-
Notifications
You must be signed in to change notification settings - Fork 605
/
sig-base-rules.csv
We can't make this file beautiful and searchable because it's too large.
3216 lines (3216 loc) · 601 KB
/
sig-base-rules.csv
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
ACE_Containing_EXE;Looks for ACE Archives containing an exe/scr file;-;2015-09-09 00:00:00;50;Florian Roth - based on Nick Hoffman' rule - Morphick Inc;FILE;25e3ffe70795c56ef869c65149c41c71
ALFA_SHELL;Detects web shell often used by Iranian APT groups;Internal Research - APT33;2017-09-21 00:00:00;75;Florian Roth;APT,WEBSHELL;469453dad2fbae30d38aafa5fc8ad6a7
APT10_Malware_Sample_Gen;APT 10 / Cloud Hopper malware campaign;https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html;2017-04-06 00:00:00;80;Florian Roth;APT,CHINA,GEN,MAL;0649cdaf2bf2c92d9b510d04f8f3bfe0
APT12_Malware_Aug17;Detects APT 12 Malware;http://blog.macnica.net/blog/2017/08/post-fb81.html;2017-08-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;389a7a0aba0ca219a35d24f7cce571cc
APT15_Malware_Mar18_BS2005;Detects malware from APT 15 report by NCC Group;https://goo.gl/HZ5XMN;2018-03-10 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;f16b4312e0d0dde001dc6af87c8789b5
APT15_Malware_Mar18_MSExchangeTool;Detects malware from APT 15 report by NCC Group;https://goo.gl/HZ5XMN;2018-03-10 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;63dd5feec94e34664b2264fdf8460484
APT15_Malware_Mar18_RoyalCli;Detects malware from APT 15 report by NCC Group;https://goo.gl/HZ5XMN;2018-03-10 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;73c96ae158f506c87d0537333b80e3c5
APT15_Malware_Mar18_RoyalDNS;Detects malware from APT 15 report by NCC Group;https://goo.gl/HZ5XMN;2018-03-10 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;9c2fb9f5dba2cbf05cd3a259aa9b453d
APT17_Malware_Oct17_1;Detects APT17 malware;https://goo.gl/puVc9q;2017-10-03 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;08b41a3e2a062f8d9acd219263b7f035
APT17_Malware_Oct17_2;Detects APT17 malware;https://goo.gl/puVc9q;2017-10-03 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;88c86ccb80f6a61690facd025dd17946
APT17_Malware_Oct17_Gen;Detects APT17 malware;https://goo.gl/puVc9q;2017-10-03 00:00:00;75;Florian Roth;APT,EXE,FILE,GEN,MAL;fe6b57c0e6c98d344bb2842615a68161
APT17_Sample_FXSST_DLL;Detects Samples related to APT17 activity - file FXSST.DLL;https://goo.gl/ZiJyQv;2015-05-14 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;2ac052f29ea53de7a58b4b73502d2229
APT17_Unsigned_Symantec_Binary_EFA;Detects APT17 malware;https://goo.gl/puVc9q;2017-10-03 00:00:00;75;Florian Roth;APT,EXE,FILE;01ab888843f68b2902c7f5a69c1abe33
APT28_CHOPSTICK;Detects a malware that behaves like CHOPSTICK mentioned in APT28 report;https://goo.gl/v3ebal;2015-06-02 00:00:00;60;Florian Roth;APT,EXE,FILE,RUSSIA;7cce8362c5381282c0df3eb6c3eb9156
APT28_HospitalityMalware_document;Yara Rule for APT28_Hospitality_Malware document identification;http://csecybsec.com/download/zlab/APT28_Hospitality_Malware_report.pdf;1970-01-01 01:00:00;75;CSE CybSec Enterprise - Z-Lab;APT,MAL,RUSSIA;3f5c202664a898ea2c371851aae63d32
APT28_HospitalityMalware_mvtband_file;Yara Rule for mvtband.dll malware;http://csecybsec.com/download/zlab/APT28_Hospitality_Malware_report.pdf;1970-01-01 01:00:00;75;CSE CybSec Enterprise - Z-Lab;EXTVAR,RUSSIA;b8b0d2a41f42aa2529ae15ec986e1e3f
APT28_SourFace_Malware1;Detects Malware from APT28 incident - SOURFACE is a downloader that obtains a second-stage backdoor from a C2 server.;https://www.fireeye.com/blog/threat-research/2014/10/apt28-a-window-into-russias-cyber-espionage-operations.html;2015-06-01 00:00:00;60;Florian Roth;APT,EXE,FILE,MAL,RUSSIA;02aedce037d2125858f8e19dd988556d
APT28_SourFace_Malware2;Detects Malware from APT28 incident - SOURFACE is a downloader that obtains a second-stage backdoor from a C2 server.;https://www.fireeye.com/blog/threat-research/2014/10/apt28-a-window-into-russias-cyber-espionage-operations.html;2015-06-01 00:00:00;60;Florian Roth;APT,EXE,FILE,MAL,RUSSIA;05b146ef78dc991baee4121b4c702c3b
APT28_SourFace_Malware3;Detects Malware from APT28 incident - SOURFACE is a downloader that obtains a second-stage backdoor from a C2 server.;https://www.fireeye.com/blog/threat-research/2014/10/apt28-a-window-into-russias-cyber-espionage-operations.html;2015-06-01 00:00:00;60;Florian Roth;APT,EXE,FILE,MAL,RUSSIA;178a2c12a1bac4d04c92fae9f90f159c
APT30_Generic_1;FireEye APT30 Report Sample;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;fe1d94587cebf1518cc407ffe6ab38f4
APT30_Generic_2;FireEye APT30 Report Sample - from many files;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;5da8fa4357c3fd250ce879b543b61a28
APT30_Generic_3;FireEye APT30 Report Sample;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;bf9bb849cd6b71f57dc258a0f4c815b0
APT30_Generic_4;FireEye APT30 Report Sample;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;cc1fc38876cf2475a899b4bd8260fac4
APT30_Generic_5;FireEye APT30 Report Sample;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;8d9c92e796d19542b77a5f82e70f8591
APT30_Generic_6;FireEye APT30 Report Sample;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;991e6f873e99c148692e9159583b73cf
APT30_Generic_7;FireEye APT30 Report Sample;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;4aee9ac419c2d05737a23dfcdffd1cb4
APT30_Generic_8;FireEye APT30 Report Sample;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;05b8fb856120648c596b8ceec7a510b8
APT30_Generic_9;FireEye APT30 Report Sample;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;73e89128560cf46d4230faed5a457b46
APT30_Generic_A;FireEye APT30 Report Sample - file af1c1c5d8031c4942630b6a10270d8f4;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;a9a85fb6c4a338a71e8a30716145f12f
APT30_Generic_B;FireEye APT30 Report Sample - file 29395c528693b69233c1c12bef8a64b3;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;a0534ff9c4f277fb354c2f7b3f58fbc8
APT30_Generic_C;FireEye APT30 Report Sample - file 0c4fcef3b583d0ffffc2b14b9297d3a4;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;2879b2af568ca54a3348416e449f189c
APT30_Generic_D;FireEye APT30 Report Sample - file 597805832d45d522c4882f21db800ecf;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;c33de9e37ff6277b302bb8194755c682
APT30_Generic_E;FireEye APT30 Report Sample - file 8ff473bedbcc77df2c49a91167b1abeb;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;e4a30568e98b12f3718e850d7ee35d97
APT30_Generic_E_v2;FireEye APT30 Report Sample - file 71f25831681c19ea17b2f2a84a41bbfb;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;22141fbdcca6b014f9566519cd7c298a
APT30_Generic_F;FireEye APT30 Report Sample - file 4c10a1efed25b828e4785d9526507fbc;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;a20b2bce01631cdc7f5eead7244ad533
APT30_Generic_G;FireEye APT30 Report Sample - file 53f1358cbc298da96ec56e9a08851b4b;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;e9511d1a54b3a5471fb26c191793007d
APT30_Generic_H;FireEye APT30 Report Sample - file db3e5c2f2ce07c2d3fa38d6fc1ceb854;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;afec35d66fa2b1735045e03f20b988d8
APT30_Generic_I;FireEye APT30 Report Sample - file fe211c7a081c1dac46e3935f7c614549;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;3443195777e0c12a1a59b13b3def6bee
APT30_Generic_J;FireEye APT30 Report Sample - file baff5262ae01a9217b10fcd5dad9d1d5;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;d8843c47f355a0126011a2bdf6e899b1
APT30_Generic_K;FireEye APT30 Report Sample - file b5a343d11e1f7340de99118ce9fc1bbb;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE,GEN;7b54039f2298405d3426794afbe69948
APT30_Microfost;FireEye APT30 Report Sample - file 310a4a62ba3765cbf8e8bbb9f324c503;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;8d43f03efce7c13905060a6d5239dc1d
APT30_Sample_10;FireEye APT30 Report Sample - file 8c713117af4ca6bbd69292a78069e75b;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;f1ad8a3c0803f9d74c27eacd1c96c51a
APT30_Sample_11;FireEye APT30 Report Sample - file d97aace631d6f089595f5ce177f54a39;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;14ca1d119f921ebb0a551287ab221272
APT30_Sample_12;FireEye APT30 Report Sample - file c95cd106c1fecbd500f4b97566d8dc96;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;57c8a9ade58f4b474a3d8d12c317b2ae
APT30_Sample_13;FireEye APT30 Report Sample - file 95bb314fe8fdbe4df31a6d23b0d378bc;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;177691765cc479d1d7855d08fc2aef14
APT30_Sample_14;FireEye APT30 Report Sample - file 6f931c15789d234881be8ae8ccfe33f4;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;7ba755fcc71af84a84b29a0731e455ff
APT30_Sample_15;FireEye APT30 Report Sample - file e26a2afaaddfb09d9ede505c6f1cc4e3;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;409c2c6270d7b3f5af3617fd4e84e623
APT30_Sample_16;FireEye APT30 Report Sample - file 37e568bed4ae057e548439dc811b4d3a;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;1467c951d41899bac55e7ea7f6dfc819
APT30_Sample_17;FireEye APT30 Report Sample - file 23813c5bf6a7af322b40bd2fd94bd42e;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;349e51ebbcca4928e207d36dd92a554b
APT30_Sample_18;FireEye APT30 Report Sample - file b2138a57f723326eda5a26d2dec56851;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;0772747cbbac471913191d5291a42572
APT30_Sample_19;FireEye APT30 Report Sample - file 5d4f2871fd1818527ebd65b0ff930a77;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;0762804dab920ccca6a4463457c5824a
APT30_Sample_1;FireEye APT30 Report Sample - file 4c6b21e98ca03e0ef0910e07cef45dac;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;1b9d4a94c6f1bcb1e82a63a6365484c7
APT30_Sample_20;FireEye APT30 Report Sample - file 5ae51243647b7d03a5cb20dccbc0d561;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;4e4615a9dbefa88a3cbdd39ec25c1b54
APT30_Sample_21;FireEye APT30 Report Sample - file 78c4fcee5b7fdbabf3b9941225d95166;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;aaf852089c60a676f2337579066b53d0
APT30_Sample_22;FireEye APT30 Report Sample - file fad06d7b4450c4631302264486611ec3;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;d32e02724030536f5111eda2c4b2a515
APT30_Sample_23;FireEye APT30 Report Sample - file a5ca2c5b4d8c0c1bc93570ed13dcab1a;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;564ecfff275f5e4a48dc5838d24bafc2
APT30_Sample_24;FireEye APT30 Report Sample - file 062fe1336459a851bd0ea271bb2afe35;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;c58c25f17ab1b86165a4fffa6272cbac
APT30_Sample_25;FireEye APT30 Report Sample - file c4c068200ad8033a0f0cf28507b51842;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;8b2bdcc232d698858b6f08cf30774b83
APT30_Sample_26;FireEye APT30 Report Sample - file 428fc53c84e921ac518e54a5d055f54a;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;c3ab3ebe8a2505ec6567411f54b1cbfb
APT30_Sample_27;FireEye APT30 Report Sample - file d38e02eac7e3b299b46ff2607dd0f288;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;f9cadec46c18a434ddfb4f685d6ecf9d
APT30_Sample_28;FireEye APT30 Report Sample - file e62a63307deead5c9fcca6b9a2d51fb0;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;d31f17012fbb5f3982902660788945c2
APT30_Sample_29;FireEye APT30 Report Sample - file 1b81b80ff0edf57da2440456d516cc90;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;35f722d2d0fdc6212953d8c046d55a74
APT30_Sample_2;FireEye APT30 Report Sample - file c4dec6d69d8035d481e4f2c86f580e81;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;3333c6d5755d334a287d3a013c6953db
APT30_Sample_30;FireEye APT30 Report Sample - file bf8616bbed6d804a3dea09b230c2ab0c;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;1e06ca1cc167639ccac881b93e5e0eb2
APT30_Sample_31;FireEye APT30 Report Sample - file d8e68db503f4155ed1aeba95d1f5e3e4;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;a27a27964a61ad2d78eddf76eac6ab65
APT30_Sample_33;FireEye APT30 Report Sample - file 5eaf3deaaf2efac92c73ada82a651afe;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;70e471485ef80e48097b1839332faa4e
APT30_Sample_34;FireEye APT30 Report Sample - file a9e8e402a7ee459e4896d0ba83543684;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;3170af458456cb72a3a27d9e7d349767
APT30_Sample_35;FireEye APT30 Report Sample - file 414854a9b40f7757ed7bfc6a1b01250f;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;8e4583021e94a2f804e4de286a81a011
APT30_Sample_3;FireEye APT30 Report Sample - file 59e055cee87d8faf6f701293e5830b5a;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;78a32fff1fde9b722ace5ed7e10bd31e
APT30_Sample_4;FireEye APT30 Report Sample - file 6ba315275561d99b1eb8fc614ff0b2b3;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;8c85fd66417d880198fcc7237800fa69
APT30_Sample_5;FireEye APT30 Report Sample - file ebf42e8b532e2f3b19046b028b5dfb23;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;f658f116c06cac879213d69e8f669b40
APT30_Sample_6;FireEye APT30 Report Sample - file ee1b23c97f809151805792f8778ead74;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;05282a8a968e6797220b07b7b437f6c7
APT30_Sample_7;FireEye APT30 Report Sample - file 74b87086887e0c67ffb035069b195ac7;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;b35e34d35f51e98f02aa47039ea1a7f6
APT30_Sample_8;FireEye APT30 Report Sample - file 44b98f22155f420af4528d17bb4a5ec8;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;9c3cff51e5b163f9b9a1ffda24048705
APT30_Sample_9;FireEye APT30 Report Sample - file e3ae3cbc024e39121c87d73e87bb2210;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;75;Florian Roth;APT,FILE;c890bfe8b5df7a67ddaab42857af47a6
APT34_Malware_Exeruner;Detects APT 34 malware;https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html;2017-12-07 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL,MIDDLE_EAST;69ada7dd7d1f48ce90aa156b84dd752b
APT34_Malware_HTA;Detects APT 34 malware;https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html;2017-12-07 00:00:00;75;Florian Roth;APT,MAL,MIDDLE_EAST;819d957427d626ea2ec2851b1c5fe99c
APT6_Malware_Sample_Gen;Rule written for 2 malware samples that communicated to APT6 C2 servers;https://otx.alienvault.com/pulse/56c4d1664637f26ad04e5b73/;2016-04-09 00:00:00;80;Florian Roth;APT,EXE,FILE,GEN,MAL;a0fb19cb9984d92bc59db250ce6ed255
APTGroupX_PlugXTrojanLoader_StringDecode;Rule to detect PlugX Malware;https://t.co/4xQ8G2mNap;1970-01-01 01:00:00;80;Jay DiMartino;MAL;f9300e67d61b85f3be3f9161b362d1ad
APT_APT10_Malware_Imphash_Dec18_1;Detects APT10 malware based on ImpHashes;AlienVault OTX IOCs - statistical sample analysis;2018-12-28 00:00:00;75;Florian Roth;APT,CHINA,EXE,FILE,MAL;6e2087b6abb48da2f67d25c43a8d95b1
APT_APT28_Cannon_Trojan_Nov18_1;Detects Cannon Trojan used by Sofacy;https://researchcenter.paloaltonetworks.com/2018/11/unit42-sofacy-continues-global-attacks-wheels-new-cannon-trojan/;2018-11-20 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL,RUSSIA;874b39ec14a7d1f15a0b6095ed66f33a
APT_Area1_SSF_GoogleSend_Strings;Detects send tool used in phishing campaign reported by Area 1 in December 2018;https://cdn.area1security.com/reports/Area-1-Security-PhishingDiplomacy.pdf;2018-12-19 00:00:00;75;Area 1 (modified by Florian Roth);APT,EXE,FILE;0a23b99fcbf29d6e0e24d8b0487f0f93
APT_Area1_SSF_PlugX;Detects send tool used in phishing campaign reported by Area 1 in December 2018;https://cdn.area1security.com/reports/Area-1-Security-PhishingDiplomacy.pdf;2018-12-19 00:00:00;75;Area 1;APT;fdf36018ac3dac89649c94a139ed1539
APT_Cloaked_PsExec;Looks like a cloaked PsExec. May be APT group activity.;-;2014-07-18 00:00:00;60;Florian Roth;APT,EXE,EXTVAR,FILE;0443bf568d17de127ae3eaaa789a156b
APT_Cloaked_ScanLine;Looks like a cloaked ScanLine Port Scanner. May be APT group activity.;-;2014-07-18 00:00:00;50;Florian Roth;APT,EXE,EXTVAR,FILE,HKTL;a2b258e6701a526d5afb3850fd52083d
APT_Cloaked_SuperScan;Looks like a cloaked SuperScan Port Scanner. May be APT group activity.;-;2014-07-18 00:00:00;50;Florian Roth;APT,EXE,EXTVAR,FILE,HKTL;907a9e92a733e7a9d8df45fb93a0d023
APT_CobaltStrike_Beacon_Indicator;Detects CobaltStrike beacons;https://github.com/JPCERTCC/aa-tools/blob/master/cobaltstrikescan.py;2018-11-09 00:00:00;75;JPCERT;APT,EXE,FILE;5380485dc275908e4cac5731b8cc9a08
APT_DarkHydrus_Jul18_1;Detects strings found in malware samples in APT report in DarkHydrus;https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/;2018-07-28 00:00:00;75;Florian Roth;APT,EXE,FILE,MIDDLE_EAST;b651d033ca15b5028ad57c7886f5a343
APT_DarkHydrus_Jul18_2;Detects strings found in malware samples in APT report in DarkHydrus;https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/;2018-07-28 00:00:00;75;Florian Roth;APT,EXE,FILE,MIDDLE_EAST;f84af612bfe4e856885feaaa6c911b08
APT_DarkHydrus_Jul18_3;Detects strings found in malware samples in APT report in DarkHydrus;https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/;2018-07-28 00:00:00;75;Florian Roth;APT,EXE,FILE,MIDDLE_EAST;69b866acc6899c583919db3e7e09ebda
APT_DarkHydrus_Jul18_4;Detects strings found in malware samples in APT report in DarkHydrus;https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/;2018-07-28 00:00:00;75;Florian Roth;APT,EXE,FILE,MIDDLE_EAST;9c57a24ada5685d6e6b93ab4bfea7637
APT_DarkHydrus_Jul18_5;Detects strings found in malware samples in APT report in DarkHydrus;https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/;2018-07-28 00:00:00;75;Florian Roth;APT,EXE,FILE,MIDDLE_EAST;e84e68b7618884588bd6f776c6b0d689
APT_DonotTeam_YTYframework;Modular malware framework with similarities to EHDevel;arbornetworks.com/blog/asert/don;2018-08-03 00:00:00;75;James E.C, ProofPoint;APT,FILE;136f2bdeeda5a19363961d060331947c
APT_FIN7_EXE_Sample_Aug18_10;Detects sample from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;75;Florian Roth;APT,EXE,FILE,RUSSIA;c5db62ea6f8b5e4576258bea857020fd
APT_FIN7_EXE_Sample_Aug18_1;Detects sample from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;75;Florian Roth;APT,EXE,FILE,RUSSIA;aa76e34953d18a24728d0f4217c6586f
APT_FIN7_EXE_Sample_Aug18_2;Detects sample from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;75;Florian Roth;APT,EXE,FILE,RUSSIA;9a953dcd27e95bca8e8c062e5a748ce1
APT_FIN7_EXE_Sample_Aug18_3;Detects sample from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;75;Florian Roth;APT,EXE,FILE,RUSSIA;9a4375419e88fa4ddba9fec09d42af1f
APT_FIN7_EXE_Sample_Aug18_4;Detects sample from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;75;Florian Roth;APT,EXE,FILE,RUSSIA;ebeb4eed696df08f224dad1dbb039677
APT_FIN7_EXE_Sample_Aug18_5;Detects sample from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;75;Florian Roth;APT,EXE,FILE,RUSSIA;0d28c3976fdbe57bbfd0e494374d4fe9
APT_FIN7_EXE_Sample_Aug18_6;Detects sample from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;75;Florian Roth;APT,EXE,FILE,RUSSIA;aa3c712d6085d59a241c5b25604692d0
APT_FIN7_EXE_Sample_Aug18_7;Detects sample from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;75;Florian Roth;APT,EXE,FILE,RUSSIA;8bb7bd379468c65dba3fd69188de4527
APT_FIN7_EXE_Sample_Aug18_8;Detects sample from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;75;Florian Roth;APT,EXE,FILE,RUSSIA;cc7341764212bef3c1e1ccb7c6ab66bb
APT_FIN7_MalDoc_Aug18_1;Detects malicious Doc from FIN7 campaign;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;75;Florian Roth;APT,RUSSIA;b867d4a326ef36a400372e4e76462760
APT_FIN7_Sample_Aug18_1;Detects FIN7 samples mentioned in FireEye report;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;75;Florian Roth;APT,FILE,RUSSIA;c2acdcf6f4989a335e0fa5dd4b31e8e0
APT_FIN7_Sample_Aug18_2;Detects FIN7 malware sample;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;75;Florian Roth;APT,FILE,RUSSIA;0df1456663be95d991e03d35c2a8c018
APT_FIN7_Sample_EXE_Aug18_1;Detects FIN7 Sample;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;75;Florian Roth;APT,EXE,FILE,RUSSIA;dfb8dcf78be259a2ff4c6db2d4ea009c
APT_FIN7_Strings_Aug18_1;Detects strings from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;75;Florian Roth;APT,RUSSIA;130d7a4b3d12d94331598ae75184f512
APT_FallChill_RC4_Keys;Detects FallChill RC4 keys;https://securelist.com/operation-applejeus/87553/;2018-08-21 00:00:00;75;Florian Roth;APT,EXE,FILE;4b5013fcabc0b64d3e57daa4b1423436
APT_GreyEnergy_Malware_Oct18_1;Detects samples from Grey Energy report;https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/;2018-10-17 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;417bb04c18efa14ede7f2187a5e81ab1
APT_GreyEnergy_Malware_Oct18_2;Detects samples from Grey Energy report;https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/;2018-10-17 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;25494921f5c155770a1ed4d19850e2d4
APT_GreyEnergy_Malware_Oct18_3;Detects samples from Grey Energy report;https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/;2018-10-17 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;a2fb0917d72762344f9526d6e7c27417
APT_GreyEnergy_Malware_Oct18_4;Detects samples from Grey Energy report;https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/;2018-10-17 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;713a4f65c36c19c4ebe7d523fe29f5ac
APT_GreyEnergy_Malware_Oct18_5;Detects samples from Grey Energy report;https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/;2018-10-17 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;b7e2162f7eb8bd8aba59a91e2ac7fb43
APT_HiddenCobra_GhostSecret_1;Detects Hidden Cobra Sample;https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/;2018-08-11 00:00:00;75;Florian Roth;APT,EXE,FILE,NK;0396d3a9a2714271358ea538a2b21da2
APT_HiddenCobra_GhostSecret_2;Detects Hidden Cobra Sample;https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/;2018-08-11 00:00:00;75;Florian Roth;APT,EXE,FILE,NK;c03b4c575274fe92be010449bd65f112
APT_HiddenCobra_enc_PK_header;Hidden Cobra - Detects trojan with encrypted header;https://www.us-cert.gov/ncas/analysis-reports/AR18-165A;2018-04-12 00:00:00;75;NCCIC trusted 3rd party - Edit: Tobias Michalski;APT,FILE,NK;2502e27de56191163efa6acc51bb1061
APT_HiddenCobra_import_obfuscation_2;Hidden Cobra - Detects remote access trojan;https://www.us-cert.gov/ncas/analysis-reports/AR18-165A;2018-04-12 00:00:00;75;NCCIC trusted 3rd party - Edit: Tobias Michalski;APT,FILE,NK,OBFUS;c114694e143f8cb1e511cbe3ccc28fd0
APT_Kaspersky_Duqu2_SamsungPrint;Kaspersky APT Report - Duqu2 Sample - file 2a9a5afc342cde12c6eb9a91ad29f7afdfd8f0fb17b983dcfddceccfbc17af69;https://goo.gl/7yKyOj;2015-06-10 00:00:00;75;Florian Roth;APT,EXE,FILE;47745f831e1771d08f56c5f3f550612b
APT_Kaspersky_Duqu2_msi3_32;Kaspersky APT Report - Duqu2 Sample - file d8a849654ab97debaf28ae5b749c3b1ff1812ea49978713853333db48c3972c3;https://goo.gl/7yKyOj;2015-06-10 00:00:00;75;Florian Roth;APT,EXE,FILE;242dda6b6b6acbb4a231f071e30df518
APT_Kaspersky_Duqu2_procexp;Kaspersky APT Report - Duqu2 Sample - Malicious MSI;https://goo.gl/7yKyOj;2015-06-10 00:00:00;75;Florian Roth;APT,EXE,FILE;e05f23fa6212b7879ad5c54ef5c567f1
APT_Lazarus_Aug18_1;Detects Lazarus Group Malware;https://securelist.com/operation-applejeus/87553/;2018-08-24 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL,NK;b968cecce9632b4f5e359819edf14bad
APT_Lazarus_Aug18_2;Detects Lazarus Group Malware;https://securelist.com/operation-applejeus/87553/;2018-08-24 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL,NK;0247f90fa9095549dc79ab5dfaa9afb9
APT_Lazarus_Aug18_Downloader_1;Detects Lazarus Group Malware Downloadery;https://securelist.com/operation-applejeus/87553/;2018-08-24 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL,NK;63151c7429dba5ee7cfb74287147456b
APT_Lazarus_Dropper_Jun18_1;Detects Lazarus Group Dropper;https://twitter.com/DrunkBinary/status/1002587521073721346;2018-06-01 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL,NK;2e5ab44793cc3a4f8669162213309c47
APT_Lazarus_RAT_Jun18_1;Detects Lazarus Group RAT;https://twitter.com/DrunkBinary/status/1002587521073721346;2018-06-01 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL,NK;2f5026b3b45edf547f6b59fca5f14b22
APT_Lazarus_RAT_Jun18_2;Detects Lazarus Group RAT;https://twitter.com/DrunkBinary/status/1002587521073721346;2018-06-01 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL,NK;e24e9743324976b49232860679e54d4d
APT_Liudoor;Detects Liudoor daemon backdoor;-;2015-07-23 00:00:00;75;RSA FirstWatch;APT,MAL;df75e72b1850464de866832f0fb7e432
APT_MAL_DNS_Hijacking_Campaign_AA19_024A;Detects malware used in DNS Hijackign campaign;https://www.us-cert.gov/ncas/alerts/AA19-024A;2019-01-25 00:00:00;75;Florian Roth;APT,EXE,FILE;74a54b611b333f749e264b527b244c1a
APT_ME_BigBang_Gen_Jul18_1;Detects malware from Big Bang campaign against Palestinian authorities;https://research.checkpoint.com/apt-attack-middle-east-big-bang/;2018-07-09 00:00:00;75;Florian Roth;APT,EXE,FILE,GEN;f1e013ec5b8f6aeec6fc98391bc694cc
APT_ME_BigBang_Mal_Jul18_1;Detects malware from Big Bang report;https://research.checkpoint.com/apt-attack-middle-east-big-bang/;2018-07-09 00:00:00;75;Florian Roth;APT,EXE,FILE;5d7a2550cfecbb2e6fa07d9509252b4b
APT_MagicHound_MalMacro;Detects malicious macro / powershell in Office document;https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations;2017-02-17 00:00:00;75;Florian Roth;APT,FILE,OFFICE;768633d484dd36908416bffe638c1647
APT_Malware_CommentCrew_MiniASP;CommentCrew Malware MiniASP APT;VT Analysis;2015-06-03 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;a3b714945a91061a9f3c15dca27f652d
APT_Malware_PutterPanda_Gen1;Detects a malware ;not set;2015-06-03 00:00:00;75;YarGen Rule Generator;APT,EXE,FILE,MAL;d6393b376fd3295f10921be72475846a
APT_Malware_PutterPanda_Gen4;Detects Malware related to PutterPanda;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;APT,CHINA,EXE,FILE,MAL;4602e2bbe8b06d4adb03123a5db0a1eb
APT_Malware_PutterPanda_MsUpdater_1;Detects Malware related to PutterPanda - MSUpdater;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;APT,CHINA,EXE,FILE,MAL;62f69d46210e12fe401e56f901fdb5af
APT_Malware_PutterPanda_MsUpdater_2;Detects Malware related to PutterPanda - MSUpdater;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;APT,CHINA,EXE,FILE,MAL;87e2474c8bf0220c02a57dd0f01c5c3a
APT_Malware_PutterPanda_MsUpdater_3;Detects Malware related to PutterPanda - MSUpdater;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;APT,CHINA,EXE,FILE,MAL;aa99b02760344bafd1edc132a8e809ec
APT_Malware_PutterPanda_PSAPI;Detects a malware related to Putter Panda;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;APT,CHINA,EXE,FILE,MAL;756ceadee9087abddcefa10d379fe73e
APT_Malware_PutterPanda_Rel;Detects an APT malware related to PutterPanda;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;APT,CHINA,EXE,FILE,MAL;83c7029886bc572d4d3152499d7b9b4f
APT_Malware_PutterPanda_Rel_2;APT Malware related to PutterPanda Group;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;APT,CHINA,EXE,FILE,MAL;d8aac4d61260f18f1cf2f45b16458a37
APT_Malware_PutterPanda_WUAUCLT;Detects a malware related to Putter Panda;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;APT,CHINA,MAL;036c84b599ab24a61b602c9435f936db
APT_NK_AR18_165A_1;Detects APT malware from AR18-165A report by US CERT;https://www.us-cert.gov/ncas/analysis-reports/AR18-165A;2018-06-15 00:00:00;75;Florian Roth;APT,EXE,FILE;32b90b0c9c4fc974b03b0ec757a23457
APT_NK_AR18_165A_HiddenCobra_import_deob;Hidden Cobra - Detects installed proxy module as a service;https://www.us-cert.gov/ncas/analysis-reports/AR18-165A;2018-04-12 00:00:00;75;NCCIC trusted 3rd party - Edit: Tobias Michalski;APT,FILE,NK;c4200d68bb1633295b87464cb797bffb
APT_Project_Sauron_Custom_M1;Detects malware from Project Sauron APT;https://goo.gl/eFoP4A;2016-08-09 00:00:00;75;Florian Roth;APT,EXE,FILE;4e91d0b33284ea30079ce886bdcb212a
APT_Project_Sauron_Custom_M2;Detects malware from Project Sauron APT;https://goo.gl/eFoP4A;2016-08-09 00:00:00;75;Florian Roth;APT,EXE,FILE;dad36d29819639821437138975f2caa2
APT_Project_Sauron_Custom_M3;Detects malware from Project Sauron APT;https://goo.gl/eFoP4A;2016-08-09 00:00:00;75;Florian Roth;APT,EXE,FILE;00e18a86832995ec47774c3ed39687b2
APT_Project_Sauron_Custom_M4;Detects malware from Project Sauron APT;https://goo.gl/eFoP4A;2016-08-09 00:00:00;75;Florian Roth;APT,EXE,FILE;6a363a45bbf20c1dc10cc2d00ee9e495
APT_Project_Sauron_Custom_M6;Detects malware from Project Sauron APT;https://goo.gl/eFoP4A;2016-08-09 00:00:00;75;Florian Roth;APT,EXE,FILE;7c3291cd11ef684d0ff6386d80963046
APT_Project_Sauron_Custom_M7;Detects malware from Project Sauron APT;https://goo.gl/eFoP4A;2016-08-09 00:00:00;75;Florian Roth;APT,EXE,FILE;9b63e16a3ed9a07bb2abb39b063e0e1c
APT_Project_Sauron_Scripts;Detects scripts (mostly LUA) from Project Sauron report by Kaspersky;https://goo.gl/eFoP4A;2016-08-08 00:00:00;75;Florian Roth;APT;91a9845d427b6228911040f8038da40a
APT_Project_Sauron_arping_module;Detects strings from arping module - Project Sauron report by Kaspersky;https://goo.gl/eFoP4A;2016-08-08 00:00:00;75;Florian Roth;APT;f03f1968bc51e724055967fb4a046a14
APT_Project_Sauron_basex_module;Detects strings from basex module - Project Sauron report by Kaspersky;https://goo.gl/eFoP4A;2016-08-08 00:00:00;75;Florian Roth;APT;16cf8f05aa3907e85ec798fc096479e0
APT_Project_Sauron_dext_module;Detects strings from dext module - Project Sauron report by Kaspersky;https://goo.gl/eFoP4A;2016-08-08 00:00:00;75;Florian Roth;APT;da2b1be9edaa32bd0aa2efaf52f7f418
APT_Project_Sauron_kblogi_module;Detects strings from kblogi module - Project Sauron report by Kaspersky;https://goo.gl/eFoP4A;2016-08-08 00:00:00;75;Florian Roth;APT;ec07e689a011e6a31d319b3999da0bb3
APT_Proxy_Malware_Packed_dev;APT Malware - Proxy;-;2014-11-10 00:00:00;50;FRoth;APT,HKTL,MAL;4fd49d834248d564bdb9933ab43d17e5
APT_PupyRAT_PY;Detects Pupy RAT;https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations;2017-02-17 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;09a191b2c03fa158d39f13231101b7e9
APT_RANCOR_DDKONG_Malware_Exports;Detects DDKONG malware;https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/;2018-06-26 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;d7560fb5113904c0c354f2bc4b86b911
APT_RANCOR_JS_Malware;Rancor Malware;https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/;2018-06-26 00:00:00;75;Florian Roth;APT,FILE,MAL;2c3ad5e74ac6c69e11c902c039ca2609
APT_RANCOR_PLAINTEE_Malware_Exports;Detects PLAINTEE malware;https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/;2018-06-26 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;13916744f5dbd4b900db9b9f24fa5c06
APT_RANCOR_PLAINTEE_Variant;Detects PLAINTEE malware;https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/;2018-06-26 00:00:00;75;Florian Roth;APT,EXE,FILE;89eb8706e9b0319a15f3fe87091c69e9
APT_Script_AUS_4;Detetcs a script involved in the Australian Parliament House network compromise;https://twitter.com/cyb3rops/status/1097423665472376832;2019-02-18 00:00:00;75;Florian Roth;APT;bbab688544d15089b70b810eed4f42ce
APT_TA18_149A_Joanap_Sample1;Detects malware from TA18-149A report by US-CERT;https://www.us-cert.gov/ncas/alerts/TA18-149A;2018-05-30 00:00:00;75;Florian Roth;APT,EXE,FILE;22854bce2a4cb9668af7560676ef3f5b
APT_TA18_149A_Joanap_Sample2;Detects malware from TA18-149A report by US-CERT;https://www.us-cert.gov/ncas/alerts/TA18-149A;2018-05-30 00:00:00;75;Florian Roth;APT,EXE,FILE;825dcfc720d736eb38b391ac567b8ac7
APT_TA18_149A_Joanap_Sample3;Detects malware from TA18-149A report by US-CERT;https://www.us-cert.gov/ncas/alerts/TA18-149A;2018-05-30 00:00:00;75;Florian Roth;APT,EXE,FILE;41361f529408f78752ef4dafa298f688
APT_Thrip_Sample_Jun18_10;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;5505225b0656a48ae0080f2505d5b125
APT_Thrip_Sample_Jun18_11;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;68fbc87a090b4657e9320f4c1fdeee0c
APT_Thrip_Sample_Jun18_12;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;310659f9e5facfca8b57015698c845f2
APT_Thrip_Sample_Jun18_13;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;97686ef26597255211b1f013a1769fa7
APT_Thrip_Sample_Jun18_14;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;b3229a509922511aa17d441bcf60bd9c
APT_Thrip_Sample_Jun18_15;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;4eafdd297e00ce45c3bda4f9fecc4ec5
APT_Thrip_Sample_Jun18_16;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;6624479e657a33b7d8b4b9f5551e66df
APT_Thrip_Sample_Jun18_17;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;48e6e9e05e9fd58b3e0244976ee9b947
APT_Thrip_Sample_Jun18_18;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;f82008ea0e930ee78eebf40fe7b06a4b
APT_Thrip_Sample_Jun18_1;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;bd85d955f29d90efa1892523481d92f9
APT_Thrip_Sample_Jun18_2;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;072da4a7c4a18fed64e26f24b80e4ab8
APT_Thrip_Sample_Jun18_3;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;681acf80e792f90a6a57a6760ab13cb0
APT_Thrip_Sample_Jun18_4;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;d6f4818c1ca83ffcf25ad91bffb1a41f
APT_Thrip_Sample_Jun18_5;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;59d58dd876e31e1f0a48f76b81af0ebc
APT_Thrip_Sample_Jun18_6;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;885b0ef5472feabc36e6adab633f2c12
APT_Thrip_Sample_Jun18_7;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;aa6534d29321a7604e7002e67f0c399b
APT_Thrip_Sample_Jun18_8;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT;5e0c7a650501521d8f076b6a19948892
APT_Thrip_Sample_Jun18_9;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;75;Florian Roth;APT,EXE,FILE;76cb7ecfbd2b761cfaabae73666adcc0
APT_Tick_HomamDownloader_Jun18;Detects HomamDownloader from Tick group incident - Weaponized USB;https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/;2018-06-23 00:00:00;75;Florian Roth;APT,EXE,FILE;aaf3cf99c4ad24675325ad060e4abfe2
APT_Tick_Sysmon_Loader_Jun18;Detects Sysmon Loader from Tick group incident - Weaponized USB;https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/;2018-06-23 00:00:00;75;Florian Roth;APT,EXE,FILE;2eee100ad35b654d3ba0795089b42612
APT_Turla_Agent_BTZ_Gen_1;Detects Turla Agent.BTZ;Internal Research;2018-06-16 00:00:00;80;Florian Roth;APT,EXE,FILE,GEN,RUSSIA;954fbf13ceb44f194cdfa8f6b475133f
APT_WebShell_AUS_4;Detetcs a webshell involved in the Australian Parliament House network compromise;https://twitter.com/cyb3rops/status/1097423665472376832;2019-02-18 00:00:00;75;Florian Roth;APT,FILE;b917ec27375f65f4d5456997b9908c85
APT_WebShell_AUS_5;Detetcs a webshell involved in the Australian Parliament House network compromise;https://twitter.com/cyb3rops/status/1097423665472376832;2019-02-18 00:00:00;75;Florian Roth;APT,FILE;c7da99b5ca7eaea74482829f77f3774d
APT_WebShell_AUS_JScript_3;Detetcs a webshell involved in the Australian Parliament House network compromise;https://twitter.com/cyb3rops/status/1097423665472376832;2019-02-18 00:00:00;75;Florian Roth;APT,FILE;f2f38cd4ee8bcf9bfc9850b3149e7d96
APT_WebShell_AUS_Tiny_2;Detetcs a tiny webshell involved in the Australian Parliament House network compromise;https://twitter.com/cyb3rops/status/1097423665472376832;2019-02-18 00:00:00;75;Florian Roth;APT,FILE;e8372bb28854117dc39430efa0b534f2
APT_WebShell_Tiny_1;Detetcs a tiny webshell involved in the Australian Parliament House network compromise;https://twitter.com/cyb3rops/status/1097423665472376832;2019-02-18 00:00:00;75;Florian Roth;APT,FILE;5290299f5b4360e6da135e2a1ee34fb7
ASPXspy2;Web shell - file ASPXspy2.aspx;not set;2015-01-24 00:00:00;75;Florian Roth;WEBSHELL;64bcf8b4482b74a98f0785ef682a7b43
ASP_CmdAsp;Webshells Auto-generated - file CmdAsp.asp;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;5b76cd35652a09169872813539f7a9f8
ASPack_ASPACK;Disclosed hacktool set (old stuff) - file ASPACK.EXE;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;61aceaec0a789fdcfca7398e1e3a7f33
ASPack_Chinese;Disclosed hacktool set (old stuff) - file ASPack Chinese.ini;-;2014-11-23 00:00:00;60;Florian Roth;CHINA,HKTL;12b02c0b768afa6ee47a142304445ad7
ATM_Malware_DispenserXFS;Detects ATM Malware DispenserXFS;https://twitter.com/r3c0nst/status/1100775857306652673;2019-02-27 00:00:00;80;@Xylit0l @r3c0nst / Modified by Florian Roth;FILE,MAL;1d77456406c1a337869c969ddbaa70e8
ATM_Malware_JavaDispCash;Detects ATM Malware JavaDispCash;https://twitter.com/r3c0nst/status/1111254169623674882;2019-03-28 00:00:00;75;Frank Boldewin (@r3c0nst);FILE,MAL;90d7f79970aa353033e509c1187b9290
Acrotray_Anomaly;Detects an acrotray.exe that does not contain the usual strings;-;1970-01-01 01:00:00;75;Florian Roth;EXE,EXTVAR,FILE;bffe62c85ccfa49006d6bbe06d9baf84
Agent_BTZ_Aug17;Detects Agent.BTZ;http://www.intezer.com/new-variants-of-agent-btz-comrat-found/;2017-08-07 00:00:00;75;Florian Roth;EXE,FILE;9db09505061381f676cbb90f6bdfcdb7
Agent_BTZ_Proxy_DLL_1;Detects Agent-BTZ Proxy DLL - activeds.dll;http://www.intezer.com/new-variants-of-agent-btz-comrat-found/;2017-08-07 00:00:00;75;Florian Roth;EXE,FILE,HKTL;ad36e572a62c1642d912690452103068
Agent_BTZ_Proxy_DLL_2;Detects Agent-BTZ Proxy DLL - activeds.dll;http://www.intezer.com/new-variants-of-agent-btz-comrat-found/;2017-08-07 00:00:00;75;Florian Roth;EXE,FILE,HKTL;f23df0c672663c34a2c745a84efe8ae6
Ajan_asp;Semi-Auto-generated - file Ajan.asp.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;454801e1476bd8a169f89833af7730f8
Ajax_PHP_Command_Shell_php;Semi-Auto-generated - file Ajax_PHP Command Shell.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;fbfeda165a7c223e59fd3cedd9cc74c1
AllTheThings;Detects AllTheThings;https://github.com/subTee/AllTheThings;2017-07-27 00:00:00;75;Florian Roth;EXE,FILE,HKTL;641ea753af7653c454a326ee62e9596b
Ammyy_Admin_AA_v3;Remote Admin Tool used by APT group Anunak (ru) - file AA_v3.4.exe and AA_v3.5.exe;http://goo.gl/gkAg2E;2014-12-22 00:00:00;55;Florian Roth;APT,HKTL;d420ca5201d66d9d520a658a4dbe421f
Amplia_Security_Tool;Amplia Security Tool;-;1970-01-01 01:00:00;60;Florian Roth (auto-filled);HKTL;9b1a75a703b0f2ce629b8cae55b6594a
Andromeda_MalBot_Jun_1A;Detects a malicious Worm Andromeda / RETADUP;http://blog.trendmicro.com/trendlabs-security-intelligence/information-stealer-found-hitting-israeli-hospitals/;2017-06-30 00:00:00;75;Florian Roth;EXE,FILE,MAL;a026ee9dacea76c4e319616f81223bce
Angry_IP_Scanner_v2_08_ipscan;Auto-generated rule on file ipscan.exe;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator by Florian Roth;HKTL;5047ae4a89e4f291100a9407d1a3a322
Antichat_Shell_v1_3_php;Semi-Auto-generated - file Antichat Shell v1.3.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;c45847d7c44ffa336e1cc042dd7bb829
Antichat_Socks5_Server_php_php;Semi-Auto-generated - file Antichat Socks5 Server.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;b31085b3df7027f11b9044933dfa0900
Antiy_Ports_1_21;Disclosed hacktool set (old stuff) - file Antiy Ports 1.21.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;7c320a796fe2ad5238b6901938d0c44d
Apolmy_Privesc_Trojan;Apolmy Privilege Escalation Trojan used in APT Terracotta;https://blogs.rsa.com/terracotta-vpn-enabler-of-advanced-threat-anonymity/;2015-08-04 00:00:00;80;Florian Roth;APT,EXE,FILE,MAL;6b74ccbc60c1398e63ef6a08a5e74924
AppInitHook;AppInitGlobalHooks-Mimikatz - Hide Mimikatz From Process Lists - file AppInitHook.dll;https://goo.gl/Z292v6;2015-07-15 00:00:00;70;Florian Roth;EXE,FILE,HKTL;d1019ac2912b8dc185a884d738c56031
Armitage_MeterpreterSession_Strings;Detects Armitage component;Internal Research;2017-12-24 00:00:00;75;Florian Roth;;30ddf234bd6521e9641f3164ae0e3a57
Armitage_OSX;Detects Armitage component;Internal Research;2017-12-24 00:00:00;75;Florian Roth;MACOS;d179b9817be60dfa8d671b125ce552f8
Armitage_msfconsole;Detects Armitage component;Internal Research;2017-12-24 00:00:00;75;Florian Roth;FILE;70c4348204b5d70da56e3005fb97a85d
Arp_EMP_v1_0;Chinese Hacktool Set - file Arp EMP v1.0.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;7b7c9bff655595ce612c9ba2993eda01
ArtTrayHookDll;Disclosed hacktool set (old stuff) - file ArtTrayHookDll.dll;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;c8c4e0071a7f51d430e4f17fdc684064
ArtTray_zip_Folder_ArtTray;Disclosed hacktool set (old stuff) - file ArtTray.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;68be83e66535003ab310d4b07b9ef3bb
Asmodeus_v0_1_pl;Semi-Auto-generated - file Asmodeus v0.1.pl.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;e2a204a3975937fc43b7f0a264677bf0
Ayyildiz_Tim___AYT__Shell_v_2_1_Biz_html;Semi-Auto-generated - file Ayyildiz Tim -AYT- Shell v 2.1 Biz.html.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;d3b0d31d04723d2407bc273d51288458
BIN_Client;Webshells Auto-generated - file Client.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;3581a479b97449413919a77999f89e69
BIN_Server;Webshells Auto-generated - file Server.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;ff54c9b589e2004f77543d679f32364a
BKDR_Snarasite_Oct17;Auto-generated rule - file 36ba92cba23971ca9d16a0b4f45c853fd5b3108076464d5f2027b0f56054fd62;Internal Research;2017-10-07 00:00:00;75;Florian Roth;EXE,FILE,MAL;b66f9a61f42f8e2ed7eb9ea2f2f7d1c0
BTC_Miner_lsass1_chrome_2;Detects a Bitcoin Miner;Internal Research - CN Actor;2017-06-22 00:00:00;60;Florian Roth;EXE,FILE;f7838095e37a2ad5a410e418e87e214c
BackDooR__fr_;Webshells Auto-generated - file BackDooR (fr).php;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;d58fa9e597031b1609f3bd02d8f59009
Backdoor_Naikon_APT_Sample1;Detects backdoors related to the Naikon APT;https://goo.gl/7vHyvh;2015-05-14 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;22e277065a8ea627431a93c28ea6bdc4
Backdoor_Nitol_Jun17;Detects malware backdoor Nitol - file wyawou.exe - Attention: this rule also matches on Upatre Downloader;https://goo.gl/OOB3mH;2017-06-04 00:00:00;75;Florian Roth;EXE,FILE,MAL;5d207e77c56ebc6b53574b09bd29c83b
Backdoor_Redosdru_Jun17;Detects malware Redosdru - file systemHome.exe;https://goo.gl/OOB3mH;2017-06-04 00:00:00;75;Florian Roth;EXE,FILE,MAL;4acdec50c06c0e961b3f1b76531dbd7b
BadRabbit_Gen;Detects BadRabbit Ransomware;https://pastebin.com/Y7pJv3tK;2017-10-25 00:00:00;75;Florian Roth;CRIME,EXE,FILE,GEN,MAL,RANSOM;e4f9f3800e9d0ed564396a1dee1742c1
BadRabbit_Mimikatz_Comp;Auto-generated rule - file 2f8c54f9fa8e47596a3beff0031f85360e56840c77f71c6a573ace6f46412035;https://pastebin.com/Y7pJv3tK;2017-10-25 00:00:00;75;Florian Roth;EXE,FILE;5021ac0ae32441f76b7784a2f2754269
Base64_PS1_Shellcode;Detects Base64 encoded PS1 Shellcode;https://twitter.com/ItsReallyNick/status/1062601684566843392;2018-11-14 00:00:00;65;Nick Carr, David Ledbetter;;0fa56395f5fa2df0e145645835549b93
Base64_encoded_Executable;Detects an base64 encoded executable (often embedded);-;2015-05-28 00:00:00;40;Florian Roth;EXE,EXTVAR,FILE;7f4f57c927eafb70f2cbd872d218161b
Batch_Powershell_Invoke_Inveigh;Detects malicious batch file from NCSC report;https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control;2018-04-06 00:00:00;75;NCSC;;6d1232425d9698d507def223dd5deaea
Batch_Script_To_Run_PsExec;Detects malicious batch file from NCSC report;https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control;2018-04-06 00:00:00;75;NCSC;;3c21092795a11e46e0020a1748a0da79
Beacon_K5om;Detects Meterpreter Beacon - file K5om.dll;https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html;2017-06-07 00:00:00;75;Florian Roth;EXE,FILE,HKTL,METASPLOIT;362807b09d5d4d1589b723f1d0279264
Beastdoor_Backdoor;Detects the backdoor Beastdoor;-;1970-01-01 01:00:00;55;Florian Roth;HKTL,MAL;b8047562af97b679d7737b840eea7423
BeepService_Hacktool;Detects BeepService Hacktool used by Chinese APT groups;https://goo.gl/p32Ozf;2016-05-12 00:00:00;85;Florian Roth;APT,CHINA,EXE,FILE,HKTL;eee10cf930f59c6d6c602cd8f5ead919
BergSilva_Malware;Detects a malware from the same author as the Indetectables RAT;-;2015-10-01 00:00:00;75;Florian Roth;EXE,FILE,MAL;8a14ff87bf0cee341fbd91e26ec1018d
BernhardPOS;BernhardPOS Credit Card dumping tool;http://morphick.com/blog/2015/7/14/bernhardpos-new-pos-malware-discovered-by-morphick;1970-01-01 01:00:00;70;Nick Hoffman / Jeremy Humble;;45b85f33ec36b1f79e77cebedce319b6
BeyondExec_RemoteAccess_Tool;Detects BeyondExec Remote Access Tool - file rexesvr.exe;https://goo.gl/BvYurS;2017-03-17 00:00:00;75;Florian Roth;EXE,FILE,HKTL;b145fc4bff367d228070fec8fa8bd768
Binary_Drop_Certutil;Drop binary as base64 encoded cert trick;https://goo.gl/9DNn8q;2015-07-15 00:00:00;70;Florian Roth;;d502940b293d654bdeee13591b073b9d
BlackEnergy_BE_2;Detects BlackEnergy 2 Malware;http://goo.gl/DThzLz;2015-02-19 00:00:00;75;Florian Roth;EXE,FILE,MAL;2f5f6b04b803cc0613663c94389f819a
BlackEnergy_BackdoorPass_DropBear_SSH;Detects the password of the backdoored DropBear SSH Server - BlackEnergy;http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/;2016-01-03 00:00:00;75;Florian Roth;EXE,FILE,MAL,RUSSIA;9006c661b82b57c4b78be4d572bd23cc
BlackEnergy_Driver_AMDIDE;Black Energy Malware;http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/;2016-01-04 00:00:00;75;Florian Roth;EXE,FILE,MAL;66749239f5e86e51ba5642ffcc860ace
BlackEnergy_Driver_USBMDM;Black Energy Driver;http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/;2016-01-04 00:00:00;75;Florian Roth;EXE,FILE;8105b175ff7021c6bfd299865035b4b8
BlackEnergy_KillDisk_1;Detects KillDisk malware from BlackEnergy;http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/;2016-01-03 00:00:00;80;Florian Roth;EXE,FILE;0f82d70aa823c7979fff6fdae63ab257
BlackEnergy_KillDisk_2;Detects KillDisk malware from BlackEnergy;http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/;2016-01-03 00:00:00;80;Florian Roth;EXE,FILE;3540a51991bc17152f1e5df9d98bb070
BlackEnergy_VBS_Agent;Detects VBS Agent from BlackEnergy Report - file Dropbearrun.vbs;http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/;2016-01-03 00:00:00;75;Florian Roth;SCRIPT;4e0812bd7c3d633c684786bac9a93078
Bladabindi_Malware_B64;Detects Bladabindi Malware using Base64 encoded strings;Internal Research;2016-10-08 00:00:00;75;Florian Roth;EXE,FILE,MAL;7bd16a86033da5e89b23b61cfc4457a3
BluenoroffPoS_DLL;Bluenoroff POS malware - hkp.dll;http://blog.trex.re.kr/3?category=737685;2018-06-07 00:00:00;75;http://blog.trex.re.kr/;;2c7b87f2746930c23d2fca6babad2e4d
BluesPortScan;Auto-generated rule on file BluesPortScan.exe;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator by Florian Roth;HKTL;725827b7340608a867594bf5edb215c3
BronzeButler_DGet_1;Detects malware / hacktool sample from Bronze Butler incident;https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses;2017-10-14 00:00:00;75;Florian Roth;EXE,FILE;3b5549ec6b153894c021a310df7d2058
BronzeButler_Daserf_C_1;Detects malware / hacktool sample from Bronze Butler incident;https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses;2017-10-14 00:00:00;75;Florian Roth;EXE,FILE;cd3f100b48000b1e7276424860810dfa
BronzeButler_Daserf_Delphi_1;Detects malware / hacktool sample from Bronze Butler incident;https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses;2017-10-14 00:00:00;75;Florian Roth;EXE,FILE;ddadd4533f93cd48f77be59c93460e4a
BronzeButler_RarStar_1;Detects malware / hacktool sample from Bronze Butler incident;https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses;2017-10-14 00:00:00;75;Florian Roth;EXE,FILE;8ed981eff7e57049b08b35413d0e283c
BronzeButler_UACBypass_1;Detects malware / hacktool sample from Bronze Butler incident;https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses;2017-10-14 00:00:00;75;Florian Roth;EXE,FILE;aca0e50e1464769ea69977f38db697cf
BronzeButler_xxmm_1;Detects malware / hacktool sample from Bronze Butler incident;https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses;2017-10-14 00:00:00;75;Florian Roth;EXE,FILE;b7cc810e10efbb03e74bb37cf07f105b
Buckeye_Osinfo;Detects OSinfo tool used by the Buckeye APT group;http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong;2016-09-05 00:00:00;75;Florian Roth;APT,EXE,FILE;2878db44d4806f50798dc3b3efbe5f31
ByPassFireWall_zip_Folder_Ie;Disclosed hacktool set (old stuff) - file Ie.dll;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;b614d8ce1d5e567a7c7e639d10fbb903
ByPassFireWall_zip_Folder_Inject;Disclosed hacktool set (old stuff) - file Inject.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;9ae2bdcc15a37f3849526beec96c1908
BypassUac2;Auto-generated rule - file BypassUac2.zip;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator;HKTL;76cec79554cf69393cf128bad0404d69
BypassUacDll_6;Auto-generated rule - file BypassUacDll.aps;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator;HKTL;b37846ddcd5757a2964f221e73e78eea
BypassUac_3;Auto-generated rule - file BypassUacDll.dll;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator;HKTL;acf4676382220e6b41607459e05f6ea9
BypassUac_9;Auto-generated rule - file BypassUac.zip;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator;HKTL;ffe0807e2c151c9637b3eacdaaa4a4d0
BypassUac_EXE;Auto-generated rule - file BypassUacDll.aps;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator;HKTL;f12d02db4924c1e3eb66ec4638e25e2d
Bytes_used_in_AES_key_generation;Detects Backdoor.goodor;https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control;2018-04-06 00:00:00;75;NCSC;EXE,FILE,MAL;5d10ba093b9589452f603283b84a5a34
CACTUSTORCH;Detects CactusTorch Hacktool;https://github.com/mdsecactivebreach/CACTUSTORCH;2017-07-31 00:00:00;75;Florian Roth;HKTL;be4a3fbf04b523384d73af5a2bab07a7
CGISscan_CGIScan;Auto-generated rule on file CGIScan.exe;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator by Florian Roth;HKTL;a40c46c59696d4103a7748b0b93d9d05
CHAOS_Payload;Detects a CHAOS back connect payload;https://github.com/tiagorlampert/CHAOS;2017-07-15 00:00:00;80;Florian Roth;EXE,FILE;0c72ad990063eb233e99e87093e91aff
CMStar_Malware_Sep17;Detects CMStar Malware;https://goo.gl/pTffPA;2017-10-03 00:00:00;75;Florian Roth;EXE,FILE,MAL;dae69b504e654dae8f4fcef08685d695
CN_APT_ZeroT_extracted_Go;Chinese APT by Proofpoint ZeroT RAT - file Go.exe;https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx;2017-02-04 00:00:00;75;Florian Roth;APT,CHINA,EXE,FILE,MAL;43282f950d27bb23f7dbe98fb1dd98a4
CN_APT_ZeroT_extracted_Mcutil;Chinese APT by Proofpoint ZeroT RAT - file Mcutil.dll;https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx;2017-02-04 00:00:00;75;Florian Roth;APT,CHINA,EXE,FILE,MAL;4367593873fb45197e435f13afc80b26
CN_APT_ZeroT_extracted_Zlh;Chinese APT by Proofpoint ZeroT RAT - file Zlh.exe;https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx;2017-02-04 00:00:00;75;Florian Roth;APT,CHINA,EXE,FILE,MAL;bb9184371f1ae21f1ce712e9167f4598
CN_APT_ZeroT_nflogger;Chinese APT by Proofpoint ZeroT RAT - file nflogger.dll;https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx;2017-02-04 00:00:00;75;Florian Roth;APT,CHINA,EXE,FILE,HKTL,MAL;c6da9a3b5b6b098b5264b526aa963a83
CN_Actor_AmmyyAdmin;Detects Ammyy Admin Downloader;Internal Research - CN Actor;2017-06-22 00:00:00;60;Florian Roth;EXE,FILE;796cf7ca3dc1476711f6d6354387e64a
CN_Actor_RA_Tool_Ammyy_mscorsvw;Detects Ammyy remote access tool;Internal Research - CN Actor;2017-06-22 00:00:00;75;Florian Roth;EXE,FILE;e24a151b42a02c90d321abaae2d01a04
CN_GUI_Scanner;Detects an unknown GUI scanner tool - CN background;-;2014-04-10 00:00:00;65;Florian Roth;HKTL;185809c6a094deaa89fe2db8e5642c13
CN_Hacktool_1433_Scanner;Detects a chinese MSSQL scanner;-;2014-12-10 00:00:00;40;Florian Roth;EXE,FILE,HKTL;7f59ccb8b168f9e0a3ef2cbf00092fe0
CN_Hacktool_1433_Scanner_Comp2;Detects a chinese MSSQL scanner - component 2;-;2014-12-10 00:00:00;40;Florian Roth;EXE,FILE,HKTL;0e12d0e502789cf30f84daae14f2c811
CN_Hacktool_BAT_PortsOpen;Detects a chinese BAT hacktool for local port evaluation;-;2014-12-10 00:00:00;60;Florian Roth;HKTL;8ef582b067a26e9cdf7519d0852087e2
CN_Hacktool_MilkT_BAT;Detects a chinese Portscanner named MilkT - shipped BAT;-;2014-12-10 00:00:00;70;Florian Roth;HKTL;08ed5dd7133b3dd666844d7a828eda3c
CN_Hacktool_MilkT_Scanner;Detects a chinese Portscanner named MilkT;-;2014-12-10 00:00:00;60;Florian Roth;HKTL;6a2b71583c732208457e1a8459e433e4
CN_Hacktool_SSPort_Portscanner;Detects a chinese Portscanner named SSPort;-;2014-12-10 00:00:00;70;Florian Roth;HKTL;eaec49fce24482fc8a60b22e4adcc3d1
CN_Hacktool_S_EXE_Portscanner;Detects a chinese Portscanner named s.exe;-;2014-12-10 00:00:00;70;Florian Roth;HKTL;ca871abc82d2d9db972ab9f1b0669fce
CN_Hacktool_ScanPort_Portscanner;Detects a chinese Portscanner named ScanPort;-;2014-12-10 00:00:00;70;Florian Roth;HKTL;2ad0de002a7d863790547c239bea9359
CN_Honker_ACCESS_brute;Sample from CN Honker Pentest Toolset - file ACCESS_brute.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;0ba83ecd051bd8ac80cb4558062fd3be
CN_Honker_ASP_wshell;Sample from CN Honker Pentest Toolset - file wshell.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE;37333cf7858bfcad17ba308d63d0adc3
CN_Honker_Acunetix_Web_Vulnerability_Scanner_8_x_Enterprise_Edition_KeyGen;Sample from CN Honker Pentest Toolset - file Acunetix_Web_Vulnerability_Scanner_8.x_Enterprise_Edition_KeyGen.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,GEN,HKTL;33943f1f75ac0f452de5dacd926b9136
CN_Honker_Alien_D;Script from disclosed CN Honker Pentest Toolset - file D.ASP;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;7c5ecfd00ad39dcfa31acd54230ada7e
CN_Honker_Alien_command;Script from disclosed CN Honker Pentest Toolset - file command.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;a578d7d9d9c982c9e1826b11e9116770
CN_Honker_Alien_ee;Sample from CN Honker Pentest Toolset - file ee.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;be9ff7a78d6c4021d645109d1ea277de
CN_Honker_Alien_iispwd;Sample from CN Honker Pentest Toolset - file iispwd.vbs;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;;0092b5dbe604d712a1465a8ecf29296a
CN_Honker_Arp_EMP_v1_0;Sample from CN Honker Pentest Toolset - file Arp EMP v1.0.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;ce29d74ae10b5e690dab5d8f0fb824ed
CN_Honker_AspxClient;Sample from CN Honker Pentest Toolset - file AspxClient.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;cf69320f9c51dd1993eadeb70f933380
CN_Honker_Baidu_Extractor_Ver1_0;Sample from CN Honker Pentest Toolset - file Baidu_Extractor_Ver1.0.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;b227d56319f6d926ef63e9e1c96f5d8a
CN_Honker_COOKIE_CooKie;Sample from CN Honker Pentest Toolset - file CooKie.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;abc063f2415e933d473b5f14c8842e3b
CN_Honker_ChinaChopper;Sample from CN Honker Pentest Toolset - file ChinaChopper.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;CHINA,EXE,FILE;5aab5d6df224c27bc323d3a4ad52e5aa
CN_Honker_ChinaChopper_db;Script from disclosed CN Honker Pentest Toolset - file db.mdb;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;6917ae4530eb350a4906a19520e7847a
CN_Honker_Churrasco;Sample from CN Honker Pentest Toolset - file Churrasco.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;f9eac44e10432afe187c3d824126571e
CN_Honker_CleanIISLog;Sample from CN Honker Pentest Toolset - file CleanIISLog.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;63cfc341fc4697b6acf796a4f509f791
CN_Honker_CnCerT_CCdoor_CMD;Sample from CN Honker Pentest Toolset - file CnCerT.CCdoor.CMD.dll;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;709cdcf7d1a0abc7b96c93d520de10aa
CN_Honker_CnCerT_CCdoor_CMD_2;Sample from CN Honker Pentest Toolset - file CnCerT.CCdoor.CMD.dll2;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;534fe9c30f350b66295abcb0847d14a5
CN_Honker_Codeeer_Explorer;Sample from CN Honker Pentest Toolset - file Codeeer Explorer.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;0d3610de1495e4e0b6d8d4ffe3ff8ed5
CN_Honker_CookiesView;Sample from CN Honker Pentest Toolset - file CookiesView.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;33813419c8cd14cfda1914650e0c6748
CN_Honker_CoolScan_scan;Sample from CN Honker Pentest Toolset - file scan.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;25b73bc9ccf106df29619f08b40a135b
CN_Honker_Cracker_SHELL;Sample from CN Honker Pentest Toolset - file SHELL.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;725197e74af4919e16df721f4b58d988
CN_Honker_DLL_passive_privilege_escalation_ws2help;Sample from CN Honker Pentest Toolset - file ws2help.dll;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;85683ed5bdabcc546f5eb02ef5e840f2
CN_Honker_D_injection_V2_32;Sample from CN Honker Pentest Toolset - file D_injection_V2.32.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;30d27a67dfea907898bc4d17fd038230
CN_Honker_DictionaryGenerator;Sample from CN Honker Pentest Toolset - file DictionaryGenerator.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,GEN;9e54b083f3d7fc056f95a6cab4dcd533
CN_Honker_F4ck_Team_F4ck_3;Sample from CN Honker Pentest Toolset - file F4ck_3.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;adc11db30010802e079cce7816c7c296
CN_Honker_F4ck_Team_f4ck;Script from disclosed CN Honker Pentest Toolset - file f4ck.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;116fbc118986d06d05c04007a1d0c2a7
CN_Honker_F4ck_Team_f4ck_2;Sample from CN Honker Pentest Toolset - file f4ck_2.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;7341c701a805864a08ac846304a7a2e0
CN_Honker_F4ck_Team_f4ck_3;Sample from CN Honker Pentest Toolset - file f4ck.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;ce98a559271a5f3af6cf48e7e9308b7b
CN_Honker_FTP_scanning;Sample from CN Honker Pentest Toolset - file FTP_scanning.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;dc61afde68d2f40fc81775fa34354e31
CN_Honker_Fckeditor;Sample from CN Honker Pentest Toolset - file Fckeditor.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;35455a9bd02f374b512dec9c532734d6
CN_Honker_Fpipe_FPipe;Sample from CN Honker Pentest Toolset - file FPipe.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;50;Florian Roth;EXE,FILE;5a2b53dad5c0be22c1d9e908d23a053f
CN_Honker_GetHashes;Sample from CN Honker Pentest Toolset - file GetHashes.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;98ac9a4f9310b810f439fcb3d0beba41
CN_Honker_GetHashes_2;Sample from CN Honker Pentest Toolset - file GetHashes.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;4755daad11cb1caa9bda85a66aaf965e
CN_Honker_GetPass_GetPass;Sample from CN Honker Pentest Toolset - file GetPass.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;298b250f6e3588957d93f92d461abae0
CN_Honker_GetSyskey;Sample from CN Honker Pentest Toolset - file GetSyskey.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;d41d6e0c95fa2041f348a294c1ee678d
CN_Honker_GetWebShell;Sample from CN Honker Pentest Toolset - file GetWebShell.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;e72415d4469e9cd7b4fbf1e077524d9d
CN_Honker_GroupPolicyRemover;Sample from CN Honker Pentest Toolset - file GroupPolicyRemover.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;702d419238ff9841698cf170abe08f41
CN_Honker_HASH_32;Sample from CN Honker Pentest Toolset - file 32.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;77443d6628cb4327734abef4422f7742
CN_Honker_HASH_PwDump7;Sample from CN Honker Pentest Toolset - file PwDump7.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,HKTL;63f0eea5b7e7e91787125c37b9f31985
CN_Honker_HASH_pwhash;Sample from CN Honker Pentest Toolset - file pwhash.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;f57fad9853b222ff63d75cc6b7987495
CN_Honker_HTran2_4;Sample from CN Honker Pentest Toolset - file HTran2.4.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;485c7ba9360ac853fb6342e1fc26f7bd
CN_Honker_Happy_Happy;Sample from CN Honker Pentest Toolset - file Happy.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;3e1e4f32a2b1b23d734a3be3c344b608
CN_Honker_Havij_Havij;Sample from CN Honker Pentest Toolset - file Havij.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;5b7f98f2c4aacf70b623ac7f644b4115
CN_Honker_HconSTFportable;Sample from CN Honker Pentest Toolset - file HconSTFportable.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;2d0a051ac4095cd33efbc232b1984585
CN_Honker_Hookmsgina;Sample from CN Honker Pentest Toolset - file Hookmsgina.dll;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;da7c330671f33f9c211d8bfc559706b8
CN_Honker_Htran_V2_40_htran20;Sample from CN Honker Pentest Toolset - file htran20.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;a21c7eef73ccad5230afa55d8df1b0c9
CN_Honker_IIS6_iis6;Sample from CN Honker Pentest Toolset - file iis6.com;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;437b2c6158616f1f2b11b7eae0d7649a
CN_Honker_IIS_logcleaner1_0_readme;Script from disclosed CN Honker Pentest Toolset - file readme.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;b2cc05e476d13ae0015581dfca3d978e
CN_Honker_Injection;Sample from CN Honker Pentest Toolset - file Injection.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,HKTL;18ed84592b8951c153d4572ee113f03f
CN_Honker_Injection_Transit_jmCook;Script from disclosed CN Honker Pentest Toolset - file jmCook.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;5873bdba9841ca92c9c737d8a4698c1b
CN_Honker_Injection_transit;Sample from CN Honker Pentest Toolset - file Injection_transit.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,HKTL;a3a4d3446d3c748c5e6e82d6b993d295
CN_Honker_Interception3389_setup;Sample from CN Honker Pentest Toolset - file setup.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;529115e3b9d6323686e16990c5b336d7
CN_Honker_Interception;Sample from CN Honker Pentest Toolset - file Interception.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;f59f2b0644100a79abcd672a10c52b85
CN_Honker_Intersect2_Beta;Script from disclosed CN Honker Pentest Toolset - file Intersect2-Beta.py;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE,SCRIPT;e6cbd448e86b77de2092cda606e7b7fb
CN_Honker_InvasionErasor;Sample from CN Honker Pentest Toolset - file InvasionErasor.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;a69cf82c9dce437aaa742a15b7d1a86e
CN_Honker_LPK2_0_LPK;Sample from CN Honker Pentest Toolset - file LPK.DAT;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;530b0426dc70cc5d524258fe336221f9
CN_Honker_Layer_Layer;Sample from CN Honker Pentest Toolset - file Layer.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;ac46b7991324278c02444bb41184c251
CN_Honker_LogCleaner;Sample from CN Honker Pentest Toolset - file LogCleaner.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;5447c248ca996e84b711084586b8b5e0
CN_Honker_MAC_IPMAC;Sample from CN Honker Pentest Toolset - file IPMAC.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;21154473a107a2b505ab3dbcb440809e
CN_Honker_MSTSC_can_direct_copy;Sample from CN Honker Pentest Toolset - file MSTSC_can_direct_copy.EXE;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;fb8f3095b24159c6bf1425801e0be147
CN_Honker_ManualInjection;Sample from CN Honker Pentest Toolset - file ManualInjection.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,HKTL;cb7c40645a36cf9b58cb220632717606
CN_Honker_Master_beta_1_7;Sample from CN Honker Pentest Toolset - file Master_beta_1.7.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;c19c927e5213ec1b44ee482b4497592f
CN_Honker_MatriXay1073;Sample from CN Honker Pentest Toolset - file MatriXay1073.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;48922735ec60a65a88f5fbe058d1c98e
CN_Honker_Md5CrackTools;Sample from CN Honker Pentest Toolset - file Md5CrackTools.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;da0c623f332e24c73af0ade9787662cd
CN_Honker_NBSI_3_0;Sample from CN Honker Pentest Toolset - file NBSI 3.0.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;45684e0e6077bd3956b5143c63fdbe2d
CN_Honker_NetFuke_NetFuke;Sample from CN Honker Pentest Toolset - file NetFuke.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;bd5b0c14ce9dbce6628dcfaa8697274f
CN_Honker_Oracle_v1_0_Oracle;Sample from CN Honker Pentest Toolset - file Oracle.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;e3156d6334bfd7ab5ca2650ce93f7ad1
CN_Honker_PHP_php11;Sample from CN Honker Pentest Toolset - file php11.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;;4b8bc6d91639ca05aeacacd3fb1d48d9
CN_Honker_Perl_serv_U;Script from disclosed CN Honker Pentest Toolset - file Perl-serv-U.pl;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;717ab117c0d613876c524d2a5095ebcd
CN_Honker_Pk_Pker;Sample from CN Honker Pentest Toolset - file Pker.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;37998c302f50eb27ec8a4543a5fde53e
CN_Honker_PostgreSQL;Sample from CN Honker Pentest Toolset - file PostgreSQL.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;7dcac70ccb9036600f4dfbbe64ae311b
CN_Honker_Pwdump7_Pwdump7;Script from disclosed CN Honker Pentest Toolset - file Pwdump7.bat;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;6d6cfcc099fba5c1021a862f05e0dbbf
CN_Honker_SAMInside;Sample from CN Honker Pentest Toolset - file SAMInside.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;cdf45a0f8a7430fb6a83376a00824459
CN_Honker_SQLServer_inject_Creaked;Sample from CN Honker Pentest Toolset - file SQLServer_inject_Creaked.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;97a31a7acfad1aa61155be30274ebe9f
CN_Honker_Safe3WVS;Sample from CN Honker Pentest Toolset - file Safe3WVS.EXE;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;8d964640a5aa679e6260eca4b807a66e
CN_Honker_ScanHistory;Sample from CN Honker Pentest Toolset - file ScanHistory.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;d705b3bc1cff610d9a5617ba79395551
CN_Honker_SegmentWeapon;Sample from CN Honker Pentest Toolset - file SegmentWeapon.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;f14a56e4544b6ff3f1d47dd54c54ab36
CN_Honker_ShiftBackdoor_Server;Sample from CN Honker Pentest Toolset - file Server.dat;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;fbab62529574271c1f0fd39f5234aa4f
CN_Honker_SkinHRootkit_SkinH;Sample from CN Honker Pentest Toolset - file SkinH.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;eeddc2d7068b723067314c57bd3501b4
CN_Honker_SqlMap_Python_Run;Sample from CN Honker Pentest Toolset - file Run.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,SCRIPT;13f071e1e6d6f638a71bf996a45084c6
CN_Honker_Sword1_5;Sample from CN Honker Pentest Toolset - file Sword1.5.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;c74a1ed4feceb96cc06b293af211e62d
CN_Honker_SwordCollEdition;Sample from CN Honker Pentest Toolset - file SwordCollEdition.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;d18590d24fab2fd82061b94fad22c200
CN_Honker_SwordHonkerEdition;Sample from CN Honker Pentest Toolset - file SwordHonkerEdition.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;0bc47a1415a2fa65062fb2786cf226d2
CN_Honker_T00ls_Lpk_Sethc_v2;Sample from CN Honker Pentest Toolset - file T00ls Lpk Sethc v2.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;f2b9bcdc6295316a723efbe2525ac2c3
CN_Honker_T00ls_Lpk_Sethc_v3_0;Sample from CN Honker Pentest Toolset - file T00ls Lpk Sethc v3.0.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;ffa996c9560dbfe61835b14d6cbf1ed6
CN_Honker_T00ls_Lpk_Sethc_v3_LPK;Sample from CN Honker Pentest Toolset - file LPK.DAT;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;81efebbb34ef4b68c8429a32a128b836
CN_Honker_T00ls_Lpk_Sethc_v4_0;Sample from CN Honker Pentest Toolset - file T00ls Lpk Sethc v4.0.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;9633dc7435a4a6f0202f290313815a2c
CN_Honker_T00ls_Lpk_Sethc_v4_LPK;Sample from CN Honker Pentest Toolset - file LPK.DAT;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;49be95e0441b40be0fb356744bc7f2be
CN_Honker_T00ls_scanner;Sample from CN Honker Pentest Toolset - file T00ls_scanner.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;285059811f71b2432b52f9978d1e274a
CN_Honker_Tuoku_script_MSSQL_;Script from disclosed CN Honker Pentest Toolset - file MSSQL_.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;0aa5ec33cf0f847fa8486d04028448b9
CN_Honker_Tuoku_script_oracle_2;Sample from CN Honker Pentest Toolset - file oracle.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;;65b6e9adc57175ed265261248c316103
CN_Honker_WebCruiserWVS;Sample from CN Honker Pentest Toolset - file WebCruiserWVS.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;f70fbef149ea29ec3ba1d8d15c1c0806
CN_Honker_WebRobot;Sample from CN Honker Pentest Toolset - file WebRobot.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;5d65b7bd1f89d17c3f4299c59ac3879c
CN_Honker_WebScan_WebScan;Sample from CN Honker Pentest Toolset - file WebScan.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;9dd00450569944d5e114999eeea76c12
CN_Honker_WebScan_wwwscan;Sample from CN Honker Pentest Toolset - file wwwscan.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;3aefdc951cd3da15997b74de60c1e6bf
CN_Honker_Webshell;Sample from CN Honker Pentest Toolset - file Webshell.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,WEBSHELL;3a463250b2f6301c7ccd431248213ace
CN_Honker_Webshell_ASPX_aspx2;Webshell from CN Honker Pentest Toolset - file aspx2.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE,WEBSHELL;aaf413b173a1ef71108c35a3afc55707
CN_Honker_Webshell_ASPX_aspx3;Webshell from CN Honker Pentest Toolset - file aspx3.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;f5932323d5a2f114282b3ea74814217f
CN_Honker_Webshell_ASPX_aspx4;Webshell from CN Honker Pentest Toolset - file aspx4.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;640e3bb33af58f44f379ac6bb5335a2b
CN_Honker_Webshell_ASPX_aspx;Webshell from CN Honker Pentest Toolset - file aspx.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;91a5fde1c904dee16213bafca75a4139
CN_Honker_Webshell_ASPX_shell_shell;Webshell from CN Honker Pentest Toolset - file shell.aspx;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;94d4b00d75529500587278f7f2d10363
CN_Honker_Webshell_ASPX_sniff;Webshell from CN Honker Pentest Toolset - file sniff.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;04db1cf71c388468cb010057cbddf1e1
CN_Honker_Webshell_ASP_asp1;Webshell from CN Honker Pentest Toolset - file asp1.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;38b0f54720a2459d021fa259c36820c3
CN_Honker_Webshell_ASP_asp2;Webshell from CN Honker Pentest Toolset - file asp2.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;f1720f106131e2a0842d3cec21b79e2b
CN_Honker_Webshell_ASP_asp3;Webshell from CN Honker Pentest Toolset - file asp3.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;08fb4030c1c50809ce721bae37622c3a
CN_Honker_Webshell_ASP_asp404;Webshell from CN Honker Pentest Toolset - file asp404.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;8a292acef66c78b80b106967c9c4fe1c
CN_Honker_Webshell_ASP_asp4;Webshell from CN Honker Pentest Toolset - file asp4.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;418616d5a4715987c68072356c270e43
CN_Honker_Webshell_ASP_hy2006a;Webshell from CN Honker Pentest Toolset - file hy2006a.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;c150317c32e43f7996e39ba58961fdc5
CN_Honker_Webshell_ASP_rootkit;Webshell from CN Honker Pentest Toolset - file rootkit.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;03d5f36cbbff2392cbc2c08a929403ab
CN_Honker_Webshell_ASP_shell;Webshell from CN Honker Pentest Toolset - file shell.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;22d088360fcee75cd26f136ddf694dd3
CN_Honker_Webshell_ASP_web_asp;Webshell from CN Honker Pentest Toolset - file web.asp.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;898b2f97937ef7b0113064d23bd70299
CN_Honker_Webshell_FTP_MYSQL_MSSQL_SSH;Webshell from CN Honker Pentest Toolset - file FTP MYSQL MSSQL SSH.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;45a467944b060919e29626dfdbe15634
CN_Honker_Webshell_Injection_Transit_jmPost;Webshell from CN Honker Pentest Toolset - file jmPost.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;2d01631f3d672c338fef8209002676dd
CN_Honker_Webshell_Interception3389_get;Webshell from CN Honker Pentest Toolset - file get.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;cf73446922e0cb36bbc296bb3506bc00
CN_Honker_Webshell_JSPMSSQL;Webshell from CN Honker Pentest Toolset - file JSPMSSQL.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;2258ce83c8b65b102c8dc96ed0d17c14
CN_Honker_Webshell_JSP_jsp;Webshell from CN Honker Pentest Toolset - file jsp.html;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;f82abad2e367b5fda729170e30e6774e
CN_Honker_Webshell_Linux_2_6_Exploit;Webshell from CN Honker Pentest Toolset - file 2.6.9;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;LINUX,WEBSHELL;8379bc937b1c32e11dc8da041a5bda9d
CN_Honker_Webshell_PHP_BlackSky;Webshell from CN Honker Pentest Toolset - file php6.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;69aad7f19dd615165972e98dba9cabd3
CN_Honker_Webshell_PHP_linux;Webshell from CN Honker Pentest Toolset - file linux.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE,WEBSHELL;f861b2c73ca4a08ded7705140b5c8128
CN_Honker_Webshell_PHP_php10;Webshell from CN Honker Pentest Toolset - file php10.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;08790a6dd5536d8193f408274f91aae2
CN_Honker_Webshell_PHP_php1;Webshell from CN Honker Pentest Toolset - file php1.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;e6837a2376c2e42971ce188c33adfaf2
CN_Honker_Webshell_PHP_php2;Webshell from CN Honker Pentest Toolset - file php2.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;c6c863c37de115d62be86a1680b7a25e
CN_Honker_Webshell_PHP_php3;Webshell from CN Honker Pentest Toolset - file php3.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;229ab7524e2e13f82b54edb28ed3a053
CN_Honker_Webshell_PHP_php4;Webshell from CN Honker Pentest Toolset - file php4.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE,WEBSHELL;b827db8fee745099ecebef6a02a01805
CN_Honker_Webshell_PHP_php5;Webshell from CN Honker Pentest Toolset - file php5.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE,WEBSHELL;df6383045b488026ef60e5ba88e2d64c
CN_Honker_Webshell_PHP_php7;Webshell from CN Honker Pentest Toolset - file php7.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;9071ed4b38b2255ad4c85d471eee752e
CN_Honker_Webshell_PHP_php8;Webshell from CN Honker Pentest Toolset - file php8.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;959caab162bee77587db7eef6177d8ea
CN_Honker_Webshell_PHP_php9;Webshell from CN Honker Pentest Toolset - file php9.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;075b5e6cae3cccbacaa810068cb3a280
CN_Honker_Webshell_Serv_U_2_admin_by_lake2;Webshell from CN Honker Pentest Toolset - file Serv-U 2 admin by lake2.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;a926cd12ac308ecbe12773b04d759aad
CN_Honker_Webshell_Serv_U_asp;Webshell from CN Honker Pentest Toolset - file Serv-U asp.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;f44bff7ab4dfcb6dcf1146159e37b11c
CN_Honker_Webshell_Serv_U_by_Goldsun;Webshell from CN Honker Pentest Toolset - file Serv-U_by_Goldsun.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;4e52db4c36c7497495373be28f1ef815
CN_Honker_Webshell_Serv_U_serv_u;Webshell from CN Honker Pentest Toolset - file serv-u.php;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;40eb8b08a07ab052832df9ce42a9392a
CN_Honker_Webshell_Serv_U_servu;Webshell from CN Honker Pentest Toolset - file servu.php;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;bf405239eb1bb547242c0232c9ddb08c
CN_Honker_Webshell_T00ls_Lpk_Sethc_v4_mail;Webshell from CN Honker Pentest Toolset - file mail.php;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;3a823be7813d09f5fc4b62b88ff8bcb3
CN_Honker_Webshell_Tuoku_script_mssql_2;Webshell from CN Honker Pentest Toolset - file mssql.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;86937beb9172026e1c5ba1ae4953f420
CN_Honker_Webshell_Tuoku_script_mysql;Webshell from CN Honker Pentest Toolset - file mysql.aspx;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;1ef12ac14ad1ceece57644df7872751b
CN_Honker_Webshell_Tuoku_script_oracle;Webshell from CN Honker Pentest Toolset - file oracle.jsp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;69c97ebb72f7c9a6f26e2cc32a9846c3
CN_Honker_Webshell_Tuoku_script_xx;Webshell from CN Honker Pentest Toolset - file xx.php;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;4051f21e2485c1a641974d19cbe2681b
CN_Honker_Webshell_WebShell;Webshell from CN Honker Pentest Toolset - file WebShell.cgi;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;ec3eebd747fec5497c6eb49b8edfe7ba
CN_Honker_Webshell__Injection_jmCook_jmPost_ManualInjection;Webshell from CN Honker Pentest Toolset - from files Injection.exe, jmCook.asp, jmPost.asp, ManualInjection.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;HKTL,WEBSHELL;288816741449920a7f3b25af00c3bae1
CN_Honker_Webshell__Serv_U_by_Goldsun_asp3_Serv_U_asp;Webshell from CN Honker Pentest Toolset - from files Serv-U_by_Goldsun.asp, asp3.txt, Serv-U asp.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;029026d1374edc7806c0cca7a4758b59
CN_Honker_Webshell__asp4_asp4_MSSQL__MSSQL_;Webshell from CN Honker Pentest Toolset - from files asp4.txt, asp4.txt, MSSQL_.asp, MSSQL_.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;3c83cc5c75d439f2ffa3fd7594a9e653
CN_Honker_Webshell__php1_php7_php9;Webshell from CN Honker Pentest Toolset - from files php1.txt, php7.txt, php9.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;81329e8036a09526e86b08954d85c7ac
CN_Honker_Webshell_assembly;Webshell from CN Honker Pentest Toolset - file assembly.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;2893c5e2507731134aff00f3dd4bc713
CN_Honker_Webshell_cfmShell;Webshell from CN Honker Pentest Toolset - file cfmShell.cfm;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;38b2a94e1aa4c262146136fd3d5f2d2f
CN_Honker_Webshell_cfm_list;Webshell from CN Honker Pentest Toolset - file list.cfm;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;b4514250f1e4f98b5b4d761d5e5c4431
CN_Honker_Webshell_cfm_xl;Webshell from CN Honker Pentest Toolset - file xl.cfm;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE,WEBSHELL;a28723579c031ad6c6af224ab9fe2f53
CN_Honker_Webshell_cmfshell;Webshell from CN Honker Pentest Toolset - file cmfshell.cmf;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;df2fd2279e055420ee226f0afba3ab2c
CN_Honker_Webshell_dz_phpcms_phpbb;Webshell from CN Honker Pentest Toolset - file dz_phpcms_phpbb.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;37393d52ccedd6e3e3c0998023148197
CN_Honker_Webshell_jspshell2;Webshell from CN Honker Pentest Toolset - file jspshell2.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;662840942d199064bcdd7a0cfe88c126
CN_Honker_Webshell_jspshell;Webshell from CN Honker Pentest Toolset - file jspshell.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;6665eb5948075be73ca4ebbef2aa162b
CN_Honker_Webshell_mycode12;Webshell from CN Honker Pentest Toolset - file mycode12.cfm;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;ac5bd6a53982801ac062db53eef6dd5d
CN_Honker_Webshell_nc_1;Webshell from CN Honker Pentest Toolset - file 1.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;b4f52fb3a5b15a693d6a94ebbdefd1f1
CN_Honker_Webshell_offlibrary;Webshell from CN Honker Pentest Toolset - file offlibrary.php;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;2f99903844128d4f5d4bcbac0b5cd096
CN_Honker_Webshell_phpwebbackup;Webshell from CN Honker Pentest Toolset - file phpwebbackup.php;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE,WEBSHELL;14c997486b4724106ae0d812a9ccf6bf
CN_Honker_Webshell_picloaked_1;Webshell from CN Honker Pentest Toolset - file 1.gif;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;cbe4826769a0f4f7e4f34189d9bf1d65
CN_Honker_Webshell_portRecall_jsp2;Webshell from CN Honker Pentest Toolset - file jsp2.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;a40caaa5e0215867a762e2839a810e07
CN_Honker_Webshell_portRecall_jsp;Webshell from CN Honker Pentest Toolset - file jsp.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;ae68cb8e0176a18f2e7dcd9c1af51dc6
CN_Honker_Webshell_su7_x_9_x;Webshell from CN Honker Pentest Toolset - file su7.x-9.x.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;e4ce90a5c8ade05dbe99f70e72ffb1ac
CN_Honker_Webshell_test3693;Webshell from CN Honker Pentest Toolset - file test3693.war;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE,WEBSHELL;781125768081bd83b5a75af14f6801d7
CN_Honker_Webshell_udf_udf;Webshell from CN Honker Pentest Toolset - file udf.php;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;c72e6fefc40369bcb4fe3e4fb6edecc2
CN_Honker_Webshell_wshell_asp;Webshell from CN Honker Pentest Toolset - file wshell-asp.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL;9be67af6b50e623b06068697bbf64b6f
CN_Honker_Without_a_trace_Wywz;Sample from CN Honker Pentest Toolset - file Wywz.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;9c39120de4a95dabb8d666fce325e830
CN_Honker_WordpressScanner;Sample from CN Honker Pentest Toolset - file WordpressScanner.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,HKTL,OFFICE;f8f42be172af03cf8b80ecd8e76d2a42
CN_Honker_Xiaokui_conversion_tool;Sample from CN Honker Pentest Toolset - file Xiaokui_conversion_tool.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;460b9625969b3082b56fa1714fe52e6b
CN_Honker__D_injection_V2_32_D_injection_V2_32_D_injection_V2_32;Sample from CN Honker Pentest Toolset - from files D_injection_V2.32.exe, D_injection_V2.32.exe, D_injection_V2.32.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;7bcc6f54a188188b2adeef4a95396ce6
CN_Honker__LPK_LPK_LPK;Sample from CN Honker Pentest Toolset - from files LPK.DAT, LPK.DAT, LPK.DAT;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;9574d12023fc461414b245f68fa4ca62
CN_Honker__PostgreSQL_mysql_injectV1_1_Creak_Oracle_SQLServer_inject_Creaked;Sample from CN Honker Pentest Toolset;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;e16d7e0d0d89ed385c4fe126d5315cc1
CN_Honker__builder_shift_SkinH;Sample from CN Honker Pentest Toolset - from files builder.exe, shift.exe, SkinH.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;5011eee543a6c934cd6681fc80ed1e1d
CN_Honker__lcx_HTran2_4_htran20;Sample from CN Honker Pentest Toolset - from files lcx.exe, HTran2.4.exe, htran20.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;77dbcb4648695c0d7db307a8f77fddcc
CN_Honker__wwwscan_wwwscan_wwwscan_gui;Sample from CN Honker Pentest Toolset - from files wwwscan.exe, wwwscan.exe, wwwscan_gui.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;f2f4765ceb4885ed54cce9831d44b8ef
CN_Honker_arp3_7_arp3_7;Sample from CN Honker Pentest Toolset - file arp3.7.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;8d18a2a51cf8b588d973fa350b60ad84
CN_Honker_cleaner_cl_2;Sample from CN Honker Pentest Toolset - file cl.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;cc0582d0fa73d9ff905a3d8765faf7e7
CN_Honker_cleaniis;Sample from CN Honker Pentest Toolset - file cleaniis.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;7dcfca1e09be9a1352b7324a85139193
CN_Honker_clearlogs;Sample from CN Honker Pentest Toolset - file clearlogs.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;814cadd46cb70d03da4a4c2a882c52a0
CN_Honker_dedecms5_7;Sample from CN Honker Pentest Toolset - file dedecms5.7.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;29958cfee298b2e20271ed4cddbb1240
CN_Honker_dirdown_dirdown;Sample from CN Honker Pentest Toolset - file dirdown.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;908cf15b45a5a37e5cf6e10144c1f440
CN_Honker_exp_iis7;Sample from CN Honker Pentest Toolset - file iis7.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;e8d661ec9f1384e25abc1d97e759b076
CN_Honker_exp_ms11011;Sample from CN Honker Pentest Toolset - file ms11011.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;f1e3a65c1ead550703dbd12ebd889593
CN_Honker_exp_ms11046;Sample from CN Honker Pentest Toolset - file ms11046.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;efbf8ef2183257bdfbd6671cd2f1a2e2
CN_Honker_exp_ms11080;Sample from CN Honker Pentest Toolset - file ms11080.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;4b16ac9bbb013f6ca72a1b82e2850b4c
CN_Honker_exp_win2003;Sample from CN Honker Pentest Toolset - file win2003.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;57877205700e1f0aec0f7f4fbe7a973f
CN_Honker_getlsasrvaddr;Sample from CN Honker Pentest Toolset - file getlsasrvaddr.exe - WCE Amplia Security;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;04e8ad7e8a82bd2ea47b677efbae7188
CN_Honker_hashq_Hashq;Sample from CN Honker Pentest Toolset - file Hashq.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;b83a9109328f3cf293efa2c0924a7a5f
CN_Honker_hkmjjiis6;Sample from CN Honker Pentest Toolset - file hkmjjiis6.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;7585795c55063bafdf19bb44177d1e74
CN_Honker_hxdef100;Sample from CN Honker Pentest Toolset - file hxdef100.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;6574c840494aeb244be4a06ed5341386
CN_Honker_lcx_lcx;Sample from CN Honker Pentest Toolset - HTRAN - file lcx.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;fb31d2996245cd3958b7ab631dd01fca
CN_Honker_linux_bin;Script from disclosed CN Honker Pentest Toolset - file linux_bin;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;92fc599b5df44958c8aad0e00c29ce89
CN_Honker_mafix_root;Script from disclosed CN Honker Pentest Toolset - file root;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;d2a64ee4d8881f70988ee2c22bb51bb5
CN_Honker_mempodipper2_6;Sample from CN Honker Pentest Toolset - file mempodipper2.6.39;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;;8f8e9b9100ead0a07ad0767b341a1fec
CN_Honker_ms10048_x64;Sample from CN Honker Pentest Toolset - file ms10048-x64.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;f6760e07ba0dc657b6c9acdb1ac912e8
CN_Honker_ms10048_x86;Sample from CN Honker Pentest Toolset - file ms10048-x86.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;fdadccb72ff3c5195f480d6fec02f837
CN_Honker_ms11080_withcmd;Sample from CN Honker Pentest Toolset - file ms11080_withcmd.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;bef6cc93c9187bbc5a92a138cf263a7d
CN_Honker_mssqlpw_scan;Script from disclosed CN Honker Pentest Toolset - file mssqlpw scan.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;6373161c00c79b67bf029bef1d7450fe
CN_Honker_mysql_injectV1_1_Creak;Sample from CN Honker Pentest Toolset - file mysql_injectV1.1_Creak.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;8a2e7acbcb75725dee4fb4cd5f8eec6c
CN_Honker_nc_MOVE;Script from disclosed CN Honker Pentest Toolset - file MOVE.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;ef67fd7b388cf8b92ff956ed506c4192
CN_Honker_net_packet_capt;Sample from CN Honker Pentest Toolset - file net_packet_capt.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;a98c295ee39f1d4c3fd6f58063c7db61
CN_Honker_net_priv_esc2;Sample from CN Honker Pentest Toolset - file net-priv-esc2.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;915fa4c9f8beff55765cea116d7fc342
CN_Honker_no_net_priv_esc_AddUser;Sample from CN Honker Pentest Toolset - file AddUser.dll;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;474639638926f8a42b921da56c74421b
CN_Honker_passwd_dict_3389;Script from disclosed CN Honker Pentest Toolset - file 3389.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;cd476a35630f7d29f4fa0a5b7378ba40
CN_Honker_portRecall_bc;Script from disclosed CN Honker Pentest Toolset - file bc.pl;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;87669dde2d5deeec17bb86b1190bbce6
CN_Honker_portRecall_pr;Script from disclosed CN Honker Pentest Toolset - file pr;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;f275a63ce0042fa2a25a643f57985217
CN_Honker_pr_debug;Sample from CN Honker Pentest Toolset - file debug.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;3644fcded9c45045362400d3b87dfa75
CN_Honker_safe3wvs_cgiscan;Sample from CN Honker Pentest Toolset - file cgiscan.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;5f8b90d2fa5e89e046d93068f1e7629e
CN_Honker_shell_brute_tool;Sample from CN Honker Pentest Toolset - file shell_brute_tool.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;d9100ccc8489432b491f187588cf7b96
CN_Honker_sig_3389_2_3389;Sample from CN Honker Pentest Toolset - file 3389.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;a2d508cab567356683739635427f1504
CN_Honker_sig_3389_3389;Script from disclosed CN Honker Pentest Toolset - file 3389.vbs;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;a3e2f198db19c42b44f22a9647f354d2
CN_Honker_sig_3389_3389_2;Script from disclosed CN Honker Pentest Toolset - file 3389.bat;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;6644e1a3673082c51786e89cd0ad75f2
CN_Honker_sig_3389_3389_3;Script from disclosed CN Honker Pentest Toolset - file 3389.bat;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPT;3442dd1d18df5f878605345ac7ae6f03
CN_Honker_sig_3389_80_AntiFW;Sample from CN Honker Pentest Toolset - file AntiFW.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;5ad4bf63586cec24fe3fcf6e6b15efc4
CN_Honker_sig_3389_DUBrute_v3_0_RC3_2_0;Sample from CN Honker Pentest Toolset - file 2.0.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;f201dd5920e62ff692b5045dee9bda1b
CN_Honker_sig_3389_DUBrute_v3_0_RC3_3_0;Sample from CN Honker Pentest Toolset - file 3.0.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;173dc7094664c72cad3a32afdea62c0c
CN_Honker_sig_3389_mstsc_MSTSCAX;Sample from CN Honker Pentest Toolset - file MSTSCAX.DLL;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;cfd023364590a80fdf5c9a6484356a7f
CN_Honker_sig_3389_xp3389;Sample from CN Honker Pentest Toolset - file xp3389.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;f5827f3836f600caad3858c61cc09b62
CN_Honker_smsniff_smsniff;Sample from CN Honker Pentest Toolset - file smsniff.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;b10d74ff4efd20167e6450b88d979972
CN_Honker_struts2_catbox;Sample from CN Honker Pentest Toolset - file catbox.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;f33544fe893891cffaaa49400806dfa5
CN_Honker_super_Injection1;Sample from CN Honker Pentest Toolset - file super Injection1.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,HKTL;5962cfaad69bb42c5073db5b22e40f98
CN_Honker_syconfig;Script from disclosed CN Honker Pentest Toolset - file syconfig.dll;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE,SCRIPT;4ffcd67bbc0a56ff358c2ff7be7f3157
CN_Honker_termsrvhack;Sample from CN Honker Pentest Toolset - file termsrvhack.dll;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;d886c2ee4fc694cd4b61bd9c2322e10a
CN_Honker_windows_exp;Sample from CN Honker Pentest Toolset - file exp.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;8ac1bacebfe7f053811f70110c8dd9e6
CN_Honker_windows_mstsc_enhanced_RMDSTC;Sample from CN Honker Pentest Toolset - file RMDSTC.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;ad1194c36618063093da7a662c855d4e
CN_Honker_wwwscan_1_wwwscan;Sample from CN Honker Pentest Toolset - file wwwscan.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;d81a41bb742536080fc7c167784fc520
CN_Honker_wwwscan_gui;Sample from CN Honker Pentest Toolset - file wwwscan_gui.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE;baed62509ab3e7b641e83d5a62f0aaaa
CN_Packed_Scanner;Suspiciously packed executable;-;2014-06-10 00:00:00;40;Florian Roth;HKTL;6a6489a5466ee1517b1203e098e2547b
CN_Portscan;CN Port Scanner;-;2013-11-29 00:00:00;70;Florian Roth;FILE,HKTL;85336c14ce9f8f9cb7f167fd3de24346
CN_Tools_MyUPnP;Chinese Hacktool Set - file MyUPnP.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;4d369fd10ed5c1d9ee59a72b93c9a732
CN_Tools_PcShare;Chinese Hacktool Set - file PcShare.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;ed3e2aa5e63c07dd3c0b0f24b672e89d
CN_Tools_Shiell;Chinese Hacktool Set - file Shiell.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;c40e9fcdb94240211451f0c92b0e4637
CN_Tools_Temp;Chinese Hacktool Set - file Temp.war;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,FILE,HKTL,SCRIPT;2d4e6926c4de49d9996463134c21f800
CN_Tools_VNCLink;Chinese Hacktool Set - file VNCLink.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;1ac82ac690135e9e67a115d80d83ff13
CN_Tools_Vscan;Chinese Hacktool Set - file Vscan.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;1b51b7d1044fbc72c6b18a4b1e6d7c19
CN_Tools_hscan;Chinese Hacktool Set - file hscan.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;4aec92428d99072ed269f1110d2ce84b
CN_Tools_item;Chinese Hacktool Set - file item.php;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;93704793e0011d3894f59c312864cf40
CN_Tools_old;Chinese Hacktool Set - file old.php;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;5ed4bdc5d6d5b3de84ecce1287423c37
CN_Tools_pc;Chinese Hacktool Set - file pc.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;6983d62951572beadc80e6510f3926f1
CN_Tools_srss;Chinese Hacktool Set - file srss.bat;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,SCRIPT;9fbb518dcd86fc0e06393116565b264a
CN_Tools_srss_2;Chinese Hacktool Set - file srss.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;3d7aee664114204904d55b4e22c4ec36
CN_Tools_xbat;Chinese Hacktool Set - file xbat.vbs;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,FILE,HKTL,SCRIPT;79fcc34418a66945907ddabfa59a8c2a
CN_Tools_xsniff;Chinese Hacktool Set - file xsniff.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;81e842044f2f98649d79f4a27463daef
CN_Toolset_LScanPortss_2;Detects a Chinese hacktool from a disclosed toolset - file LScanPortss.exe;http://qiannao.com/ls/905300366/33834c0c/;2015-03-30 00:00:00;70;Florian Roth;CHINA,HKTL;0ddc973cf63fc297a209e287dae9d459
CN_Toolset_NTscan_PipeCmd;Detects a Chinese hacktool from a disclosed toolset - file PipeCmd.exe;http://qiannao.com/ls/905300366/33834c0c/;2015-03-30 00:00:00;70;Florian Roth;CHINA,HKTL;4df9c32d374e9b326b7c84136ce1d5a8
CN_Toolset__XScanLib_XScanLib_XScanLib;Detects a Chinese hacktool from a disclosed toolset - from files XScanLib.dll, XScanLib.dll, XScanLib.dll;http://qiannao.com/ls/905300366/33834c0c/;2015-03-30 00:00:00;70;Florian Roth;CHINA,HKTL;49c5f68941cf3c37a02313e44d0f53cc
CN_Toolset_sig_1433_135_sqlr;Detects a Chinese hacktool from a disclosed toolset - file sqlr.exe;http://qiannao.com/ls/905300366/33834c0c/;2015-03-30 00:00:00;70;Florian Roth;CHINA,HKTL;196fdd5c3f2190e74b80abb73fc5c9a5
CN_disclosed_20180208_KeyLogger_1;Detects malware from disclosed CN malware set;https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details;2018-02-08 00:00:00;75;Florian Roth;EXE,FILE;ce3aabef2fbe748d6253546c5caae118
CN_disclosed_20180208_Mal1;Detects malware from disclosed CN malware set;https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details;2018-02-08 00:00:00;75;Florian Roth;EXE,FILE;3101e9f2544751c5f474e1ea29796d97
CN_disclosed_20180208_Mal4;Detects malware from disclosed CN malware set;https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details;2018-02-08 00:00:00;75;Florian Roth;EXE,FILE;74c9e534cb34e029f3644d02818d7433
CN_disclosed_20180208_Mal5;Detects malware from disclosed CN malware set;https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details;2018-02-08 00:00:00;75;Florian Roth;EXE,FILE;e85aeaa15f1e8b82d5b0b95c0f9a90f2
CN_disclosed_20180208_System3;Detects malware from disclosed CN malware set;https://twitter.com/cyberintproject/status/961714165550342146;2018-02-08 00:00:00;75;Florian Roth;EXE,FILE;9bcb5792841fded27d0d4c42d007a3b2
CN_disclosed_20180208_c;Detects malware from disclosed CN malware set;https://twitter.com/cyberintproject/status/961714165550342146;2018-02-08 00:00:00;75;Florian Roth;EXE,FILE;c372c0976ae31d89902c755293eea83c
CN_disclosed_20180208_lsls;Detects malware from disclosed CN malware set;https://twitter.com/cyberintproject/status/961714165550342146;2018-02-08 00:00:00;75;Florian Roth;FILE;f8a614a236ca6786dd77dd410ea6857a
COZY_FANCY_BEAR_Hunt;Detects Cozy Bear / Fancy Bear C2 Server IPs;https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/;2016-06-14 00:00:00;75;Florian Roth;EXE,FILE,RUSSIA;8625a07b826c1f692d660335c0d88c38
COZY_FANCY_BEAR_modified_VmUpgradeHelper;Detects a malicious VmUpgradeHelper.exe as mentioned in the CrowdStrike report;https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/;2016-06-14 00:00:00;75;Florian Roth;EXE,EXTVAR,FILE,RUSSIA;7afa3db027f0568fec52ea7d757d87f4
COZY_FANCY_BEAR_pagemgr_Hunt;Detects a pagemgr.exe as mentioned in the CrowdStrike report;https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/;2016-06-14 00:00:00;75;Florian Roth;EXE,FILE,RUSSIA;60373e22d0f11c0c647932105e5f5735
CVE_2014_4076_Exploitcode;Detects an exploit code for CVE-2014-4076;https://github.com/Neo23x0/yarGen;2018-04-04 00:00:00;75;Florian Roth;EXE,EXPLOIT,FILE;00f42062a6535dee548150ea846e1904
CVE_2015_1674_CNGSYS;Detects exploits for CVE-2015-1674;http://www.binvul.com/viewthread.php?tid=508;2015-05-14 00:00:00;75;Florian Roth;EXE,EXPLOIT,FILE;e836fcc4432f2ecf8f45da76bd8f9304
CVE_2015_1701_Taihou;CVE-2015-1701 compiled exploit code;http://goo.gl/W4nU0q;2015-05-13 00:00:00;70;Florian Roth;EXE,EXPLOIT,FILE;4f0ae821c6a1fd5990289a3bc506f3a0
CVE_2017_11882_RTF;Detects suspicious Microsoft Equation OLE contents as used in CVE-2017-11882;Internal Research;2018-02-13 00:00:00;60;Florian Roth;EXPLOIT,FILE;ef27d0b93df82ef201724ade2ae2273b
CVE_2017_8759_Mal_Doc;Detects malicious files related to CVE-2017-8759 - file Doc1.doc;https://github.com/Voulnet/CVE-2017-8759-Exploit-sample;2017-09-14 00:00:00;75;Florian Roth;EXPLOIT,FILE;5c93520f209dcfe349912c9463b43c29
CVE_2017_8759_Mal_HTA;Detects malicious files related to CVE-2017-8759 - file cmd.hta;https://github.com/Voulnet/CVE-2017-8759-Exploit-sample;2017-09-14 00:00:00;75;Florian Roth;EXPLOIT,FILE;91ac33411ecb33ce0b04f5a12af01c46
CVE_2017_8759_SOAP_Excel;Detects malicious files related to CVE-2017-8759;https://twitter.com/buffaloverflow/status/908455053345869825;2017-09-15 00:00:00;60;Florian Roth;EXPLOIT,OFFICE;e31482bbeea9488a2661118446a35eb8
CVE_2017_8759_SOAP_txt;Detects malicious file in releation with CVE-2017-8759 - file exploit.txt;https://github.com/Voulnet/CVE-2017-8759-Exploit-sample;2017-09-14 00:00:00;75;Florian Roth;EXPLOIT;cd2cd96573c20de5e68cfab5330d1a86
CVE_2017_8759_SOAP_via_JS;Detects SOAP WDSL Download via JavaScript;https://twitter.com/buffaloverflow/status/907728364278087680;2017-09-14 00:00:00;60;Florian Roth;EXPLOIT;2be3f1a0db3bc48b7d3efcf756f2e479
CVE_2017_8759_WSDL_in_RTF;Detects malicious RTF file related CVE-2017-8759;https://twitter.com/xdxdxdxdoa/status/908665278199996416;2017-09-15 00:00:00;75;Security Doggo @xdxdxdxdoa;EXPLOIT,EXTVAR,REQ_PRIVATE;b3f31f437a181fd6536dee0780a794af
Casper_Backdoor_x86;Casper French Espionage Malware - Win32/ProxyBot.B - x86 Payload http://goo.gl/VRJNLo;http://goo.gl/VRJNLo;2015-03-05 00:00:00;80;Florian Roth;HKTL,MAL;a63c3d2858b183e62c352efb0660bd52
Casper_EXE_Dropper;Casper French Espionage Malware - Win32/ProxyBot.B - Dropper http://goo.gl/VRJNLo;http://goo.gl/VRJNLo;2015-03-05 00:00:00;80;Florian Roth;HKTL,MAL;c36beb35fb4dfd49b45fa1036763409f
Casper_Included_Strings;Casper French Espionage Malware - String Match in File - http://goo.gl/VRJNLo;http://goo.gl/VRJNLo;2015-03-06 00:00:00;50;Florian Roth;EXE,FILE,MAL;508b869f2e152518fb5d439b8a4b20a2
Casper_SystemInformation_Output;Casper French Espionage Malware - System Info Output - http://goo.gl/VRJNLo;http://goo.gl/VRJNLo;2015-03-06 00:00:00;70;Florian Roth;MAL;fc27fd8f4cc505734516241907b065b2
Casus15_php_php;Semi-Auto-generated - file Casus15.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;33eca24f2752efd245ddb57581a3071d
Certutil_Decode_OR_Download;Certutil Decode;Internal Research;2017-08-29 00:00:00;40;Florian Roth;EXTVAR,REQ_PRIVATE,SCRIPT;d3951a7bf1c5c6c2d00de10b9c440953
Chafer_Exploit_Copyright_2017;Detects Oilrig Internet Server Extension with Copyright (C) 2017 Exploit;https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf;2018-03-22 00:00:00;75;Markus Neis;EXE,FILE,MIDDLE_EAST;a8e4b99feb76c0df7a72b3b748679c5a
Chafer_Mimikatz_Custom;Detects Custom Mimikatz Version;https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf;2018-03-22 00:00:00;75;Florian Roth / Markus Neis;EXE,FILE,MIDDLE_EAST;166ac77cb3969436b74d66d7f8b97c70
Chafer_Packed_Mimikatz;Detects Oilrig Packed Mimikatz also detected as Chafer_WSC_x64 by FR;https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf;2018-03-22 00:00:00;75;Florian Roth / Markus Neis;EXE,FILE,MIDDLE_EAST;a7db6463555c66249169c9de91d77e13
Chafer_Portscanner;Detects Custom Portscanner used by Oilrig;https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf;2018-03-22 00:00:00;75;Markus Neis;EXE,FILE,MIDDLE_EAST;9a3b7aac5d412481c090713f894ac069
CheshireCat_Gen1;Auto-generated rule - file ec41b029c3ff4147b6a5252cb8b659f851f4538d4af0a574f7e16bc1cd14a300;https://malware-research.org/prepare-father-of-stuxnet-news-are-coming/;2015-08-08 00:00:00;90;Florian Roth;EXE,FILE;54048ad5f41479c363b1ec1c1a48a589
CheshireCat_Gen2;Cheshire Cat Malware;https://malware-research.org/prepare-father-of-stuxnet-news-are-coming/;2015-08-08 00:00:00;70;Florian Roth;EXE,FILE,MAL;33fcd67aee2118149a54cb3b1dfd042b
CheshireCat_Sample2;Auto-generated rule - file dc18850d065ff6a8364421a9c8f9dd5fcce6c7567f4881466cee00e5cd0c7aa8;https://malware-research.org/prepare-father-of-stuxnet-news-are-coming/;2015-08-08 00:00:00;70;Florian Roth;EXE,FILE;328474022f4d377f6192bed6dcc9c790
ChinaChopper_Generic;China Chopper Webshells - PHP and ASPX;https://www.fireeye.com/content/dam/legacy/resources/pdfs/fireeye-china-chopper-report.pdf;2015-03-10 00:00:00;75;Florian Roth;CHINA,GEN,WEBSHELL;4bb7e96a7be18d17ddcfe1c0f6298010
ChinaChopper_caidao;Chinese Hacktool Set - file caidao.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;c674185bb6f318e42175194828218eff
ChinaChopper_one;Chinese Hacktool Set - file one.asp;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;fe64735d438250cbad7c9723c14ba3b9
ChinaChopper_temp;Chinese Hacktool Set - file temp.asp;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;50d4e00b16beaf29f2af408e7b84f881
ChinaChopper_temp_2;Chinese Hacktool Set - file temp.php;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;57b56a3e726baee47dc69ea1c5559b34
ChinaChopper_temp_3;Chinese Hacktool Set - file temp.aspx;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,FILE,HKTL,WEBSHELL;e7f2bf33da8a1d7d5252f29a112bea50
Chinese_Hacktool_1014;Detects a chinese hacktool with unknown use;-;2014-10-10 00:00:00;60;Florian Roth;CHINA,HKTL;3a8d7b2852c971ea8810ed090e3d0151
ChromePass;Detects a tool used by APT groups - file ChromePass.exe;http://goo.gl/igxLyF;2016-09-08 00:00:00;75;Florian Roth;APT,EXE,FILE;0058dc2c95cd61621ae7587c74518982
CleanIISLog;Disclosed hacktool set (old stuff) - file CleanIISLog.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;f7f9246b1d12d6211c58261747cc8fbc
Cloaked_RAR_File;RAR file cloaked by a different extension;-;1970-01-01 01:00:00;75;Florian Roth;EXTVAR,FILE;175814794e324e345606ea6bd535b1a4
Cloaked_as_JPG;Detects a cloaked file as JPG;-;2015-02-28 00:00:00;40;Florian Roth (eval section from Didier Stevens);EXTVAR,FILE;90d470799467e72c928763273235d079
CloudDuke_Malware;Detects CloudDuke Malware;https://www.f-secure.com/weblog/archives/00002822.html;2015-07-22 00:00:00;60;Florian Roth;EXE,FILE,MAL,RUSSIA;81b63ced2b77709e2a93ee79e161b16c
CmdAsp_asp;Semi-Auto-generated - file CmdAsp.asp.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;b407964cce301d5b119c24db06a2acb2
CmdShell64;Chinese Hacktool Set - file CmdShell64.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;37efdfc1d967c7ca77311447873612c9
Cmdshell32;Chinese Hacktool Set - file Cmdshell32.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;f5fa9d17853739cc4f6e74041ea4e4f8
CobaltGang_Malware_Aug17_1;Detects a Cobalt Gang malware;https://sslbl.abuse.ch/intel/6ece5ece4192683d2d84e25b0ba7e04f9cb7eb7c;2017-08-09 00:00:00;75;Florian Roth;EXE,FILE,MAL;b2b8fe82b87faa1d62c290ca18422c8a
CobaltGang_Malware_Aug17_2;Detects a Cobalt Gang malware;https://sslbl.abuse.ch/intel/6ece5ece4192683d2d84e25b0ba7e04f9cb7eb7c;2017-08-09 00:00:00;75;Florian Roth;EXE,FILE,MAL;d36380a856a0ab9616fec8184cc90c66
CobaltStrike_CN_Group_BeaconDropper_Aug17;Detects Script Dropper of Cobalt Gang used in August 2017;Internal Research;2017-08-09 00:00:00;75;Florian Roth;MAL;4b85986fe24cde65221cff42ad3f7694
Cobaltgang_PDF_Metadata_Rev_A;Find documents saved from the same potential Cobalt Gang PDF template;https://researchcenter.paloaltonetworks.com/2018/10/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed/;2018-10-25 00:00:00;75;Palo Alto Networks Unit 42;;d771a9e6ba5d11e23c565b52cfe785e5
Codoso_CustomTCP;Codoso CustomTCP Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;EXE,FILE,MAL;48804fe32fbd66aed10af689fb8674dc
Codoso_CustomTCP_2;Detects Codoso APT CustomTCP Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;4fa1d49cc232579873942453b4ff6b61
Codoso_CustomTCP_3;Detects Codoso APT CustomTCP Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;c897622b6e3d8872838289ca239b4b5d
Codoso_CustomTCP_4;Detects Codoso APT CustomTCP Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;a9091c669a08690781265ee544cb29be
Codoso_Gh0st_1;Detects Codoso APT Gh0st Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;1ec0a5233de3da78e24990102e7aa52c
Codoso_Gh0st_2;Detects Codoso APT Gh0st Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;40e20a03cf14131b8c37cf4165175ed0
Codoso_Gh0st_3;Detects Codoso APT Gh0st Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;26900d91b40bfff57536a4a1232f17b3
Codoso_PGV_PVID_1;Detects Codoso APT PGV PVID Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;ab3225ed535e8054ca44aab333c5cdbf
Codoso_PGV_PVID_2;Detects Codoso APT PGV PVID Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;71ed1da911b8adc4b985688cee96c054
Codoso_PGV_PVID_3;Detects Codoso APT PGV PVID Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,MAL;39fdae689352b0e9377979baa644bfb2
Codoso_PGV_PVID_4;Detects Codoso APT PlugX Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;aad90017d970742a8b4a6c1dbb2e99fb
Codoso_PGV_PVID_5;Detects Codoso APT PGV PVID Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;af012cf9fa6625b5d5b596bf1e952030
Codoso_PGV_PVID_6;Detects Codoso APT PGV_PVID Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;f89c491439b2b95b22ec8dff6c671610
Codoso_PlugX_1;Detects Codoso APT PlugX Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;090a294c779e483207798a6a9fdd5d1e
Codoso_PlugX_2;Detects Codoso APT PlugX Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;7c0891b7ecde320280fe3a0999cd45c9
Codoso_PlugX_3;Detects Codoso APT PlugX Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;517258b3800f860bde2b8db59ad3a8f6
CoinHive_Javascript_MoneroMiner;Detects CoinHive - JavaScript Crypto Miner;https://coinhive.com/documentation/miner;2018-01-04 00:00:00;50;Florian Roth;;a63b91b52e08cf7061223fc7d140e180
CoinMiner_Strings;Detects mining pool protocol string in Executable;https://minergate.com/faq/what-pool-address;2018-01-04 00:00:00;50;Florian Roth;;0376a5f767eae520701d2f90d49a36f7
CookieTools2;Chinese Hacktool Set - file CookieTools2.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;623d621cd7c34eac94c21ae4f9cc67b2
CookieTools;Chinese Hacktool Set - file CookieTools.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;d3eec543cf2344d13b0bd2d1fb274e64
CoreImpact_sysdll_exe;Detects a malware sysdll.exe from the Rocket Kitten APT;-;2014-12-27 00:00:00;70;Florian Roth;APT,MIDDLE_EAST;e758e0de0674ded55ae4e035dc4a1641
CorkowDLL;Rule to detect the Corkow DLL files;-;2016-02-06 00:00:00;75;Group IB;EXE,FILE;6865fc797565280ff4806c0db15428ac
Crackmapexec_EXE;Detects CrackMapExec hack tool;Internal Research;2018-04-06 00:00:00;85;Florian Roth;EXE,FILE,HKTL;acc5c292d36402509047e152546bc5cb
CredentialStealer_Generic_Backdoor;Detects credential stealer byed on many strings that indicate password store access;Internal Research;2017-06-07 00:00:00;75;Florian Roth;EXE,FILE,GEN,MAL;8783d298ba001abc08aa5dc32383f3ee
CrimsonRAT_Mar18_1;Detects CrimsonRAT malware;Internal Research;2018-03-06 00:00:00;75;Florian Roth;EXE,FILE,MAL;b94ecf53d3bcae109df1414b9f27486a
CrowdStrike_Shamoon_DroppedFile;Rule to detect Shamoon malware http://goo.gl/QTxohN;http://www.rsaconference.com/writable/presentations/file_upload/exp-w01-hacking-exposed-day-of-destruction.pdf;1970-01-01 01:00:00;75;Florian Roth (auto-filled);MIDDLE_EAST;e067c46be7cfee1bde054614d5d6b7a2
CrunchRAT;Detects CrunchRAT - file CrunchRAT.exe;https://github.com/t3ntman/CrunchRAT;2017-11-03 00:00:00;75;Florian Roth;EXE,FILE,MAL;2f44455075167c17b144dc3a70b2f094
Customize;Chinese Hacktool Set - file Customize.aspx;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;00e8c27ceb39d9d30d176fa274657d30
Customize_2;Chinese Hacktool Set - file Customize.jsp;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,HKTL,WEBSHELL;332988e785373430636837524c1e80c7
DKShell_f0772be3c95802a2d1e7a4a3f5a45dcdef6997f3;Detects a web shell;https://github.com/bartblaze/PHP-backdoors;2016-09-10 00:00:00;75;Florian Roth;FILE,WEBSHELL;7955b61923d939e26295faebf5f08997
DK_Brute;PoS Scammer Toolbox - http://goo.gl/xiIphp - file DK Brute.exe;http://goo.gl/xiIphp;2014-11-22 00:00:00;70;Florian Roth;HKTL;d34d983c28f36c9977ed2472176d5142
DLL_Injector_Lynx;Detects Lynx DLL Injector;Internal Research;2017-08-20 00:00:00;75;Florian Roth;EXE,FILE,HKTL;072ab30488dc228516251ee898963fc2
DTool_Pro_php;Semi-Auto-generated - file DTool Pro.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;8a9f14ff23d04617165a2134803a9fd7
DTools2_02_DTools;Chinese Hacktool Set - file DTools.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;0c586d0a4945d0b6c50e7edb911b33b8
DUBrute_DUBrute;Chinese Hacktool Set - file DUBrute.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;e7d7d00f997f01103453538072d10647
DarkComet_Keylogger_File;Looks like a keylogger file created by DarkComet Malware;-;2014-07-25 00:00:00;50;Florian Roth;FILE,HKTL,MAL;02e873f4adf37c54594a9e34c65b3f91
DarkEYEv3_Cryptor;Rule to detect DarkEYEv3 encrypted executables (often malware);http://darkeyev3.blogspot.fi/;2015-05-24 00:00:00;55;Florian Roth;EXE,FILE;0dbe69f1711caa056c04ea022a2f94d8
DarkSecurityTeam_Webshell;Dark Security Team Webshell;-;1970-01-01 01:00:00;50;Florian Roth;WEBSHELL;287d0d9b079e437164326890200251bb
DarkSpy105;Webshells Auto-generated - file DarkSpy105.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;34bd97e8d696022dd48e695db79efda0
Daserf_Nov1_BronzeButler;Detects Daserf malware used by Bronze Butler;https://goo.gl/ffeCfd;2017-11-08 00:00:00;75;Florian Roth;EXE,FILE;1a2e59a16103002c417ebd9405777a79
Datper_Backdoor;Detects Datper Malware;http://blog.jpcert.or.jp/2017/08/detecting-datper-malware-from-proxy-logs.html;2017-08-21 00:00:00;75;Florian Roth;EXE,FILE,MAL;3cb4f12c84f36ac49b64842222f56d8b
Debug_BDoor;Webshells Auto-generated - file BDoor.dll;-;1970-01-01 01:00:00;75;Florian Roth;MAL,WEBSHELL;3a8188f48535d9f046ccd9ae585b94b8
Debug_cress;Webshells Auto-generated - file cress.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;853ad7a1ad2ffc0ce705811ce06df956
Debug_dllTest_2;Webshells Auto-generated - file dllTest.dll;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;183ad1a70b017fb8403a0ad6b2c99830
DeepPanda_Trojan_Kakfum;Hack Deep Panda - Trojan.Kakfum sqlsrv32.dll;-;2015-02-08 00:00:00;75;Florian Roth;CHINA,MAL;4dcd758d4ec3ae58da77ba1b594db1f0
DeepPanda_htran_exe;Hack Deep Panda - htran-exe;-;2015-02-08 00:00:00;75;Florian Roth;CHINA;b945cd4ac408326375d2788d5a10b76f
DeepPanda_lot1;Hack Deep Panda - lot1.tmp-pwdump;-;2015-02-08 00:00:00;75;Florian Roth;CHINA;81138d1ebad2ed4de9c93f6196797858
DeepPanda_sl_txt_packed;Hack Deep Panda - ScanLine sl-txt-packed;-;2015-02-08 00:00:00;75;Florian Roth;CHINA;fc53e2d0d744abfe0b47fe0c02e96892
DefaceKeeper_0_2_php;Semi-Auto-generated - file DefaceKeeper_0.2.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;e381cba4bbf69722a703222f6e19c9ca
Derusbi_Backdoor_Mar17_1;Detects a variant of the Derusbi backdoor;Internal Research;2017-03-03 00:00:00;75;Florian Roth;EXE,FILE,MAL;840583059cdfc5e3f0d1885e40a9cb2f
Derusbi_Code_Signing_Cert;Detects an executable signed with a certificate also used for Derusbi Trojan - suspicious;http://blog.airbuscybersecurity.com/post/2015/11/Newcomers-in-the-Derusbi-family;2015-12-15 00:00:00;60;Florian Roth;EXE,FILE,MAL;6825d00a1f11e7fdaab6f6b4f9a49ae9
Derusbi_Kernel_Driver_WD_UDFS;Detects Derusbi Kernel Driver;http://blog.airbuscybersecurity.com/post/2015/11/Newcomers-in-the-Derusbi-family;2015-12-15 00:00:00;80;Florian Roth;EXE,FILE;3cad4591c7165b723bd639e657ab52aa
Destructive_Ransomware_Gen1;Detects destructive malware;http://blog.talosintelligence.com/2018/02/olympic-destroyer.html;2018-02-12 00:00:00;75;Florian Roth;CRIME,EXE,FILE;b62321e394fe16b344868a2b3409fd1c
DeviceGuard_WDS_Evasion;Detects WDS file used to circumvent Device Guard;http://www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html;1970-01-01 01:00:00;80;Florian Roth;OBFUS;cb4573bc612bc3be444cb037b0dabb1d
Dexter_Malware;Detects the Dexter Trojan/Agent http://goo.gl/oBvy8b;http://goo.gl/oBvy8b;2015-02-10 00:00:00;70;Florian Roth;MAL;d2dfa50d329079da20d64cdf9e7201be
Disclosed_0day_POCs_InjectDll;Detects POC code from disclosed 0day hacktool set;Disclosed 0day Repos;2017-07-07 00:00:00;75;Florian Roth;EXE,EXPLOIT,FILE,HKTL;71df2c5acf52c49393584fcedae2afe8
Disclosed_0day_POCs_exploit;Detects POC code from disclosed 0day hacktool set;Disclosed 0day Repos;2017-07-07 00:00:00;75;Florian Roth;EXE,EXPLOIT,FILE,HKTL;ab9c0a5da96179e02861c7ec580ff7f3
Disclosed_0day_POCs_injector;Detects POC code from disclosed 0day hacktool set;Disclosed 0day Repos;2017-07-07 00:00:00;75;Florian Roth;EXE,EXPLOIT,FILE,HKTL;dabae5526b4e238ab1fd3763dfb9e36f
Disclosed_0day_POCs_lpe;Detects POC code from disclosed 0day hacktool set;Disclosed 0day Repos;2017-07-07 00:00:00;75;Florian Roth;EXE,EXPLOIT,FILE,HKTL;daf7f29073ea3c2cb8c18403e9345790
Disclosed_0day_POCs_lpe_2;Detects POC code from disclosed 0day hacktool set;Disclosed 0day Repos;2017-07-07 00:00:00;75;Florian Roth;EXE,EXPLOIT,FILE,HKTL;4be7ec131429441e2e73969fa43fa0c4
Disclosed_0day_POCs_payload_MSI;Detects POC code from disclosed 0day hacktool set;Disclosed 0day Repos;2017-07-07 00:00:00;75;Florian Roth;EXPLOIT,FILE,HKTL;c200000f11f46c9b86319c7010c30465
Disclosed_0day_POCs_shellcodegenerator;Detects POC code from disclosed 0day hacktool set;Disclosed 0day Repos;2017-07-07 00:00:00;75;Florian Roth;EXE,EXPLOIT,FILE,HKTL;d2e46d9a7e3e67b0c92b076af823b794
Dive_Shell_1_0___Emperor_Hacking_Team_php;Semi-Auto-generated - file Dive Shell 1.0 - Emperor Hacking Team.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;9fb8c63b434029f4c253afae5d136503
DkShell_4000bd83451f0d8501a9dfad60dce39e55ae167d;Detects a web shell;https://github.com/bartblaze/PHP-backdoors;2016-09-10 00:00:00;75;Florian Roth;FILE,WEBSHELL;5725a6161ef6ab41f3415acd28bbe171
DllInjection;Webshells Auto-generated - file DllInjection.exe;-;1970-01-01 01:00:00;75;Florian Roth;HKTL,WEBSHELL;3784c3b2a24c82d2429640857ad8c03d
Dll_LoadEx;Chinese Hacktool Set - file Dll_LoadEx.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;e350443a78dbea2e37af1c0eed6155cf
Docm_in_PDF;Detects an embedded DOCM in PDF combined with OpenAction;Internal Research;2017-05-15 00:00:00;75;Florian Roth;FILE;8591203da3bb272c29e9b084e9db1b4b
DomainScanV1_0;Auto-generated rule on file DomainScanV1_0.exe;-;1970-01-01 01:00:00;75;yarGen Yara Rule Generator by Florian Roth;HKTL;db400263a64c6890331b1ac664ab41df
Dorkbot_Injector_Malware;Detects Darkbot Injector;Internal Research;2016-10-08 00:00:00;75;Florian Roth;EXE,FILE,HKTL,MAL;bf7ca70ea15e0f2efa023931c793950d
Dos_1;Chinese Hacktool Set - file 1.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;d0725a81879d3308ac7518179bfd1f0b
Dos_Down32;Chinese Hacktool Set - file Down32.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;736febecdb790c495ceb24d188b0750a
Dos_Down64;Chinese Hacktool Set - file Down64.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;7bee9f6409898b7e6cb32f4f89432771
Dos_GetPass;Chinese Hacktool Set - file GetPass.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;aa6e1d90f2e7aed657b99e383b323f85
Dos_NtGod;Chinese Hacktool Set - file NtGod.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;2e5533b6c0e50cd56016e5132146ee79
Dos_c;Chinese Hacktool Set - file c.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;b16928f4f2a406788a99e90b933afae5
Dos_ch;Chinese Hacktool Set - file ch.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;d42a9077eb29661a2680863348992d45
Dos_fp;Chinese Hacktool Set - file fp.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;1f88d629ef127a20298070ae85d16902
Dos_iis7;Chinese Hacktool Set - file iis7.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;573a12eb9749981f13f13e44f5251747
Dos_iis;Chinese Hacktool Set - file iis.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;1bf9342b909fb80fe5efe5c0391c1f87
Dos_lcx;Chinese Hacktool Set - file lcx.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;60f1c514beeda7798fe7b94a80881cc6
Dos_look;Chinese Hacktool Set - file look.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;b42d4ad1d0136cbaf5ee1e0f9e211ccd
Dos_netstat;Chinese Hacktool Set - file netstat.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;84a38f46dc22c0feb0fe7bae1a5ed5ba
Dos_sys;Chinese Hacktool Set - file sys.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;75;Florian Roth;CHINA,EXE,FILE,HKTL;d83d40b264e8f142eced140de3777737
DragonFly_APT_Sep17_1;Detects malware from DrqgonFly APT report;https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group;2017-09-12 00:00:00;75;Florian Roth;APT,EXE,FILE;041389263d30bea7f856e6489fa72aae
DragonFly_APT_Sep17_2;Detects malware from DrqgonFly APT report;https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group;2017-09-12 00:00:00;75;Florian Roth;APT,EXE,FILE;2bf6250527b5d68ad5a5d96a9cf751ca
DragonFly_APT_Sep17_3;Detects malware from DrqgonFly APT report;https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group;2017-09-12 00:00:00;75;Florian Roth;APT,EXE,FILE;f1d6e70129f7341627c6d1b688214034
DragonFly_APT_Sep17_4;Detects malware from DrqgonFly APT report;https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group;2017-09-12 00:00:00;75;Florian Roth;APT,EXE,FILE;8884eaf6d00828032e2b42941b94f937
Dridex_Trojan_XML;Dridex Malware in XML Document;https://threatpost.com/dridex-banking-trojan-spreading-via-macros-in-xml-files/111503;2015-03-08 00:00:00;75;Florian Roth @4nc4p;MAL;5a60b02253161fcb1335f0cc4674fc14
DropBear_SSH_Server;Detects DropBear SSH Server (not a threat but used to maintain access);http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/;2016-01-03 00:00:00;50;Florian Roth;EXE,FILE,RUSSIA;c5d92dd2239d05b6ab8544cfa0f093f8
Dropper_DeploysMalwareViaSideLoading;Detect a dropper used to deploy an implant via side loading. This dropper has specifically been observed deploying REDLEAVES & PlugX;https://www.us-cert.gov/ncas/alerts/TA17-117A;1970-01-01 01:00:00;75;USG;MAL;14a3885d08ca41b61841483ee4bd92cc
Dubnium_Sample_1;Detects sample mentioned in the Dubnium Report;https://goo.gl/AW9Cuu;2016-06-10 00:00:00;75;Florian Roth;EXE,FILE;cc337bbc7abd167e2e3e34a439a51847
Dubnium_Sample_2;Detects sample mentioned in the Dubnium Report;https://goo.gl/AW9Cuu;2016-06-10 00:00:00;75;Florian Roth;EXE,FILE;96e4ba0245bbb1298ca68e102a38556c
Dubnium_Sample_3;Detects sample mentioned in the Dubnium Report;https://goo.gl/AW9Cuu;2016-06-10 00:00:00;75;Florian Roth;EXE,FILE;8470ed9aaa85e62ec098196f89f20a70
Dubnium_Sample_5;Detects sample mentioned in the Dubnium Report;https://goo.gl/AW9Cuu;2016-06-10 00:00:00;75;Florian Roth;EXE,FILE;2ec97c979ec36f70de8602f425272178
Dubnium_Sample_6;Detects sample mentioned in the Dubnium Report;https://goo.gl/AW9Cuu;2016-06-10 00:00:00;75;Florian Roth;EXE,FILE;8b4afa47172c15876d2a122c47469fad
Dubnium_Sample_7;Detects sample mentioned in the Dubnium Report;https://goo.gl/AW9Cuu;2016-06-10 00:00:00;75;Florian Roth;EXE,FILE;d842e5cd26af008835fcbd4c12b56749
Dubnium_Sample_SSHOpenSSL;Detects sample mentioned in the Dubnium Report;https://goo.gl/AW9Cuu;2016-06-10 00:00:00;75;Florian Roth;EXE,FILE;a56308d4ac87c8e82ac8c55864b5dbfd
Duqu2_Generic1;Kaspersky APT Report - Duqu2 Sample - Generic Rule;https://goo.gl/7yKyOj;2015-06-10 00:00:00;75;Florian Roth;APT,EXE,FILE,GEN;1abe669252467f4730656dba316cbe52
Duqu2_Sample1;Detects malware - Duqu2 (cross-matches with IronTiger malware and Derusbi);https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/;2016-07-02 00:00:00;80;Florian Roth;EXE,FILE,INDIA;42a3dce0826282a67267950b43dcbb08
Duqu2_Sample2;Detects Duqu2 Malware;https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/;2016-07-02 00:00:00;80;Florian Roth;EXE,FILE,MAL;858bc8ad641fd659cc416020e315d44f
Duqu2_Sample3;Detects Duqu2 Malware;https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/;2016-07-02 00:00:00;80;Florian Roth;EXE,FILE,MAL;20ab712d5a884aa49b5c8e39a1fa5103
Duqu2_Sample4;Detects Duqu2 Malware;https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/;2016-07-02 00:00:00;80;Florian Roth;EXE,FILE,MAL;792e67995304dc4b9a06b2039b561512
Duqu2_UAs;Detects Duqu2 Executable based on the specific UAs in the file;https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/;2016-07-02 00:00:00;80;Florian Roth;EXE,FILE;71c00df0e48e2f62ee4667642347c535
DxShell_php_php;Semi-Auto-generated - file DxShell.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;5517579d243a70a985430bf4e7c34cf2
Dx_php_php;Semi-Auto-generated - file Dx.php.php.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;3a164b5bfba340b5026c2421eae2004b
EFSO_2_asp;Semi-Auto-generated - file EFSO_2.asp.txt;-;1970-01-01 01:00:00;75;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL;8bf184090f9a6aa3d31a54dd60f489a6
EQGRP_1212;Detects tool from EQGRP toolset - file 1212.pl;Research;2016-08-15 00:00:00;75;Florian Roth;;7c6979d6da9ddd08509e6d43db635609
EQGRP_1212_dehex;Detects tool from EQGRP toolset - from files 1212.pl, dehex.pl;Research;2016-08-15 00:00:00;75;Florian Roth;FILE;17f2525df3dd9f20d6d7897592f157bd
EQGRP_BARPUNCH_BPICKER;EQGRP Toolset Firewall - from files BARPUNCH-3110, BPICKER-3100;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;b1c6840d77de5a0af6134d5438661e49
EQGRP_BBALL;EQGRP Toolset Firewall - file BBALL_E28F6-2201.exe;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;e5ff07052dc73cccc612b4a13a592e4e
EQGRP_BBALL_M50FW08_2201;EQGRP Toolset Firewall - file BBALL_M50FW08-2201.exe;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;c88c2f9cdaf2fa9ef9a2bce3fdcc5d19
EQGRP_BBANJO;EQGRP Toolset Firewall - file BBANJO-3011.exe;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;cfa5dedbe2cebe0bf69b3a7f1893030b
EQGRP_BFLEA_2201;EQGRP Toolset Firewall - file BFLEA-2201.exe;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;d2e7e34a5f431f1a059a8276e563f30a
EQGRP_BICECREAM;EQGRP Toolset Firewall - file BICECREAM-2140;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;2e12f1c7de4d5b14113b639d8c81a5d6
EQGRP_BLIAR_BLIQUER;EQGRP Toolset Firewall - from files BLIAR-2110, BLIQUER-2230;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;a7bf69ed4d7a0ce38e1d38fc7d976b6f
EQGRP_BPATROL_2201;EQGRP Toolset Firewall - file BPATROL-2201.exe;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;9e1cb52fe08587705d4e210ef3f37cd0
EQGRP_BPIE;EQGRP Toolset Firewall - file BPIE-2201.exe;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;89181d624030f60cda8ded63d04125d6
EQGRP_BUSURPER_2211_724;EQGRP Toolset Firewall - file BUSURPER-2211-724.exe;Research;2016-08-16 00:00:00;75;Florian Roth;;d321ea7b77f23d0a23b3c5828563ad91
EQGRP_BUSURPER_3001_724;EQGRP Toolset Firewall - file BUSURPER-3001-724.exe;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;06ee316e9ebb05dbd793779766196127
EQGRP_BananaAid;EQGRP Toolset Firewall - file BananaAid;Research;2016-08-16 00:00:00;75;Florian Roth;;fff10477e6dbfdfb7727fecf0cbf2e85
EQGRP_BananaUsurper_writeJetPlow;EQGRP Toolset Firewall - from files BananaUsurper-2120, writeJetPlow-2130;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;1ecb55168ddd3eccea357b97c48c6f43
EQGRP_BpfCreator_RHEL4;EQGRP Toolset Firewall - file BpfCreator-RHEL4;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;147bc90bc93754d48cc794c96c8236f6
EQGRP_EPBA;EQGRP Toolset Firewall - file EPBA.script;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;ca90782a116c335cf29a738146018259
EQGRP_Extrabacon_Output;EQGRP Toolset Firewall - Extrabacon exploit output;Research;2016-08-16 00:00:00;75;Florian Roth;;1a6483adc2dbc283120ccb518119d749
EQGRP_Implants_Gen1;EQGRP Toolset Firewall;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;75bd3ae3ea69b6241f986183ff8896c1
EQGRP_Implants_Gen2;EQGRP Toolset Firewall;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;9e81c11386ca1c7e6fcfa1cf4f935860
EQGRP_Implants_Gen3;EQGRP Toolset Firewall;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;d40aa3e5d8e87cf6a6c0d865ba9f4d57
EQGRP_Implants_Gen4;EQGRP Toolset Firewall - from files BLIAR-2110, BLIQUER-2230, BLIQUER-3030, BLIQUER-3120;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;14e9c9bada21f8d6fe7c231038779bda
EQGRP_Implants_Gen5;EQGRP Toolset Firewall;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;4aa479e184f933d8cb4dad20d1a38ef2
EQGRP_Implants_Gen6;EQGRP Toolset Firewall;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;389e11e9aec54aff67796e7e077132d5
EQGRP_MixText;EQGRP Toolset Firewall - file MixText.py;Research;2016-08-16 00:00:00;75;Florian Roth;;e5ff327d23b429d8eb0f8da9647c08c9
EQGRP_RC5_RC6_Opcode;EQGRP Toolset Firewall - RC5 / RC6 opcode;https://securelist.com/blog/incidents/75812/the-equation-giveaway/;2016-08-17 00:00:00;75;Florian Roth;;b38cb20b42b04d579fa9b8eef3c2b076
EQGRP_SecondDate_2211;EQGRP Toolset Firewall - file SecondDate-2211.exe;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;4980391841b856e9e16e9873e70586e2
EQGRP_StoreFc;EQGRP Toolset Firewall - file StoreFc.py;Research;2016-08-16 00:00:00;75;Florian Roth;;210b02d6530b8718fffa89ad530fcd0d
EQGRP_Unique_Strings;EQGRP Toolset Firewall - Unique strings;Research;2016-08-16 00:00:00;75;Florian Roth;;5d187740298457865db568d7659e6b50
EQGRP_bc_parser;Detects tool from EQGRP toolset - file bc-parser;Research;2016-08-15 00:00:00;75;Florian Roth;FILE;82acaef9436942eae235375f0889a971
EQGRP_bo;EQGRP Toolset Firewall - file bo;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;ce90861e83f3bd08475173409c8e65ea
EQGRP_callbacks;EQGRP Toolset Firewall - Callback addresses;Research;2016-08-16 00:00:00;75;Florian Roth;;df044b137e069c5d842e58e48499317e
EQGRP_config_jp1_UA;EQGRP Toolset Firewall - file config_jp1_UA.pl;Research;2016-08-16 00:00:00;75;Florian Roth;;8d4924e8e020a13f3b2e1e4d5e231864
EQGRP_create_dns_injection;EQGRP Toolset Firewall - file create_dns_injection.py;Research;2016-08-16 00:00:00;75;Florian Roth;;40f64937508bec4cf5247484111f1cc3
EQGRP_create_http_injection;EQGRP Toolset Firewall - file create_http_injection.py;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;30c5f17a31115d9bf3ec176894765b38
EQGRP_dn_1_0_2_1;Detects tool from EQGRP toolset - file dn.1.0.2.1.linux;Research;2016-08-15 00:00:00;75;Florian Roth;FILE;bfface3706e55e7e9fd04ac768904589
EQGRP_durablenapkin_solaris_2_0_1;Detects tool from EQGRP toolset - file durablenapkin.solaris.2.0.1.1;Research;2016-08-15 00:00:00;75;Florian Roth;FILE;11eca751993ecf7a56917767fafba597
EQGRP_eligiblebombshell_generic;EQGRP Toolset Firewall - from files eligiblebombshell_1.2.0.1.py, eligiblebombshell_1.2.0.1.py;Research;2016-08-16 00:00:00;75;Florian Roth;;8c33e5cc0110299bfa280e9aff62071d
EQGRP_eligiblecandidate;EQGRP Toolset Firewall - file eligiblecandidate.py;Research;2016-08-16 00:00:00;75;Florian Roth;;55d542a53d2169b25bdb0bcbc385c1fd
EQGRP_epicbanana_2_1_0_1;EQGRP Toolset Firewall - file epicbanana_2.1.0.1.py;Research;2016-08-16 00:00:00;75;Florian Roth;;0143e3e7de8d23cc48400394874ebe9a
EQGRP_extrabacon;EQGRP Toolset Firewall - file extrabacon_1.1.0.1.py;Research;2016-08-16 00:00:00;75;Florian Roth;;962c67327ad32f344713237f8b1ef52f
EQGRP_false;Detects tool from EQGRP toolset - file false.exe;Research;2016-08-15 00:00:00;75;Florian Roth;EXE,FILE;d46b5d5ba85dcaae28d2e05e813a0cb2
EQGRP_hexdump;EQGRP Toolset Firewall - file hexdump.py;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;38a52d2892755d6c5d269008b20a1377
EQGRP_installdate;Detects tool from EQGRP toolset - file installdate.pl;Research;2016-08-15 00:00:00;75;Florian Roth;;c537182739153ad9b88acaf20be76ca4
EQGRP_jetplow_SH;EQGRP Toolset Firewall - file jetplow.sh;Research;2016-08-16 00:00:00;75;Florian Roth;;3879f43ed991cc40dc0095c98b2059da
EQGRP_morel;Detects tool from EQGRP toolset - file morel.exe;Research;2016-08-15 00:00:00;75;Florian Roth;EXE,FILE;67eecc3f25eef7efe54081fbed28a4c0
EQGRP_networkProfiler_orderScans;EQGRP Toolset Firewall - file networkProfiler_orderScans.sh;Research;2016-08-16 00:00:00;75;Florian Roth;;f23017fa5a89bd2b5138d21b9f390229
EQGRP_noclient_3_0_5;Detects tool from EQGRP toolset - file noclient-3.0.5.3;Research;2016-08-15 00:00:00;75;Florian Roth;FILE;28a7849171571982c700e7e74512b48c
EQGRP_pandarock;EQGRP Toolset Firewall - from files pandarock_v1.11.1.1.bin, pit;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;9f219785ef69da5d69946d5cc8598a2c
EQGRP_payload;EQGRP Toolset Firewall - file payload.py;Research;2016-08-16 00:00:00;75;Florian Roth;;db7972df2a542c87dab866c324c89754
EQGRP_screamingplow;EQGRP Toolset Firewall - file screamingplow.sh;Research;2016-08-16 00:00:00;75;Florian Roth;;97617c6c734f56af00f141ef70808b1a
EQGRP_shellcode;EQGRP Toolset Firewall - file shellcode.py;Research;2016-08-16 00:00:00;75;Florian Roth;;49ce5d8476c4b999f6e35bb059d362c6
EQGRP_sniffer_xml2pcap;EQGRP Toolset Firewall - file sniffer_xml2pcap;Research;2016-08-16 00:00:00;75;Florian Roth;;0d119859efc7d96ad9b9029bd0083211
EQGRP_sploit;EQGRP Toolset Firewall - from files sploit.py, sploit.py;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;14faa51b9a7825311f23230571632abd
EQGRP_sploit_py;EQGRP Toolset Firewall - file sploit.py;Research;2016-08-16 00:00:00;75;Florian Roth;;75392d2c415fd57df243f0e1f7999af7
EQGRP_ssh_telnet_29;EQGRP Toolset Firewall - from files ssh.py, telnet.py;Research;2016-08-16 00:00:00;75;Florian Roth;;6630ce60a4d71641f638818614caec6d
EQGRP_teflondoor;Detects tool from EQGRP toolset - file teflondoor.exe;Research;2016-08-15 00:00:00;75;Florian Roth;EXE,FILE;6ff5825dd6b1b225f60f3e131a1947e5
EQGRP_teflonhandle;Detects tool from EQGRP toolset - file teflonhandle.exe;Research;2016-08-15 00:00:00;75;Florian Roth;EXE,FILE;e2d3f7a6f37f35eb02c5eaefe137b018
EQGRP_tinyexec;EQGRP Toolset Firewall - from files tinyexec;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;6c9162cf7f4d1da8645b10b8293e3854
EQGRP_tinyhttp_setup;EQGRP Toolset Firewall - file tinyhttp_setup.sh;Research;2016-08-16 00:00:00;75;Florian Roth;FILE;f05e8b4242e4da5bf1460d42072387bb
EQGRP_tunnel_state_reader;EQGRP Toolset Firewall - file tunnel_state_reader;Research;2016-08-16 00:00:00;75;Florian Roth;;3933c0823eb49d7f12d91216fbc27220
EQGRP_uninstallPBD;EQGRP Toolset Firewall - file uninstallPBD.bat;Research;2016-08-16 00:00:00;75;Florian Roth;;030aa292729c501d6b51cf53d8414f8f
EQGRP_userscript;EQGRP Toolset Firewall - file userscript.FW;Research;2016-08-16 00:00:00;75;Florian Roth;;c302f2fc10e4368c37baefd0498a7b9a
EQGRP_workit;EQGRP Toolset Firewall - file workit.py;Research;2016-08-16 00:00:00;75;Florian Roth;;3cdddd5f4ee23019238eaed2d86cfa0e
EXE_cloaked_as_TXT;Executable with TXT extension;-;1970-01-01 01:00:00;75;Florian Roth;EXE,EXTVAR,FILE;576f24d95b92db4276dfda4f947323cf
EXE_extension_cloaking;Executable showing different extension (Windows default 'hide known extension');-;1970-01-01 01:00:00;75;Florian Roth;EXTVAR;b6fa473cf0fad20a26af3401f5d35ddf
EXP_DriveCrypt_1;Detects DriveCrypt exploit;Internal Research;2018-08-21 00:00:00;75;Florian Roth;EXE,FILE;e1bc3892d05a54250758c939008d8690
EXP_DriveCrypt_x64passldr;Detects DriveCrypt exploit;Internal Research;2018-08-21 00:00:00;75;Florian Roth;EXE,FILE;2aec493ab46702c51af2a9dc5a6df802
EXP_Libre_Office_CVE_2018_16858;RCE in Libre Office with crafted ODT file (CVE-2018-16858);https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html;2019-02-01 00:00:00;75;John Lambert @JohnLaTwC / modified by Florian Roth;EXPLOIT,FILE,OFFICE;72f61f72487cc2d22901f609faf540ca
EXP_potential_CVE_2017_11882;-;https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobalt-strike-payload-exploiting-cve-2017-11882.html;1970-01-01 01:00:00;75;ReversingLabs;EXPLOIT,FILE;0252985f2de0e1d9c79626b9e8c35d9e
EditKeyLog;Disclosed hacktool set (old stuff) - file EditKeyLog.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;ae5fe4e5125c7bb016a1ceec9b59d5f5
EditKeyLogReadMe;Disclosed hacktool set (old stuff) - file EditKeyLogReadMe.txt;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;724df4898eca7886c1988c434674c3ec
EditServer;Disclosed hacktool set (old stuff) - file EditServer.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL;76eca2bb98f8b5fbeeb81b78610d8f78
EditServer_2;Webshells Auto-generated - file EditServer.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;d7f376503813ec00f7098ee317b40a68
EditServer_EXE;Webshells Auto-generated - file EditServer.exe;-;1970-01-01 01:00:00;75;Florian Roth;WEBSHELL;f7c34844a075488f569775e1fb74bcaf
EldoS_RawDisk;EldoS Rawdisk Device Driver (Commercial raw disk access driver - used in Operation Shamoon 2.0);https://goo.gl/jKIfGB;2016-12-01 00:00:00;50;Florian Roth (with Binar.ly);EXE,FILE,MIDDLE_EAST;ce1afeb11c3dfbc0d48b5820678fece6
Elise_Jan18_1;Detects Elise malware samples - fake Norton Security NavShExt.dll;https://twitter.com/blu3_team/status/955971742329135105;2018-01-24 00:00:00;75;Florian Roth;EXE,FILE;93ed708cddd7fb5b7017e3e2573e8502
Embedded_EXE_Cloaking;Detects an embedded executable in a non-executable file;-;2015-02-27 00:00:00;65;Florian Roth;EXTVAR;5d0c8c79c9da3ffe4c788b52d30e605e
Emdivi_Gen1;Detects Emdivi Malware;https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/;2015-08-20 00:00:00;80;Florian Roth @Cyber0ps;EXE,FILE,MAL;d6b91e3d623099ffa3c7194b70079ccc
Emdivi_Gen2;Detects Emdivi Malware;https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/;2015-08-20 00:00:00;80;Florian Roth @Cyber0ps;EXE,FILE,MAL;56b8a6bb85f18f2c60e4d69a7d835207
Emdivi_Gen3;Detects Emdivi Malware;https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/;2015-08-20 00:00:00;80;Florian Roth @Cyber0ps;EXE,FILE,MAL;18547d6ad5a9b859dfd85397e8acc331
Emdivi_Gen4;Detects Emdivi Malware;https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/;2015-08-20 00:00:00;80;Florian Roth @Cyber0ps;EXE,FILE,MAL;6b8302e3e12d1559845c42cbda8d05db
Emdivi_SFX;Detects Emdivi malware in SFX Archive;https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/;2015-08-20 00:00:00;70;Florian Roth @Cyber0ps;EXE,FILE;48a1d72e13349fc01487383b03314c23
Emissary_APT_Malware_1;Detect Emissary Malware - from samples A08E81B411.DAT, ishelp.dll;http://goo.gl/V0epcf;2016-01-02 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL;6d7ed0cef7d27fe0c21b39c84e1cf2a5
Empire_Agent_Gen;Detects Empire component - from files agent.ps1, agent.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,GEN;6a64c71600326b1464ea33dbde73d751
Empire_Exploit_JBoss;Detects Empire component - file Exploit-JBoss.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;431a913047e22558fba85862c81399fc
Empire_Exploit_Jenkins;Detects Empire component - file Exploit-Jenkins.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;fcc7c2ff213cbd95e99615bc0e098309
Empire_Get_GPPPassword;Detects Empire component - file Get-GPPPassword.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;f2f1c775c6199ebe1619c2a28597e7f6
Empire_Get_Keystrokes;Detects Empire component - file Get-Keystrokes.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;8d02d71ef33099cc0ef4475eefef83cc
Empire_Get_SecurityPackages;Detects Empire component - file Get-SecurityPackages.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;f38f2c0ac0404985c807792c27bba37a
Empire_Install_SSP;Detects Empire component - file Install-SSP.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;21f3004f4cdd85bd32619be69e642f8d
Empire_Invoke_BypassUAC;Empire - a pure PowerShell post-exploitation agent - file Invoke-BypassUAC.ps1;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT;87f4ffc5ca0f06a2680abeb6b903837a
Empire_Invoke_CredentialInjection_Invoke_Mimikatz_Gen;Detects Empire component - from files Invoke-CredentialInjection.ps1, Invoke-Mimikatz.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,GEN,HKTL;782ea2bed8abd6414f4528c7546eb9eb
Empire_Invoke_DllInjection;Detects Empire component - file Invoke-DllInjection.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,HKTL;f108fb4a477ead407fe348cba725fc8e
Empire_Invoke_EgressCheck;Detects Empire component - file Invoke-EgressCheck.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;8a180036af68dafdad3d4bf02db4bd65
Empire_Invoke_Gen;Detects Empire component - from files Invoke-DCSync.ps1, Invoke-PSInject.ps1, Invoke-ReflectivePEInjection.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,GEN,HKTL;6781b86147aadec0c02a9039bbf2991d
Empire_Invoke_InveighRelay_Gen;Detects Empire component - from files Invoke-InveighRelay.ps1, Invoke-InveighRelay.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,GEN;131e679e53548de96c292de22359297b
Empire_Invoke_MetasploitPayload;Detects Empire component - file Invoke-MetasploitPayload.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,METASPLOIT;f374984d4a9a8d9e693de479f61fe26d
Empire_Invoke_Mimikatz;Empire - a pure PowerShell post-exploitation agent - file Invoke-Mimikatz.ps1;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT;b0c42663a2a80661439d90c51a62f223
Empire_Invoke_Mimikatz_Gen;Detects Empire component - file Invoke-Mimikatz.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,GEN;855e91608d96c7da83e97696ba2f857f
Empire_Invoke_Portscan_Gen;Detects Empire component - from files Invoke-Portscan.ps1, Invoke-Portscan.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,GEN;c379621c0d96792eb56aa47627f53b04
Empire_Invoke_PostExfil;Detects Empire component - file Invoke-PostExfil.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;8cc9c8f05018561c93ed9808d63a1102
Empire_Invoke_PowerDump;Detects Empire component - file Invoke-PowerDump.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,HKTL;bd9fa7c5e957bff85c98a5cdb7bfdef6
Empire_Invoke_PsExec;Detects Empire component - file Invoke-PsExec.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;9fc5d8f8ca4a3d93041eccb517bc3d3b
Empire_Invoke_SMBAutoBrute;Detects Empire component - file Invoke-SMBAutoBrute.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;aff6eb5f253f644054f3122bc585ee17
Empire_Invoke_SSHCommand;Detects Empire component - file Invoke-SSHCommand.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;d9e2e6b3d8b64db9c17d3cc60e5a0477
Empire_Invoke_Shellcode;Empire - a pure PowerShell post-exploitation agent - file Invoke-Shellcode.ps1;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT;a178ed59a274ef7e78c009befbd1c8ba
Empire_Invoke_ShellcodeMSIL;Detects Empire component - file Invoke-ShellcodeMSIL.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;05e723bc6cae299a10241a2d62423a6b
Empire_Invoke_SmbScanner;Detects Empire component - file Invoke-SmbScanner.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,HKTL;3c09e2ec7c54701e54380ceb0423278f
Empire_KeePassConfig;Detects Empire component - file KeePassConfig.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;44a7600026242ad544d18e5f49a81578
Empire_KeePassConfig_Gen;Detects Empire component - from files KeePassConfig.ps1, KeePassConfig.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,GEN;e14e3424e95f68ec98d0885315fa3800
Empire_Out_Minidump;Detects Empire component - file Out-Minidump.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;0d96fa4ec66cf2f06dc81ce481a04d42
Empire_Persistence;Empire - a pure PowerShell post-exploitation agent - file Persistence.psm1;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT;acca598ff463e33990aa88ea85273d16
Empire_PowerShell_Framework_Gen1;Detects Empire component;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,SCRIPT;ce57580e6bba3b35bed995db63469f29
Empire_PowerShell_Framework_Gen2;Detects Empire component;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,SCRIPT;afa4d5f7c2d033218bcffeb89d1193c8
Empire_PowerShell_Framework_Gen3;Detects Empire component;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,SCRIPT;570768ef633b1b31a213b3310aba4263
Empire_PowerShell_Framework_Gen4;Detects Empire component;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,SCRIPT;553b1863ae5837fc321b7dd940ce1ba9
Empire_PowerShell_Framework_Gen5;Detects Empire component;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,SCRIPT;151d6468b086f58766c1c23cbd393f53
Empire_PowerUp_Gen;Detects Empire component - from files PowerUp.ps1, PowerUp.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE,GEN;aad5425b0b6ae494d8b5ee30eb1cfada
Empire_ReflectivePick_x64_orig;Detects Empire component - file ReflectivePick_x64_orig.dll;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;EXE,FILE;fff228861d89a014b39875e95262224f
Empire_Write_HijackDll;Empire - a pure PowerShell post-exploitation agent - file Write-HijackDll.ps1;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT;46af379772268b1fb3f062c07bb47773
Empire__Users_neo_code_Workspace_Empire_4sigs_PowerUp;Detects Empire component - file PowerUp.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;0a149cc203710721cb9b7fe06ebfa24d
Empire_dumpCredStore;Detects Empire component - file dumpCredStore.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;75;Florian Roth;FILE;66e299e00a39a39816860d5e2432e466
Empire_invoke_wmi;Empire - a pure PowerShell post-exploitation agent - file invoke_wmi.py;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT;fae411c5405ca0609834ac83cc74f497
Empire_lib_modules_credentials_mimikatz_pth;Empire - a pure PowerShell post-exploitation agent - file pth.py;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT;c5e17daffaf8721d2fd0460251b0eede
Empire_lib_modules_trollsploit_message;Empire - a pure PowerShell post-exploitation agent - file message.py;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT;c67c8a7679e2a9f0eebc00d6c9655201
Empire_portscan;Empire - a pure PowerShell post-exploitation agent - file portscan.py;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT;18a34460b5845afbdce198aed2fc0c73
Empire_skeleton_key;Empire - a pure PowerShell post-exploitation agent - file skeleton_key.py;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT;36fc680ade21f8fa5f57e972b31f9900
Enfal_Malware;Detects a certain type of Enfal Malware;not set;2015-02-10 00:00:00;60;Florian Roth;MAL;e8d78d2acb0206721d19546f7a5538af
Enfal_Malware_Backdoor;Generic Rule to detect the Enfal Malware;-;2015-02-10 00:00:00;60;Florian Roth;EXE,FILE,GEN,MAL;44ad0725968b589df4d9b83461acc663
EnigmaPacker_Rare;Detects an ENIGMA packed executable;Internal Research;2017-04-27 00:00:00;60;Florian Roth;EXE,FILE;2e94cf82a091fc5a1509200400740835
Enigma_Protected_Malware;Detects samples packed by Enigma Protector;https://goo.gl/OEVQ9w;2017-02-03 00:00:00;75;Florian Roth with the help of binar.ly;EXE,FILE,MAL;e02b5b66e3b73fc6764e4db2fa3251b6
Enigma_Protected_Malware_May17_RhxFiles;Auto-generated rule - file RhxFiles.dll;Internal Research;2017-05-02 00:00:00;75;Florian Roth with the help of binar.ly;EXE,FILE,MAL;5b1a3673d318228ad17073ff9624185f
EquationDrug_CompatLayer_UnilayDLL;EquationDrug - Unilay.DLL;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;75;Florian Roth @4nc4p;EXE,FILE;57ba4d66c6ed22844eb72728f09a2597
EquationDrug_FileSystem_Filter;EquationDrug - Filesystem filter driver - volrec.sys, scsi2mgr.sys;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;75;Florian Roth @4nc4p;;2327fdf9194211c00430eefbe163583b
EquationDrug_HDDSSD_Op;EquationDrug - HDD/SSD firmware operation - nls_933w.dll;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;75;Florian Roth @4nc4p;;2f6e053968f1d642ec8bdcf441291447
EquationDrug_KernelRootkit;EquationDrug - Kernel mode stage 0 and rootkit (Windows 2000 and above) - msndsrv.sys;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;75;Florian Roth @4nc4p;;eda83e9d7d20428eb0a51853d49147ae
EquationDrug_Keylogger;EquationDrug - Key/clipboard logger driver - msrtvd.sys;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;75;Florian Roth @4nc4p;HKTL;b0c56a123c4650117bcc4b65ae889a3c
EquationDrug_MS_Identifier;Microsoft Identifier used in EquationDrug Platform;-;2015-03-11 00:00:00;75;Florian Roth @4nc4p;;0bc45170c2d4b50719cf029e07be5e8b
EquationDrug_NetworkSniffer1;EquationDrug - Backdoor driven by network sniffer - mstcp32.sys, fat32.sys;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;75;Florian Roth @4nc4p;MAL;09dcb2349f45ec5e1aa3cadb2845e0d3
EquationDrug_NetworkSniffer2;EquationDrug - Network Sniffer - tdip.sys;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;75;Florian Roth @4nc4p;;3f47605d50cca76d93730327968796e9
EquationDrug_NetworkSniffer3;EquationDrug - Network Sniffer - tdip.sys;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;75;Florian Roth @4nc4p;;5ff2e2254e4155db6fcdd02677908ac7
EquationDrug_NetworkSniffer4;EquationDrug - Network-sniffer/patcher - atmdkdrv.sys;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;75;Florian Roth @4nc4p;;fb864fba90d20a6c97e5205c0146057f
EquationDrug_NetworkSniffer5;EquationDrug - Network-sniffer/patcher - atmdkdrv.sys;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;75;Florian Roth @4nc4p;;f3d11e1af4163400843245049cb821df
EquationDrug_PlatformOrchestrator;EquationDrug - Platform orchestrator - mscfg32.dll, svchost32.dll;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;75;Florian Roth @4nc4p;;c9e3fcd3b3b24b26ba202b14f87255de
EquationDrug_VolRec_Driver;EquationDrug - Collector plugin for Volrec - msrstd.sys;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;75;Florian Roth @4nc4p;;a52c43e7944ba250156d1a528de74076
EquationGroup_Auditcleaner;Equation Group hack tool leaked by ShadowBrokers- file Auditcleaner;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;HKTL;770b54e61e62a638235f93634e396002
EquationGroup_DUL;Equation Group hack tool leaked by ShadowBrokers- file DUL;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;c5ffc50667fb8570b15595ad65592cd7
EquationGroup_DXGHLP16;EquationGroup Malware - file DXGHLP16.SYS;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;2f8e939ac5fb828509fc037131db5310
EquationGroup_EquationDrug_Gen_1;EquationGroup Malware;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,GEN,MAL;c99fff6bebdf39c960e3850170f62a57
EquationGroup_EquationDrug_Gen_2;EquationGroup Malware - file PortMap_Implant.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Auto Generated;EXE,FILE,GEN,MAL;7d82cdec429d163b812c955033e0c6b9
EquationGroup_EquationDrug_Gen_3;EquationGroup Malware - file mssld.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Auto Generated;EXE,FILE,GEN,MAL;60aed6f3ce8b1cc411db52b091c07057
EquationGroup_EquationDrug_Gen_4;EquationGroup Malware - file PC_Level4_flav_dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Auto Generated;EXE,FILE,GEN,MAL;c26d566d8386245260cee2c2f1d7ffc2
EquationGroup_EquationDrug_Gen_5;EquationGroup Malware - file PC_Level3_http_dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,GEN,MAL;791a85ac7fbdd11ef97f59c6945f2c9f
EquationGroup_EquationDrug_Gen_6;EquationGroup Malware - file PC_Level3_dll_x64;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,GEN,MAL;0946a5f7c97639c69f9a0973e6c506a3
EquationGroup_EquationDrug_msgkd;EquationGroup Malware - file msgkd.ex_;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;046e15346ad7a723a7e4d679a2d8772a
EquationGroup_EquationDrug_mstcp32;EquationGroup Malware - file mstcp32.sys;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;711ad989f61f61e6f8751c657833d285
EquationGroup_EquationDrug_ntevt;EquationGroup Malware - file ntevt.sys;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;c483c99bb2995e71c8dd0f5c6e86678e
EquationGroup_EquationDrug_tdi6;EquationGroup Malware - file tdi6.sys;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;68be2c7ef9b027d0a96d405f14054ee1
EquationGroup_EventLogEdit_Implant;EquationGroup Malware - file EventLogEdit_Implant.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;2c2be8d2c37df69084c38b7a4234e9c2
EquationGroup_GetAdmin_Lp;EquationGroup Malware - file GetAdmin_Lp.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;1e97b4e713cbfb29ec26d361b16108d3
EquationGroup_LSADUMP_Lp;EquationGroup Malware - file LSADUMP_Lp.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,HKTL,MAL;731309734d583d0b837598bf2d05851b
EquationGroup_ModifyGroup_Lp;EquationGroup Malware - file ModifyGroup_Lp.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;1337de2e9b413582841b5340efa67e93
EquationGroup_PC_Level3_http_flav_dll;EquationGroup Malware - file PC_Level3_http_flav_dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;9187c03351bb7c6040273a8d4d7bf05f
EquationGroup_PC_Level3_http_flav_dll_x64;EquationGroup Malware - file PC_Level3_http_flav_dll_x64;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;c04c069fa6c5a082690130775d2d8069
EquationGroup_PC_Level4_flav_dll_x64;EquationGroup Malware - file PC_Level4_flav_dll_x64;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;1114404f89cce39b3a23177e8d9643c2
EquationGroup_PC_Level4_flav_exe;EquationGroup Malware - file PC_Level4_flav_exe;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;ddc8abb3594dfb720f95e7170000e9f3
EquationGroup_PassFreely_Lp;EquationGroup Malware - file PassFreely_Lp.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;9cbf27185f325ae41f5d60bb37bdbbfc
EquationGroup_PortMap_Lp;EquationGroup Malware - file PortMap_Lp.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;c8c90b7ac023165d4d7b6ab441ad250b
EquationGroup_ProcessHide_Lp;EquationGroup Malware - file ProcessHide_Lp.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;e4eeea73bc431a2aa77fb8a339b29ab8
EquationGroup_ProcessOptions_Lp;EquationGroup Malware - file ProcessOptions_Lp.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;95c49a9808264ae52b5ebaeb7bde14b3
EquationGroup_RunAsChild_Lp;EquationGroup Malware - file RunAsChild_Lp.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;75;Florian Roth;EXE,FILE,MAL;90ca59ed086ff6312b046ee9c657e20f
EquationGroup_Toolset_Apr17_ActiveDirectory_Target;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;b7356077f4eeddc1c3844d7683bdf469
EquationGroup_Toolset_Apr17_AdUser_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;7aae3acc15a6c23491c3e63158b37eef
EquationGroup_Toolset_Apr17_Architouch_1_0_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;0d66c58cd7297d9f012fc3081355243e
EquationGroup_Toolset_Apr17_Architouch_Eternalsynergy_Smbtouch;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;8d5c2c5362470228952334a3f48f65ad
EquationGroup_Toolset_Apr17_Banner_Implant9x;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;1de788df6dafb8e4e8cf12ee45c50ae2
EquationGroup_Toolset_Apr17_DS_ParseLogs;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;6fd565c99c208b5c8c8c9d277784a6ac
EquationGroup_Toolset_Apr17_Darkpulsar_1_1_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;4e70b464154eb8aa0582f601120773ff
EquationGroup_Toolset_Apr17_DiBa_Target;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;388811d116e3bc51358ec962ccc06fbd
EquationGroup_Toolset_Apr17_DiBa_Target_2000;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;a13982f21bc5caaaca6a4f2780399a25
EquationGroup_Toolset_Apr17_DiBa_Target_BH;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;764638e8cb406f38d281b699c08637f5
EquationGroup_Toolset_Apr17_DiBa_Target_BH_2000;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;0f945d32c236e1a9e5683c07f7c0c1b5
EquationGroup_Toolset_Apr17_DllLoad_Target;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;fed04826969ed552ce691bc9965f3ef6
EquationGroup_Toolset_Apr17_DmGz_Target;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;d5af3c268b01a9ef1d477ebf717e9314
EquationGroup_Toolset_Apr17_DmGz_Target_2;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;7c47a5e261a640d8aa9a4eb574342716
EquationGroup_Toolset_Apr17_DoubleFeatureDll_dll_2;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;f472de25fbfbbf9a85d0801ff6568355
EquationGroup_Toolset_Apr17_DoubleFeatureDll_dll_3;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;60aed6f3ce8b1cc411db52b091c07057
EquationGroup_Toolset_Apr17_Doublepulsar_1_3_1;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;baa3e5ec39839d0a86f6ac420f586c02
EquationGroup_Toolset_Apr17_Dsz_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;33fe8c54b266ef283a636c231048ae65
EquationGroup_Toolset_Apr17_EXPA;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;0956888b708845615394ca4ae2ebe386
EquationGroup_Toolset_Apr17_Easybee_1_0_1;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;05bd44b7d8917b450651b5e3e557712e
EquationGroup_Toolset_Apr17_Easypi_Explodingcan;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;9c3b95dfb6c87110a7f2bf2d4cdb6b74
EquationGroup_Toolset_Apr17_Eclipsedwing_Rpcproxy_Pcdlllauncher;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;989424ce05f45b34d068c771a0f96343
EquationGroup_Toolset_Apr17_Eclipsedwingtouch_1_0_4;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;e68d37e990243af13593cf57e700c914
EquationGroup_Toolset_Apr17_Educatedscholar_1_0_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;37642ca2f3a08356a290c25963e7ca16
EquationGroup_Toolset_Apr17_Educatedscholartouch_1_0_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;a2b1afc92775f381dd8876cb1e6bc98c
EquationGroup_Toolset_Apr17_Englishmansdentist_1_2_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;706d7309640198c1a123fd2cbaa9013b
EquationGroup_Toolset_Apr17_EpWrapper;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;bb7e38b9f22b8de85ddb98b2ab043755
EquationGroup_Toolset_Apr17_Erraticgopher_1_0_1;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;dc21bc344241e61b993940a99572f060
EquationGroup_Toolset_Apr17_Erraticgophertouch_1_0_1;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;28a533e088ad9660e9ad27c405f3377a
EquationGroup_Toolset_Apr17_Esteemaudit_2_1_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;6c3379a686592c46d9ef8d135d9382ce
EquationGroup_Toolset_Apr17_Esteemaudittouch_2_1_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;27abad7eb8ac03eb4e7cde100fbba10b
EquationGroup_Toolset_Apr17_Eternalromance;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;857cc98a711449837051ff218e9d25e4
EquationGroup_Toolset_Apr17_Eternalromance_2;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;0ec496b73b856ffdf3a4bfb720e5f306
EquationGroup_Toolset_Apr17_Explodingcantouch_1_2_1;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;b1a3c4c0992cdd90212a6cfcdf3c00d9
EquationGroup_Toolset_Apr17_GangsterThief_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;9b4b7de2904a4d6b60b79324aa2ca5c7
EquationGroup_Toolset_Apr17_Gen1;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;9aa747526894fd276fa6f2247eaa34e5
EquationGroup_Toolset_Apr17_Gen2;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;df4f2e422261cb8e4a3a9b6e9bb4da13
EquationGroup_Toolset_Apr17_Gen3;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;2b7322579100e04f0e0c39d74c43b42a
EquationGroup_Toolset_Apr17_Gen4;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;b33c0b85651708e85d11c38c56f69966
EquationGroup_Toolset_Apr17_GenKey;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;6ec81a655a6e62bd302756f166ffbdad
EquationGroup_Toolset_Apr17_GetAdmin_LSADUMP_ModifyPrivilege_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;9bd47bd45ed7033c0a9aebf804b409a0
EquationGroup_Toolset_Apr17_GrDo_FileScanner_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;b77ca3111c19898e498e8381f7e6b983
EquationGroup_Toolset_Apr17_Ifconfig_Target;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;7e945b244da98a32790028bdad19134a
EquationGroup_Toolset_Apr17_Iistouch_1_2_2;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;6e3ae16ccf3d5e64d0e2c6afb2e99e17
EquationGroup_Toolset_Apr17_KisuComms_Target_2000;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;b015209967f7d7ae3077ca810d5dc016
EquationGroup_Toolset_Apr17_Mcl_NtMemory_Std;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;9b64f40a57355e2545a7520a1c15e7ef
EquationGroup_Toolset_Apr17_Mofconfig_1_0_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;28f3226fa0204beeeb5b335f4ab8998c
EquationGroup_Toolset_Apr17_Namedpipetouch_2_0_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;010975a4b2d365a5c894764457bc4249
EquationGroup_Toolset_Apr17_Oracle_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;80b9953a2587b208a68e230ccece1381
EquationGroup_Toolset_Apr17_PC_Exploit;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;3a702857e3d6479039d8792f2bdb27f4
EquationGroup_Toolset_Apr17_PC_LP;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;eed646975c6cf416cdcf8aae889514d3
EquationGroup_Toolset_Apr17_PC_Legacy_dll;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;5d8e944d2992831ebc44ae2a4dc7b67e
EquationGroup_Toolset_Apr17_PC_Level3_Gen;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE,GEN;2612e5cdac71ef211e2e06eb3945ca50
EquationGroup_Toolset_Apr17_PC_Level3_http_exe;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;84847a051c02ae52697ea0625157af2a
EquationGroup_Toolset_Apr17_PC_Level_Generic;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE,GEN;89d8ff71af2b2d375f68dbcbaa378fef
EquationGroup_Toolset_Apr17_PacketScan_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;3258463f0e6f998f42b0dabe1ea64d41
EquationGroup_Toolset_Apr17_ParseCapture;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;d16137f74862ae0220ad505ebc51e1be
EquationGroup_Toolset_Apr17_Processes_Target;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;cba8dba96720baeda15c13f9f376f822
EquationGroup_Toolset_Apr17_Regread_1_1_1;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;01ed91dcb5fabca7f3dff5ab656426b3
EquationGroup_Toolset_Apr17_RemoteCommand_Lp;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;971974f470269497d978fa01d8411c14
EquationGroup_Toolset_Apr17_RemoteExecute_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;27425e42b9ac9cd66b1ee6a3853a64f9
EquationGroup_Toolset_Apr17_RemoteExecute_Target;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;ccfa14b55a7791e19a2df499e0a6e78f
EquationGroup_Toolset_Apr17_Rpctouch_2_1_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;22603ee6c4b4beb068f00ee0c6dc178c
EquationGroup_Toolset_Apr17_SendPKTrigger;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;68fdaccc15bcec1f88d619d44a2a623b
EquationGroup_Toolset_Apr17_SetCallback;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;5cc99f9bdfbd95d664aba8793575aa3a
EquationGroup_Toolset_Apr17_SetCallbackPorts;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;575c52463c41796f536bc56801024429
EquationGroup_Toolset_Apr17_SetOurAddr;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;1ec865afd0e5a21004a41a29484ca53a
EquationGroup_Toolset_Apr17_SetPorts;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;7c38753c72ef92406543ca60a84dfa25
EquationGroup_Toolset_Apr17_SetResourceName;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;379639e6ade003f097d2fcc9e93fde8a
EquationGroup_Toolset_Apr17_Shares_Target;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;b04386af8b299ff04cf7e10c7b6f626d
EquationGroup_Toolset_Apr17_SlDecoder;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;8c92eda0dc3a7a4f6cc274cd2af70d08
EquationGroup_Toolset_Apr17_Smbtouch_1_1_1;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;13c7e9415593c1d35cf980afae13a314
EquationGroup_Toolset_Apr17_Windows_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;1178f632d2c6d8f82dbadcd590dd6ce7
EquationGroup_Toolset_Apr17__AddResource;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;abfbf765bb3dac99f5bb81d0baf57491
EquationGroup_Toolset_Apr17__DoubleFeatureReader_DoubleFeatureReader_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;ba22f86f5178e2050519325aaa551931
EquationGroup_Toolset_Apr17__EAFU_ecwi_ESKE_EVFR_RPC2_4;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;0bbd0cbe1e7c57baf3a2d57da1aea25d
EquationGroup_Toolset_Apr17__ELV_ESKE_13;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;4d397415f6327dd1b84896994fc65127
EquationGroup_Toolset_Apr17__ELV_ESKE_ETBL_ETRE_EVFR_11;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;c63aae2e1dc378552613280c5b2f6e16
EquationGroup_Toolset_Apr17__ELV_ESKE_EVFR_16;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;d12b8b4afa30981ed48601ffe5806d39
EquationGroup_Toolset_Apr17__ELV_ESKE_EVFR_RPC2_15;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;586a226b96bf1cfdd61aee4d27bfaf4a
EquationGroup_Toolset_Apr17__ELV_ESKE_EVFR_RideArea2_12;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;b896d925bd79e724281bac78b4f8620e
EquationGroup_Toolset_Apr17__ESKE_RPC2_8;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;7f48440dd35d534f09eef2676d7aadc2
EquationGroup_Toolset_Apr17__ETBL_ETRE_10;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;ed72136f0914236cee8619a902bd24ae
EquationGroup_Toolset_Apr17__ETBL_ETRE_SMBTOUCH_17;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;792d2698751621181755648da1501c48
EquationGroup_Toolset_Apr17__Emphasismine;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;515fb76bb78d2f7fdd538d206f811cf0
EquationGroup_Toolset_Apr17__LSADUMP_Lp_ModifyPrivilege_Lp_PacketScan_Lp_put_Lp_RemoteExecute_Lp_Windows_Lp_wmi_Lp_9;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;199bfc46ffcde4d131c89c4eaf7aad43
EquationGroup_Toolset_Apr17__NameProbe_SMBTOUCH_14;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;444337a634db7cbdb2c185b71f789daa
EquationGroup_Toolset_Apr17__SendCFTrigger_SendPKTrigger_6;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;05c62adbbcf90da8e53317889129d85f
EquationGroup_Toolset_Apr17__ecwi_ESKE_EVFR_RPC2_2;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;15087343cbc48daf3a85154a22f05f05
EquationGroup_Toolset_Apr17__vtuner_vtuner_1;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;b0dae39138eca8d21cfa93cf9ca86143
EquationGroup_Toolset_Apr17_clocksvc;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;fc0a309581335db0d4793bef652a4ad3
EquationGroup_Toolset_Apr17_drivers_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;efa68f1e327141c8d9bb6c51fec034d9
EquationGroup_Toolset_Apr17_greatdoc_dll_config;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;464158b540f16b8b1b7689e619323d2f
EquationGroup_Toolset_Apr17_lp_mstcp;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;a6455048c9a5419b15e3d76596456bfb
EquationGroup_Toolset_Apr17_msgkd_msslu64_msgki_mssld;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;4dd2318780233dcbbc581c7c22f61cce
EquationGroup_Toolset_Apr17_msgks_mskgu;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;7bc5b0809dcce5a3f137ee77fae3a444
EquationGroup_Toolset_Apr17_mstcp32_DXGHLP16_tdip;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;fbdb5b7e19e22b2d37125dbe73126301
EquationGroup_Toolset_Apr17_ntevt;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;a6a0d65030e5649d839fd735fb2f1073
EquationGroup_Toolset_Apr17_ntfltmgr;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;660989497995efb8c531e686713e0b7c
EquationGroup_Toolset_Apr17_promiscdetect_safe;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;47d6fa8a3b0cb849f41d37931edc1249
EquationGroup_Toolset_Apr17_put_Implant9x;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;ca9cae6d1e1f329bbcedd38eb64fd763
EquationGroup_Toolset_Apr17_pwd_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;221b93c5d228c3a7592c398120b805c1
EquationGroup_Toolset_Apr17_rc5;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;41d121343b7d73773dea874878e3c34c
EquationGroup_Toolset_Apr17_regprobe;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;2c8aa954e58c7099e90430698d21d430
EquationGroup_Toolset_Apr17_renamer;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;106a6ee3d141eed69ebad41faac22b2c
EquationGroup_Toolset_Apr17_scanner;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;b4729cd00720fd4f6d0ce01484012b04
EquationGroup_Toolset_Apr17_st_lp;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;4fb31bbcd5d00936c88852c0272ca08f
EquationGroup_Toolset_Apr17_svctouch;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;567618e015415d759aae51d26b450875
EquationGroup_Toolset_Apr17_tacothief;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;a830db478b5e1904ef1906d3b9ace7fb
EquationGroup_Toolset_Apr17_wmi_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;a400e12ff31c97f6be02a289e79a3735
EquationGroup_Toolset_Apr17_xxxRIDEAREA;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;6472cc3a38af094eeaf66811e6757cb3
EquationGroup_Toolset_Apr17_yak;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;e3cd27eacf597e496ba46ff0123db4ba
EquationGroup_Toolset_Apr17_yak_min_install;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;75;Florian Roth;EXE,FILE;2f6453ea63d03b4b0a63708b17fad7ed
EquationGroup__ftshell;Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;f88e054eb2f98b07227534fda5d33a3b
EquationGroup__ftshell_ftshell_v3_10_3_0;Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;e27684c1b964de88273525328e05eede
EquationGroup__funnelout_v4_1_0_1;Equation Group hack tool leaked by ShadowBrokers- from files funnelout.v4.1.0.1.pl;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;d8f05177e79ccbb0b24b76da425429bf
EquationGroup__ghost_sparc_ghost_x86_3;Equation Group hack tool leaked by ShadowBrokers- from files ghost_sparc, ghost_x86;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;185ff0e54027b5a22293763ccc427a9c
EquationGroup__jparsescan_parsescan_5;Equation Group hack tool leaked by ShadowBrokers- from files jparsescan, parsescan;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;50a686d09c2e759360c6cd02321d7e9f
EquationGroup__magicjack_v1_1_0_0_client;Equation Group hack tool leaked by ShadowBrokers- from files magicjack_v1.1.0.0_client-1.1.0.0.py;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;73341b040a293c76e7ad301d3b34371c
EquationGroup__pclean_v2_1_1_pclean_v2_1_1_4;Equation Group hack tool leaked by ShadowBrokers- from files pclean.v2.1.1.0-linux-i386, pclean.v2.1.1.0-linux-x86_64;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;aed6ef9aa0b36f9c67ca60fb0013c438
EquationGroup__scanner_scanner_v2_1_2;Equation Group hack tool leaked by ShadowBrokers- from files scanner, scanner.v2.1.2;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;7b6e303c108264a88cfd1a660fa01de9
EquationGroup_calserver;Equation Group hack tool leaked by ShadowBrokers- file calserver;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;662083f8caf6dc4e63a260d8b5c0aa7e
EquationGroup_charm_saver_win2k_v_2_0_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;EXE,FILE;337cf049bfed0384e624dffbcdc81eaf
EquationGroup_cmsd;Equation Group hack tool leaked by ShadowBrokers- file cmsd;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;82aff8b3fb6fa34eaaaac7f147cc9e73
EquationGroup_cmsex;Equation Group hack tool leaked by ShadowBrokers- file cmsex;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;84c5b6d19ae2b7a7816cd839b7cc182b
EquationGroup_cryptTool;Equation Group hack tool leaked by ShadowBrokers- file cryptTool;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;21d4db180fdedfbb898763f10a9385d3
EquationGroup_curseflower_mswin32_v_1_0_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;EXE,FILE;f6115a74ada4c081b30d897cba74fee0
EquationGroup_cursehappy_win2k_v_6_1_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;EXE,FILE;2340eca6c15849bc662a84918b2019fa
EquationGroup_cursehelper_win2k_i686_v_2_2_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;EXE,FILE;ff4c0083ead631aedde343b1bfc37034
EquationGroup_curseroot_win2k_v_2_1_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;EXE,FILE;02abf0e8135cb95419905d16e5679979
EquationGroup_cursesleepy_mswin32_v_1_0_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;EXE,FILE;8c5ba6f57696417ee0d74db26ef7ff39
EquationGroup_cursetingle_2_0_1_2_mswin32_v_2_0_1;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;EXE,FILE;aaf262f720218a8cb5363f36344728cb
EquationGroup_cursewham_curserazor_cursezinger_curseroot_win2k;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;EXE,FILE;115ad255134fcdaf2710431c348d9560
EquationGroup_curseyo_win2k_v_1_0_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;EXE,FILE;40a532a12356e2b7f6bfe0b64d516b57
EquationGroup_cursezinger_linuxrh7_3_v_2_0_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;75;Florian Roth;FILE;c56b59b03c5c664e6dbbd3d1c214afe0
EquationGroup_dumppoppy;Equation Group hack tool leaked by ShadowBrokers- file dumppoppy;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;HKTL;52adab9be80a11a52403f199adc81616
EquationGroup_ebbisland;Equation Group hack tool leaked by ShadowBrokers- file ebbisland;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;HKTL;5751dfff8e03cb21ac4ffc4743c244ed
EquationGroup_ebbshave;Equation Group hack tool leaked by ShadowBrokers- file ebbshave.v5;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;8c9e67e3bdb36bfaa21ed0441bbfdd49
EquationGroup_eggbasket;Equation Group hack tool leaked by ShadowBrokers- file eggbasket;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;a1543c0579cb2aff126c59301669dfe8
EquationGroup_eh_1_1_0;Equation Group hack tool leaked by ShadowBrokers- file eh.1.1.0.0;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;72a1cdb31bf653d236c3174253ae81f4
EquationGroup_elatedmonkey_1_0_1_1;Equation Group hack tool leaked by ShadowBrokers- file elatedmonkey.1.0.1.1.sh;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;2d0226c0d1bbeca40f7541acc78de960
EquationGroup_electricslide;Equation Group hack tool leaked by ShadowBrokers- file electricslide;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;75;Florian Roth;FILE,HKTL;bb7f7662d4e40c35f49cfd26bfaf8bcb