Report - github.com/Neo23x0/signature-base/archive/master.zip

Report Overview

Visited public
2025-01-28 12:50:21
Tags
URL
github.com/Neo23x0/signature-base/archive/master.zip
Finishing URL
about:privatebrowsing
IP / ASN
140.82.121.3
#36459 GITHUB
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

1079

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
github.com	1423	2007-10-09	2016-07-13	2025-01-22	506 B	3.9 kB	140.82.121.3
codeload.github.com	62359	2007-10-09	2013-04-18	2025-01-22	518 B	4.0 MB	140.82.121.9

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
codeload.github.com/Neo23x0/signature-base/zip/refs/heads/master
IP
140.82.121.9
ASN
#36459 GITHUB

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
4.0 MB (3973193 bytes)
Hash
d0950f3ec9bb8a614dc0735968f4201b
593250b97e4eb8e770742697ec30240f5ec372c0
16fbfff0c36715c91d8c35bb47ec27706dd25c7c4defa32be5a293dad03e2058

Archive (716)

Filename

Md5

File type

yara-assemble.yml

ca59011f565f728fd5ed629e5e21aa96

ASCII text, with very long lines (602)

.gitignore

23e8e43cbac7375e0504e9af7a59debd

ASCII text

.travis.yml

2ecaa9bf3d4888ff5a3ab8de82e84016

ASCII text

.yara-ci.yml

f1648849722b9603690c6a236f7beab9

ASCII text

Code_of_Conduct.md

595504f41396af1d281f2c3bc3b171f9

ASCII text, with no line terminators

LICENSE

466ef9c54721c9d829b515cdd5393e23

ASCII text

README.md

5fd9823707149c8f0549d2e32c3b2034

exported SGML document, ASCII text, with very long lines (390)

_config.yml

932865e374757d33e321eeb2d5e88b6b

ASCII text, with no line terminators

apt_unc2891_tinyshell_slapstick.yar

9dddbc8ab1874cff1a7905c96270db88

ASCII text

build-rules.py

74b84aeeec1fb6041a89283205c91c5d

Python script, ASCII text executable

README.txt

e45d596eb974c222497a0aea9bac3ee5

ASCII text

c2-iocs.txt

2f670a1887d4b15293eeca17b0952970

ASCII text

filename-iocs.txt

dc5498a3662497f19e58aabcc23824b5

Unicode text, UTF-8 text, with very long lines (314)

hash-iocs.txt

62e05b6dbac02fee91b049a17af831b5

Unicode text, UTF-8 text

keywords.txt

080eb19e508e6f7bcd4281c783e0dbbd

ASCII text

otx-hash-iocs.txt

710fec33b11ca288c1bf5daec4fc801c

ASCII text

makefile

2686b9fbff6f01a806dc29abdd46dca6

makefile script, ASCII text

file-type-signatures.txt

4b7f2e6876be946791962bab4a4023c6

ASCII text

sig-base-rules.csv

d475ed019e8ec258d650f8a0be362545

ASCII text, with very long lines (347)

airbnb_binaryalert.yar

62ee0fde275685493cc28ee515cc47db

ASCII text

apt_aa19_024a.yar

4cf3a32cb2b93be356f04e0025bfd6c0

ASCII text

apt_agent_btz.yar

f2e577141d977809eb610e2ae191665f

ASCII text

apt_alienspy_rat.yar

31a40ba0a14256f4a53f311f08cb03bb

ASCII text

apt_apt10.yar

bb26f038a6e7c8dcd21295ec3d098942

ASCII text

apt_apt10_redleaves.yar

70d292fa55d5e8975e78ebd7365740fe

ASCII text

apt_apt12_malware.yar

d9f5223060ebd3d647fd932338e35e81

ASCII text

apt_apt15.yar

7ff37613cab0bf009251e6d54f504cc1

ASCII text

apt_apt17_mal_sep17.yar

beb1b18794192df54eaa75a6c5e1c3f3

ASCII text

apt_apt17_malware.yar

d162f9b663eb807751e62fa0461b86e7

ASCII text

apt_apt19.yar

9c8ebb7bde7aeb5742bf00fe0e9e8b45

ASCII text

apt_apt27_hyperbro.yar

c4ee5387005f432bdc9e1ccc319004f1

ASCII text

apt_apt27_rshell.yar

fd2edf909120ed094f89a3e31f543561

ASCII text

apt_apt28.yar

fa433543cd28759561003c0b26a1fdef

ASCII text

apt_apt28_drovorub.yar

5a15b33d88e68f2a8c726d63a10347b1

ASCII text

apt_apt29_grizzly_steppe.yar

dac2929aa90c584e5e33e8b58761038d

ASCII text

apt_apt29_nobelium_apr22.yar

b0c08ded6c934785821cec7358f97f91

ASCII text

apt_apt29_nobelium_may21.yar

668df62d0c9d1cb839e82330e088ba3c

ASCII text

apt_apt30_backspace.yar

2877e1e7a90d183ebb06c0e52493fabc

ASCII text

apt_apt32.yar

3fa67f89d3e98edd8a272a347a15be93

ASCII text

apt_apt34.yar

8d18276a77676c1ddd536dab0ee4b26d

HTML document, ASCII text

apt_apt37.yar

239d6216bfc8edcd303f6401d72aee5e

ASCII text

apt_apt37_bluelight.yar

619df67982c6f636288944edc5e6a2d7

ASCII text, with very long lines (755)

apt_apt3_bemstour.yar

09949c6b9b0b1fff07ff049bc5cf7b6b

ASCII text

apt_apt41.yar

bcdbdc70503cf7e2794091d15677eda9

ASCII text

apt_apt6_malware.yar

718215659ed2f99b5b0d0bd5362c9201

ASCII text

apt_ar18_165a.yar

a87fa2c7293a08484a9c0ecea9785c59

ASCII text

apt_area1_phishing_diplomacy.yar

f523f2676931a8f54ccb38f010169062

ASCII text

apt_aus_parl_compromise.yar

d3c81982cb8bf693afdade34262e0fcf

ASCII text

apt_babyshark.yar

7870f39b3a565310423ebd0d8c617c2a

ASCII text

apt_backdoor_ssh_python.yar

ec5380bc70890c24755748e7b44f0c06

ASCII text

apt_backdoor_sunburst_fnv1a_experimental.yar

54af49250a677584fd1a2be7f14b27dd

ASCII text, with very long lines (400)

apt_backspace.yar

eb80ebdd63a69c68e5149002ee08d3ad

ASCII text

apt_barracuda_esg_unc4841_jun23.yar

a4d69e1642fdc5456618a95a4c53b59e

ASCII text

apt_beepservice.yar

8c086ad5c99743ea3f23be277737dc96

ASCII text

apt_between-hk-and-burma.yar

416e7f5b8af2a5f4ed775de3711f43b8

ASCII text

apt_bigbang.yar

88e1d7949fab17d03129ca29d5700b3f

ASCII text

apt_bitter.yar

e4fe0e5634f1f3b0b9a64c374ab61e09

ASCII text

apt_blackenergy.yar

a4915d2e27d12ac344f73345af3aa2d4

ASCII text

apt_blackenergy_installer.yar

af6c380b3322d0abfd55f79b4f8d8a8e

ASCII text, with very long lines (960)

apt_bluetermite_emdivi.yar

bcdbb7910004f906170d4c26aa13fd90

ASCII text

apt_bronze_butler.yar

4f45725e32091293511b9cc542dcff28

ASCII text

apt_buckeye.yar

1e8d5dd1db6b6850e553ea314e228ae5

ASCII text

apt_camaro_dragon_oct23.yar

699ca55827a90cdd14099f77290c3bac

ASCII text

apt_candiru.yar

d61c3b45bbbcb12ae929b65c5e5af0b9

ASCII text

apt_carbon_paper_turla.yar

5547a5f84ab13222eea2af2bff521de2

ASCII text

apt_casper.yar

24b5efd0b1495565b3d02219851c896b

ASCII text

apt_cheshirecat.yar

cdbf68815cc1bb4ba46f731fe974963c

ASCII text

apt_cisco_asa_line_dancer_apr24.yar

3b2dcdfa03f90f8e4b3ca31e2fd271b5

ASCII text

apt_cloudatlas.yar

ba34df95ee7b7da1d415d6b2b253517f

ASCII text

apt_cloudduke.yar

d6ba11514f674ad821ed6f405f83bbad

ASCII text

apt_cmstar.yar

935cce46be461371b8068cad3343ea59

ASCII text

apt_cn_netfilter.yar

254caf01adc5820299c697cf3dca88b4

ASCII text, with very long lines (1395)

apt_cn_pp_zerot.yar

1609e4c969d72dcb3912f2143081ef7d

ASCII text

apt_cn_reddelta.yar

38089b0383e03a81d72c6a2ec620d0ad

ASCII text

apt_cn_twisted_panda.yar

7526cfc69bc65a3be0c23abd2cd79c29

ASCII text

apt_cobaltstrike.yar

2edd65bfa780b1a39a8cde439aeea4e6

ASCII text

apt_cobaltstrike_evasive.yar

41a83a96bdaf6b60f0fafee950a44c00

ASCII text

apt_codoso.yar

2ba160fd7eee5c07795f679d7ead7f2a

ASCII text

apt_coreimpact_agent.yar

0356132016052a39fceef1b16af581f9

ASCII text

apt_danti_svcmondr.yar

df6ddc46ee69ea8677360cf4dd5be37f

data

apt_darkcaracal.yar

b222cc9f8b6d975d262454ddb8625b4f

ASCII text

apt_darkhydrus.yar

b353e329ada5fa693e55b967d042f497

ASCII text, with very long lines (494)

apt_deeppanda.yar

886729c3007c2b7854b776b6b6221d77

ASCII text

apt_derusbi.yar

a7541712fa2d95f34fc5985cecc9d313

ASCII text

apt_dnspionage.yar

adf569c539555a8f62a17b2ce43382dc

ASCII text

apt_donotteam_ytyframework.yar

787bdb22ecc63683b8705a5f7a202f13

ASCII text

apt_dragonfly.yar

0823214d8125022db9be786c3dea226a

ASCII text

apt_dtrack.yar

e71cbf535e1cab99806dd0684143d6d4

ASCII text

apt_dubnium.yar

34a0c7869cd3fce490fac7a099306287

ASCII text

apt_duqu1_5_modules.yar

43d3317ccdd8b28a3fe9d52e5bb3b384

ASCII text

apt_duqu2.yar

64ddde07b0e135bd0b11a738e8bde1fa

ASCII text

apt_dustman.yar

0f138242449e12c607e9c6f9c66ca334

ASCII text

apt_emissary.yar

0b761d2973de3cacfee0ca6594565aa0

ASCII text

apt_eqgrp.yar

37cd4b764d393b4820388c018d01987c

ASCII text

apt_eqgrp_apr17.yar

21056e1da85930df04b3d776b1d0bc48

ASCII text

apt_eqgrp_sparc_sbz_apr23.yar

af0e8a69552f432846d224113c635812

ASCII text

apt_eqgrp_triangulation_jun23.yar

5491c68bbd0fc24d8b962ec5774e92a0

ASCII text

apt_eternalblue_non_wannacry.yar

ec69348fcc06e6fd29b4b1bc08bf568a

ASCII text

apt_exile_rat.yar

2f24b48c08ba65af6edf0e71509fcdf8

ASCII text

apt_f5_bigip_expl_payloads.yar

fafe43ec939bf8dbf0bf3adf231a8440

ASCII text

apt_fakem_backdoor.yar

529b94e6928b90742d6128ec1db9fbb8

ASCII text

apt_fancybear_computrace_agent.yar

71d058ead6190765a041cdd60662873c

ASCII text

apt_fancybear_dnc.yar

8d5dc9180e33de25c141dad3a222c114

ASCII text

apt_fancybear_osxagent.yar

a5ca0ca11304791afe1cb2a4237a085a

ASCII text

apt_fidelis_phishing_plain_sight.yar

182027e818541281294bcf4c6dbda554

ASCII text

apt_fin7.yar

42940f152c8b151d27dbfbae2a6da316

ASCII text

apt_fin7_backdoor.yar

e785903ae8660bfab92de01d77749f3d

ASCII text

apt_fin8.yar

f710f1f0ea22c98656eebe5a010d861e

ASCII text

apt_flame2_orchestrator.yar

11f3e953c9cc6858064239624ffa3104

ASCII text

apt_foudre.yar

3b4c0c4c0b3dda42897d08828a916e8d

ASCII text

apt_four_element_sword.yar

73625fbeab902a983435e833a1f80ff6

ASCII text

apt_freemilk.yar

0334aed8dc00110bda582416f2e41a5b

ASCII text

apt_fujinama_rat.yar

0892ef8c1a97b4b4cc94239263c94f3d

ASCII text

apt_furtim.yar

70be08f16cf285bbbfe58d881692256e

ASCII text

apt_fvey_shadowbroker_dec16.yar

df2b078a315febd553929882437c8aeb

ASCII text

apt_fvey_shadowbroker_jan17.yar

397e3fefc239dc240452ce1fd1ea48b0

ASCII text

apt_ghostdragon_gh0st_rat.yar

f2e49b0c8f65ff62358c3bdf8cef6228

ASCII text

apt_glassRAT.yar

359b1559dc029b4a455a74fa10a2433f

ASCII text

apt_golddragon.yar

7c86bc6091f2a81310f775c5f186e373

ASCII text

apt_goldenspy.yar

6eb7735cb20ac73423642106dfb104f5

ASCII text

apt_greenbug.yar

a07227c25bb2dc1460a9baa0ac150aa1

ASCII text

apt_greyenergy.yar

b0fb797975ac75562e485c9b187dcf2c

ASCII text

apt_grizzlybear_uscert.yar

a0786e6d46706e012608ef8a3f1efafa

ASCII text, with very long lines (306)

apt_hackingteam_rules.yar

a9d6a6368664df02cf214a0e063444fc

ASCII text

apt_hafnium.yar

445bfd837108456e4ff0207e43144e05

HTML document, ASCII text, with very long lines (337)

apt_hafnium_log_sigs.yar

f190c9677ce744f484ec90e1cba4925f

ASCII text, with very long lines (909)

apt_ham_tofu_chches.yar

1dd37c95081f5b372d9eb9c719f5d8fd

ASCII text

apt_hatman.yar

18991a795af99297f3931961e6e948cf

ASCII text

apt_hellsing_kaspersky.yar

41b75b29eb3ef266e9046ebefc9d417d

ASCII text

apt_hidden_cobra.yar

8225a3cf8545872576e60133eb44caef

ASCII text

apt_hiddencobra_bankshot.yar

e4f8c7c1ee0f46e158d13eda9b576b0d

ASCII text

apt_hiddencobra_wiper.yar

9f750a9cd63bff765f04af95f5e76c2f

ASCII text, with very long lines (338)

apt_hizor_rat.yar

0fb51d04ca9ac3621deec97bb9e6623e

ASCII text

apt_hkdoor.yar

3a53cf452814260b9612a45af4024b11

ASCII text

apt_iamtheking.yar

95d2aad80d8b76be6788adac6733c906

ASCII text

apt_icefog.yar

6de4b28ea6da80bef83830f8e99949bb

ASCII text

apt_indetectables_rat.yar

eca8b6eaed0c6408b273f11784043db8

ASCII text

apt_industroyer.yar

d6fcd4019887aed86e9d5a504618ef84

ASCII text

apt_inocnation.yar

0259c50d0ad5bf1819f79af1445f781f

ASCII text, with very long lines (555)

apt_irongate.yar

1e1b980617feec8db081415a8e6dc264

ASCII text

apt_irontiger.yar

f4452747ed90bea6c76513ed0d35767a

HTML document, ASCII text

apt_irontiger_trendmicro.yar

c5e8305fd01fce4d4a134e393f2a3333

ASCII text

apt_ism_rat.yar

5f8a4abf1efbe50950c863594230bbcc

ASCII text

apt_kaspersky_duqu2.yar

97044e99eae89440f6430fd297ec0900

ASCII text

apt_ke3chang.yar

58f39ff193ea639f767c5b21512c6d62

ASCII text

apt_keyboys.yar

2165fbc72cec6cb221f0eb9e212d0851

ASCII text

apt_keylogger_cn.yar

09606451c6f8a60ee33e289e0cc7ae8e

ASCII text

apt_khrat.yar

a28678cd26486c1834f608ce1d13af44

ASCII text

apt_korplug_fast.yar

96e1cb5999c3a51ec82f2fbccc1abf9a

ASCII text

apt_kwampirs.yar

0a62fb0d66815b3cc0c3cd1f52191b9d

ASCII text

apt_laudanum_webshells.yar

24e7e12b92ff20644cc09e4f013e9153

HTML document, ASCII text

apt_lazarus_applejeus.yar

e701f5e820958f54a007e48f04850d86

ASCII text

apt_lazarus_aug20.yar

feeebb189fce8e64ecb22f8c084f7549

ASCII text

apt_lazarus_dec17.yar

4234420eb844cd66214db1b013a72db8

ASCII text

apt_lazarus_dec20.yar

0ace9d15a844f1771d2813abb5504568

ASCII text

apt_lazarus_gopuram.yar

20c98f607ffd30dd3f7ae45e6cec0772

ASCII text

apt_lazarus_jan21.yar

f7318c9de900fb01cc4794d6cf33fb64

ASCII text

apt_lazarus_jun18.yar

a77e59e994058a0ac088259dd949be11

ASCII text

apt_lazarus_vhd_ransomware.yar

e5ce352f6218abccb52d64b4c01edc82

ASCII text

apt_leviathan.yar

9cecc251f591eb8af348d9fe86606550

HTML document, ASCII text

apt_lnx_kobalos.yar

099b7723176d862f8a38d5d9bec638d2

ASCII text

apt_lnx_linadoor_rootkit.yar

ad6127ca92fb5e860ba70d8e162fd962

ASCII text

apt_lotusblossom_elise.yar

c984ad471874246b49061c8dd0a8e03f

ASCII text

apt_magichound.yar

828415aff2361fe245e40821e9b6530f

ASCII text

apt_mal_gopuram_apr23.yar

77d630b2977e73c4de4cdb3f13fd41f4

ASCII text, with very long lines (342)

apt_mal_ilo_board_elf.yar

d38bdb7e6db9107231a29ab2bab5a3af

ASCII text

apt_mal_ru_snake_may23.yar

8c7de190d8ff6e4d4750216bb5572186

ASCII text

apt_microcin.yar

36f97fc35041a80bdbecb59fa2f3a74e

ASCII text

apt_middle_east_talosreport.yar

7596cf10b3562cc46ede67c07a89ba19

ASCII text

apt_miniasp.yar

86de676896833ba5be06ba61c98ceb41

ASCII text

apt_minidionis.yar

94d4314afa53fea74db165d505238e77

ASCII text

apt_mofang.yar

26f0a3e36cace2e5c265037679e6d6da

ASCII text

apt_molerats_jul17.yar

25ddf9d11803fcfb6ee1c7095b965c7a

ASCII text

apt_monsoon.yar

04f0dba77e76a300dc4b317e989cc133

ASCII text

apt_moonlightmaze.yar

06c58747b5f1607118c01de9d6821171

ASCII text

apt_ms_platinum.yara

065745fdd9e1f439ab22ea1e59b46696

ASCII text

apt_muddywater.yar

3cfac7eee7b5ae133aff43732dbfa65d

ASCII text

apt_naikon.yar

4a251cde5c63c4c297bb07ca8a8fa5a7

ASCII text

apt_nanocore_rat.yar

e6ddc897c7e800c012e3b9931b877c4e

ASCII text

apt_nazar.yar

d2cd52f30748b55a2de6ba49679a3082

ASCII text

apt_ncsc_report_04_2018.yar

e69810e2d5a7fa5361be0e62dbe707cd

ASCII text

apt_netwire_rat.yar

934e7c875979c134dd902f5d161a07ce

ASCII text

apt_nk_andariel_jul24.yar

db167528381a3b33000f7a000fb8eb42

ASCII text, with very long lines (487)

apt_nk_gen.yar

58c61ed0776035db1611fcac0a20cdef

ASCII text

apt_nk_goldbackdoor.yar

c85acd473234a25c41fc40d77f2f106a

ASCII text

apt_nk_inkysquid.yar

210431bbb7ce02ae689b6a1e4beaac07

ASCII text, with very long lines (755)

apt_nk_tradingtech_apr23.yar

f8f17871784ca670f600b2ecbcd2b425

ASCII text, with very long lines (376)

apt_nobellium_rdp_phish.yar

79a2d3599a70ac02b3c8f9c2f3981786

ASCII text

apt_oilrig.yar

f612165261f1a5be27780dbba550fe62

ASCII text

apt_oilrig_chafer_mar18.yar

9804234457c6b8a32ffff0c72e083026

ASCII text

apt_oilrig_oct17.yar

66b22e0df32f46603f43d3e122bbaaec

ASCII text

apt_oilrig_rgdoor.yar

07a864da54724e3e8911b23294b19cfa

ASCII text

apt_olympic_destroyer.yar

d06c7ffc8692e457eb724959e47f30c6

ASCII text

apt_onhat_proxy.yar

86364590524acedc2b358cc138111393

ASCII text

apt_op_cleaver.yar

352bcb00ad367d8904ee4a9dd1abb2dc

ASCII text

apt_op_cloudhopper.yar

555adddc661ed3396a09ce14a99e39da

ASCII text

apt_op_honeybee.yar

ef837020784aec698fa3d370073821f1

ASCII text

apt_op_shadowhammer.yar

18cedbec78c65ac4fcf7dcdbe4142e63

ASCII text

apt_op_wocao.yar

a9e7c4346add439ce1432d69f4646830

ASCII text, with very long lines (972)

apt_passcv.yar

ee1042e84410bf36535b23d19f8eda7e

data

apt_passthehashtoolkit.yar

b8449d8431a48aef5a74b9f377424ef2

ASCII text

apt_patchwork.yar

1b17757b1088bc2832a74b045f36bc7a

ASCII text

apt_peach_sandstorm.yar

61da0148de9d3745b4e7c85f367e6bbb

ASCII text

apt_plead_downloader.yar

8905ae537f613c21d60e3c67b7831e28

ASCII text

apt_plugx.yar

6b3b0993232be250fefcede016df1e89

ASCII text

apt_poisonivy.yar

c6acb23b26ff9ec62a2f4b16624c0650

ASCII text

apt_poisonivy_gen3.yar

388acabf7d9051c84ecfa57ce7965c45

ASCII text

apt_poseidon_group.yar

8b1664fd78cb85d52861f47a080906cb

ASCII text

apt_poshspy.yar

a4892e24acfffb794a2a278c8ffbbdcf

ASCII text

apt_prikormka.yar

d3d7030a45612abbd6bb0e60558de1fe

ASCII text

apt_project_m.yar

5e91fe7e43fe6c21c9b548e91fcdc818

ASCII text

apt_project_sauron.yara

a9c83fed1d295560a3536d3b3b4940f8

ASCII text

apt_project_sauron_extras.yar

da3391602cd01466e6ad58ccba91f03a

ASCII text

apt_promethium_neodymium.yar

92f8fac3780b73e97cad455b9e6bcb4f

ASCII text

apt_pulsesecure.yar

d55c7713b6d333c8013f5a3924d15eb1

ASCII text, with very long lines (759)

apt_putterpanda.yar

2f17c7fb930a8214f908f1a886beaeed

ASCII text

apt_quarkspwdump.yar

8bad22fedef6ac7ceb10d9bb51194058

ASCII text

apt_quasar_rat.yar

725c6162a3e821238e34e99b2e6b2ea2

ASCII text

apt_quasar_vermin.yar

6c04d759040edf4e9a748f36b98297fd

ASCII text

apt_rancor.yar

b5ed300ba643765dc88ed0f0ab2d5e58

ASCII text

apt_ransom_darkbit_feb23.yar

d1b71a36be331e1af313c8ed886274b5

ASCII text

apt_ransom_lockbit_citrixbleed_nov23.yar

550c8a986b44686f63341849308fec31

ASCII text

apt_ransom_vicesociety_dec22.yar

66759b68bdffad6010ec6c8a5a8fe31a

ASCII text

apt_reaver_sunorcal.yar

aa50bf8c5579c9752ed00f5261329837

ASCII text

apt_rehashed_rat.yar

13a9b0d5ec42f6f1381f8c1c17976534

ASCII text

apt_report_ivanti_mandiant_jan24.yar

35562f90951f3d7ab615f3dbbb008974

ASCII text

apt_revenge_rat.yar

cd574682f5972086ec8302c01ce2e691

ASCII text

apt_rocketkitten_keylogger.yar

8d12ccdea797a5b9fb67ef32d843e403

ASCII text

apt_rokrat.yar

d90a5ca3ae7e38eee733b83c5e166c2d

ASCII text

apt_royalroad.yar

debee858b6631330b1b42d438b6ad340

ASCII text

apt_ru_crywiper.yar

d19a7938d888e27d175de18d165af78e

ASCII text

apt_ruag.yar

7c8b0358bfeb26c2b8a504a3a0241252

ASCII text

apt_rwmc_powershell_creddump.yar

8529cf79fbf67a2bb1c5702fe570d848

ASCII text

apt_sakula.yar

dccdb8fe2cc30b876fa29c3978d68052

ASCII text

apt_sandworm_centreon.yar

0e5ff2f72a92341b7365e774bea7f214

ASCII text

apt_sandworm_cyclops_blink.yar

28c364e39492c065dca83f22b042cb42

ASCII text

apt_sandworm_exim_expl.yar

f8eaf587daa675c087c53195f9f2fd84

ASCII text

apt_saudi_aramco_phish.yar

c489d8e18a6ca02ed2cd3ddf2de959d9

ASCII text

apt_scanbox_deeppanda.yar

62599736e4e2b3c9bb4938a85de8c4d8

ASCII text

apt_scarcruft.yar

f137684a5f59106f796251fe87ce8aee

ASCII text

apt_seaduke_unit42.yar

b76cdf517ff2d559ac975aabaf1e2342

ASCII text

apt_sednit_delphidownloader.yar

0615b9babae2b84fb9693375375965ff

ASCII text

apt_servantshell.yar

5423dbb35393bf6ac3b68e326f82e9fe

ASCII text

apt_shadowpad.yar

41fc14f3f03d32eabd36f4c74314df22

ASCII text

apt_shamoon.yar

c310cc3d194c4da44e376c46252401fe

ASCII text

apt_shamoon2.yar

b965ec733d0df7148a254ad20b4a95ea

ASCII text

apt_sharptongue.yar

8664ea5e01656b0e57b43b8eb0df4d78

ASCII text

apt_shellcrew_streamex.yar

b3c570217f54b9fc153d43f8e8497d42

ASCII text

apt_sidewinder.yar

2a0c4b885d153e44dd1952e57cddcc24

ASCII text

apt_silence.yar

085ca77569c8f5aeb628b97547a2ceca

ASCII text

apt_skeletonkey.yar

a4f125974a1c0820e29add28da195e6f

ASCII text, with very long lines (404)

apt_slingshot.yar

56e407a515ce4c756471e40232c32f97

ASCII text

apt_snaketurla_osx.yar

bfa547f342be70aca83990df596a3d6d

ASCII text

apt_snowglobe_babar.yar

4eb0b652e4bcfe8d17df621ef7b1fd6b

ASCII text

apt_sofacy.yar

b8e40f138423b9a1355c2151a935026a

ASCII text

apt_sofacy_cannon.yar

df27ed7296280eae15036b38e0af5afe

ASCII text

apt_sofacy_dec15.yar

216268bd1c2e43d76480c5398d9177d3

ASCII text

apt_sofacy_fysbis.yar

86ba3bc15461bfa1180ec37bddde65d5

HTML document, ASCII text

apt_sofacy_hospitality.yar

ab0349426283b85013db10b36fddfa65

ASCII text

apt_sofacy_jun16.yar

0018a7c379b8bee139bd5ea45a0cb233

ASCII text

apt_sofacy_oct17_camp.yar

629de02ab70ca3ae095d40e0e83fb1d7

ASCII text

apt_sofacy_xtunnel_bundestag.yar

f81cc98517bca0d2d79d67bd8f064884

ASCII text

apt_sofacy_zebrocy.yar

a77c14502942c211c47c991739da0390

ASCII text

apt_solarwinds_sunburst.yar

d9dfeb6ab287db6faf4ff3e715f8a392

ASCII text, with very long lines (668)

apt_solarwinds_susp_sunburst.yar

495f9a1f717676732fecedc8f92e91af

ASCII text

apt_sphinx_moth.yar

483a5ee4435221ae585f4c562c00bc3d

ASCII text

apt_stealer_cisa_ar22_277a.yar

83926ac5d33f584e99713442e99cf653

ASCII text

apt_stonedrill.yar

03a88e2961da0e0b0f18979f5f0efc3c

ASCII text

apt_strider.yara

70f11a2a07c5b0b0d599b2af86586f3f

ASCII text, with very long lines (353)

apt_stuxnet.yar

316dcc8abf5d5ce486d9590756b4d468

ASCII text

apt_stuxshop.yar

93715d9b35892246df1b25582ece6100

ASCII text

apt_suckfly.yar

3a5b6679b2b3081faa1dae468aa86e5f

ASCII text

apt_sunspot.yar

d257b4f9216ff627a2f7f1c43766c2f9

ASCII text

apt_sysscan.yar

0499912e2debb2527f91c5462092cca9

ASCII text

apt_ta17_293A.yar

5b6e9b5e88d517cd3e8a6a201c82a563

ASCII text, with very long lines (326)

apt_ta17_318A.yar

063ff4aab0c9558805cd3acaee03f5fe

ASCII text

apt_ta17_318B.yar

d3e567e21d6f689a435efa7e5a87f57f

ASCII text

apt_ta18_074A.yar

53078565c63963351346a3e32ae4f041

ASCII text

apt_ta18_149A.yar

1cfeece6b57118687f90a498d48f90a9

ASCII text

apt_ta397_dec24.yar

33014f1357856f308fab2a264d959be4

ASCII text

apt_ta459.yar

f54cc24f8954eccc60fbdde5fba6f29f

ASCII text

apt_telebots.yar

067219f8fd67449399d74e32f73c1f37

ASCII text

apt_terracotta.yar

d55e81e658a105ce64219475a1da6c56

ASCII text

apt_terracotta_liudoor.yar

406aa7ff17dd31a4d77e3e811c285db8

ASCII text

apt_tetris.yar

bd2bc4d619681a17343ded2cc42fb3ff

JavaScript source, ASCII text

apt_threatgroup_3390.yar

48db42b6dde92fa8b1214c06e3fc4fc3

ASCII text

apt_thrip.yar

003549c567c1da1ffb335713f1f5455f

ASCII text

apt_tick_datper.yar

c6509a93d08aae617d576175a9078847

ASCII text

apt_tick_weaponized_usb.yar

ba9ca07f40600d4dc000a1d0f0cc73ec

ASCII text

apt_tidepool.yar

b7ed2abb2ad9a3ae5c846c92d316ce0e

ASCII text

apt_tophat.yar

f23b90bb6c3a21febadfc77bd03932c9

ASCII text

apt_triton.yar

e9fa47da12fb2b5a9b61c35d97a4b3b6

ASCII text

apt_triton_mal_sshdoor.yar

cc02de26162d1aca2647e306ac9c2840

ASCII text

apt_turbo_campaign.yar

10cae51e0b0a1706b543d6c10869b610

ASCII text

apt_turla.yar

958e3c3ce2dde4de94489ea29f1f3966

ASCII text

apt_turla_gazer.yar

956a421baf790c5db27c42cf0bb62467

ASCII text

apt_turla_kazuar.yar

cf93f2d54ff7313997ca5fadd37d5943

ASCII text

apt_turla_mosquito.yar

b36e129b7f94ba5e40e38e6f45f3a448

ASCII text

apt_turla_neuron.yar

942e0321a3beb3a968e0506b3c8127df

ASCII text, with very long lines (360)

apt_turla_penquin.yar

c37758ec9d4a50702171df50f3229662

ASCII text

apt_turla_png_dropper_nov18.yar

1e4c500ad73a992e2018b550f9026803

ASCII text

apt_ua_caddywiper.yar

0e2703ed5a15b56686ec28f1e217e36f

ASCII text

apt_ua_hermetic_wiper.yar

f82e256cf47d4f96a9906c84620fb9d2

ASCII text

apt_ua_isaacwiper.yar

49469c40ffbb3243b06effa33973c7d0

ASCII text

apt_ua_wiper_whispergate.yar

8fb6d79cfab3089e0db341471dbb8d3e

ASCII text

apt_uboat_rat.yar

4f54a198484095fec62897f5d725d335

ASCII text

apt_unc1151_ua.yar

1b2960693c66f9b8b4c6e9f4144964de

ASCII text

apt_unc2447_sombrat.yar

5626cb53f9e65313d8b8a9ccaf9d8fc1

ASCII text

apt_unc2546_dewmode.yar

caefdf83dcb1f5c14d23528650752010

ASCII text

apt_unc2891_mal_jan23.yar

42350c0dd6390751e2cfff9ff8d4dc47

ASCII text

apt_unc3886_virtualpita.yar

86ea1dc35a09f7458b10750eceeb23bc

ASCII text, with very long lines (528)

apt_unit78020_malware.yar

f15c2d6f2ee42fcde7229ead7610a6d6

ASCII text

apt_uscert_ta17-1117a.yar

f17542e03c59edbd2b88c129640b0948

ASCII text

apt_venom_linux_rootkit.yar

7b7fb1bebe134c7b2fd7988340b8758a

ASCII text

apt_volatile_cedar.yar

77b5ee69fd504d92d9f8a59d74cc1303

ASCII text

apt_volttyphoon_versamem.yar

cc5747a8aeaa6d5c3ffa4c952b0877bc

ASCII text

apt_vpnfilter.yar

579d202ebdcc244e7eac14bb65ef90ae

ASCII text

apt_waterbear.yar

00b9b51a17477cc259efa39dbc96e728

ASCII text

apt_waterbug.yar

3ba609e1f515063ab11efde594d666ae

ASCII text, with very long lines (324)

apt_webmonitor_rat.yar

3904df357071bd1a1298e79ed09bf8bd

ASCII text

apt_webshell_chinachopper.yar

af038e1f18b088dfe3fdd0ec7763b10a

ASCII text

apt_wildneutron.yar

092a21fe74c3bdefe5d83cc87674f131

ASCII text

apt_wilted_tulip.yar

75e69b656b7721202aefe59455584de6

ASCII text

apt_win_plugx.yar

d0ba76c444c227e3f92921ec90d51cd2

ASCII text

apt_winnti.yar

2b779320cb5677c512d26129332e9138

ASCII text

apt_winnti_br.yar

898b7854959b06588969e92ba900a89a

ASCII text

apt_winnti_burning_umbrella.yar

51528ce3fb9709073e79293b0a078307

ASCII text

apt_winnti_hdroot.yar

3d04a8b56ac82bb772d82bd2d8a9781f

ASCII text

apt_winnti_linux.yar

ce48966c793be850ccf1c046fc428939

ASCII text

apt_winnti_ms_report_201701.yar

ae36a84366280d42f1eee9e0d3012b43

ASCII text

apt_woolengoldfish.yar

0799bbc69560b0047beb384255e15080

ASCII text

apt_xrat.yar

8d964d730991c6b0c9d5fb049dc2e3a0

ASCII text

apt_zxshell.yar

b6111cf955778ebd41a044c2378e8143

ASCII text

bkdr_xz_util_cve_2024_3094.yar

703ec87122e13cd755a8da1a2d916c7f

ASCII text

cn_pentestset_scripts.yar

1512cc922dc76dbf3c7fe2a0ccecd686

ASCII text

cn_pentestset_tools.yar

f43c373d5d7d622c90c63b954176c186

ASCII text

cn_pentestset_webshells.yar

7c21cb114bd59b362dff97ecf23ab15e

ASCII text

configured_vulns_ext_vars.yar

bbba2e197221bb67351af6fc512b4bf9

ASCII text

crime_academic_data_centers_camp_may20.yar

e90644979900c9f7a9cf2080f44bddfd

ASCII text

crime_andromeda_jun17.yar

cd753c295d4d8a0587b7479f66bec6a4

ASCII text

crime_antifw_installrex.yar

9066330febf50c9802c915f8bfc0c85f

ASCII text

crime_atm_dispenserxfs.yar

3b84aacdf1d4a5bd088861ba7312e4c2

ASCII text

crime_atm_javadipcash.yar

e6ab2cee9cb97d41cc04beffe60f8744

ASCII text

crime_atm_loup.yar

7615e93ad796726f9b6a22da76e6c2dc

ASCII text

crime_atm_xfsadm.yar

3e22e6e88b82a6f06fab5064c8c91fa4

ASCII text

crime_atm_xfscashncr.yar

9dca4d55c094dc2d0b2a6fa084b51ea4

ASCII text

crime_bad_patch.yar

6c53315b4cbed010998ecac6969e75c5

ASCII text

crime_badrabbit.yar

c721073bb70d112cbff957c057577dec

ASCII text

crime_bazarbackdoor.yar

3ce6798d34b011a8d48ff35f1d0a4112

ASCII text, with very long lines (514)

crime_bernhard_pos.yar

fbf05b24f7a883f121b8ccc4b0ff0f1c

ASCII text, with very long lines (404)

crime_bluenoroff_pos.yar

6cae78d09309ecb154f3b0c8b0e4b2e0

ASCII text

crime_buzus_softpulse.yar

29051f5a83717a91fa3f2ddd3de10054

ASCII text

crime_cmstar.yar

c9b6877600ca6e9425eed27825fb2427

ASCII text

crime_cn_campaign_njrat.yar

d5eae7f013249c277736bd9bddf77764

ASCII text

crime_cn_group_btc.yar

7b4f76d14dc7b5aad3ca1316e80ca544

ASCII text

crime_cobalt_gang_pdf.yar

14d8d43439ae0a38ca324f72745c7868

ASCII text

crime_cobaltgang.yar

2c295d90258c10166e26b8bf1e6aa3d9

ASCII text

crime_corkow_dll.yar

7094586fc27f55b7b0847ed14b6c6d1c

ASCII text

crime_covid_ransom.yar

5d4f0eaf6339f71c9344e292b91eb9cb

ASCII text

crime_credstealer_generic.yar

0b6dbc9eaf909a2d0c1f5e1cde8e179e

ASCII text

crime_crypto_miner.yar

d6fd3bb68df61ad471d04281962f6571

ASCII text

crime_cryptowall_svg.yar

431975757009b0a76276e1a490b3363a

HTML document, ASCII text

crime_dearcry_ransom.yar

b332126bf6b7e73a77f4c87dd112ee82

ASCII text, with very long lines (419)

crime_dexter_trojan.yar

79fcd4bca201c0b785164b0b846685f9

ASCII text

crime_dridex_xml.yar

b83556fc47cbef91ddfb8e606802b86b

ASCII text

crime_emotet.yar

595a7643743ddf67dcd1a55d92ccccb8

ASCII text, with very long lines (409)

crime_enfal.yar

2656d39696a545f2eacac15a4b9c073e

ASCII text

crime_envrial.yar

9a13aea10871282c5e5f3d794cfafdc6

ASCII text

crime_eternalrocks.yar

c1b01a28018faab50f64bf54cd57e48f

ASCII text

crime_evilcorp_dridex_banker.yar

681d849b2bb15396e7845776104912fe

ASCII text

crime_fareit.yar

3ae17490bf2dc95b7fa6e0f27fcaa5a1

ASCII text

crime_fireball.yar

82793ad266c336991b96f6b4987dad45

ASCII text

crime_floxif_flystudio.yar

6c30b8c204041d21910d82c4a9780c71

ASCII text

crime_gamaredon.yar

9afec3308388812540be844347f2a573

ASCII text

crime_goldeneye.yar

45682b68d673e4c3d73061321fe79b2d

ASCII text

crime_gozi_crypter.yar

c41f17e3723b8cfc700b73bfb54c331a

ASCII text

crime_guloader.yar

3bded53bc3d18363793766f583034aac

ASCII text, with very long lines (519)

crime_h2miner_kinsing.yar

cc95f53e4eba8d7a90f64d989190c569

ASCII text

crime_hermes_ransom.yar

5a3b2704ff7a3a1289153969e7054b3d

ASCII text

crime_icedid.yar

3fd5c9001ba52a7c47147d154f34c366

ASCII text

crime_kasper_oct17.yar

79cb427bbc8b77f60d6114c91032d130

ASCII text

crime_kins_dropper.yar

0281f6231f915f38a415b0f0835d4a16

ASCII text

crime_kr_malware.yar

1adfead70dd6bd1941738212bb0f224f

ASCII text

crime_kraken_bot1.yar

85bb8f8d67ee052c0172b498823cda51

ASCII text

crime_kriskynote.yar

1723c99f6fd53135e8b3531f73d19b66

ASCII text

crime_locky.yar

d7442fff2e444c5ee812e99211327069

ASCII text

crime_loki_bot.yar

7bd5a107174d67e0886c5dbdb777884c

ASCII text

crime_mal_grandcrab.yar

e74aad04c6cd5c1e812edc95124749f1

ASCII text

crime_mal_nitol.yar

88685b782616e8bfb82c0652868ad83e

ASCII text

crime_mal_ransom_wadharma.yar

a178afa8f238c037e2a7a64b5fad91c3

ASCII text

crime_malumpos.yar

fa2d69ce0c76f1decce2a0435a93aa2d

ASCII text

crime_malware_generic.yar

b8d9c0994ff0d69ac84d743d843f6479

ASCII text

crime_malware_set_oct16.yar

caac6321363372ae67e640bb7fdece49

ASCII text

crime_maze_ransomware.yar

2232133fd520896a35f2c258868d4bce

ASCII text, with very long lines (560)

crime_mikey_trojan.yar

f7fcc42f7a2f88093ef433c44bde832a

ASCII text

crime_mirai.yar

48af4186d21041245ed12fb3abc8262f

ASCII text

crime_mywscript_dropper.yar

61732e6d94bedd9b8bebbf721c8a137e

ASCII text

crime_nansh0u.yar

c31f0ea9a3f9e92fa4e03a261ae379bd

ASCII text

crime_nkminer.yar

33c59447c3cfcbb77f6b44d84928c686

ASCII text

crime_nopetya_jun17.yar

d70bc0ca4f7a2cd056e7697169428756

ASCII text

crime_ole_loadswf_cve_2018_4878.yar

26188fc53b0ced98c56d5991cf878ba1

ASCII text

crime_parallax_rat.yar

95a4c248bf8c998b2cf9f7da3719929c

ASCII text, with very long lines (766)

crime_phish_gina_dec15.yar

c387b234fe2f58be15ea464bd7c04d19

ASCII text

crime_ransom_conti.yar

0e96749ca0e96813aafa837707f41209

ASCII text

crime_ransom_darkside.yar

11869959e96253170b4c189c4c32de71

ASCII text, with very long lines (424)

crime_ransom_generic.yar

5b111910ae10982e87e7a12d1af21507

ASCII text

crime_ransom_germanwiper.yar

2340ecbb0fa67e8b87d53c278e3f15b8

ASCII text

crime_ransom_lockergoga.yar

8739d5f91863d88f8c8c5b725bf36898

ASCII text

crime_ransom_prolock.yar

af6473e3030da94f4747675158d6bc94

ASCII text

crime_ransom_ragna_locker.yar

d6cf63081382cb254d098739d38d0461

ASCII text

crime_ransom_revil.yar

5dcc7914d6ab38b9aa2d7ccd84c7ae77

ASCII text

crime_ransom_robinhood.yar

6a8f3ef5ec64aca3f0774ef485197eff

ASCII text

crime_ransom_stealbit_lockbit.yar

a52c1e384e4c168b90c9801fb9fce521

ASCII text

crime_ransom_venus.yar

e80cdd268cc19ebffff105e21523b5aa

HTML document, ASCII text

crime_rat_parallax.yar

e14ac3e5cbfefbe2e6954774a1ebe8b8

ASCII text, with very long lines (533)

crime_revil_general.yar

8f0ebfb0a79069e80c2501c7195330ef

ASCII text

crime_rombertik_carbongrabber.yar

4581976901210f783a356b6012ab3720

ASCII text

crime_ryuk_ransomware.yar

58d7b9deeff64b48aed8f3e7331b3e4d

ASCII text

crime_shifu_trojan.yar

a7fae0aac666f5111554e282ede5c5bb

ASCII text

crime_snarasite.yar

e22715c6da6adcb53e3f8016a3b38374

ASCII text

crime_socgholish.yar

9722a11777f5d27be55470bf00e398ae

Unicode text, UTF-8 text

crime_stealer_exfil_zip.yar

6f6f481bc0d6e2d61286a0e03c8d87f7

ASCII text

crime_teledoor.yar

5b2426c94c85349060b3d1afe0731951

ASCII text

crime_trickbot.yar

955e02202f3f11385d5bc72e5d538f0b

ASCII text

crime_upatre_oct15.yar

fc02bd6f02edb4516c25520239e5a08e

ASCII text

crime_wannacry.yar

26df39e20a79b92962762363655ede84

exported SGML document, ASCII text

crime_wsh_rat.yar

d2e341c1aae292b6e3919526af7f2351

ASCII text

crime_xbash.yar

259b4d86f0f01e2ea8e17c6afc4a7091

HTML document, ASCII text

crime_zeus_panda.yar

4a7c7d212c00555ce2bacab8ddd7fe90

ASCII text

crime_zloader_maldocs.yar

2b60ae65e5eb24feafd74c0a665a170a

ASCII text

expl_adselfservice_cve_2021_40539.yar

cbb3773dcf05a7df81271e912903bafb

ASCII text

expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar

dbcc2dcbbeafa34232df608f8787ecc0

ASCII text, with very long lines (354)

expl_cleo_dec24.yar

1f01b700a9653bb2ff68dc69fe2644cd

ASCII text

expl_connectwise_screenconnect_vuln_feb24.yar

6b41c69f3911babb45a8f729ebcccde8

ASCII text

expl_cups_sep24.yar

f94ff504d23876b71318ea9ba07d67ca

ASCII text

expl_cve_2021_1647.yar

dd88e7a6176d55873eac10b5de3de718

ASCII text, with very long lines (1134)

expl_cve_2021_26084_confluence_log.yar

7571e854412af7b086e4e0c9cfec0db7

ASCII text

expl_cve_2021_40444.yar

79ec7bf461732616949244b0824dcd47

ASCII text

expl_cve_2022_41040_proxynoshell.yar

44ba519da0fe4e670d4a5387648904ab

ASCII text

expl_cve_2022_46169_cacti.yar

a7a8dc62cdbd4c290b3dd35d0ea2935b

ASCII text

expl_ivanti_epmm_mobileiron_cve_2023_35078.yar

6af0a58e16e5cc90f6cb55f996901edf

ASCII text

expl_keepass_cve_2023_24055.yar

fcf3542acd7ef15747a1d0327dfa5de2

ASCII text

expl_libcue_cve_2023_43641.yar

e35bd881a90385e85e1a0c6619221ced

ASCII text

expl_libssh_cve_2023_2283_jun23.yar

829c048f07c6621eee6aac94138e62f3

ASCII text

expl_log4j_cve_2021_44228.yar

e7e051859857d09aec33088b1c4dadf7

ASCII text, with very long lines (450)

expl_macos_switcharoo_dec22.yar

2a7ffd127259b0ce74ff1d60b44278d5

ASCII text

expl_manageengine_jan23.yar

bb4408e96a9f32c64e9f4660a0a64ae6

ASCII text

expl_outlook_cve_2023_23397.yar

d11eacf9cc11cc0f9036848224b8c519

ASCII text

expl_outlook_cve_2024_21413.yar

3116394442366264ab5378def42062b0

ASCII text, with very long lines (382)

expl_proxynotshell_owassrf_dec22.yar

24be9624715e614fe1b7b3bf4c00ee9e

ASCII text

expl_proxyshell.yar

7c246b00be221c1057d9ba72eda29fe9

ASCII text

expl_sharepoint_cve_2023_29357.yar

0f098739390b8fa1f49764935f1094ed

ASCII text

expl_spring4shell.yar

f6cb00fd6cb86ffb557420d487cb433d

ASCII text

expl_sysaid_cve_2023_47246.yar

0f4e2e3cf7e00b5a2ddd424d2a682103

ASCII text

expl_teamcity_2023_42793.yar

6c85e2ffc4a377209020d10682f4ab5f

ASCII text

exploit_cve_2014_4076.yar

4edb4bb188588817fbea8d81c72017a1

ASCII text

exploit_cve_2015_1674.yar

6a00d3a35e55fcbbb24c506c1a85abdc

ASCII text

exploit_cve_2015_1701.yar

6619c9b9f32bec8626e9e842cbe869fa

ASCII text

exploit_cve_2015_2426.yar

cd2ef52c1812c5cd6e78efe8eb8cb331

ASCII text

exploit_cve_2015_2545.yar

46b6618cffb93833af2659c194b3f5a7

ASCII text

exploit_cve_2015_5119.yar

eb5b8ca1fb11835eca97d86802c0a60b

ASCII text

exploit_cve_2017_11882.yar

75b357f521047abc24a96cfa738bedb9

ASCII text

exploit_cve_2017_8759.yar

17ea7f10abef7e885859c3fd68a715b9

ASCII text

exploit_cve_2017_9800.yar

e92dc3c16d421d67439cec3af1ce073e

ASCII text

exploit_cve_2018_0802.yar

b63a61ce4c2cc5debca9b1186d2b4f0d

ASCII text

exploit_cve_2018_16858.yar

4e73431ea2d61601ec0e1c93347cc539

ASCII text

exploit_cve_2021_31166.yar

1c5d79305e56fb4297a5858341eb22b4

ASCII text

exploit_cve_2021_33766_proxytoken.yar

a60700c77f9ee0dcda96b99620ca91f6

ASCII text

exploit_cve_2022_22954_vmware_workspace_one.yar

b7be1e31a1350e22e046c92d5dfc0220

ASCII text

exploit_cve_2023_38146.yar

8df09b11b2d26049db07b0326a253b3b

ASCII text

exploit_f5_bigip_cve_2021_22986_log.yar

b486f55e91dc8cd34e7665ca0e815148

ASCII text

exploit_gitlab_cve_2021_22205.yar

f46828921129228ecba60c291688077f

ASCII text

exploit_rtf_ole2link.yar

71069a39f069c6e3ace604932426185f

ASCII text

exploit_shitrix.yar

4eb27c44711c15b989522288390bc895

ASCII text

exploit_tlb_scripts.yar

cdb64670f4f5d6813ad9391e022968dc

ASCII text

exploit_uac_elevators.yar

fa95e6fe6ba4c0ff1740eb77bf6ac5f5

ASCII text

gen_100days_of_yara_2023.yar

09115f99e1d06028ca04a426a98cedc4

ASCII text

gen_Excel4Macro_Sharpshooter.yar

3643d86f67621771418a4dcaca5e6248

ASCII text

gen_ace_with_exe.yar

16c7a950179da1c6e938d3e4eda179e6

ASCII text

gen_anomalies_keyword_combos.yar

c199df287f5bca71b010fb46810d6e98

ASCII text

gen_anydesk_compromised_cert_feb23.yar

f89722aa83aca23efa41994def0fae9b

ASCII text, with very long lines (309)

gen_armitage.yar

b0759a89d1d0a0c8fe5afb72cc854e6d

ASCII text

gen_autocad_lsp_malware.yar

89a29be289c227e8bacd27d7c278532a

ASCII text

gen_b374k_extra.yar

ebe390aa6615b24b293c60ecf405c5ff

ASCII text

gen_bad_pdf.yar

b79945e64f7897e927af0ce53680b734

ASCII text

gen_brooxml_dec24.yar

07c324263054b03315a245f623264b78

ASCII text

gen_case_anomalies.yar

6903985a298dd2041a6020c741b3d3b8

ASCII text

gen_cert_payloads.yar

c00c31ae9d758f89ca95f0228215ce01

ASCII text

gen_chaos_payload.yar

560ade36da05a295df648ba70df73dd9

ASCII text

gen_cmd_script_obfuscated.yar

05cbf69a4a89672733a630d8ccef605b

ASCII text

gen_cn_hacktool_scripts.yar

caaee5c278609b3b663292502276db0f

ASCII text

gen_cn_hacktools.yar

513fe25bea16de2b1f78377e65358c8e

ASCII text

gen_cn_webshells.yar

43b3bd9eb8820abc321d7133273cc917

HTML document, ASCII text

gen_cobaltstrike.yar

dd89a8d85f88a31e6887e4b3f044c3a2

ASCII text

gen_cobaltstrike_by_avast.yar

bf65dea9bd05d55e969ce7b07f8e16e0

ASCII text

gen_crime_bitpaymer.yar

144cde64f09029149ab5db188553c718

ASCII text

gen_crimson_rat.yar

c6c5c2650b834a51124f9a9fa98c9856

ASCII text

gen_crunchrat.yar

4325ef907fce1d27e6a30e1467c67d7e

ASCII text

gen_dde_in_office_docs.yar

e2a3b0b5f03faf9dfc3ed3dba95217cb

ASCII text

gen_deviceguard_evasion.yar

f19e7d3fbbe6d24567381f184292c2f5

ASCII text

gen_doc_follina.yar

8ef5b749b1b17ee61d7ed4aa8adfc2c5

ASCII text

gen_dropper_pdb.yar

33edd94efd83bd6c09e41ab4d145b248

ASCII text

gen_elf_file_anomalies.yar

c25ae31c5860e98918d5bee5cebed5b7

ASCII text

gen_empire.yar

f040d5a14e90bcd99a082eaba33829bc

ASCII text

gen_enigma_protector.yar

b1842b1ca304a25e244532d54fe19076

ASCII text

gen_event_mute_hook.yar

d747e13a2b4c40c348fa58e70e29d61c

ASCII text

gen_excel_auto_open_evasion.yar

d1479306211cfed050f256fc4dea41d8

ASCII text

gen_excel_xll_addin_suspicious.yar

376390686e71a22eb65e777727eb439e

ASCII text

gen_excel_xor_obfuscation_velvetsweatshop.yar

e11e5f5ddd32080116a5c1db87952127

ASCII text

gen_exploit_cve_2017_10271_weblogic.yar

90e898d2bcfcfa99a9ddcd3037c73949

ASCII text

gen_fake_amsi_dll.yar

09a609a566df6db8db9102990a058a23

ASCII text

gen_faked_versions.yar

8f38cbba8769b9c87b3f93001e45e0f2

ASCII text

gen_file_anomalies.yar

19bab7c6646f3683bd107e98d6d9788a

ASCII text

gen_fireeye_redteam_tools.yar

e7a561b4920f1c50d9f5da429dcb0b7e

ASCII text, with very long lines (3182)

gen_floxif.yar

d9e61db5addc0aa50cfce958a0138b4c

ASCII text

gen_frp_proxy.yar

743d298c3aa7ef176ac68d6a2959756f

ASCII text

gen_gcti_cobaltstrike.yar

6afc3141f06a3581e1164f623e7fa139

ASCII text

gen_gcti_sliver.yar

3a81472ea70c210d8aa44e44ea0c6b78

ASCII text

gen_gen_cactustorch.yar

b44103f584b724211b2d2f2918430358

ASCII text

gen_github_net_redteam_tools_guids.yar

377d19a6d9bc387f7f821aceef36346a

ASCII text

gen_github_net_redteam_tools_names.yar

5350f4ab916cefdc70675b5223c81744

ASCII text

gen_github_repo_compromise_myjino_ru.yar

3de5cade877597af3b3e7da1a1a9bf81

ASCII text

gen_gobfuscate.yar

1c47606dc89e483c2bcbff2aa4689a93

ASCII text

gen_google_anomaly.yar

7f240779dac682c6b9ab2db02bca88c0

ASCII text

gen_gpp_cpassword.yar

1737701c45af36a341a5f218d8b24815

ASCII text

gen_hawkeye.yar

cfdac22dda1416ec6719e5d2fed9a457

ASCII text

gen_hktl_koh_tokenstealer.yar

89c014751650309a47e512f61760b817

ASCII text

gen_hktl_roothelper.yar

fd465ad031de91ec7381f1f41c6b0806

ASCII text

gen_hktl_venom_lib.yar

b72f26916b3350113bc008b52b3a62a5

ASCII text

gen_hta_anomalies.yar

074316b3276e841ecebb4fc70f88028b

HTML document, ASCII text

gen_hunting_susp_rar.yar

ad25e9cb6d0120b4ad597d4f549e1a77

ASCII text

gen_icon_anomalies.yar

868663bbb205b7e043871f1031faeb7e

ASCII text

gen_impacket_tools.yar

a1e70485ee63c042cc58defb70507c76

ASCII text

gen_imphash_detection.yar

6c416b93948bb51639f475b405e7560e

ASCII text

gen_invoke_mimikatz.yar

b3f92d041364be009e9aff91c8615db7

ASCII text

gen_invoke_psimage.yar

218c941e0ba20500b2e1ac2f60020d0e

ASCII text

gen_invoke_thehash.yar

df604adb6035647d224affaa04bbd091

ASCII text

gen_javascript_powershell.yar

b86ad58e04f313c226d6b427ac3f3105

ASCII text

gen_kerberoast.yar

38d3b1010fb10b8f753db9ef30c15fd6

ASCII text

gen_khepri.yar

74394d924407a5fc6d7669d3ef66175d

ASCII text

gen_kirbi_mimkatz.yar

c4320f6c1b5ba3ee3e7a6278ed1862f3

ASCII text

gen_lnx_malware_indicators.yar

20735aece8f73fe70186f58fe7a9bb5c

ASCII text

gen_loaders.yar

e4af44e013fd61b6769b22d3cdb16bd0

ASCII text

gen_macro_ShellExecute_action.yar

4a36f52b7bad12910bc3ef3b74215714

ASCII text

gen_macro_builders.yar

de0c5374e21f8e542eead457cb130602

ASCII text

gen_macro_staroffice_suspicious.yar

ba31cd3ae9186acc63d379198d35b248

ASCII text

gen_mal_3cx_compromise_mar23.yar

b60e93ae2f97a4d082879c9a56162c2a

ASCII text, with very long lines (329)

gen_mal_backnet.yar

289fddeafbe452ada944c2bfd3f3a1fe

ASCII text

gen_mal_link.yar

a4f30625aade94373adcc222dbd1c9f6

ASCII text

gen_mal_scripts.yar

02709667c0aba8879d69d3f4e8c62723

ASCII text

gen_maldoc.yar

27aee7a87e5607c915933d8c3c1e8cdf

ASCII text

gen_malware_MacOS_plist_suspicious.yar

7b071350490174c99c5bfec33af6be8a

exported SGML document, ASCII text

gen_malware_set_qa.yar

051f1b1c90b3b950ecfa92673755b0a6

ASCII text

gen_merlin_agent.yar

cb56da4f197d67773d47d2d41c155e3a

ASCII text

gen_metasploit_loader_rsmudge.yar

78c77bfb344c5e0defb9a55ce9a98678

ASCII text

gen_metasploit_payloads.yar

e48543ff5959e321d26a4c72c3bf3d85

ASCII text

gen_mimikatz.yar

5dbb431911293aac591f902be3931030

JavaScript source, ASCII text

gen_mimikittenz.yar

863c3369c586f9d5846e05ed192b6175

ASCII text

gen_mimipenguin.yar

1394cc84fa80066841c675fe7c924f75

ASCII text

gen_net_xorstrings.yar

81ce5a1895f6866709cc0b45c0ff9dca

ASCII text

gen_nighthawk_c2.yar

cc8f68e47603d137e69e47e83001f6f4

ASCII text, with very long lines (478)

gen_nimpackt.yar

da2e4b20b8f8792826f5a7d459cf8f8e

ASCII text

gen_nopowershell.yar

ba10f08c803f8bc22ea61a8a887c4f6e

ASCII text

gen_nvidia_leaked_cert.yar

c59803dc0fbf0c241452413b4471c26a

ASCII text

gen_onenote_phish.yar

aa9b0645ce0d69ec6daed52aa69051d8

ASCII text

gen_osx_backdoor_bella.yar

2b9a0eeb1aedbe7dfbf341814b6705ec

ASCII text

gen_osx_evilosx.yar

07a02677ab4c6d4a2d957c934e58190a

ASCII text, with very long lines (339)

gen_osx_pyagent_persistence.yar

7624559fe3944b60605e384c63b184a6

ASCII text

gen_p0wnshell.yar

9725ba3eff70e212b0a53cd64f034745

JavaScript source, ASCII text

gen_phish_attachments.yar

3877fb772988ae7750211b21d7ef19d5

ASCII text

gen_pirpi.yar

3669a25414607bf27e643eb5d79b7ff2

ASCII text

gen_powerkatz.yar

7898b65f75087b7e45f39b8f4eeaf5e6

ASCII text

gen_powershdll.yar

8e71d0ebafa94b0fc45dd9fa00a52549

HTML document, ASCII text

gen_powershell_empire.yar

480c4fced01f74a00a71c9f7bb2fb82b

ASCII text

gen_powershell_invocation.yar

739ef191efe079b123b2602039290e5a

ASCII text

gen_powershell_obfuscation.yar

c87b128cdfdbc62da165fa00cb362852

ASCII text

gen_powershell_suite.yar

b775258e3c31e75d5db2e8e39a92007c

ASCII text

gen_powershell_susp.yar

168b6dd9da40f10b3b4e135af6724596

ASCII text

gen_powershell_toolkit.yar

c7cca579eb12384de9d25a234d976583

ASCII text

gen_powersploit_dropper.yar

b18e3f4930ecb2c6ad80ad20eb80a585

ASCII text

gen_ps1_shellcode.yar

f12150e0c0bfaba551b9082de1a616dd

ASCII text

gen_ps_empire_eval.yar

bb7c0be690b2ecb62f371b79fe3ca402

ASCII text

gen_ps_osiris.yar

9331d92af7869168d6ea497edce55527

ASCII text

gen_pua.yar

93407dfaed1bed6dca7bef9dd98661e8

ASCII text

gen_pupy_rat.yar

c5012e69f986e57d268081de2546b534

ASCII text

gen_python_encoded_adware.yar

0b06b4a81bbcac0abb396cd438383e3a

ASCII text

gen_python_pty_shell.yar

fd59b0de74e2a9c82f842d43eed65bf3

ASCII text

gen_python_pyminifier_encoded_payload.yar

95a9c4a69a2ba2e6bc6788a1fa571c8b

ASCII text

gen_python_reverse_shell.yara

c94ab6e357352d4ea764cff53b3ee386

ASCII text

gen_qakbot_uninstaller.yar

4f0e28a545ed4b57cc719397aa2e9bc3

ASCII text

gen_rar_exfil.yar

9f9fbf3f95e57830702b79f40822f568

ASCII text

gen_rats_malwareconfig.yar

963447b80a5eb325497277544e9d1114

ASCII text

gen_recon_indicators.yar

df1064d62a8dfdbd22d28a5a1eaca9f3

ASCII text

gen_redmimicry.yar

b3dfa3b21044064e4123939a376cb824

assembler source, ASCII text

gen_redsails.yar

e028b96a81c6fb47df2d172b11e9d897

ASCII text

gen_regsrv32_issue.yar

8f38cbba8769b9c87b3f93001e45e0f2

ASCII text

gen_remote_potato0.yar

2205a6767c822d966a0ad959976994d9

ASCII text

gen_rottenpotato.yar

c2fa47f2ba373188ef136b6ddf60aa9b

ASCII text

gen_rtf_malver_objects.yar

e70a06885bbab027b73aecde82541c2a

ASCII text, with very long lines (755)

gen_sfx_with_microsoft_copyright.yar

40e754e4aeaa9f8b105b58a850158756

ASCII text

gen_sharpcat.yar

4558044dbbaa06b487bb7be11371ffdc

ASCII text

gen_shikataganai.yar

6802c3a0e4e63812df7b9c65056938c6

ASCII text

gen_sign_anomalies.yar

11d19120e3d34a5ac7b0f6f34cf9c969

ASCII text

gen_solarwinds_credential_stealer.yar

e566f0854b9e0907e7468e04845d0cf2

ASCII text

gen_susp_bat2exe.yar

353ceb56d1a7baa9d0053c565317787a

ASCII text

gen_susp_bat_aux.yar

b7c0fa98d18704ebc700601f586e9cee

ASCII text

gen_susp_cmd_var_expansion.yar

d15866b78b37c9c932125d3e90b7edf6

ASCII text

gen_susp_hacktool.yar

07e04991b460d3bea71a4be3411e2bf6

ASCII text

gen_susp_indicators.yar

bc77a13cb5cafff87fbd29e2e9df2290

ASCII text

gen_susp_js_obfuscatorio.yar

785327500bd1a2f1b2240909f2467adf

JavaScript source, ASCII text

gen_susp_lnk.yar

6af21738495f1e86ee636bb7540cea7c

ASCII text

gen_susp_lnk_files.yar

9d0a10418c382f91bd4cc5071c5572e7

ASCII text

gen_susp_net_msil.yar

f74ba8d541b078d64b3a77fe0c1c970b

ASCII text

gen_susp_obfuscation.yar

66f3ecc95cb99fac523300768349879c

HTML document, ASCII text

gen_susp_office_dropper.yar

5ca6ee0b1f4eb992fedc9f38897e3494

ASCII text

gen_susp_ps_jab.yar

6656c42f8daf8e88a909c1d7c65a4340

ASCII text

gen_susp_sfx.yar

3712763011f57f730a1448af3e4b487f

ASCII text

gen_susp_strings_in_ole.yar

eae413c43c39055c1b03e199cb751113

ASCII text

gen_susp_wer_files.yar

e2a90f9514a690afeba094d41cabbb4b

ASCII text

gen_susp_xor.yar

a2f14fd6c5f6631b7bf6b1c042edb7eb

ASCII text

gen_suspicious_InPage_dropper.yar

c5b4b593c0ead2de17e4480485e12cf7

ASCII text

gen_suspicious_strings.yar

1c5ea8634faa664968436a870ab56d88

ASCII text

gen_sysinternals_anomaly.yar

caf46c334f8d1b155954463c81ee0ebc

ASCII text

gen_tempracer.yar

df6fac84713dfcf692ddb5de1c8a58bc

ASCII text

gen_thumbs_cloaking.yar

8f38cbba8769b9c87b3f93001e45e0f2

ASCII text

gen_transformed_strings.yar

224c14bb682feb787a907930422cbe26

ASCII text

gen_tscookie_rat.yar

4b57361f3e298506b6164cb3967cdd6a

ASCII text

gen_unicorn_obfuscated_powershell.yar

9ddebad74c90d94fd6673250f7f137fa

ASCII text

gen_unsigned_thor.yar

b4b758e36b8661272220212587efd159

ASCII text

gen_unspecified_malware.yar

00f168f43e2ab4fdf7312f389b640184

ASCII text

gen_url_persitence.yar

8b93b842879edc97a6e73ad69b1023c9

ASCII text

gen_url_to_local_exe.yar

dfcb8360010af98aba1479e5f9660e9b

ASCII text

gen_vcruntime140_dll_sideloading.yar

45c9657196a042218bd706ae40aca49b

ASCII text

gen_vhd_anomaly.yar

0a77554415bd10b017e8c21e9a1358d3

ASCII text

gen_webshell_csharp.yar

7e3cfcd923e915819a6c7ed2dc00e5da

ASCII text

gen_webshells.yar

b30b8e4d23bf94b20176f986b0559b15

ASCII text

gen_webshells_ext_vars.yar

7aa2d33b7eee829969cc06ba6dab6f4e

HTML document, ASCII text

gen_win_privesc.yar

f32b165ebcc0f625fb43a05f93c6c7f2

ASCII text

gen_winpayloads.yar

f0387463e55f2bf7fcefa8b704c128ee

ASCII text

gen_winshells.yar

e4970d5e193fcec0dbb7846a7c9a210d

ASCII text

gen_wmi_implant.yar

82ccc02c52c8490b85cc6578fe2b6067

ASCII text

gen_xor_hunting.yar

33d46cd0d5e04d59492469375e3d42a3

ASCII text

gen_xored_pe.yar

175d781545b45db9c1457c1bef4efada

ASCII text

gen_xtreme_rat.yar

6610a9de4b1212f17cc2e9ed0c574b92

ASCII text

gen_ysoserial_payloads.yar

3e62203916ef6b07d4b3b947104c6b1c

ASCII text

gen_zoho_rcef_logs.yar

f2178abb5ad22d2971b22fb86baa4b89

ASCII text

general_cloaking.yar

b562940c4a9239b5f33935ab54b91bb5

ASCII text, with very long lines (314)

general_officemacros.yar

49b067a746cf6510dc66dc1bb71e06f4

ASCII text

generic_anomalies.yar

784759f2def8e65d361f22b439e68725

exported SGML document, ASCII text

generic_cryptors.yar

c7fcfab79a284bc087eab51fe956ec5a

ASCII text

generic_dumps.yar

2db72ff883cc49775a3e484f10387f34

ASCII text

generic_exe2hex_payload.yar

00627b291709a56a8fa0fe65994feda8

ASCII text

hktl_HvS_nfs_security_tooling.yar

06d056d619713afa3c659ecccea1dff6

ASCII text

hktl_bruteratel_c4.yar

15d557f4049c581fcc1c6220af52ffeb

ASCII text

hktl_bruteratel_c4_badger.yar

86a20367629f4d95b528e88f221eb9e6

ASCII text

hktl_natbypass.yar

b3375408c273d5d699a48139e2307e6f

ASCII text

log_teamviewer_keyboard_layouts.yar

83bb6f4338e5fe7bc42149c12d9b1a22

ASCII text

mal_avemaria_rat.yar

0bdd2f16b011b5a2356ae531ce587647

ASCII text

mal_bibi_wiper_oct23.yar

7d60f5381a1edb9792db5b6531171c12

ASCII text

mal_codecov_hack.yar

b06ccbcd5bd94ee06d642d3851a9d34e

ASCII text

mal_crime_unknown.yar

458fa863a2c1d00ea9f44f01f893755e

ASCII text, with very long lines (447)

mal_cryp_rat.yar

102ceea5b1230f7649bae202682648ae

ASCII text

mal_ducktail_compromised_certs_jun23.yar

3cfd83f8ea682ff5d1a0c781c1ab3e41

ASCII text

mal_efile_apr23.yar

4454fe13ac791aaa43cc189ac3254154

ASCII text

mal_fake_document_software.yar

61dc48be50c606a753c63924c263d421

ASCII text

mal_fortinet_coathanger_feb24.yar

d90f312735a89b5c2b742c782332b2e8

ASCII text

mal_go_modbus.yar

2af30182e07cdec0b13ad5541d93a5e2

ASCII text

mal_inc_ransomware.yar

0ef5c545553cea059621575c1dc8c6b0

ASCII text

mal_lnx_barracuda_cve_2023_2868.yar

42e50b51c9f9c2ebac880d8c6ac278f3

ASCII text

mal_lnx_implant_may22.yar

821787f9205a9c8c3b3dbc828a1c8bce

ASCII text

mal_lockbit_lnx_macos_apr23.yar

f383d45f39d80409b466bc741718bde9

ASCII text

mal_netsha.yar

298f29aadfc2a31185f516a65baee903

ASCII text

mal_passwordstate_backdoor.yar

8751be03e4487e396cde802f0eb939bc

ASCII text

mal_perfctl_oct24.yar

73b84774dfa288b3354834e68ab060ef

ASCII text

mal_qbot_feb23.yar

e72ba9bc24a12e989bc8dead5321568d

ASCII text

mal_qbot_payloads.yar

9c386eb7160a301cc8e11215b9c11a62

ASCII text

mal_ransom_esxi_attacks_feb23.yar

5c680a531269fbcfdbb4e02819ba815c

ASCII text

mal_ransom_lorenz.yar

d8021422e961976e80bc56648c60dc71

ASCII text

mal_ru_sparepart_dec22.yar

cb82039e2ace812e861e8b69fbc3cd48

ASCII text, with very long lines (397)

mal_sophos_pygmy_nov24.yar

74a36661dd1d05b9a8f5c36b8c143790

ASCII text

mal_xlogin_nov24.yar

fc3e4f54cbb67d315bbb3123c00c7adf

ASCII text

mixed_open_source_export.yar

dfe3f3c337cd3bd6a190283afbfe6860

ASCII text

pua_cryptocoin_miner.yar

e73edeee16dd3ff36fb83af66ea11581

ASCII text

pua_xmrig_monero_miner.yar

b32790f36c8a22bdf338d71dbb89cb4c

ASCII text

pup_lightftp.yar

3edb3bcff9a84888937fd001f05ef81b

ASCII text

seaspy_backdoor_jan25.yar

50f1c6efd45c749f3efdd61d1e710c47

ASCII text

spy_equation_fiveeyes.yar

83a787747da773479312d9efe6082cf1

ASCII text

spy_querty_fiveeyes.yar

ace2af19cd615224e35a4ce7bae34913

ASCII text

spy_regin_fiveeyes.yar

79a137f486d3db31a00e7c4f599b0ed6

ASCII text

susp_bat_obfusc_jul24.yar

548831cd7a9136870feaba66d760014e

ASCII text

susp_vulndriver_hp_hardware_diagnostics_etdsupp_may23.yar

3659a5c72f2e035316e0eac7542934f9

ASCII text

thor-hacktools.yar

5682a1c1a05619c4a57f089e4811a84d

ASCII text

thor-webshells.yar

5770c8034da9717dc49c9c4f9e89bb76

HTML document, ASCII text

thor_inverse_matches.yar

1e69195127bb52a0d5bfcb49881e0871

ASCII text

threat_lenovo_superfish.yar

177d11f693725892ca9ed016df81cd67

ASCII text

vul_backdoor_antitheftweb.yar

025bcddf2c11629885d9bdd508999eb1

ASCII text

vul_confluence_questions_plugin_cve_2022_26138.yar

3070aa806f0155cb4ee940653afb9670

ASCII text

vul_cve_2020_0688.yar

e088bf0d42568cfb04980b7b773844cb

ASCII text

vul_cve_2020_1938.yar

8eea962adf4cb9048611bef5e350fa63

exported SGML document, ASCII text

vul_cve_2021_3438_printdriver.yar

27f0b9aaec72c9b050040680e0fe4592

ASCII text

vul_cve_2021_386471_omi.yar

904e494a65e1eb258037a2b8d286ad0f

ASCII text

vul_dell_bios_upd_driver.yar

0a43a3042aeb3b1cfd4d6ad87cc87587

ASCII text

vul_drivecrypt.yar

dc59a5b4e1116f2f7f3abec182b3036c

ASCII text

vul_jquery_fileupload_cve_2018_9206.yar

287d20a5ff7a7f6b49ed3642fcabacd9

ASCII text

vul_php_zlib_backdoor.yar

28c0b9f981bfcac2b186416f8e711271

ASCII text

vuln_gigabyte_driver.yar

b1608b4fda05b971b6f7a89edacc009b

ASCII text

vuln_keepass_brute_forcible.yar

e0e3be1ef6dc20784a2e965b7dbb442c

ASCII text, with very long lines (370)

vuln_moveit_0day_jun23.yar

11a5d2b6e23435e858e2ea344b612f9a

ASCII text

vuln_paloalto_cve_2024_3400_apr24.yar

194459769d1180f174aa595883b0a073

ASCII text

vuln_proxynotshell_cve_2022_41040.yar

0c926ca44571ab411c610408ac3a3c3f

ASCII text

webshell_regeorg.yar

f7c160344180c05d1d946931c2aae479

ASCII text

webshell_xsl_transform.yar

d8ff322a6b3beb712d3e63f8065a2cdd

ASCII text

yara-rules_mal_drivers.yar

2a6441bc00d4edc13b8561a282e56c78

ASCII text, with very long lines (338)

yara-rules_vuln_drivers_strict.yar

9303c17253958f02d04aad7bb04ed4b0

ASCII text, with very long lines (668)

yara-rules_vuln_drivers_strict_renamed.yar

68aa1561b93e8eefb17becb945f7dead

ASCII text, with very long lines (668)

yara_mixed_ext_vars.yar

33999399cc1f4c7f37aefeab37fd7f85

ASCII text

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	APT 10 / Cloud Hopper malware campaign
Public Nextron YARA rules	malware	String from the ShodowBroker Files Screenshots - Dec 2016
Public Nextron YARA rules	malware	Detects path of the unix socket created to prevent concurrent executions in Exaramel malware
Public Nextron YARA rules	malware	EquationDrug - HDD/SSD firmware operation - nls_933w.dll
Public Nextron YARA rules	malware	Detects strings found in Runspace Post Exploitation Toolkit
Public Nextron YARA rules	malware	String from the ShodowBroker Files Screenshots - Dec 2016
Public Nextron YARA rules	malware	Detects strings found in Runspace Post Exploitation Toolkit
Public Nextron YARA rules	malware	Osiris Device Guard Bypass - file Invoke-OSiRis.ps1
Public Nextron YARA rules	malware	EquationDrug - HDD/SSD firmware operation - nls_933w.dll
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file readme.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file shankar.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file STNC.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file h4ntu shell [powered by tsoi].txt
Public Nextron YARA rules	malware	Detects Turla Agent.BTZ
Public Nextron YARA rules	malware	Detects JavaDropper RAT
Public Nextron YARA rules	malware	APT 10 / Cloud Hopper malware campaign
Public Nextron YARA rules	malware	Find generic data potentially relating to AP15 tools
Public Nextron YARA rules	malware	Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip
Elastic Security YARA Rules	malware	Windows.Trojan.CobaltStrike
Public Nextron YARA rules	malware	HyperBro Stage 3 C2 path and user agent detection - also tested in memory
Public Nextron YARA rules	malware	Rule to detect Drovorub-server, Drovorub-agent, or Drovorub-client based
Public Nextron YARA rules	malware	Auto-generated rule
Public Nextron YARA rules	malware	php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings
Public Nextron YARA rules	malware	Generic PHP webshell which uses any eval/exec function in the same line with user input
Public Nextron YARA rules	malware	A loader for the CobaltStrike malware family, which ultimately takes the first and second bytes of an embedded file, and flips them prior to executing the resulting payload.
Public Nextron YARA rules	malware	The FRESHFIRE malware family. The malware acts as a downloader, pulling down an encrypted snippet of code from a remote source, executing it, and deleting it from the remote server.
Public Nextron YARA rules	malware	Detects EnvyScout deobfuscator code as used by NOBELIUM group
Public Nextron YARA rules	malware	Detects NV Link as used by NOBELIUM group
Public Nextron YARA rules	malware	Detects BoomBox malware as described in APT29 NOBELIUM report
Public Nextron YARA rules	malware	Detects stageless loader as used by APT29 / NOBELIUM
Public Nextron YARA rules	malware	Detects APT 34 malware
Public Nextron YARA rules	malware	North Korean origin malware which uses a custom Google App for c2 communications.
Public Nextron YARA rules	malware	Detects Speculoos Backdoor used by APT41
Public Nextron YARA rules	malware	Rule written for 2 malware samples that communicated to APT6 C2 servers
Public Nextron YARA rules	malware	Detetcs a tool used in the Australian Parliament House network compromise
Public Nextron YARA rules	malware	Detetcs a tool used in the Australian Parliament House network compromise
Public Nextron YARA rules	malware	Detetcs a tool used in the Australian Parliament House network compromise
Public Nextron YARA rules	malware	Custome SSH backdoor based on python and paramiko - file server.py
Public Nextron YARA rules	malware	Casper French Espionage Malware - String Match in File - http://goo.gl/VRJNLo
Public Nextron YARA rules	malware	Casper French Espionage Malware - System Info Output - http://goo.gl/VRJNLo
Public Nextron YARA rules	malware	Detects possible shortcut usage for .URL persistence
Public Nextron YARA rules	malware	Detects malware from the Proofpoint CN APT ZeroT incident
Public Nextron YARA rules	malware	Detects malware from the Proofpoint CN APT ZeroT incident
Public Nextron YARA rules	malware	Chinese APT by Proofpoint ZeroT RAT - file Mcutil.dll
Public Nextron YARA rules	malware	Detects Red Delta samples
Public Nextron YARA rules	malware	Detects Red Delta samples
Public Nextron YARA rules	malware	Identifies strings used in Cobalt Strike Beacon DLL
CAPEv2 YARA detection rules	malware	Cobalt Strike Beacon Payload
Public Nextron YARA rules	malware	Detects unmodified CobaltStrike beacon DLL
Public Nextron YARA rules	malware	Detects CobaltStrike payloads
Public Nextron YARA rules	malware	Detects Codoso APT CustomTCP Malware
Public Nextron YARA rules	malware	Detects Codoso APT Gh0st Malware
Public Nextron YARA rules	malware	Detects Codoso APT Gh0st Malware
Public Nextron YARA rules	malware	Detects Codoso APT PGV PVID Malware
Public Nextron YARA rules	malware	Detects a malware sysdll.exe from the Rocket Kitten APT
Public Nextron YARA rules	malware	Detects trojan from APT report named http.exe
Public Nextron YARA rules	malware	Detects a malicious PotPlayer.dll
Public Nextron YARA rules	malware	Hack Deep Panda - lot1.tmp-pwdump
Public Nextron YARA rules	malware	Hack Deep Panda - htran-exe
Public Nextron YARA rules	malware	Hacktool
Public Nextron YARA rules	malware	Detects DTRACK malware
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file create_dns_injection.py
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file screamingplow.sh
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file MixText.py
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file tunnel_state_reader
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file payload.py
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file eligiblecandidate.py
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file BUSURPER-2211-724.exe
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file networkProfiler_orderScans.sh
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file epicbanana_2.1.0.1.py
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file sniffer_xml2pcap
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file BananaAid
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file config_jp1_UA.pl
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file userscript.FW
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file BUSURPER-3001-724.exe
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file workit.py
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file tinyhttp_setup.sh
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file EPBA.script
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file jetplow.sh
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file extrabacon_1.1.0.1.py
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file sploit.py
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file uninstallPBD.bat
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file BICECREAM-2140
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file BFLEA-2201.exe
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file StoreFc.py
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file BBALL_E28F6-2201.exe
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - from files BARPUNCH-3110, BPICKER-3100
Public Nextron YARA rules	malware	EQGRP Toolset Firewall
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - from files pandarock_v1.11.1.1.bin, pit
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - from files BananaUsurper-2120, writeJetPlow-2130
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - from files BLIAR-2110, BLIQUER-2230, BLIQUER-3030, BLIQUER-3120
Public Nextron YARA rules	malware	EQGRP Toolset Firewall
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - from files BLIAR-2110, BLIQUER-2230
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - from files sploit.py, sploit.py
Public Nextron YARA rules	malware	EQGRP Toolset Firewall
Public Nextron YARA rules	malware	EQGRP Toolset Firewall
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - from files ssh.py, telnet.py
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - Callback addresses
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - Extrabacon exploit output
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - Unique strings
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file Auditcleaner
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file elgingamble
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file cmsd
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file ebbshave.v5
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file eggbasket
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file sambal
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file cmsex
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file DUL
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file slugger2
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file ebbisland
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file jackpop
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file parsescan
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file epoxyresin.v1.0.0.1
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file estopmoonlit
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file envoytomato
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file smash
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file ratload
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file ys.auto
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file estesfox
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- file scanner
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- from files scanner, scanner.v2.1.2
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- from files ghost_sparc, ghost_x86
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- from files jparsescan, parsescan
Public Nextron YARA rules	malware	Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7
Public Nextron YARA rules	malware	Equation Group hack tool set
Public Nextron YARA rules	malware	Detects EquationGroup Tool - April Leak
Public Nextron YARA rules	malware	Detects EquationGroup Tool - April Leak
Public Nextron YARA rules	malware	Detects EquationGroup Tool - April Leak
Public Nextron YARA rules	malware	Detects EquationGroup Tool - April Leak
Public Nextron YARA rules	malware	Detects output generated by EQGRP scanner.exe
Public Nextron YARA rules	malware	String from the ShodowBroker Files Screenshots - Dec 2016
Public Nextron YARA rules	malware	Detects strings derived from the ShadowBroker's leak of Windows tools/exploits
Public Nextron YARA rules	malware	This rule is UNTESTED against a large dataset and is for hunting purposes only.
Public Nextron YARA rules	malware	Detects malware Redosdru - file systemHome.exe
Public Nextron YARA rules	malware	Detects code found in report on exploits against CVE-2020-5902 F5 BIG-IP vulnerability by NCC group
Public Nextron YARA rules	malware	Detects a string found in memory of malware cedt370r(3).exe
Public Nextron YARA rules	malware	Detects strings from FIN7 report in August 2018
Public Nextron YARA rules	malware	Detects JavaScript obfuscation as used in MalDocs by FIN7 group
Public Nextron YARA rules	malware	Detects Word Dropper from Proofpoint FIN7 Report
Public Nextron YARA rules	malware	Detects FourElementSword Malware
Public Nextron YARA rules	malware	Detects FourElementSword Malware
Public Nextron YARA rules	malware	String from the ShodowBroker Files Screenshots - Dec 2016
Public Nextron YARA rules	malware	Auto-generated rule - file violetspirit.README
Public Nextron YARA rules	malware	Auto-generated rule - file gr.notes
Public Nextron YARA rules	malware	Auto-generated rule - file user.tool.yellowspirit.COMMON
Public Nextron YARA rules	malware	Auto-generated rule - file opscript.se
Public Nextron YARA rules	malware	Auto-generated rule - file user.tool.epichero.COMMON
Public Nextron YARA rules	malware	Auto-generated rule - file user.tool.elatedmonkey
Public Nextron YARA rules	malware	Auto-generated rule - file user.tool.dubmoat.COMMON
Public Nextron YARA rules	malware	Auto-generated rule - file strifeworld.1
Public Nextron YARA rules	malware	Auto-generated rule - file user.tool.pork.COMMON
Public Nextron YARA rules	malware	Auto-generated rule - file user.tool.ebbisland.COMMON
Public Nextron YARA rules	malware	Auto-generated rule - file user.tool.elgingamble.COMMON
Public Nextron YARA rules	malware	Auto-generated rule - file README.cup.NOPEN
Public Nextron YARA rules	malware	Auto-generated rule - file oneshot.example
Public Nextron YARA rules	malware	Auto-generated rule - file user.tool.earlyshovel.COMMON
Public Nextron YARA rules	malware	Auto-generated rule - file user.tool.envisioncollision.COMMON
Public Nextron YARA rules	malware	Auto-generated rule
Public Nextron YARA rules	malware	Auto-generated rule - from files user.tool.orleansstride.COMMON, user.tool.curserazor.COMMON
Public Nextron YARA rules	malware	Auto-generated rule
Public Nextron YARA rules	malware	Auto-generated rule - from files violetspirit.README, violetspirit.README
Public Nextron YARA rules	malware	Detects strings derived from the ShadowBroker's leak of Windows tools/exploits
Public Nextron YARA rules	malware	Detects Gh0st RAT mentioned in Cylance' Ghost Dragon Report
Public Nextron YARA rules	malware	Detects Gh0st RAT mentioned in Cylance' Ghost Dragon Report
Public Nextron YARA rules	malware	Detects export from Gold Dragon - February 2018
Public Nextron YARA rules	malware	Detects ISMDoor Backdoor
Public Nextron YARA rules	malware	Auto-generated rule
Public Nextron YARA rules	malware	X-Agent/CHOPSTICK Implant by APT28
Public Nextron YARA rules	malware	BlackEnergy / Voodoo Bear Implant by APT28
Public Nextron YARA rules	malware	Unidentified Implant by APT29
Public Nextron YARA rules	malware	Detects forensic artefacts found in HAFNIUM intrusions
Public Nextron YARA rules	malware	Detects PowerCat hacktool
Public Nextron YARA rules	malware	Detects PowerShell Oneliner in Nishang's repository
Public Nextron YARA rules	malware	variation on reGeorgtunnel
Public Nextron YARA rules	malware	The SPORTSBALL webshell allows attackers to upload files or execute commands on the system.
Public Nextron YARA rules	malware	Detects web shells dropped by CVE-2021-27065. All actors, not specific to HAFNIUM. TLP:WHITE
Public Nextron YARA rules	malware	Detects CVE-2021-27065 Webshellz
Public Nextron YARA rules	malware	Detects Chopper like ASPX Webshells
Public Nextron YARA rules	malware	Detects Chopper like ASPX Webshells
Public Nextron YARA rules	malware	Generic ASP webshell which uses any eval/exec function directly on user input
Public Nextron YARA rules	malware	Detects forensic artefacts found in HAFNIUM intrusions exploiting CVE-2021-27065
Public Nextron YARA rules	malware	Detects forensic artefacts showing cleanup activity found in HAFNIUM intrusions exploiting
Public Nextron YARA rules	malware	Detects suspicious log entries that indicate requests as described in reports on HAFNIUM activity
Public Nextron YARA rules	malware	Detects Tofu Trojan
Public Nextron YARA rules	malware	detection for Hellsing implants
Public Nextron YARA rules	malware	Detects HOPLIGHT malware used by HiddenCobra APT group
Public Nextron YARA rules	malware	Detects Industroyer related custom port scaner output file
Public Nextron YARA rules	malware	Detects Industroyer related malware
Public Nextron YARA rules	malware	Detects IronGate APT Malware - Step7ProSim DLL
Public Nextron YARA rules	malware	Hack Deep Panda - htran-exe
Public Nextron YARA rules	malware	Iron Panda malware DnsTunClient - file named.exe
Public Nextron YARA rules	malware	Iron Panda Malware Htran
Public Nextron YARA rules	malware	ASPXSpy detection. It might be used by other fraudsters
Public Nextron YARA rules	malware	Iron Tiger Tool - wmi.vbs detection
Public Nextron YARA rules	malware	Keylogger - generic rule for a Chinese variant
Public Nextron YARA rules	malware	Laudanum Injector Tools - file shell.php
Public Nextron YARA rules	malware	Laudanum Injector Tools
Public Nextron YARA rules	malware	php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings
Public Nextron YARA rules	malware	Generic JSP webshell
Public Nextron YARA rules	malware	JSP Webshells which contain unique strings, lousy rule for low hanging fruits. Most are catched by other rules in here but maybe these catch different versions.
Public Nextron YARA rules	malware	PHP Webshells Github Archive - from files Dive Shell 1.0
Public Nextron YARA rules	malware	Detects Lazarus malware from incident in Dec 2017
Public Nextron YARA rules	malware	Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip
Public InfoSec YARA rules	malware	Identifies tricks often seen in malicious scripts such as moving the window off-screen or resizing it to zero.
Elastic Security YARA Rules	malware	Windows.Trojan.CobaltStrike
Public Nextron YARA rules	malware	Detects LinaDoor Linux Rootkit
Public Nextron YARA rules	malware	Detects Pupy RAT
Public Nextron YARA rules	malware	Detects DLLs loaded by shellcode loader (6ce5b6b4cdd6290d396465a1624d489c7afd2259a4d69b73c6b0ba0e5ad4e4ad) (relation to Lazarus group)
Public Nextron YARA rules	malware	Detects suspicios ELF files with sections as described in malicious iLO Board analysis by AmnPardaz in December 2021
Public Nextron YARA rules	malware	Malware sample mentioned in Microcin technical report by Kaspersky
Public Nextron YARA rules	malware	CommentCrew Malware MiniASP APT
Public Nextron YARA rules	malware	Detects ShimRat and the ShimRat loader
Public Nextron YARA rules	malware	Detects ShimRatReporter
Public Nextron YARA rules	malware	Detects Molerats sample - July 2017
Public Nextron YARA rules	malware	Rule to detect Moonlight Maze Loki samples by custom attacker-authored strings
Public Nextron YARA rules	malware	Rule to detect Moonlight Maze sniffer tools
Public Nextron YARA rules	malware	Rule to detect Moonlight Maze 'de' and 'deg' tunnel tool
Public Nextron YARA rules	malware	Rule to detect Moonlight Maze 'cle' log cleaning tool
Public Nextron YARA rules	malware	Rule to detect Moonlight Maze 'xk' keylogger
Public Nextron YARA rules	malware	Detetcs the Nanocore RAT and similar malware
Public Nextron YARA rules	malware	Detetcs the Nanocore RAT
Elastic Security YARA Rules	malware	Windows.Trojan.Nanocore
Public Nextron YARA rules	malware	Detects user function string from NCSC report
Public Nextron YARA rules	malware	Detects malicious batch file from NCSC report
Public Nextron YARA rules	malware	Detects malicious batch file from NCSC report
Public Nextron YARA rules	malware	Detects RDP brute forcer from NCSC report
Public Nextron YARA rules	malware	Detects Z Webshell from NCSC report
Public Nextron YARA rules	malware	Detects a string also used in Netwire RAT auxilliary
Public Nextron YARA rules	malware	Detects a string also used in Netwire RAT auxilliary
Public Nextron YARA rules	malware	Ruby loader seen loading the ROKRAT malware family.
Public Nextron YARA rules	malware	Detects strings found in POOLRAT malware
Public Nextron YARA rules	malware	Detects Oilrig malware samples
Public Nextron YARA rules	malware	Detects OilRig malware
Public Nextron YARA rules	malware	Detects OilRig malware
Public Nextron YARA rules	malware	Detects APT34 PowerShell malware
Public Nextron YARA rules	malware	Detects APT34 PowerShell malware
Public Nextron YARA rules	malware	Powershell CnC using DNS queries
Public Nextron YARA rules	malware	Detects ONHAT Proxy - Htran like SOCKS hack tool used by Chinese APT groups
Public Nextron YARA rules	malware	Keylogger used by attackers in Operation Cleaver
Public Nextron YARA rules	malware	ARP cache poisoner used by attackers in Operation Cleaver
Public Nextron YARA rules	malware	Shell Creator used by attackers in Operation Cleaver to create ASPX web shells
Public Nextron YARA rules	malware	Malware or hack tool used by attackers in Operation Cleaver
Public Nextron YARA rules	malware	Malware or hack tool used by attackers in Operation Cleaver
Public Nextron YARA rules	malware	Tiny Bot used by attackers in Operation Cleaver
Public Nextron YARA rules	malware	Keywords used by attackers in Operation Cleaver
Public Nextron YARA rules	malware	Hack tool used by attackers in Operation Cleaver
Public Nextron YARA rules	malware	Backdoor used by attackers in Operation Cleaver
Public Nextron YARA rules	malware	Backdoor used by attackers in Operation Cleaver
Public Nextron YARA rules	malware	Mimikatz Wrapper used by attackers in Operation Cleaver
Public Nextron YARA rules	malware	Parviz tool used by attackers in Operation Cleaver
Public Nextron YARA rules	malware	Hack tool used by attackers in Operation Cleaver
Public Nextron YARA rules	malware	Mimikatz wrapper used by attackers in Operation Cleaver
Public Nextron YARA rules	malware	CCProxy config known from Operation Cleaver
Public Nextron YARA rules	malware	Detects malware from Operation Cloud Hopper
Public Nextron YARA rules	malware	Malware related to Operation Cloud Hopper - Page 25
Public Nextron YARA rules	malware	Tools related to Operation Cloud Hopper
Public Nextron YARA rules	malware	Strings from CSharp version of Agent
Public Nextron YARA rules	malware	Strings from PowerShell dropper of CSharp version of Agent
Public Nextron YARA rules	malware	Piece of Base64 encoded data from Agent CSharp version
Public Nextron YARA rules	malware	Strings from Python version of Agent
Public Nextron YARA rules	malware	Piece of Base64 encoded data from Agent Python version
Public Nextron YARA rules	malware	Strings from Python keylogger
Public Nextron YARA rules	malware	Strings from the CSharp version of XServer
Public Nextron YARA rules	malware	Piece of Base64 encoded data from the XServer PowerShell dropper
Public Nextron YARA rules	malware	Strings from the PowerShell dropper of XServer
Public Nextron YARA rules	malware	Process injector/launcher
Public Nextron YARA rules	malware	Timeliner utility
Public Nextron YARA rules	malware	Checkadmin utility
Public Nextron YARA rules	malware	Python getos utility
Public Nextron YARA rules	malware	Strings from the information grabber VBS
Public Nextron YARA rules	malware	Strings from the console.jsp webshell
Public Nextron YARA rules	malware	Strings from the ver.jsp webshell
Public Nextron YARA rules	malware	Generic strings from webinfo.war webshells
Public Nextron YARA rules	malware	PassCV Malware mentioned in Cylance Report
Public Nextron YARA rules	malware	Detects PoisonIvy RAT sample set
Public Nextron YARA rules	malware	Detects Poseidon Group Malware
Public Nextron YARA rules	malware	Detects
Public Nextron YARA rules	malware	Detects scripts (mostly LUA) from Project Sauron report by Kaspersky
Public Nextron YARA rules	malware	Detects Dsniff hack tool
Public Nextron YARA rules	malware	Detects strings from arping module - Project Sauron report by Kaspersky
Public Nextron YARA rules	malware	Detects strings from kblogi module - Project Sauron report by Kaspersky
Public Nextron YARA rules	malware	Detects strings from basex module - Project Sauron report by Kaspersky
Public Nextron YARA rules	malware	Detects strings from dext module - Project Sauron report by Kaspersky
Public Nextron YARA rules	malware	Detects PROMETHIUM and NEODYMIUM malware
Public Nextron YARA rules	malware	Detects PROMETHIUM and NEODYMIUM malware
Public Nextron YARA rules	malware	Detects an APT malware related to PutterPanda
Public Nextron YARA rules	malware	Detects Malware related to PutterPanda
Public Nextron YARA rules	malware	Detects all QuarksPWDump versions
Public Nextron YARA rules	malware	Detects Quasar RAT
Public Nextron YARA rules	malware	Detects indicators found in DarkBit ransomware
Public Nextron YARA rules	malware	Detects malware from Rehashed RAT incident
Public Nextron YARA rules	malware	Detects RevengeRAT malware
Public Nextron YARA rules	malware	Auto-generated rule - file Reveal-MemoryCredentials.ps1
Public Nextron YARA rules	malware	Sakula malware - strings after unpacking (memory rule)
Public Nextron YARA rules	malware	Detects an archive file created by P.A.S. for download operation
Public Nextron YARA rules	malware	Detects SQL dump file created by P.A.S. webshell
Public Nextron YARA rules	malware	Detects the encryption key for the configuration file used by Exaramel malware as seen in sample e1ff72[...]
Public Nextron YARA rules	malware	Detects the specific name of the configuration file in Exaramel malware as seen in sample e1ff72[...]
Public Nextron YARA rules	malware	Detects path of the unix socket created to prevent concurrent executions in Exaramel malware
Public Nextron YARA rules	malware	Detects names of the tasks received from the CC server in Exaramel malware
Public Nextron YARA rules	malware	Detects Strings used by Exaramel malware
Public Nextron YARA rules	malware	Detects commands used by Sandworm group to exploit critical vulernability CVE-2019-10149 in Exim
Public Nextron YARA rules	malware	Detects SSH key used by Sandworm on exploited machines
Public Nextron YARA rules	malware	Detects ssh config entry inserted by Sandworm on compromised machines
Public Nextron YARA rules	malware	Detects mysql init script used by Sandworm on compromised machines
Public Nextron YARA rules	malware	Detects shell script used by Sandworm in attack against Exim mail server
Public Nextron YARA rules	malware	Detects Sandworm Python loader
Public Nextron YARA rules	malware	Scanbox Chinese Deep Panda APT Malware http://goo.gl/MUUfjv and http://goo.gl/WXUQcP
Public Nextron YARA rules	malware	Detects malware from Sednit Delphi Downloader report
Public Nextron YARA rules	malware	A malicious Chrome browser extention used by the SharpTongue threat actor to steal mail data from a victim
Public Nextron YARA rules	malware	Detects a
Public Nextron YARA rules	malware	Detects malware sample mentioned in the Silence report on Securelist
Public Nextron YARA rules	malware	Detects Sofacy Fysbis Linux Backdoor
Public Nextron YARA rules	malware	X-Agent/CHOPSTICK Implant by APT28
Public Nextron YARA rules	malware	Sofacy Bundestags APT Batch Script
Public Nextron YARA rules	malware	Detects webshell access mentioned in FireEye's SUNBURST report
Public Nextron YARA rules	malware	STUXSHOP_config
Public Nextron YARA rules	malware	Detects mutex names in SUNSPOT
Public Nextron YARA rules	malware	inveigh pen testing tools & related artifacts
Public Nextron YARA rules	malware	Auto-generated rule
Public Nextron YARA rules	malware	Auto-generated rule
Public Nextron YARA rules	malware	Detects strings from scripts in the PowerShell-Suite repo
Public Nextron YARA rules	malware	Detects Volgmer malware as reported in US CERT TA17-318B
Public Nextron YARA rules	malware	Detects malware mentioned in TA18-074A
Public Nextron YARA rules	malware	Detects TeleBots malware - IntercepterNG
Public Nextron YARA rules	malware	Certutil Decode
Public Nextron YARA rules	malware	Detects Liudoor daemon backdoor
Public Nextron YARA rules	malware	Unique code from Jetriz, Swid & Jeniva of the Tetris framework
Public Nextron YARA rules	malware	Code and strings of plugins from the Tetris framework loaded by Swid
Public Nextron YARA rules	malware	Threat Group 3390 APT - Strings
Public Nextron YARA rules	malware	Generic ASP webshell which uses any eval/exec function directly on user input
Public Nextron YARA rules	malware	TRITON framework recovered during Mandiant ICS incident response
Public Nextron YARA rules	malware	Detects Turla malware (based on sample used in the RUAG APT case)
Public Nextron YARA rules	malware	Detects malware used in the RUAG APT case
Public Nextron YARA rules	malware	Detects Turla malware (based on sample used in the RUAG APT case)
Public Nextron YARA rules	malware	Detects Turla malicious script
Public Nextron YARA rules	malware	Rule for detection of Nautilus related strings
Public Nextron YARA rules	malware	Detects artefacts found in Hermetic Wiper malware related intrusions
Public Nextron YARA rules	malware	Detects scheduled task pattern found in Hermetic Wiper malware related intrusions
Public Nextron YARA rules	malware	Detects SombRAT samples from UNC2447 campaign
Public Nextron YARA rules	malware	Detects WARPRISM PowerShell samples from UNC2447 campaign
Public Nextron YARA rules	malware	Detects DEWMODE webshells
Public Nextron YARA rules	malware	Detects malware by Chinese APT PLA Unit 78020 - Generic Rule - Chong
Public Nextron YARA rules	malware	Detects a dropper used to deploy an implant via side loading. This dropper has specifically been observed deploying REDLEAVES & PlugX
Public Nextron YARA rules	malware	Strings identifying the core REDLEAVES RAT in its deobfuscated state
Public Nextron YARA rules	malware	Detects specific RedLeaves and PlugX binaries
Public Nextron YARA rules	malware	Venom Linux Rootkit
Public Nextron YARA rules	malware	Symantec Waterbug Attack - Trojan.Wipbot 2014 Down.dll component
Public Nextron YARA rules	malware	Detects powershell script used in Operation Wilted Tulip
Public Nextron YARA rules	malware	Detects a Windows scheduled task as used in Operation Wilted Tulip
Public Nextron YARA rules	malware	Detects hack tool used in Operation Wilted Tulip - Windows Tasks
Public Nextron YARA rules	malware	Detects powershell tool call Get_AD_Users_Logon_History used in Operation Wilted Tulip
Public Nextron YARA rules	malware	Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip
Public Nextron YARA rules	malware	Detects suspicious UTF16 and Base64 encoded PowerShell code that starts with a $ sign and a single char variable
Public Nextron YARA rules	malware	Detects PlugX Malware Samples from June 2016
Public Nextron YARA rules	malware	Winnti sample - file NlaifSvc.dll
Public Nextron YARA rules	malware	Detects a operation Woolen-Goldfish sample - http://goo.gl/NpJpVZ
Public Nextron YARA rules	malware	Detects a operation Woolen-Goldfish sample - http://goo.gl/NpJpVZ
Public Nextron YARA rules	malware	Detects a ZxShell - CN threat group
Public Nextron YARA rules	malware	Script from disclosed CN Honker Pentest Toolset - file pr
Public Nextron YARA rules	malware	Hack Deep Panda - htran-exe
Public Nextron YARA rules	malware	Webshell from CN Honker Pentest Toolset - file php6.txt
Public Nextron YARA rules	malware	Webshell from CN Honker Pentest Toolset - file sniff.txt
Public Nextron YARA rules	malware	Webshell from CN Honker Pentest Toolset - file udf.php
Public Nextron YARA rules	malware	Webshell from CN Honker Pentest Toolset - file 2.6.9
Public Nextron YARA rules	malware	Webshell from CN Honker Pentest Toolset - file php7.txt
Public Nextron YARA rules	malware	Webshell from CN Honker Pentest Toolset - file asp1.txt
Public Nextron YARA rules	malware	Chinese Hacktool Set - file templatr.php
Public Nextron YARA rules	malware	php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings
Public Nextron YARA rules	malware	Generic PHP webshell which uses any eval/exec function in the same line with user input
Public Nextron YARA rules	malware	PHP webshell which directly eval()s obfuscated string
Public Nextron YARA rules	malware	Generic ASP webshell which uses any eval/exec function directly on user input
Public Nextron YARA rules	malware	Generic JSP webshell
Public Nextron YARA rules	malware	BernhardPOS Credit Card dumping tool
Public Nextron YARA rules	malware	Bluenoroff POS malware - hkp.dll
Public Nextron YARA rules	malware	Detects Crypto Miner strings
Public Nextron YARA rules	malware	Find documents saved from the same potential Cobalt Gang PDF template
Public Nextron YARA rules	malware	Detects Script Dropper of Cobalt Gang used in August 2017
Public Nextron YARA rules	malware	Detects suspicious statements in JavaScript files
Public Nextron YARA rules	malware	Detects helper script used in a crypto miner campaign
Public Nextron YARA rules	malware	Detects command line parameters often used by crypto mining software
Public Nextron YARA rules	malware	Triggers on strings of known DearCry samples
Public Nextron YARA rules	malware	Detects unpacked SystemBC module as used by Emotet in March 2022
Public InfoSec YARA rules	malware	Identifies SystemBC RAT, decrypted config.
Public Nextron YARA rules	malware	Detects EternalRocks Malware - file taskhost.exe
Public Nextron YARA rules	malware	Detects Fireball malware - file clearlog.dll
Public Nextron YARA rules	malware	2021 loader for Bokbot / Icedid core (license.dat)
Elastic Security YARA Rules	malware	Windows.Trojan.IcedID
Public Nextron YARA rules	malware	Match protocol, process injects and windows exploit present in KINS dropper
Public Nextron YARA rules	malware	Detects a string also used in Netwire RAT auxilliary
Public Nextron YARA rules	malware	Trojan Downloader - Flash Exploit Feb15
Public Nextron YARA rules	malware	Detects unspecified malware sample
Public Nextron YARA rules	malware	Detects CVE-2018-4878
Public Nextron YARA rules	malware	Detects Darkside Ransomware
Public InfoSec YARA rules	malware	Identifies Darkside ransomware.
Public InfoSec YARA rules	malware	Identifies RagnarLocker ransomware unpacked or in memory.
Public Nextron YARA rules	malware	Detects SocGholish fake update Javascript files 22.02.2022
Public Nextron YARA rules	malware	Detects XBash malware
Public Nextron YARA rules	malware	Detects suspicious log lines produeced during the exploitation of ADSelfService vulnerability CVE-2021-40539
Public Nextron YARA rules	malware	Detects suspicious log lines produeced during the exploitation of ADSelfService vulnerability CVE-2021-40539
Public Nextron YARA rules	malware	Detects payloads used in Shitrix exploitation CVE-2019-19781
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
Public Nextron YARA rules	malware	Detects exploitation attempts against Confluence servers abusing a RCE reported as CVE-2021-26084
Public Nextron YARA rules	malware	Detects suspicious office reference files including an obfuscated MHTML reference exploiting CVE-2021-40444
Public Nextron YARA rules	malware	Detects suspicious encodings in fields used in reference files found in weaponized MS Office documents
Public Nextron YARA rules	malware	Detects suspicious entries in the Keepass configuration file, which could be indicator of the exploitation of CVE-2023-24055
Public Nextron YARA rules	malware	Detects suspicious triggers defined in the Keepass configuration file, which could be indicator of the exploitation of CVE-2023-24055
Public Nextron YARA rules	malware	Detects exceptions found in server logs that indicate an exploitation attempt of CVE-2021-44228
Public Nextron YARA rules	malware	Detects error messages related to JDNI usage in log files that can indicate a Log4Shell / Log4j exploitation
Public Nextron YARA rules	malware	Detects POCs that exploit privilege escalation vulnerability CVE-2022-46689 on macOS
Public Nextron YARA rules	malware	Detects indicators of exploitation of ManageEngine vulnerability as described by Horizon3
Public Nextron YARA rules	malware	Detects unknown malicious loaders noticed in August 2021
Public Nextron YARA rules	malware	Detects webshells dropped by DropHell malware
Public Nextron YARA rules	malware	Detects JSP webshells
Public Nextron YARA rules	malware	Detects indicators found after SpringCore exploitation attempts and in the POC script
Public Nextron YARA rules	malware	Detects webshell found after SpringCore exploitation attempts POC script
Public Nextron YARA rules	malware	Detects malicious files related to CVE-2017-8759
Public Nextron YARA rules	malware	Detects a CVE-2017-9800 exploitation attempt
Public Nextron YARA rules	malware	Detects ProxyToken CVE-2021-33766 exploitation attempts on an unpatched system
Public Nextron YARA rules	malware	Detects payload as seen in PoC code to exploit Workspace ONE Access freemarker server-side template injection CVE-2022-22954
Public Nextron YARA rules	malware	Detects forensic artefacts indicating successful exploitation of F5 BIG IP appliances as reported by NCCGroup
Public Nextron YARA rules	malware	Detects signs of exploitation of GitLab CE CVE-2021-22205
Public Nextron YARA rules	malware	Detects payloads used in Shitrix exploitation CVE-2019-19781
Public Nextron YARA rules	malware	Detection for Dimorf ransomeware
Public Nextron YARA rules	malware	Detects indicators found in LockBit ransomware
Public Nextron YARA rules	malware	Detects Armitage component
Public Nextron YARA rules	malware	Detects Armitage component
Public Nextron YARA rules	malware	Hack Deep Panda - htran-exe
Elastic Security YARA Rules	malware	Windows.Exploit.Dcom
Public Nextron YARA rules	malware	Chinese Hacktool Set - file templatr.php
Public Nextron YARA rules	malware	Chinese Hacktool Set - Webshells - file php.html
Public Nextron YARA rules	malware	php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings
Public Nextron YARA rules	malware	Generic PHP webshell which uses any eval/exec function in the same line with user input
Public Nextron YARA rules	malware	PHP webshell which directly eval()s obfuscated string
Public Nextron YARA rules	malware	Generic ASP webshell which uses any eval/exec function directly on user input
Public Nextron YARA rules	malware	Webshell in c#
Public Nextron YARA rules	malware	Generic JSP webshell
Public Nextron YARA rules	malware	JSP Webshells which contain unique strings, lousy rule for low hanging fruits. Most are catched by other rules in here but maybe these catch different versions.
Public Nextron YARA rules	malware	Detects CobaltStrike payloads
Public Nextron YARA rules	malware	Detects CobaltStrike payloads
Public Nextron YARA rules	malware	Detects Base64 encoded PS1 Shellcode
Public Nextron YARA rules	malware	Detects WDS file used to circumvent Device Guard
Public Nextron YARA rules	malware	Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation
Public Nextron YARA rules	malware	Detects a suspicious pattern in docx document.xml.rels file as seen in CVE-2022-30190 / Follina exploitation
Public Nextron YARA rules	malware	Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation
Public Nextron YARA rules	malware	Detects a suspicious pattern in RTF files which downloads external resources inside e-mail attachments
Public Nextron YARA rules	malware	Detects a suspicious pattern in RTF files which downloads external resources as seen in CVE-2022-30190 / Follina exploitation inside e-mail attachment
YARAhub by abuse.ch	malware	Detects a suspicious pattern in docx document.xml.rels file as seen in CVE-2022-30190 / Follina exploitation
Public Nextron YARA rules	malware	Detects Empire component - file Get-SecurityPackages.ps1
Public Nextron YARA rules	malware	Detects Empire component - file Invoke-PowerDump.ps1
Public Nextron YARA rules	malware	Detects Empire component - file Invoke-ShellcodeMSIL.ps1
Public Nextron YARA rules	malware	Detects Empire component - file Invoke-SmbScanner.ps1
Public Nextron YARA rules	malware	Detects Empire component - file Invoke-EgressCheck.ps1
Public Nextron YARA rules	malware	Detects Empire component - file Invoke-PostExfil.ps1
Public Nextron YARA rules	malware	Detects Empire component - file Invoke-SMBAutoBrute.ps1
Public Nextron YARA rules	malware	Detects Empire component - file Get-Keystrokes.ps1
Public Nextron YARA rules	malware	Detects Empire component - file Invoke-DllInjection.ps1
Public Nextron YARA rules	malware	Detects Empire component - file KeePassConfig.ps1
Public Nextron YARA rules	malware	Detects Empire component
Public Nextron YARA rules	malware	Detects Empire component - from files PowerUp.ps1, PowerUp.ps1
Public Nextron YARA rules	malware	Detects Empire component
Public Nextron YARA rules	malware	Detects Empire component - from files KeePassConfig.ps1, KeePassConfig.ps1
Public Nextron YARA rules	malware	Detects Empire component - from files Invoke-Portscan.ps1, Invoke-Portscan.ps1
Public Nextron YARA rules	malware	Detects Empire component - from files Invoke-CredentialInjection.ps1, Invoke-Mimikatz.ps1
Public Nextron YARA rules	malware	Detects Empire component - from files Invoke-DCSync.ps1, Invoke-PSInject.ps1, Invoke-ReflectivePEInjection.ps1
Public Nextron YARA rules	malware	Detects strings found in Runspace Post Exploitation Toolkit
Public Nextron YARA rules	malware	This rule is looking for B64 offsets of LazyNetToJscriptLoader which is a namespace specific to the internal version of the GadgetToJScript tooling.
Public Nextron YARA rules	malware	HackTool_MSIL_SharPersist_2
Public Nextron YARA rules	malware	CredTheft_MSIL_ADPassHunt_2
Public Nextron YARA rules	malware	Identifies GoRat malware in memory based on strings.
Public Nextron YARA rules	malware	Detects FireEye's Python Redflar
Elastic Security YARA Rules	malware	Windows.Hacktool.Rubeus
Elastic Security YARA Rules	malware	Windows.Hacktool.SafetyKatz
Elastic Security YARA Rules	malware	Windows.Hacktool.Seatbelt
Elastic Security YARA Rules	malware	Windows.Hacktool.Sharpersist
Elastic Security YARA Rules	malware	Windows.Hacktool.SharpHound
Elastic Security YARA Rules	malware	Windows.Hacktool.SharpView
Public Nextron YARA rules	malware	Detects Armitage component
Public Nextron YARA rules	malware	Cobalt Strike's resources/template.py signature for versions v3.3 to v4.x
Public Nextron YARA rules	malware	Cobalt Strike's resources/template.x64.ps1, resources/template.hint.x64.ps1 and resources/template.hint.x32.ps1 from v3.0 to v4.x except 3.12 and 3.13
Elastic Security YARA Rules	malware	Windows.Trojan.CobaltStrike
Elastic Security YARA Rules	malware	Windows.Trojan.CobaltStrike
Google GCTI YARA rules	malware	Cobalt Strike's resources/template.py signature for versions v3.3 to v4.x
Google GCTI YARA rules	malware	Cobalt Strike's resources/template.x64.ps1, resources/template.hint.x64.ps1 and resources/template.hint.x32.ps1 from v3.0 to v4.x except 3.12 and 3.13
Public Nextron YARA rules	malware	Detects CactusTorch Hacktool
Elastic Security YARA Rules	malware	Windows.Hacktool.Rubeus
Elastic Security YARA Rules	malware	Windows.Hacktool.SafetyKatz
Elastic Security YARA Rules	malware	Windows.Hacktool.Seatbelt
Elastic Security YARA Rules	malware	Windows.Hacktool.Sharpersist
Elastic Security YARA Rules	malware	Windows.Hacktool.SharpDump
Elastic Security YARA Rules	malware	Windows.Hacktool.SharpHound
Elastic Security YARA Rules	malware	Windows.Hacktool.SharpMove
Elastic Security YARA Rules	malware	Windows.Hacktool.SharpRDP
Elastic Security YARA Rules	malware	Windows.Hacktool.SharpStay
Elastic Security YARA Rules	malware	Windows.Hacktool.SharpUp
Elastic Security YARA Rules	malware	Windows.Hacktool.SharpView
Elastic Security YARA Rules	malware	Windows.Hacktool.SharpWMI
Public Nextron YARA rules	malware	Detects URL mentioned in report on compromised Github repositories in August 2022
Public Nextron YARA rules	malware	Detects HawkEye Keylogger Reborn
Public Nextron YARA rules	malware	Detects Venom - a library that meant to perform evasive communication using stolen browser socket
Public Nextron YARA rules	malware	Compiled Impacket Tools
Public InfoSec YARA rules	malware	Identifies Impacket, a collection of Python classes for working with network protocols.
Public Nextron YARA rules	malware	Detects Invoke-Mimikatz String
Public Nextron YARA rules	malware	Detects strings found in Runspace Post Exploitation Toolkit
Elastic Security YARA Rules	malware	Windows.Hacktool.Mimikatz
Public Nextron YARA rules	malware	Detects a command to execute PowerShell from String
Public Nextron YARA rules	malware	Detects Invoke-WmiExec or Invoke-SmbExec
Public Nextron YARA rules	malware	Detects Invoke-WmiExec or Invoke-SmbExec
Public Nextron YARA rules	malware	Auto-generated rule - file kerberoast.py
Public Nextron YARA rules	malware	Detects Khepri C2 framework beacons
Public Nextron YARA rules	malware	Detects Reflective DLL Loader
Public Nextron YARA rules	malware	Detects Reflective DLL Loader - suspicious - Possible FP could be program crack
Public Nextron YARA rules	malware	Detects Reflective DLL Loader
Public Nextron YARA rules	malware	Detects PowerShell AMSI Bypass
Public Nextron YARA rules	malware	Detects MSHTA Bypass
Public Nextron YARA rules	malware	Detects a suspicious Javascript Run command
Public Nextron YARA rules	malware	Certutil Decode
Public Nextron YARA rules	malware	Detects suspicious statements in JavaScript files
Public Nextron YARA rules	malware	Detects malicious obfuscated VBS observed in February 2018
Public Nextron YARA rules	malware	Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip
Public Nextron YARA rules	malware	VT Research QA uploaded malware - file vqgk.dll
Elastic Security YARA Rules	malware	Windows.Trojan.CobaltStrike
Public Nextron YARA rules	malware	Detects Merlin agent
Public Nextron YARA rules	malware	Detects a Metasploit Loader by RSMudge - file loader.exe
Public Nextron YARA rules	malware	Metasploit Payloads - file msf.sh
Public Nextron YARA rules	malware	Metasploit Payloads - file msf-psh.vba
Public Nextron YARA rules	malware	Metasploit Payloads - file msf-exe.vba
Public Nextron YARA rules	malware	Metasploit Payloads - file msf.psh
Public Nextron YARA rules	malware	Metasploit Payloads - file msf.aspx
Public Nextron YARA rules	malware	Metasploit Payloads - file msf-cmd.ps1
Public Nextron YARA rules	malware	Metasploit Payloads - file msf-ref.ps1
Elastic Security YARA Rules	malware	Windows.Trojan.Metasploit
Public Nextron YARA rules	malware	PowerShell with PE Reflective Injection
Public Nextron YARA rules	malware	Detects a log file generated by malicious hack tool mimikatz
Public Nextron YARA rules	malware	Detects Mimikittenz - file Invoke-mimikittenz.ps1
Public Nextron YARA rules	malware	Detects Mimipenguin Password Extractor - Linux
Public Nextron YARA rules	malware	Detects suspicious OneNote attachment that embeds suspicious payload, e.g. an executable (FPs possible if the PE is attached separately)
Public Nextron YARA rules	malware	Bella MacOS/OSX backdoor
Public Nextron YARA rules	malware	EvilOSX MacOS/OSX backdoor
Public Nextron YARA rules	malware	p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedPowerCat.cs
Public Nextron YARA rules	malware	p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedPotato.cs
Public Nextron YARA rules	malware	p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedExploits.cs
Public Nextron YARA rules	malware	p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedBinaries.cs
Public Nextron YARA rules	malware	p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedAmsiBypass.cs
Public Nextron YARA rules	malware	p0wnedShell Runspace Post Exploitation Toolkit - from files p0wnedShell.cs, p0wnedShell.cs
Public Nextron YARA rules	malware	Detects characteristics of suspicious file names or double extensions often found in phishing mail attachments
Public Nextron YARA rules	malware	Detects Pirpi Backdoor - and other malware (generic rule)
Public Nextron YARA rules	malware	Detects Pirpi Backdoor
Public Nextron YARA rules	malware	Detects hack tool PowerShdll
Public Nextron YARA rules	malware	Detects strings found in Runspace Post Exploitation Toolkit
Public Nextron YARA rules	malware	Empire - a pure PowerShell post-exploitation agent - file Invoke-BypassUAC.ps1
Public Nextron YARA rules	malware	Empire - a pure PowerShell post-exploitation agent - file Persistence.psm1
Public Nextron YARA rules	malware	Empire - a pure PowerShell post-exploitation agent - file Invoke-Shellcode.ps1
Public Nextron YARA rules	malware	Empire - a pure PowerShell post-exploitation agent - file Invoke-Mimikatz.ps1
Elastic Security YARA Rules	malware	Windows.Hacktool.Mimikatz
Public Nextron YARA rules	malware	Detects PowerShell ISESteroids obfuscation
Public Nextron YARA rules	malware	Detects indicators often found in obfuscated PowerShell scripts
Public Nextron YARA rules	malware	Detects strings from scripts in the PowerShell-Suite repo
Public Nextron YARA rules	malware	Detects obfuscated PowerShell hacktools
Public Nextron YARA rules	malware	Detects suspicious PowerShell code
Public Nextron YARA rules	malware	Detects base464 encoded $ sign at the beginning of a string
Public Nextron YARA rules	malware	Detects suspicious base64 encoded PowerShell expressions
Public InfoSec YARA rules	malware	Identifies tricks often seen in malicious scripts such as moving the window off-screen or resizing it to zero.
Public Nextron YARA rules	malware	Detects strings found in Runspace Post Exploitation Toolkit
Public Nextron YARA rules	malware	Detects suspicious PowerShell code that downloads from web sites
Public Nextron YARA rules	malware	Auto-generated rule - file Invoke-Shellcode.ps1
Public Nextron YARA rules	malware	Auto-generated rule - file Invoke-Mimikatz.ps1
Public Nextron YARA rules	malware	Auto-generated rule - file Invoke-RelfectivePEInjection.ps1
Public Nextron YARA rules	malware	Auto-generated rule - file Persistence.ps1
Public Nextron YARA rules	malware	Auto-generated rule - from files Invoke-Mimikatz.ps1, Invoke-RelfectivePEInjection.ps1
Public Nextron YARA rules	malware	Auto-generated rule - from files Inveigh-BruteForce.ps1
Public Nextron YARA rules	malware	Auto-generated rule - from files Persistence.ps1
Public Nextron YARA rules	malware	Auto-generated rule - from files Inveigh-BruteForce.ps1
Public Nextron YARA rules	malware	Detects Base64 encoded PS1 Shellcode
Public Nextron YARA rules	malware	Osiris Device Guard Bypass - file Invoke-OSiRis.ps1
Public Nextron YARA rules	malware	Detects Pupy RAT
Public Nextron YARA rules	malware	Detects Pupy backdoor
Public Nextron YARA rules	malware	Detects reverse connect TCP PTY shell
Public Nextron YARA rules	malware	Detects Adzok RAT
Public Nextron YARA rules	malware	Detects Ap0calypse RAT
Public Nextron YARA rules	malware	Detects BlackShades RAT
Public Nextron YARA rules	malware	Detects BlueBanana RAT
Public Nextron YARA rules	malware	Detects Bozok RAT
Public Nextron YARA rules	malware	Detects ClientMesh RAT
Public Nextron YARA rules	malware	Detects DarkComet RAT
Public Nextron YARA rules	malware	Detects DarkRAT
Public Nextron YARA rules	malware	Detects JavaDropper RAT
Public Nextron YARA rules	malware	Detects LostDoor RAT
Public Nextron YARA rules	malware	Detects Paradox RAT
Public Nextron YARA rules	malware	Detects QRAT
Public Nextron YARA rules	malware	Detects ShadowTech RAT
Public Nextron YARA rules	malware	Detects Sub7Nation RAT
Public Nextron YARA rules	malware	Detects Vertex RAT
Public Nextron YARA rules	malware	Detects Adwind RAT
Public Nextron YARA rules	malware	Detects unrecom RAT
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
YARAhub by abuse.ch	malware	Detects STRRAT config filename
Public Nextron YARA rules	malware	Detects outputs of many different commands often used for reconnaissance purposes
Public Nextron YARA rules	malware	Detects Red Sails Hacktool - Python
Public Nextron YARA rules	malware	Detects code which uses the python lib sectools
Public Nextron YARA rules	malware	Detects an executable that has been encoded with base64 twice
Public Nextron YARA rules	malware	Detects an base64 encoded executable with reversed characters
Public Nextron YARA rules	malware	Detects a suspicious path traversal into a Windows folder
Public Nextron YARA rules	malware	Detects a suspicious base64 encoded keyword
Public Nextron YARA rules	malware	Detects a suspicious
Public Nextron YARA rules	malware	Detects suspicious string in executables
Public Nextron YARA rules	malware	Detects a suspicious command line with netsh and the portproxy command
Public Nextron YARA rules	malware	Detects method to disable ETW in ENV vars before executing a program
Public Nextron YARA rules	malware	Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN)
Public Nextron YARA rules	malware	Detects base464 encoded $ sign at the beginning of a string
Public Nextron YARA rules	malware	Detects local script usage for .URL persistence
Public Nextron YARA rules	malware	This is the syntax used for NTLM hash stealing via Responder - https://www.securify.nl/nl/blog/SFY20180501/living-off-the-land_-stealing-netntlm-hashes.html
Public Nextron YARA rules	malware	Detects possible shortcut usage for .URL persistence
Public Nextron YARA rules	malware	Detects possible shortcut usage for .URL persistence
Public Nextron YARA rules	malware	Detects possible shortcut usage for .URL persistence
Public Nextron YARA rules	malware	Detects possible shortcut usage for .URL persistence
Public Nextron YARA rules	malware	Detects possible shortcut usage for .URL persistence
RussianPanda public YARA rules	malware	Detects suspicious Internet Shortcut Files that are often used to retrieve malware
Public Nextron YARA rules	malware	Detects possible shortcut usage for .URL persistence
Public Nextron YARA rules	malware	PHP webshell obfuscated by encoding of mixed hex and dec
Public Nextron YARA rules	malware	PHP webshell which eval()s obfuscated string
Public Nextron YARA rules	malware	Known PHP Webshells which contain unique strings, lousy rule for low hanging fruits. Most are catched by other rules in here but maybe these catch different versions.
Public Nextron YARA rules	malware	Webshell regeorg JSP version
Public Nextron YARA rules	malware	Generic JSP webshell
Public Nextron YARA rules	malware	Generic JSP webshell with base64 encoded payload
Public Nextron YARA rules	malware	Generic PHP webshell which uses any eval/exec function in the same line with user input
Public Nextron YARA rules	malware	Detects a tool that can be used for privilege escalation - file gp3finder_v4.0.exe
Public Nextron YARA rules	malware	Detects a tool that can be used for privilege escalation - file folderperm.ps1
Public Nextron YARA rules	malware	Detects WinPayloads PowerShell Payload
Public Nextron YARA rules	malware	Detects simple Windows shell - file s3.exe
Public Nextron YARA rules	malware	Detects simple Windows shell - file s1.exe
Public Nextron YARA rules	malware	Detects simple Windows shell - from files keygen.exe, s1.exe, s2.exe, s3.exe, s4.exe
Public Nextron YARA rules	malware	Detects simple Windows shell - from files s3.exe, s4.exe
Public Nextron YARA rules	malware	Auto-generated rule - file WMImplant.ps1
Public Nextron YARA rules	malware	Ysoserial Payloads - file Spring1.bin
Public Nextron YARA rules	malware	Ysoserial Payloads
Public Nextron YARA rules	malware	Ysoserial Payloads - from files JavassistWeld1.bin, JBossInterceptors.bin
Public Nextron YARA rules	malware	Detects lines in log lines of Zoho products that indicate RCE fixes (silent removal of evidence)
Public Nextron YARA rules	malware	Certutil Decode
Public Nextron YARA rules	malware	NTML Hash Dump output file - John/LC format
Public Nextron YARA rules	malware	Detects payload generated by exe2hex
Public Nextron YARA rules	malware	Hunts for known strings used in Badger till release v1.2.9 when not in an encrypted state
Public Nextron YARA rules	malware	Detects NatBypass tool (also used by APT41)
Public Nextron YARA rules	malware	Detects a suspicious TeamViewer log entry stating that the remote systems had a Chinese keyboard layout
Public Nextron YARA rules	malware	Detects a suspicious TeamViewer log entry stating that the remote systems had a Russian keyboard layout
Public Nextron YARA rules	malware	Detects SALTWATER malware used in Barracuda ESG exploitations (CVE-2023-2868)
Public Nextron YARA rules	malware	Detects BPFDoor malware
Public Nextron YARA rules	malware	Detects BPFDoor implants used by Chinese actor Red Menshen
Public Nextron YARA rules	malware	Detects BPFDoor/Tricephalic Hellkeeper passive implant
Public Nextron YARA rules	malware	Detects LockBit ransomware samples for Linux and macOS
Public Nextron YARA rules	malware	Detects indicators found in LockBit ransomware log files
Public Nextron YARA rules	malware	Detects forensic artifacts found in LockBit intrusions
Public Nextron YARA rules	malware	Detects double encoded PKZIP headers as seen in HTML files used by QBot
YARAhub by abuse.ch	malware	Detects QBOT HTML smuggling variants
Public Nextron YARA rules	malware	Detects script used in ransomware attacks exploiting and encrypting ESXi servers - file encrypt.sh
Public Nextron YARA rules	malware	Detects ransomware exploiting and encrypting ESXi servers
Public Nextron YARA rules	malware	Detects Python backdoor found on ESXi servers
Public Nextron YARA rules	malware	Detects malicious script found on ESXi servers
Public Nextron YARA rules	malware	Detects mining pool protocol string in Executable
Public Nextron YARA rules	malware	Detects CoinHive - JavaScript Crypto Miner
Public Nextron YARA rules	malware	Detects Crypto Miner strings
Public Nextron YARA rules	malware	Detects command line parameters often used by crypto mining software
Public Nextron YARA rules	malware	Rule to detect the EquationLaser malware
Public Nextron YARA rules	malware	EquationDrug - HDD/SSD firmware operation - nls_933w.dll
Public Nextron YARA rules	malware	FiveEyes QUERTY Malware - file 20123_cmdDef.xml
Public Nextron YARA rules	malware	FiveEyes QUERTY Malware - file 20123.xml
Public Nextron YARA rules	malware	FiveEyes QUERTY Malware - file 20120_cmdDef.xml
Public Nextron YARA rules	malware	FiveEyes QUERTY Malware - file 20121_cmdDef.xml
Public Nextron YARA rules	malware	Malware Sample - maybe Regin related
Public Nextron YARA rules	malware	Detects Invoke-Mimikatz String
Public Nextron YARA rules	malware	Detects strings found in Runspace Post Exploitation Toolkit
Public Nextron YARA rules	malware	Generic JSP webshell
Public Nextron YARA rules	malware	Windows Credential Editor
Public Nextron YARA rules	malware	Detects Amplia Security Tool like Windows Credential Editor
Public Nextron YARA rules	malware	PwDump 6 variant
Public Nextron YARA rules	malware	PScan - Port Scanner
Public Nextron YARA rules	malware	Hacktool
Public Nextron YARA rules	malware	This signature detects the Fierce2 domain scanner
Public Nextron YARA rules	malware	This signature detects the Ncrack brute force tool
Public Nextron YARA rules	malware	This signature detects the SQLMap SQL injection tool
Public Nextron YARA rules	malware	Auto-generated rule on file PortScanner.exe
Public Nextron YARA rules	malware	Auto-generated rule on file NetBIOS Name Scanner.exe
Public Nextron YARA rules	malware	Auto-generated rule on file ipscan.exe
Public Nextron YARA rules	malware	Auto-generated rule on file IP Stealing Utilities.exe
Public Nextron YARA rules	malware	Auto-generated rule on file PortRacer.exe
Public Nextron YARA rules	malware	Auto-generated rule on file scanarator.exe
Public Nextron YARA rules	malware	Auto-generated rule on file =Bitchin Threads=.exe
Public Nextron YARA rules	malware	Auto-generated rule on file portscan.exe
Public Nextron YARA rules	malware	Auto-generated rule on file ProPort.exe
Public Nextron YARA rules	malware	Auto-generated rule on file StealthWasp's Basic PortScanner v1.2.exe
Public Nextron YARA rules	malware	Auto-generated rule on file BluesPortScan.exe
Public Nextron YARA rules	malware	Auto-generated rule on file iis.exe
Public Nextron YARA rules	malware	Auto-generated rule on file ipscan.exe
Public Nextron YARA rules	malware	Auto-generated rule on file Loader.exe
Public Nextron YARA rules	malware	Detects the backdoor Beastdoor
Public Nextron YARA rules	malware	Detects a Powershell version of the Netcat network hacking tool
Public Nextron YARA rules	malware	Detects a chinese Portscanner named MilkT
Public Nextron YARA rules	malware	Modified (packed) version of Windows Credential Editor
Public Nextron YARA rules	malware	iKAT hack tools set agent - file ikat.exe
Public Nextron YARA rules	malware	Tool to hide unhide the windows startbar from command line - iKAT hack tools - file startbar.exe
Public Nextron YARA rules	malware	Auto-generated rule - file BypassUac2.zip
Public Nextron YARA rules	malware	Auto-generated rule - file BypassUac.zip
Public Nextron YARA rules	malware	APT Malware - Proxy
Public Nextron YARA rules	malware	Disclosed hacktool set - file nc.exe
Public Nextron YARA rules	malware	Disclosed hacktool set - file cs.exe
Public Nextron YARA rules	malware	Disclosed hacktool set - file sql.exe
Public Nextron YARA rules	malware	Disclosed hacktool set - file 445TOOL.rar
Public Nextron YARA rules	malware	Disclosed hacktool set - file s.exe
Public Nextron YARA rules	malware	Disclosed hacktool set - file Burst.rar
Public Nextron YARA rules	malware	Disclosed hacktool set - file GOGOGO.bat
Public Nextron YARA rules	malware	Disclosed hacktool set - file pass.txt
Public Nextron YARA rules	malware	Disclosed hacktool set - file JoHor_Posts_Killer.exe
Public Nextron YARA rules	malware	Disclosed hacktool set - file Start.bat - DoS tool
Public Nextron YARA rules	malware	Disclosed hacktool set - file Blast.bat
Public Nextron YARA rules	malware	PoS Scammer Toolbox - http://goo.gl/xiIphp - file VUBrute.exe
Public Nextron YARA rules	malware	PoS Scammer Toolbox - http://goo.gl/xiIphp - file config.ini
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file listip.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file ArtTrayHookDll.dll
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file EditServer.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file letmein.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file token.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file webget.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file ASPack Chinese.ini
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file EditKeyLogReadMe.txt
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file readme.txt
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file EditKeyLog.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file PassSniffer.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file InjectT.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file Jc.WinEggDrop Shell.txt
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file TBack.DLL
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file Inject.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file sqlcmd.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file 2323.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file CleanIISLog.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file sqlcheck.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file RunAsEx.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file splitjoin.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file InstGina.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file findoor.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file InjectT.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file gina.dll
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file xsniff.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - file fscan.exe
Public Nextron YARA rules	malware	Disclosed hacktool set (old stuff) - from files FsHttp.exe, FsPop.exe, FsSniffer.exe
Public Nextron YARA rules	malware	Remote Admin Tool used by APT group Anunak (ru) - file AA_v3.4.exe and AA_v3.5.exe
Public Nextron YARA rules	malware	Linux hack tools - file scanssh
Public Nextron YARA rules	malware	Linux hack tools - file pscan2
Public Nextron YARA rules	malware	Linux hack tools - file a
Public Nextron YARA rules	malware	Linux hack tools - file mass
Public Nextron YARA rules	malware	Detects a Chinese hacktool from a disclosed toolset - from files XScanLib.dll, XScanLib.dll, XScanLib.dll
Public Nextron YARA rules	malware	Detects a Chinese hacktool from a disclosed toolset - file PipeCmd.exe
Public Nextron YARA rules	malware	Detects a Chinese hacktool from a disclosed toolset - file sqlr.exe
Public Nextron YARA rules	malware	Detects VSSown.vbs script - used to export shadow copy elements like NTDS to take away and crack elsewhere
Public Nextron YARA rules	malware	Network domain enumeration tool - often used by attackers - file Nv.exe
Public Nextron YARA rules	malware	Network domain enumeration tool output - often used by attackers - file filename.txt
Public Nextron YARA rules	malware	Detects Linux Port Scanner Shark
Public Nextron YARA rules	malware	Detects dnscat2 - from files dnscat, dnscat2.exe
Public Nextron YARA rules	malware	Detects Windows Credential Editor (WCE) in memory (and also on disk)
Public Nextron YARA rules	malware	Detects a tool used by APT groups - file pstgdump.exe
Public Nextron YARA rules	malware	Detects a tool used by APT groups
Public Nextron YARA rules	malware	Detects a tool used by APT groups - file fgexec.exe
Public Nextron YARA rules	malware	Detects a tool used by APT groups - from files cachedump.exe, cachedump64.exe
Public Nextron YARA rules	malware	Detects a tool used by APT groups - file PwDump.exe
Public Nextron YARA rules	malware	Detects an XML that executes Mimikatz on an endpoint via MSBuild
Public Nextron YARA rules	malware	Detects POC code from disclosed 0day hacktool set
Public Nextron YARA rules	malware	Detects a process injection utility that can be used ofr good and bad purposes
Public Nextron YARA rules	malware	Detects Lazagne PW Dumper
Public Nextron YARA rules	malware	Detects Lazagne password extractor hacktool
Public Nextron YARA rules	malware	Detects NoPowerShell hack tool
Public Nextron YARA rules	malware	Detects Pnscan port scanner
Public InfoSec YARA rules	malware	Identifies Impacket, a collection of Python classes for working with network protocols.
Public InfoSec YARA rules	malware	Identifies LaZagne, credentials recovery project.
Elastic Security YARA Rules	malware	Windows.Hacktool.Mimikatz
Public Nextron YARA rules	malware	php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings
Public Nextron YARA rules	malware	php webshell having some kind of input and using a callback to execute the payload. restricted to small files or would give lots of false positives
Public Nextron YARA rules	malware	PHP webshell which directly eval()s obfuscated string
Public Nextron YARA rules	malware	PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
Public Nextron YARA rules	malware	Known PHP Webshells which contain unique strings, lousy rule for low hanging fruits. Most are catched by other rules in here but maybe these catch different versions.
Public Nextron YARA rules	malware	Generic ASP webshell which uses any eval/exec function directly on user input
Public Nextron YARA rules	malware	Web Shell - file iMHaPFtp.php
Public Nextron YARA rules	malware	Web Shell - file guo.php
Public Nextron YARA rules	malware	Web Shell - file redcod.php
Public Nextron YARA rules	malware	Web Shell - file server.php
Public Nextron YARA rules	malware	Web Shell - file cihshell_fix.php
Public Nextron YARA rules	malware	Web Shell - file up.php
Public Nextron YARA rules	malware	Web Shell - file EFSO_2.asp
Public Nextron YARA rules	malware	Web Shell - file up.jsp
Public Nextron YARA rules	malware	Web Shell - file Server Variables.asp
Public Nextron YARA rules	malware	Web Shell - file ice.php
Public Nextron YARA rules	malware	Web Shell - file phpspy2010.php
Public Nextron YARA rules	malware	Web Shell - file ice.asp
Public Nextron YARA rules	malware	Web Shell - file 404.asp
Public Nextron YARA rules	malware	Web Shell - file webshell-cnseay02-1.php
Public Nextron YARA rules	malware	Web Shell - file fbi.php
Public Nextron YARA rules	malware	Web Shell - file B374k.php
Public Nextron YARA rules	malware	Web Shell - file list.php
Public Nextron YARA rules	malware	Web Shell - file 404.php
Public Nextron YARA rules	malware	Web Shell - file aspydrv.asp
Public Nextron YARA rules	malware	Web Shell - file Dx.php
Public Nextron YARA rules	malware	Web Shell - file MySQL Web Interface Version 0.8.php
Public Nextron YARA rules	malware	Web Shell - file odd.php
Public Nextron YARA rules	malware	Web Shell - file idc.php
Public Nextron YARA rules	malware	Web Shell - file 404.php
Public Nextron YARA rules	malware	Web Shell - file webshell-cnseay-x.php
Public Nextron YARA rules	malware	Web Shell - file up.asp
Public Nextron YARA rules	malware	Web Shell - file odd.php
Public Nextron YARA rules	malware	Web Shell - file k81.jsp
Public Nextron YARA rules	malware	Web Shell - file cmdjsp.jsp
Public Nextron YARA rules	malware	Web Shell - file Java Shell.jsp
Public Nextron YARA rules	malware	Web Shell - file r57142.php
Public Nextron YARA rules	malware	Web Shell - file simple-backdoor.php
Public Nextron YARA rules	malware	Web Shell - file cmd.php
Public Nextron YARA rules	malware	Web Shell - file co.php
Public Nextron YARA rules	malware	Web Shell - file 150.php
Public Nextron YARA rules	malware	Web Shell - file c37.php
Public Nextron YARA rules	malware	Web Shell - file b37.php
Public Nextron YARA rules	malware	Web Shell - file bug (1).php
Public Nextron YARA rules	malware	Web Shell - from files ghost_source.php, icesword.php, silic.php
Public Nextron YARA rules	malware	Web Shell
Public Nextron YARA rules	malware	Web Shell
Public Nextron YARA rules	malware	Web Shell - from files jsp-reverse.jsp, jsp-reverse.jsp, jspbd.jsp
Public Nextron YARA rules	malware	Web Shell
Public Nextron YARA rules	malware	Web Shell - from files itsec.php, PHPJackal.php, itsecteam_shell.php, jHn.php
Public Nextron YARA rules	malware	Web Shell
Public Nextron YARA rules	malware	Web Shell
Public Nextron YARA rules	malware	Web Shell - from files 000.jsp, 403.jsp, c5.jsp, config.jsp, myxx.jsp, queryDong.jsp, spyjsp2010.jsp, zend.jsp
Public Nextron YARA rules	malware	Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php
Public Nextron YARA rules	malware	Web Shell
Public Nextron YARA rules	malware	Web Shell - from files phpspy_2005_full.php, phpspy_2005_lite.php, phpspy_2006.php, PHPSPY.php
Public Nextron YARA rules	malware	Web Shell
Public Nextron YARA rules	malware	Web Shell - from files r57shell127.php, r57_kartal.php, r57.php
Public Nextron YARA rules	malware	Web shells - generated from file con2.asp
Public Nextron YARA rules	malware	Web shells - generated from file Expdoor.com ASP.asp
Public Nextron YARA rules	malware	Web shells - generated from file php2.php
Public Nextron YARA rules	malware	Web shells - generated from file bypass-iisuser-p.asp
Public Nextron YARA rules	malware	Web shells - generated from file 404super.php
Public Nextron YARA rules	malware	Web shells - generated from file JSP.jsp
Public Nextron YARA rules	malware	Web shells - generated from file webshell-123.php
Public Nextron YARA rules	malware	Web shells - generated from file dev_core.php
Public Nextron YARA rules	malware	Web shells - generated from file pHp.php
Public Nextron YARA rules	malware	Web shells - generated from file pppp.php
Public Nextron YARA rules	malware	Web shells - generated from file code.php
Public Nextron YARA rules	malware	Web shells - generated from file xxxx.php
Public Nextron YARA rules	malware	Web shells - generated from file PHP1.php
Public Nextron YARA rules	malware	Web shells - generated from file asp1.asp
Public Nextron YARA rules	malware	Web shells - generated from file php6.php
Public Nextron YARA rules	malware	Web shells - generated from file GetPostpHp.php
Public Nextron YARA rules	malware	Web shells - generated from file php5.php
Public Nextron YARA rules	malware	Web shells - generated from file PHP.php
Public Nextron YARA rules	malware	Web shells - generated from file Asp.asp
Public Nextron YARA rules	malware	Semi-Auto-generated - file perlbot.pl.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file php-backdoor.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file shankar.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Casus15.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file small.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file shellbot.pl.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file fuckphpshell.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file ngh.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file jsp-reverse.jsp.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Tool.asp.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file NT Addy.asp.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file phvayvv.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file r57shell.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file rst_sql.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file wh_bindshell.py.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file lurm_safemod_on.cgi.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file c99madshell_v2.0.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file w3d.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file WinX Shell.html.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Dx.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file csh.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file pHpINJ.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file 2008.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file ak74shell.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Rem View.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Java Shell.js.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file STNC.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file aZRaiLPhp v1.0.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file zacosmall.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file CmdAsp.asp.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file simple-backdoor.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file mysql_shell.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Dive Shell 1.0 - Emperor Hacking Team.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Asmodeus v0.1.pl.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Reader.asp.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file phpshell17.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file SimShell 1.0 - Simorgh Security MGZ.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file jspshall.jsp.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file rootshell.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file connectback2.pl.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file wso.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file backdoor1.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file elmaliseker.asp.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file s72 Shell v1.1 Coding.html.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file kacak.asp.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file PHP Backdoor Connect.pl.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Antichat Socks5 Server.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Antichat Shell v1.3.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file cyberlords_sql.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Ayyildiz Tim -AYT- Shell v 2.1 Biz.html.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file EFSO_2.asp.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file lamashell.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Ajax_PHP Command Shell.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file JspWebshell 1.2.jsp.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Sincap.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Phyton Shell.py.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file sh.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file phpjackal.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file sql.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file cgi-python.py.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file ru24_post_sh.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file telnetd.pl.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file php-include-w-shell.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file shell.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file telnet.cgi.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file ironshell.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file backdoorfr.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file aspydrv.asp.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file cmdjsp.jsp.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file h4ntu shell [powered by tsoi].txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file Ajan.asp.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file PHANTASMA.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - file MySQL Web Interface Version 0.8.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - from files nst.php.php.txt, img.php.php.txt, nstview.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - from files network.php.php.txt, xinfo.php.php.txt, nfm.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated
Public Nextron YARA rules	malware	Semi-Auto-generated - from files w.php.php.txt, wacking.php.php.txt, SpecialShell_99.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - from files r577.php.php.txt, SnIpEr_SA Shell.php.txt, r57.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - from files wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt, c100.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - from files r577.php.php.txt, r57.php.php.txt, r57 Shell.php.php.txt, spy.php.php.txt, s.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - from files multiple_php_webshells
Public Nextron YARA rules	malware	Semi-Auto-generated - from files w.php.php.txt, c99madshell_v2.1.php.php.txt, wacking.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated
Public Nextron YARA rules	malware	Semi-Auto-generated - from files nst.php.php.txt, cybershell.php.php.txt, img.php.php.txt, nstview.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated
Public Nextron YARA rules	malware	Semi-Auto-generated - from files r577.php.php.txt, r57.php.php.txt, spy.php.php.txt, s.php.php.txt
Public Nextron YARA rules	malware	Semi-Auto-generated
Public Nextron YARA rules	malware	Looks like a webshell cloaked as GIF - http://goo.gl/xFvioC
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file dC3_Security_Crew_Shell_PRiV.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file simattacker.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file DTool Pro.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file ironshell.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file b374k-mini-shell-php.php.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file Sincap 1.0.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file b374k.php.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file h4ntu shell [powered by tsoi].php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file MyShell.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file pws.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file reader.asp.php.txt
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file php-backdoor.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file pHpINJ.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file NGH.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file matamu.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file ru24_post_sh.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file hiddens shell v1.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file c99_locus7s.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file safe0ver.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file kral.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file cgitelnet.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file NTDaddy v1.9.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file lamashell.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file Simple_PHP_backdoor_by_DK.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file CmdAsp.asp.php.txt
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file NCC-Shell.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file README.md
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file backupsql.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file AK-74 Security Team Web Shell Beta Version.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file cpanel.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file 529.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file qsd-php-backdoor.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file Ayyildiz Tim -AYT- Shell v 2.1 Biz.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file Gamma Web Shell.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file WinX Shell.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file php-include-w-shell.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file PhpSpy Ver 2006.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file myshell.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file lolipop.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file simple_cmd.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file go-shell.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file aZRaiLPhp v1.0.php
Public Nextron YARA rules	malware	Webshells Github Archive - file zehir4
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file zehir4.asp.php.txt
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file lostDC.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file CasuS 1.5.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - from files Ajax_PHP Command Shell.php, Ajax_PHP_Command_Shell.php, soldierofallah.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - from files Small Web Shell by ZaCo.php, small.php, zaco.php, zacosmall.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - from files CrystalShell v.1.php, erne.php, stres.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive - from files findsock.c, php-findsock-shell.php, php-reverse-shell.php
Public Nextron YARA rules	malware	PHP Webshells Github Archive
Public Nextron YARA rules	malware	Webshells Auto-generated - file Injectt.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file ssh.php
Public Nextron YARA rules	malware	Webshells Auto-generated - file Client.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file ZXshell.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file RkNTLoad.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file binder2.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file orice2.php
Public Nextron YARA rules	malware	Webshells Auto-generated - file sendmail.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file zehir4.asp
Public Nextron YARA rules	malware	Webshells Auto-generated - file hkshell.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file DarkSpy105.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file EditServer.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file reader.asp
Public Nextron YARA rules	malware	Webshells Auto-generated - file svchostdll.dll
Public Nextron YARA rules	malware	Webshells Auto-generated - file server.asp
Public Nextron YARA rules	malware	Webshells Auto-generated - file vanquish.dll
Public Nextron YARA rules	malware	Webshells Auto-generated - file Client.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file Simple_PHP_BackDooR.php
Public Nextron YARA rules	malware	Webshells Auto-generated - file hkrmv.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file phpft.php
Public Nextron YARA rules	malware	Webshells Auto-generated - file bdcli100.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file rdrbs084.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file 2005.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file casus15.php
Public Nextron YARA rules	malware	Webshells Auto-generated - file installer.cmd
Public Nextron YARA rules	malware	Webshells Auto-generated - file elmaliseker.asp
Public Nextron YARA rules	malware	Webshells Auto-generated - file resolve.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file Fport.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file upload.asp
Public Nextron YARA rules	malware	Webshells Auto-generated - file PasswordReminder.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file RkNT.dll
Public Nextron YARA rules	malware	Webshells Auto-generated - file dbgntboot.dll
Public Nextron YARA rules	malware	Webshells Auto-generated - file shell.php
Public Nextron YARA rules	malware	Webshells Auto-generated - file rdrbs100.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file Mithril.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file hkdoordll.dll
Public Nextron YARA rules	malware	Webshells Auto-generated - file dllTest.dll
Public Nextron YARA rules	malware	Webshells Auto-generated - file dbgiis6cli.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file cress.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file usr.php
Public Nextron YARA rules	malware	Webshells Auto-generated - file phpinj.php
Public Nextron YARA rules	malware	Webshells Auto-generated - file db.asp
Public Nextron YARA rules	malware	Webshells Auto-generated - file EditServer.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file by064cli.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file dllTest.dll
Public Nextron YARA rules	malware	Webshells Auto-generated - file connector.asp
Public Nextron YARA rules	malware	Webshells Auto-generated - file HideRun.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file PHP_Shell_v1.7.php
Public Nextron YARA rules	malware	Webshells Auto-generated - file save.asp
Public Nextron YARA rules	malware	Webshells Auto-generated - file screencap.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file zxrecv.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file deploy.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file by063cli.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file asp.asp
Public Nextron YARA rules	malware	Webshells Auto-generated - file ntboot.dll
Public Nextron YARA rules	malware	Webshells Auto-generated - file xwhois.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file vanquish.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file nc.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file Server.exe
Public Nextron YARA rules	malware	Webshells Auto-generated - file 2006.asp
Public Nextron YARA rules	malware	Webshells Auto-generated - file HDConfig.exe
Public Nextron YARA rules	malware	Webshell and Exploit Code in relation with APT against Honk Kong protesters
Public Nextron YARA rules	malware	Detects a web shell that downloads content from pastebin.com http://goo.gl/7dbyZs
Public Nextron YARA rules	malware	Detects C99 Webshell
Public Nextron YARA rules	malware	Detects Webshell - rule generated from from files Backdoor.PHP.Agent.php, r57.mod-bizzz.shell.txt ...
Public Nextron YARA rules	malware	Detects Webshell - rule generated from from files c100 v. 777shell
Public Nextron YARA rules	malware	Detects a web shell
Public Nextron YARA rules	malware	Detects a simple cloaked PHP web shell
Public Nextron YARA rules	malware	Detects web shell often used by Iranian APT groups
Public Nextron YARA rules	malware	Detects properties file of Confluence Questions plugin with static user name and password (backdoor) CVE-2022-26138
Public Nextron YARA rules	malware	Detects JQuery File Upload vulnerability CVE-2018-9206
Public Nextron YARA rules	malware	Detects backdoored PHP zlib version
Public Nextron YARA rules	malware	Detects a vulnerable GIGABYTE driver sometimes used by malicious actors to escalate privileges
Public Nextron YARA rules	malware	Detects ASPX web shells as being used in MOVEit Transfer exploitation
Public Nextron YARA rules	malware	Detects a potential compromise indicator found in MOVEit Transfer logs
Public Nextron YARA rules	malware	Detects a potential compromise indicator found in MOVEit Transfer logs
Public Nextron YARA rules	malware	Detects a potential compromise indicator found in MOVEit DMZ Web API logs
Public Nextron YARA rules	malware	Detects logs generated after a successful exploitation using the PoC code against CVE-2022-41040 and CVE-2022-41082 (aka ProxyNotShell) in Microsoft Exchange servers
Public Nextron YARA rules	malware	REGEORG_Tuneller_generic
Public Nextron YARA rules	malware	Generic ASP webshell which uses any eval/exec function directly on user input
ClamAV	malicious	Legacy.Trojan.Agent-37025

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

github.com/Neo23x0/signature-base/archive/master.zip

140.82.121.3

302 Found

0 B

URL User Request GET HTTP/2
github.com/Neo23x0/signature-base/archive/master.zip
IP
140.82.121.3:443
ASN
#36459 GITHUB

Certificate
IssuerSectigo Limited
Subjectgithub.com
FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0
ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /Neo23x0/signature-base/archive/master.zip HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: GitHub.com
date: Tue, 28 Jan 2025 12:49:51 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://codeload.github.com/Neo23x0/signature-base/zip/refs/heads/master
cache-control: max-age=0, private
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: C972:24BC10:7C0888:7EC3F2:6798D26F
X-Firefox-Spdy: h2

codeload.github.com/Neo23x0/signature-base/zip/refs/heads/master

140.82.121.9

200 OK

4.0 MB

URL User Request GET HTTP/2
codeload.github.com/Neo23x0/signature-base/zip/refs/heads/master
IP
140.82.121.9:443
ASN
#36459 GITHUB

Certificate
IssuerSectigo Limited
Subject*.github.com
Fingerprint0D:F6:EC:50:FA:ED:AE:6E:13:AF:82:94:52:F7:11:1B:0A:CF:7C:20
ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
4.0 MB (3973193 bytes)
Hash
d0950f3ec9bb8a614dc0735968f4201b
593250b97e4eb8e770742697ec30240f5ec372c0
16fbfff0c36715c91d8c35bb47ec27706dd25c7c4defa32be5a293dad03e2058

Detections

Analyzer	Verdict	Alert
ClamAV	malicious	Legacy.Trojan.Agent-37025

HTTP Headers

GET /Neo23x0/signature-base/zip/refs/heads/master HTTP/1.1
Host: codeload.github.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: https://render.githubusercontent.com
content-disposition: attachment; filename=signature-base-master.zip
content-length: 3973193
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/zip
cross-origin-resource-policy: cross-origin
etag: W/"adc0904d91c3c8eba84c69f6be3156435bff77a445d490296742e6737af20dd1"
strict-transport-security: max-age=31536000
vary: Authorization,Accept-Encoding,Origin
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
date: Tue, 28 Jan 2025 12:49:51 GMT
x-github-request-id: 79A8:1ECF2:52201:5A045:6798D26F
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (716)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers