3.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;f516f2b5bacd8c4019333b916386f950 webshell_jsp_jdbc;Web Shell - file jdbc.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;b81930efa29ca2c6a52b452f87bdf1ca webshell_jsp_jshell;Web Shell - file jshell.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;5e702733ae3abb28469c54a7710e3623 webshell_jsp_k81;Web Shell - file k81.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;a94f608f012a69fda29c4203ae9862e9 webshell_jsp_k8cmd;Web Shell - file k8cmd.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;53cff48b3152aa7e06efda8363959bce webshell_jsp_list1;Web Shell - file list1.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;82d56531df22976c79458416adf2b056 webshell_jsp_list;Web Shell - file list.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;bca3207eb23475012bac1d1397b0478e webshell_jsp_reverse_jsp_reverse_jspbd;Web Shell - from files jsp-reverse.jsp, jsp-reverse.jsp, jspbd.jsp;-;2014-01-28 00:00:00;50;Florian Roth;WEBSHELL;d6db6eec4c9347aa7e14f6ce3b5aabc8 webshell_jsp_sys3;Web Shell - file sys3.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;fc4de385d07bed499e80756cb988f55e webshell_jsp_tree;Web Shell - file tree.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;bb82e50b67c70b0d8ee356f505b75f42 webshell_jsp_up;Web Shell - file up.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;7826a01a2d582460133c7f76344251ad webshell_jsp_utils;Web Shell - file utils.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;3c4a862788f4e0de7ab82be0c418c3ce webshell_jsp_web;Web Shell - file web.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;f68e8e31b34fef67c49fc9560b0ba864 webshell_jsp_zx;Web Shell - file zx.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;8aa5d26ae7ee17986d81e9ec20e23b2b webshell_metaslsoft;Web Shell - file metaslsoft.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;18ae2ec019e2f92d590eec5e8ab101e1 webshell_minupload;Web Shell - file minupload.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;65b0eac150bb42a1300e23e51be0401a webshell_mumaasp_com;Web Shell - file mumaasp.com.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;e92c5cc5238ebe29ac131896b1ad0d21 webshell_mysqlwebsh;Web Shell - file mysqlwebsh.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;6ebcf99d444ca9acc335f3c114671203 webshell_php;Semi-Auto-generated - file webshell.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;615a4c17da38e7fed515c664c0fa323c webshell_php_2;Web Shell - file 2.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;4c64e457343e4b211d8c615a22c044e0 webshell_php_404;Web Shell - file 404.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;a70ebf13b66d625135f5c18c99067af7 webshell_php_backdoor;Web Shell - file php-backdoor.php;-;2014-01-28 00:00:00;70;Florian Roth;MAL,WEBSHELL;82878dc03734da21b040151b7f8cfe75 webshell_php_cmd;Web Shell - file cmd.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;a23ec9bcae34d60ddcdf109ef793a728 webshell_php_dodo_zip;Web Shell - file zip.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;0c6c8159605b7dc60a6cbde04c115399 webshell_php_fbi;Web Shell - file fbi.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;be3b6c6f43ed797adb998b51d199f7fa webshell_php_ghost;Web Shell - file ghost.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;bcfeea855c47fa7cfa78e41971e517c7 webshell_php_h6ss;Web Shell - file h6ss.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;6389485af5c83fe9ba52b7dd1fe79f39 webshell_php_list;Web Shell - file list.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;365053807ef068f21cdd547d8180ca9c webshell_php_moon;Web Shell - file moon.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;9d33e86413a04a83a3aa69bb50f0ea5f webshell_php_s_u;Web Shell - file s-u.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;2bf04c5a1be50199287a170f35a67934 webshell_php_sh_server;Web Shell - file server.php;-;2014-01-28 00:00:00;50;Florian Roth;WEBSHELL;9e3998b28d2e1c40e04723dc1eb2e663 webshell_php_up;Web Shell - file up.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;285341abb139ae505099fd6fc843eb2c webshell_phpkit_0_1a_odd;Web Shell - file odd.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;1da2e5847098d6a332563b9c93bc42a0 webshell_phpkit_1_0_odd;Web Shell - file odd.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;3040847e37a73f7286c9de703b60bdd2 webshell_phpshell3;Web Shell - file phpshell3.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;5224126cde08d3954dd095fefa9b909d webshell_phpshell_2_1_config;Web Shell - file config.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;829ce4d06be987d25047167e29defde3 webshell_phpshell_2_1_pwhash;Web Shell - file pwhash.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;d95e6b88c10f8190b850724a5348c457 webshell_phpspy2010;Web Shell - file phpspy2010.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;c428c8f33f9209b003e2e98b0ad2752f webshell_phpspy_2005_full_phpspy_2005_lite_PHPSPY;Web Shell - from files phpspy_2005_full.php, phpspy_2005_lite.php, PHPSPY.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;cd12921a9d2f07dd375889576c345076 webshell_phpspy_2005_full_phpspy_2005_lite_phpspy_2006_PHPSPY;Web Shell - from files phpspy_2005_full.php, phpspy_2005_lite.php, phpspy_2006.php, PHPSPY.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;f4ae997d06131bd972acee0b30c71724 webshell_r57_1_4_0;Web Shell - file r57.1.4.0.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;22d09d5a1bc89be64d86fc77fe76ae25 webshell_r57shell127_r57_iFX_r57_kartal_r57_antichat;Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;99b5d997ed386a85d60f186b6255ca1a webshell_r57shell127_r57_kartal_r57;Web Shell - from files r57shell127.php, r57_kartal.php, r57.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;6f8718d1490a81566e9ce7e9ab372f84 webshell_r57shell_r57shell127_SnIpEr_SA_Shell_EgY_SpIdEr_ShElL_V2_r57_xxx;Web Shell;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;1fb3dc2fe172dbd865ded3a5b35631a2 webshell_redirect;Web Shell - file redirect.asp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;3c2171972e31fa9be387f69ac39c9dab webshell_remview_fix;Web Shell - file remview_fix.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;d561970407ca6952f2b3e487e6eeefeb webshell_s72_Shell_v1_1_Coding;Web Shell - file s72 Shell v1.1 Coding.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;98f7048dd4fc3215ce0d9c1389ec093e webshell_shell_2008_2009mssql_phpspy_2005_full_phpspy_2006_arabicspy_hkrkoz;Web Shell;-;2014-01-28 00:00:00;60;Florian Roth;WEBSHELL;2e6ff085ad979c2060fe09a7ba3e7d6d webshell_shell_phpspy_2005_full_phpspy_2005_lite_phpspy_2006_arabicspy_PHPSPY_hkrkoz;Web Shell;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;8b2b5259d6c51a38d2d0cb6c2d09373b webshell_shell_phpspy_2006_arabicspy;Web Shell - from files shell.php, phpspy_2006.php, arabicspy.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;fba8e1250894255f0fc145c753d03098 webshell_shell_phpspy_2006_arabicspy_hkrkoz;Web Shell - from files shell.php, phpspy_2006.php, arabicspy.php, hkrkoz.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;df281cb128ffc6561507c5b94ae34c69 webshell_sig_404super;Web shells - generated from file 404super.php;-;2014-03-28 00:00:00;70;Florian Roth;WEBSHELL;8095c3cd61dfa77cac3f2b13b350149b webshell_simple_backdoor;Web Shell - file simple-backdoor.php;-;2014-01-28 00:00:00;70;Florian Roth;MAL,WEBSHELL;443e5ddd23466685eff2e9a9ac75e2ab webshell_spjspshell;Web Shell - file spjspshell.jsp;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;43cd4c2709c9ec0b2969806db906eb28 webshell_tinyasp;Detects 24 byte ASP webshell and variations;-;2019-01-09 00:00:00;75;Jeff Beley;FILE,WEBSHELL;e7ea7c96a132ab8d7ab174537dda38f0 webshell_webshell_123;Web shells - generated from file webshell-123.php;-;2014-03-28 00:00:00;70;Florian Roth;WEBSHELL;fbbaf0d200f76840ed2d40bb1a5e875e webshell_webshell_cnseay02_1;Web Shell - file webshell-cnseay02-1.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;0beaa50d9a63b3b3047aba367ff4939e webshell_webshell_cnseay_x;Web Shell - file webshell-cnseay-x.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;e0feb4199ede4889747f1e6cd3f1bb29 webshell_webshells_new_Asp;Web shells - generated from file Asp.asp;-;2014-03-28 00:00:00;70;Florian Roth;WEBSHELL;888efef293daaf60f3542ae76d859f51 webshell_webshells_new_JJJsp2;Web shells - generated from file JJJsp2.jsp;-;2014-03-28 00:00:00;70;Florian Roth;WEBSHELL;14492c05d09357d8280227ae01060c0e webshell_webshells_new_JJjsp3;Web shells - generated from file JJjsp3.jsp;-;2014-03-28 00:00:00;70;Florian Roth;WEBSHELL;6fe9a9179356c9045bece9b2f829cf9e webshell_webshells_new_JSP;Web shells - generated from file JSP.jsp;-;2014-03-28 00:00:00;70;Florian Roth;WEBSHELL;e01b320241532c2097eca662ab72b941 webshell_webshells_new_PHP1;Web shells - generated from file PHP1.php;-;2014-03-28 00:00:00;70;Florian Roth;WEBSHELL;90ac853aaaaef7bf0beeb5c455c3e855 webshell_webshells_new_PHP;Web shells - generated from file PHP.php;-;2014-03-28 00:00:00;70;Florian Roth;WEBSHELL;b8e69f1218f35f78b0efc6a245a628a1 webshell_webshells_new_aaa;Web shells - generated from file aaa.asp;-;2014-03-28 00:00:00;70;Florian Roth;WEBSHELL;a435e454883b8930669b133bfce8d53f webshell_webshells_new_asp1;Web shells - generated from file asp1.asp;-;2014-03-28 00:00:00;70;Florian Roth;WEBSHELL;e079161464a7785ed2fd8592a402f132 webshell_webshells_new_code;Web shells - generated from file code.php;-;2014-03-28 00:00:00;70;Florian Roth;WEBSHELL;5a71d9a9893a8977e88f9ecbc67e67ab webshell_webshells_new_con2;Web shells - generated from file con2.asp;-;2014-03-28 00:00:00;70;Florian Roth;WEBSHELL;a36d4d3f138577f7535ee187d42fda77 webshell_webshells_new_jspyyy;Web shells - generated from file jspyyy.jsp;-;2014-03-28 00:00:00;70;Florian Roth;WEBSHELL;d9356a77bc082dba40d0d6739114206f webshell_webshells_new_make2;Web shells - generated from file make2.php;-;2014-03-28 00:00:00;50;Florian Roth;WEBSHELL;34df9c4ec232fb1a10ffe8d6863aba45 webshell_webshells_new_pHp;Web shells - generated from file pHp.php;-;2014-03-28 00:00:00;70;Florian Roth;WEBSHELL;01ba0f0d7c4b4189203d9935a511ca69 webshell_webshells_new_php2;Web shells - generated from file php2.php;-;2014-03-28 00:00:00;70;Florian Roth;WEBSHELL;5919fd92ad4ff8e7d234e4d40f858674 webshell_webshells_new_php5;Web shells - generated from file php5.php;-;2014-03-28 00:00:00;70;Florian Roth;WEBSHELL;4ffdf192bc710da48c0cb074622a4e14 webshell_webshells_new_php6;Web shells - generated from file php6.php;-;2014-03-28 00:00:00;70;Florian Roth;WEBSHELL;358a63ea7cfd8f2f234dcbc8bcf601d4 webshell_webshells_new_pppp;Web shells - generated from file pppp.php;-;2014-03-28 00:00:00;70;Florian Roth;WEBSHELL;d1d31a6cdb7d3c3566794fc116e66288 webshell_webshells_new_radhat;Web shells - generated from file radhat.asp;-;2014-03-28 00:00:00;70;Florian Roth;WEBSHELL;384efd1929555c6fe3b4219912372d80 webshell_webshells_new_xxx;Web shells - generated from file xxx.php;-;2014-03-28 00:00:00;70;Florian Roth;WEBSHELL;a46ab07174fd1ca02f07ea098f1942d3 webshell_webshells_new_xxxx;Web shells - generated from file xxxx.php;-;2014-03-28 00:00:00;70;Florian Roth;WEBSHELL;4cd5e43e5a341bb16db760e16ab31a3f webshell_wsb_idc;Web Shell - file idc.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;fef59b8d72b52481f6810037258fef38 webshell_wso2_5_1_wso2_5_wso2;Web Shell - from files wso2.5.1.php, wso2.5.php, wso2.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;31918cefe392268cefe21a2edcab1c39 webshell_zacosmall;Web Shell - file zacosmall.php;-;2014-01-28 00:00:00;70;Florian Roth;WEBSHELL;8ef091866dd89be82ff66a7bbed64934 wh_bindshell_py;Semi-Auto-generated - file wh_bindshell.py.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;e233cef3eba7b1bf10c3960d55d3a4e6 whosthere;Auto-generated rule - file whosthere.exe;http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit;2015-07-10 00:00:00;80;Florian Roth;EXE,FILE;63b5523950daee78ff4c5794618e36a1 whosthere_alt;Auto-generated rule - file whosthere-alt.exe;http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit;2015-07-10 00:00:00;80;Florian Roth;EXE,FILE;c0b653aa3c93da9a794c63d5f0e8f8c4 whosthere_alt_pth;Auto-generated rule - file pth.dll;http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit;2015-07-10 00:00:00;80;Florian Roth;EXE,FILE;6320ce0a3be29b44577b9ac9238fddc5 wininit_ANOMALY;Anomaly rule looking for certain strings in a system file (maybe false positive on certain systems) - file wininit.exe;not set;2015-03-16 00:00:00;75;Florian Roth;ANOMALY,EXTVAR,REQ_PRIVATE,SUSP;f99d9489cef2ffe884c121aea2be371d winlogon_ANOMALY;Anomaly rule looking for certain strings in a system file (maybe false positive on certain systems) - file winlogon.exe;not set;2015-03-16 00:00:00;75;Florian Roth;ANOMALY,EXTVAR,REQ_PRIVATE,SUSP;4a3d7db2d2e7ec83cbc5bee1198d5a7d winshell;Webshells Auto-generated - file winshell.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;6119a6014010eef9d641ca0d067e7503 x64_KiwiCmd;Chinese Hacktool Set - file KiwiCmd.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;5e6e57faf9349a6b3dec9719cf46299b x64_klock;Chinese Hacktool Set - file klock.dll;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;3388b3ae5374ca973c3c930e299bfb9b xDedic_SysScan_unpacked;Detects SysScan APT tool;https://securelist.com/blog/research/75027/xdedic-the-shady-world-of-hacked-servers-for-sale/;2016-03-14 00:00:00;75; Kaspersky Lab;APT,FILE;18e0477e08559303b55467a6ca2514a2 xRAT_1;Detects Patchwork malware;https://goo.gl/Pg3P4W;2017-12-11 00:00:00;75;Florian Roth;EXE,FILE;a8c2b4c4f8ba13dd3d2c6b1af60b50e6 x_way2_5_X_way;Chinese Hacktool Set - file X-way.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;6747b8836fa8745c96089edb8a9943c6 x_way2_5_sqlcmd;Chinese Hacktool Set - file sqlcmd.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;7e7e6cccb62033b010d626944b5a42b6 xdedic_packed_syscan;-;-;1970-01-01 01:00:00;75;Kaspersky Lab - modified by Florian Roth;FILE;32660e6ca63769f52fd1b726fe4efa40 xscan_gui;Chinese Hacktool Set - file xscan_gui.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;dbc8780424c8d2daefffde4a61ca5b26 xssshell;Webshells Auto-generated - file xssshell.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;52bbd6e74a53e42dd4a568776b435574 xssshell_db;Webshells Auto-generated - file db.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;a31bfded7441af0c8118cd61a91290cc xssshell_default;Webshells Auto-generated - file default.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;5a56cf3a17490c6aada23bb9673648cc xssshell_save;Webshells Auto-generated - file save.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;b2961c05d0b8e8f614e4139c0d5710ad z_webshell;Detection for the z_webshell;-;2018-01-25 00:00:00;75;DHS NCCIC Hunt and Incident Response Team;FILE;7d027ef968e7d7aedd6a94caebdd10bc zacosmall_php;Semi-Auto-generated - file zacosmall.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;5fc1645d17f817e56493316142fba9f3