├── Configuration_extractors ├── README.md ├── kaiji.py └── requirements.txt ├── IOCs ├── 8220Gang │ └── 8220_Gang_iocs_20242409.csv ├── CVE-2023-46805_CVE-2024-21887 │ └── Ivanti_iocs_20240124.csv ├── DDoSia │ └── 20240229_DDoSia_IOC.csv ├── DarkGate │ └── scripts │ │ ├── AV_checked.txt │ │ ├── DarkGate-C2-communication-deobfuscator.py │ │ └── action-id-documentations.md ├── DiceLoader │ └── scripts │ │ ├── ReflectiveDLLInjection.h │ │ ├── extractor.py │ │ └── fake_c2_tcp_server.py ├── Doppelgänger │ └── DoppelGänger-observables.csv ├── I2PRAT │ ├── I2PRAT_iocs_20250211.csv │ └── scripts │ │ ├── ida_hashes_extraction.py │ │ └── resolve_hashes.py ├── Interlock │ ├── interlock.yar │ └── interlock_IOCs.txt ├── Lycantrox │ ├── Lycantrox_domains_high_confidence.txt │ └── Lycantrox_domains_medium_confidence.txt ├── MuddyWater │ └── yara │ │ ├── apt_MuddyWater_MuddyRot_strings.yar │ │ └── apt_MuddyWater_malicious_pdf.yar ├── README.md ├── ScatteredSpider │ └── 20240220_ScatteredSpider_IOC.csv ├── acrstealer │ ├── acrstealer_iocs_20240429.md │ └── infostealer_acrstealer_apr24.yar ├── activemq │ └── activemq_iocs_20231206.csv ├── apt31 │ ├── 2021-11-10 APT31 - STIX2.jsonl │ ├── 2021-11-10 APT31 IOCs.csv │ └── yara_rules │ │ ├── apt_misp_apt31_orb_2021.yar │ │ └── unk_apt31_tsh_2021.yar ├── aurora │ ├── aurora_iocs_20221121.csv │ └── yara_rules │ │ └── infostealer_aurora.yar ├── bananasulfate │ └── SEKOIAIO_Banana_Sulfate_infrastructure.csv ├── bluefox │ ├── bluefox_iocs_20221102.csv │ └── yara_rules │ │ └── infostealer_bluefox.yar ├── calisto │ ├── Domains already known related to CALISTO.txt │ ├── SSL Certificates SHA1, emails and IPs.csv │ ├── calisto_infrastructure_20220622 │ └── calisto_infrastructure_20221205 ├── clearfake │ ├── clearfake_iocs_20231016.csv │ ├── clearfake_iocs_20250318.csv │ └── clearfake_malicious_script_content.md ├── clickfix_fake_google_meet │ └── clickfix_fake_google_meet_iocs_20241017.csv ├── compromised_chrome_extensions_dec24 │ └── compromised_chrome_extensions_iocs_20250122.csv ├── cs2nginx │ └── cs2nginx_C2.csv ├── customerloader │ └── customerloader_iocs_20230712.csv ├── emotet │ └── 2021-01-20_Emotet_Campaign.csv ├── evilnum │ └── 20220721_EvilNum_domains_list.txt ├── fakebat │ ├── fakebat_iocs_20240702.csv │ ├── loader_fakebat_initial_powershell_may24.yar │ └── loader_fakebat_powershell_fingerprint_may24.yar ├── gamaredon │ └── yara.yar ├── global-analysis-aitm-phishing-threats │ ├── README.md │ ├── cephas │ │ ├── 1_loading-page_beautified.html │ │ ├── 2_phishing-page_decoded.html │ │ ├── anti_bot_cephas.png │ │ ├── cephas-stripped.har │ │ ├── cephas.har │ │ ├── sheet.pdf │ │ └── urlscan_io.txt │ ├── evilginx │ │ ├── 1_loading-page_reformatted.html │ │ ├── evilginx-ywnjb-stripped.har │ │ ├── evilginx-ywnjb.har │ │ ├── sheet.pdf │ │ └── urlscan_io.txt │ ├── evilproxy │ │ ├── 1_page.html │ │ ├── 2.1_phishing-form_script1-deobfuscated.js │ │ ├── 2.2_phishing-form_script2-deobfuscated.js │ │ ├── 2_phishing-form.html │ │ ├── anti_bot_evilproxy.png │ │ ├── evilproxy-stripped.har │ │ ├── evilproxy.har │ │ ├── sheet.pdf │ │ └── urlscan_io.txt │ ├── gabagool │ │ ├── 1_captcha-page.html │ │ ├── 2.1_loading-page_scripts-deobfuscated.js │ │ ├── 2_loading-page.html │ │ ├── 3_phishing-page_decoded.html │ │ ├── anti_bot_gabagool.png │ │ ├── gabagool-stripped.har │ │ ├── gabagool.har │ │ ├── sheet.pdf │ │ └── urlscan_io.txt │ ├── greatness │ │ ├── 1.1_loading-page_decoded.html │ │ ├── 1_loader-script_deobfuscated.js │ │ ├── 2_captcha-page_rendered.html │ │ ├── 3_phishing-page_deobfuscated.html │ │ ├── anti_bot_greatness.png │ │ ├── greatness-stripped.har │ │ ├── greatness.har │ │ ├── sheet.pdf │ │ └── urlscan_io.txt │ ├── mamba-2fa │ │ ├── 1_antibot-page.html │ │ ├── 2_loader-page.html │ │ ├── 3.1_phishing-page_rendered.html │ │ ├── 3_phishing-page_deobfuscated.html │ │ ├── mamba-2fa-stripped.har │ │ ├── mamba-2fa.har │ │ ├── sheet.pdf │ │ └── urlscan_io.txt │ ├── nakedpages │ │ ├── 1_captcha-page.html │ │ ├── 2_loading-page_beautified.html │ │ ├── anti_bot_nakepages.png │ │ ├── nakedpage-stripped.har │ │ ├── nakedpage.har │ │ ├── sheet.pdf │ │ └── urlscan_io.txt │ ├── saiga-2fa │ │ ├── sheet.pdf │ │ └── urlscan_io.txt │ ├── sneaky-2fa │ │ ├── 1_initial-page.html │ │ ├── 2_captcha-page.html │ │ ├── 3.1_autograb-page_script-deobfuscated.js │ │ ├── 3_autograb-page.html │ │ ├── 4_phishing-form.html │ │ ├── anti_bot_sneaky_2fa.png │ │ ├── sheet.pdf │ │ ├── sneaky-2fa-stripped.har │ │ ├── sneaky-2fa.har │ │ └── urlscan_io.txt │ ├── storm-1167 │ │ ├── 1_captcha-page.html │ │ ├── 2.1_loading-page_decoded-skeleton.html │ │ ├── 2.2_phishing-page_full-script-deobfuscated.js │ │ ├── 2.3_phishing-page_script-stripped.js │ │ ├── 2.4_phishing-page_rendered.html │ │ ├── 2_loading-page.html │ │ ├── anti_bot_storm_1187.png │ │ ├── sheet.pdf │ │ ├── storm-1167-stripped.har │ │ ├── storm-1167.har │ │ └── urlscan_io.txt │ └── tycoon-2fa │ │ ├── 1.1_captcha-page_scripts-decoded.js │ │ ├── 1_captcha-page.html │ │ ├── 2.1_decoy-page_script-decoded.html │ │ ├── 2_decoy-page.html │ │ ├── 3_loading-page.html │ │ ├── 4.1_phishing-form_script1-decoded.js │ │ ├── 4.2_phishing-form_script2-deobfuscated.js │ │ ├── 4_phishing-form.html │ │ ├── anti_bot_tycoon_2fa.png │ │ ├── sheet.pdf │ │ ├── tycoon-2fa-stripped.har │ │ ├── tycoon-2fa.har │ │ └── urlscan_io.txt ├── hermeticwiper │ └── yara_rules │ │ └── wiper_HermeticWiper_variants.yar ├── i_paid_twice │ └── i_paid_twice_iocs_20251106.csv ├── infra_seo_crack_stealers │ └── infra_seo_crack_stealers_iocs_20230106.csv ├── mallox │ └── mallox_purecrypter_iocs_20240513.csv ├── marsstealer │ ├── mars_stealer_iocs_20220407.csv │ └── yara_rules │ │ ├── infostealer_marsstealer_early_version.yar │ │ ├── infostealer_marsstealer_llcppc.yar │ │ └── infostealer_marsstealer_xor_routine.yar ├── nobelium │ ├── 2022_01_06_C2 Nobelium.csv │ ├── 2022_01_06_NOBELIUM_MD5 │ └── yara_rules │ │ ├── apt_nobelium_b64_to_Uint8Array.yar │ │ ├── apt_nobelium_cs_loader_obfuscation.yar │ │ ├── apt_nobelium_hta_in_iso.yar │ │ ├── apt_nobelium_html_smuggling_iso.yar │ │ ├── apt_nobelium_powsershell_reg_loader_decoded.yar │ │ └── rule apt_nobelium_hta_reg_dropper.yar ├── pikabot │ └── pikabot_iocs_20240603.csv ├── privateloader │ └── 20220914_privateloader_IOC.csv ├── qnapworm │ └── 20220704_QNAP_Worm_Infrastructure ├── raccoonstealer │ └── raccoon_stealer_iocs_20220628.csv ├── roamingmantis │ └── roaming_mantis_iocs_20220718.csv ├── ryuk │ └── 2020-10-29 C2 Ryuk.csv ├── sneaky2fa │ └── sneaky2fa_iocs_20250116.csv ├── stealc │ ├── scripts │ │ ├── IDA_strings_deobfuscator.py │ │ └── stealc_stealer_c2_extractor.py │ ├── stealc_iocs_20230220.csv │ ├── suricata_rules │ │ └── infostealer_stealc.rules │ └── yara_rules │ │ ├── infostealer_stealc_behavior.yar │ │ └── infostealer_stealc_standalone.yar └── tycoon2fa │ └── tycoon2fa_iocs_20240325.csv ├── LICENSE.md ├── MaltegoTransforms ├── LICENSE.md ├── README.md ├── assets │ ├── change-path.gif │ ├── transform-vt.png │ └── transform-vtb.png ├── export.mtz ├── requirements.txt └── transforms │ ├── config.yaml │ ├── libs │ ├── config.py │ └── transform.py │ ├── openwith.py │ ├── virustotal-behaviour.py │ └── virustotal.py ├── README.md ├── Reports ├── FLINT 2021 - Emotet (EN).pdf └── FLINT 2021 - Emotet (FR).pdf ├── events ├── README.md ├── lookups.json └── smart-descriptions.json ├── playbooks └── templates │ ├── Alerts_Shodan_Enrichment.json │ ├── CrowdSec_alert_enrichment.json │ ├── Crowdstrike_dissemination.json │ ├── DigitalShadows_SearchLight_fetch_alerts.json │ ├── Enrich_alerts_with_AbuseIPDB.json │ ├── Enrich_alerts_with_VirusTotal_Hash.json │ ├── Enrich_alerts_with_hostnames.json │ ├── Enrich_with_IKnow_What_You_Download.json │ ├── HTTP_request_Remediation.json │ ├── OSINT_to_observables.json │ ├── Reject_old_alerts.json │ ├── Shodan_search_to_observables.json │ ├── Tranco_top_domains_to_observables.json │ ├── URL_scan_VirusTotal_Enrichement.json │ ├── VirusTotal_Enrichement.json │ ├── add_destination_ips_to_ioc_collection.json │ ├── add_domains_to_ioc_collection.json │ ├── add_source_ips_to_ioc_collection.json │ ├── alert_webhook_internet_scan.json │ ├── create_alert_on_the_hive_automatic.json │ ├── create_alert_on_the_hive_manual.json │ ├── create_incident_on_cortex_xsoar.json │ ├── create_jira_ticket_on_alert.json │ ├── email_notification_on_alert_webhook.json │ ├── forward_google_pubsub_events.json │ ├── forward_panda_security_events.json │ ├── forward_vadesecure_records.json │ ├── get_additional_harfang_telemetry.json │ ├── get_data_and_enrich_with_cloudflare.json │ ├── imperva_waf_fetch_logs.json │ ├── mattermost_notification_on_alert.json │ ├── msteams_notification.json │ ├── playbook_adware.json │ ├── playbooks.json │ ├── send_alert_to_nybble_hub.json │ ├── slack_notification_on_alert.json │ └── urgency_to_0_on_rejected.json ├── scripts ├── mars_stealer_c2_extractor.py ├── raccoon_stealer_v2_c2_extrator.py └── test_forwarder.bash ├── sigma_rules ├── README.md ├── cloud │ ├── aws_ec2_enable_serial_console_access.yml │ ├── aws_ec2_subnet_deleted.yml │ ├── aws_iam_password_policy_updated.yml │ ├── aws_route53_transfer_lock_disabled.yml │ └── aws_s3_bucket_replication.yml ├── host │ ├── attrib_hiding_files.yml │ ├── correlation_html_smuggling.yml │ ├── correlation_iso-lnk_chain.yml │ ├── correlation_iso-lnk_infection_chain.yml │ ├── correlation_lnk-hta_infection_chain.yml │ ├── data_compressed_with_rar_with_password.yml │ ├── disable_windows_defender.yml │ ├── impacket_wmiexec.yml │ ├── mdav_disable_base64_encoded.yml │ ├── mdav_disable_base64_encoded_setmppreference.yml │ ├── mdav_disable_services.yml │ ├── mdav_signatures_removed_mpcmdrun.yml │ ├── mdav_threat_detected.yml │ ├── mshta_suspicious_child.yml │ ├── non_legit_use_eula_parameter.yml │ ├── powershell_amsi_bypass.yml │ ├── powershell_amsi_deactivation_bypass_using_net_reflection.yml │ ├── powershell_exchange_snapin_mailbox.yml │ ├── powershell_suspicious_keywords.yml │ ├── procdump_args.yml │ ├── socks_tunneling_tool.yml │ ├── win_powershell_load_regkey.yml │ └── wmic_process_call_create.yml └── network │ ├── dynamic_dns_domain.yml │ └── email_suspicious_attachment_received.yml └── yara_rules ├── apt37_rokrat_macho.yar ├── apt_37_chinotto.yar ├── apt_3cx_payload_stealer.yar ├── apt_agent_racoon_strings.yar ├── apt_andariel_dorarat_strings.yar ├── apt_andariel_keylogger_strings.yar ├── apt_andariel_nestdoor_variants_strings.yar ├── apt_andariel_siennablue.yar ├── apt_apt10_hui_loader.yar ├── apt_apt28_document_phishing_webpage.yar ├── apt_apt28_htmlsmuggling.yar ├── apt_apt28_htmlsmuggling_disclosing_ip.yar ├── apt_apt28_powershell_ntlm_stealer.yar ├── apt_apt28_susp_graphite_downloader.yar ├── apt_apt28_ukrnet_phishing_page.yar ├── apt_apt28_wayzgoose_exploit_string.yar ├── apt_apt29_malicious_rdp_file.yar ├── apt_apt29_quarterrig.yar ├── apt_apt29_wineloader_malicious_hta.yar ├── apt_apt29_wineloader_malicious_pdf.yar ├── apt_apt31_pakdoor.yar ├── apt_apt31_rekoobe.yar ├── apt_apt33_falsefont.yar ├── apt_apt33_tickler.yar ├── apt_apt35_iisraid_strings.yar ├── apt_apt37_chinotto_powershell_variant.yar ├── apt_apt37_malicious_hta_file.yar ├── apt_apt41_javascript_dropper.yar ├── apt_apt41_keyplug_dropper.yar ├── apt_apt41_powershell_collection_script.yar ├── apt_apt41_powershell_exfiltration_script.yar ├── apt_apt_k_47_orpcbackdoor.yar ├── apt_apt_k_47_walkershell.yar ├── apt_aptc36_vbs_maldoc.yar ├── apt_aptc60_downloader_strings.yar ├── apt_aptk47_asyncshell.yar ├── apt_aptk47_maliciouslnk.yar ├── apt_aridviper_rustsysjoker.yar ├── apt_backdoordiplomaty_custommerlinagent_strings.yar ├── apt_backdoordiplomaty_phantomnet.yar ├── apt_badmagic_commonmagic_generic_1.yar ├── apt_badmagic_commonmagic_generic_2.yar ├── apt_badmagic_commonmagic_main.yar ├── apt_badmagic_commonmagic_screenshot_module.yar ├── apt_badmagic_commonmagic_usbstealer.yar ├── apt_badmagic_generic_pshscript.yar ├── apt_badmagic_installpzz_pshscript.yar ├── apt_badmagic_ld_dll_loader_pshscript.yar ├── apt_badmagic_listfiles_pshscript.yar ├── apt_badmagic_malicious_lnk.yar ├── apt_badmagic_modules.yar ├── apt_badmagic_reco_pshscript.yar ├── apt_badmagic_startngrok_pshscript.yar ├── apt_badmagic_startrevsocks_pshscript.yar ├── apt_blackwood_nspx30_plugin.yar ├── apt_boldmove_strings.yar ├── apt_buhtrap_maldocx.yar ├── apt_cerana_keeper_dropboxflop.yar ├── apt_cerana_keeper_yk0130.yar ├── apt_cloudatlas_init_module_virtualalloc.yar ├── apt_cloudatlas_powershower_clean.yar ├── apt_cloudatlas_powershower_module.yar ├── apt_cloudatlas_powershower_obfuscated.yar ├── apt_cloudatlas_powershower_variant.yar ├── apt_cloudatlas_powertunnel.yar ├── apt_cloudatlas_powertunnel_loader.yar ├── apt_cloudatlas_rtf_shellcode_cve_2018_0798.yar ├── apt_cloudatlas_stagescalldllmainafterexec.yar ├── apt_cloudmensis_downloader_strings.yar ├── apt_cloudmensis_spyagent_strings.yar ├── apt_coathanger_beacon.yar ├── apt_coathanger_files.yar ├── apt_cottonsandstorm_win_implant.yar ├── apt_dark_pink_pdb_path.yar ├── apt_darkpink_kamikakabot_strings.yar ├── apt_darkpink_loader_decryptionroutine.yar ├── apt_darkpink_sample.yar ├── apt_emberbear_credpump_strings.yar ├── apt_emissarypanda_sysupdate_removing_tool.yar ├── apt_emissarypanda_web_auto_attack_tool.yar ├── apt_evasive_panda_downloader_certificate_exe.yar ├── apt_evasive_panda_rphost_dll.yar ├── apt_flightnight_malicious_lnk.yar ├── apt_gamaredon_ddrdoh_powershell_backdoor.yar ├── apt_gamaredon_ddrdoh_vbs_downloader.yar ├── apt_gamaredon_ddrdoh_vbs_downloader_vbs.yar ├── apt_gamaredon_doc_external_template.yar ├── apt_gamaredon_flash_infostealer.yar ├── apt_gamaredon_gamaredon_lnk_usb_spreader.yar ├── apt_gamaredon_gamaredon_lnk_usb_spreader_encoded.yar ├── apt_gamaredon_gammaload_malicioushta.yar ├── apt_gamaredon_gammaload_maliciouslnk.yar ├── apt_gamaredon_getlogicaldrive_hunting.yar ├── apt_gamaredon_htmlsmuggling_2024.yar ├── apt_gamaredon_htmlsmuggling_attachment.yar ├── apt_gamaredon_htmlsmuggling_attachment_stage2.yar ├── apt_gamaredon_lnk.yar ├── apt_gamaredon_lnk_spreader.yar ├── apt_gamaredon_lnks_farl139_hostname.yar ├── apt_gamaredon_powerrevshell.yar ├── apt_gamaredon_stealer_obfuscation_1.yar ├── apt_gamaredon_stealer_obfuscation_2.yar ├── apt_gamaredon_subtle_paws.yar ├── apt_gamaredon_vbs_downloader.yar ├── apt_gelsemium_firewood_backdoor.yar ├── apt_gelsemium_wolfsbane_backdoor.yar ├── apt_gelsemium_wolfsbane_launcher.yar ├── apt_gelsemium_wolfsbane_rootkit.yar ├── apt_globalshadow.yar ├── apt_gobrat_2.yar ├── apt_granitetyphoon_pingpulllinux_strings.yar ├── apt_granitetyphoon_sword2023_strings.yar ├── apt_icepeony_icecache.yar ├── apt_icepeony_iceevent.yar ├── apt_implant_xdealer_linux_variant_strings.yar ├── apt_implant_xdealer_stealer_strings.yar ├── apt_implant_xdealer_strings.yar ├── apt_implant_xdealer_vbs_launcher_strings.yar ├── apt_ir_sugarush_implant.yar ├── apt_ivanti_krustyloader.yar ├── apt_kimsuky_fpspy.yar ├── apt_kimsuky_klogexe.yar ├── apt_kimsuky_malicious_gotopwsh_lnk.yar ├── apt_kimsuky_malicious_vba.yar ├── apt_kimsuky_powershell.yar ├── apt_kimsuky_powershell_dropper_strings.yar ├── apt_kimsuky_sharpext_compromised_securepreferences.yar ├── apt_kimsuky_sharpext_devps1_strings.yar ├── apt_kimsuky_sharpext_devtoolmodule_strings.yar ├── apt_kimsuky_sharpext_jsexfil_strings.yar ├── apt_kimsuky_sharptongue_c2_source.yar ├── apt_kimsuky_sharptongue_strings.yar ├── apt_kimsuky_sharptongue_vbslauncher_strings.yar ├── apt_kimsuky_toddlershark_obfuscated.yar ├── apt_kimsuky_toddlershark_strings.yar ├── apt_kimsuky_validator_strings.yar ├── apt_kimsuky_vbs.yar ├── apt_kimsuky_vbs_powershell_downloader.yar ├── apt_konni.yar ├── apt_konni_check_bat.yar ├── apt_konni_dropper.yar ├── apt_lazarus_backdoored_jslib.yar ├── apt_lazarus_blindingcan_rtti.yar ├── apt_lazarus_dangerouspassword_lnk.yar ├── apt_lazarus_dll_c2_comms.yar ├── apt_lazarus_gopuram_backdoor.yar ├── apt_lazarus_lambload_timecheck.yar ├── apt_lazarus_pondrat.yar ├── apt_lazarus_vhd_ransomware_downloader.yar ├── apt_lazarus_vhd_ransomware_loader.yar ├── apt_luckymouse_compromised_electronapp.yar ├── apt_luckymouse_rshell_strings.yar ├── apt_luckymouse_rshell_strings_all_platform.yar ├── apt_luckymouse_sysupdate_removing_tool.yar ├── apt_malware_pocoproxy.yar ├── apt_menupass_maliciouslibvlc_dll.yar ├── apt_micdown_encrypted_configuration.yar ├── apt_muddywater_manifestation_backdoor.yar ├── apt_muddywater_manifestation_backdoor_obfuscated.yar ├── apt_muddywater_moriagent.yar ├── apt_muddywater_muddyc2go_dll_launcher_strings.yar ├── apt_muddywater_powershell_reverse_secure_proxy.yar ├── apt_muddywater_powgoop_decode_loop.yar ├── apt_muddywater_powgoop_decoded.yar ├── apt_muddywater_powgoop_loader.yar ├── apt_muddywater_rotrot_strings.yar ├── apt_mustang_panda_nupakage.yar ├── apt_mustang_panda_toneins.yar ├── apt_mustang_panda_toneshell.yar ├── apt_mustangpanda_coolclient.yar ├── apt_mustangpanda_decrypt_payload.yar ├── apt_mustangpanda_downloader.yar ├── apt_mustangpanda_malicious_lnk_worm.yar ├── apt_mustangpanda_maliciousdll_loading_plugx_strings.yar ├── apt_mustangpanda_mqsttang_qmagent.yar ├── apt_mustangpanda_payload.yar ├── apt_mustangpanda_tinynote.yar ├── apt_mustangpanda_tonedrop.yar ├── apt_mustangpanda_windows_remoteshell.yar ├── apt_mustangpanda_windows_shellcode_decryptionalgorithm.yar ├── apt_mustangpanda_xoreddll.yar ├── apt_mustangpanda_zpakage.yar ├── apt_nobelium_acrobox_downloader_apr2022.yar ├── apt_nobelium_nativezone_gen.yar ├── apt_oilrig_clipog_strings.yar ├── apt_oilrig_maliciousdocument_may2022.yar ├── apt_oilrig_odagent_strings.yar ├── apt_oilrig_oilbooster_strings.yar ├── apt_oilrig_powerexchange.yar ├── apt_oilrig_saitama_backdoor_may2022.yar ├── apt_oilrig_saitama_backdoor_may2022_2.yar ├── apt_oilrig_sc5kv3_strings.yar ├── apt_oilrig_webshell.yar ├── apt_polonium_deepcreep_strings.yar ├── apt_polonium_megacreep_strings.yar ├── apt_polonium_powershell_creepydrive_strings.yar ├── apt_polonium_technocreep_strings.yar ├── apt_qnapworm_loader_may2022.yar ├── apt_queueseed.yar ├── apt_reaper_2fa_phishing_webpage.yar ├── apt_reaper_malicious_lnk.yar ├── apt_redhotel_maliciouslnk_strings.yar ├── apt_rusticweb_stealer.yar ├── apt_sandworm_awfulshred_obfuscation_apr2022.yar ├── apt_sandworm_caddywiper_stacked_strings.yar ├── apt_sandworm_notpetya_strings.yar ├── apt_sandworm_olympicdestroyer.yar ├── apt_sandworm_orcshred_apr2022.yar ├── apt_sandworm_powergap_apr2022.yar ├── apt_scanbox_framework_not_obfuscated.yar ├── apt_scanbox_obfuscated_versions.yar ├── apt_shadowpad_first_called_function.yar ├── apt_sidecopy_actionrat_packer_strings.yar ├── apt_sidecopy_cheex.yar ├── apt_sidecopy_malicious_macro.yar ├── apt_sidecopy_reverserat_strings.yar ├── apt_sofacy_graphitemalware_generic.yar ├── apt_spikedwine_malicious_hta.yar ├── apt_spikedwine_wineloader.yar ├── apt_spynote_android_dex_strings.yar ├── apt_stripedfly.yar ├── apt_sugardump_credentials_stealer_http.yar ├── apt_sugardump_credentials_stealer_smtp.yar ├── apt_sugargh0stcampaign_malicious_lnk.yar ├── apt_susp_apt28_uac0063_hatvibe.yar ├── apt_susp_apt28_uac0063_hta_loader.yar ├── apt_susp_apt28_uac0063_malicious_doc.yar ├── apt_susp_apt28_uac0063_malicious_doc_settings_xml.yar ├── apt_susp_apt28_uac0063_malicious_doc_vba.yar ├── apt_susp_lazarus_dangerous_password.yar ├── apt_suspected_sandworm_sdelete_wiper.yar ├── apt_ta410_driver_keylogger.yar ├── apt_ta410_flowcloud_loader.yar ├── apt_ta410_flowcloud_rtti.yar ├── apt_ta428_tmanger_strings.yar ├── apt_tealkurma_snappytcp_reverse_shell_strings.yar ├── apt_tealkurma_snappytcp_strings.yar ├── apt_toddycat_toddybox_strings.yar ├── apt_toddycat_tomberbil_strings.yar ├── apt_toddycat_waexp_strings.yar ├── apt_toneshell_loader.yar ├── apt_toneshell_shellcode.yar ├── apt_tortoiseshell_imaploader.yar ├── apt_tortoiseshell_wateringhole_script.yar ├── apt_turla_comlook.yar ├── apt_turla_kazuar_variant_2023.yar ├── apt_uac0099_lonepage.yar ├── apt_uac0154_malicious_html_smuggling.yar ├── apt_uac0154_powershell_infection_chain_1.yar ├── apt_uac0154_powershell_infection_chain_2.yar ├── apt_unc3524_quietexit_strings.yar ├── apt_unc4990_emptyspace_pyc.yar ├── apt_unc4990_explorer_ps1.yar ├── apt_unc4990_explorer_ps1_reverse_b64.yar ├── apt_unk_batcopier_strings.yar ├── apt_unk_dex_china_freedom_trap_spyware.yar ├── apt_unk_hrserv_memory_commands_strings.yar ├── apt_unk_hrserv_webshell_strings.yar ├── apt_unk_malicious_lnk.yar ├── apt_unknown_sessionmanageriis_strings.yar ├── apt_uta0178_javascript_inclusion_strings.yar ├── apt_uta0218_upstyle_backdoor_strings.yar ├── apt_win_disabledefender.yar ├── apt_windows_wip19_screencap.yar ├── apt_yemen_apk_guardzoo.yar ├── backdoor_blueshell.yar ├── backdoor_lin_bifrost.yar ├── backdoor_lin_bpfdoor.yar ├── backdoor_lin_sysupdate.yar ├── backdoor_mul_sparkrat.yar ├── backdoor_mul_supershell_client.yar ├── backdoor_opensource_northstar_strings.yar ├── backdoor_oyster.yar ├── backdoor_powershellempire_batlauchers.yar ├── backdoor_powershellempire_csharp.yar ├── backdoor_powershellempire_gen.yar ├── backdoor_powershellempire_python.yar ├── backdoor_powershellempire_sharpire.yar ├── backdoor_sandman_strings.yar ├── backdoor_win_andardoor.yar ├── backdoor_win_blackrat.yar ├── backdoor_win_feedload.yar ├── backdoor_win_foresttiger.yar ├── backdoor_win_headertip.yar ├── backdoor_win_ketrum2.yar ├── backdoor_win_kimsuky.yar ├── backdoor_win_mgbot_main.yar ├── backdoor_win_minibike.yar ├── backdoor_win_minibus.yar ├── backdoor_win_nukesped_andariel.yar ├── backdoor_win_rokrat.yar ├── backdoor_win_rollsling.yar ├── backdoor_win_sidewinder_cobaltstrike_2022_09.yar ├── backdoor_win_spacecolon.yar ├── backdoor_win_sponsor.yar ├── backdoor_win_volgmer.yar ├── backdoor_win_warhawk.yar ├── backdoor_win_winordll64.yar ├── backdoor_xploitspy_strings.yar ├── backoor_win_gobear.yar ├── backoor_win_tinyturla_ng.yar ├── bot_lin_enemybot_april22.yar ├── bot_lin_kinsing_strings.yar ├── bot_lin_lucifer_strings.yar ├── bot_lin_xorddos_strings.yar ├── bot_lin_zerobot_dec22.yar ├── bot_win_yamabot.yar ├── botnet_lin_tsunami.yar ├── builder_win_royalroad_rtf.yar ├── bumblebee_loader.yar ├── bumblebee_vhd.yar ├── clipper_win_atlas_strings.yar ├── clipper_win_cryptoclippy.yar ├── clwiper_strings.yar ├── crime_sload_mainpowershellimplant.yar ├── crime_sload_powershellarchiveexfiltrator_strings.yar ├── crime_sload_scheduledtask_dropper_strings.yar ├── crime_sload_vbs_downloader_strings_1.yar ├── crime_sload_vbs_downloader_strings_2.yar ├── crime_sload_vbs_wsf_downloader.yar ├── crime_sload_zip_archives.yar ├── crimeware_njrat_strings.yar ├── crybercrime_prophetspider_proxy.yar ├── crypter_vbs_to_exe.yar ├── crypter_win_dotrunpex.yar ├── darkriver_encodedurl.yar ├── dotnet_injector_new_payload.yar ├── downloader_kimsuky_lnk.yar ├── downloader_mac_rustbucket.yar ├── downloader_mac_rustbucket_swiftloader.yar ├── downloader_mac_smooth_operator.yar ├── downloader_win_andarloader.yar ├── downloader_win_apt33_tickler.yar ├── downloader_win_cobianrat.yar ├── downloader_win_curl_agent.yar ├── downloader_win_donot.yar ├── downloader_win_fake_tor_browser.yar ├── downloader_win_newsterminal.yar ├── downloader_win_search.yar ├── dropper_mac_lazarus_manuscrypt.yar ├── dropper_win_konni_cab.yar ├── dropper_win_ninerat.yar ├── dropper_win_romcom_dropper.yar ├── dropper_win_selfau3.yar ├── emmenhtal_strings_hta_exe.yar ├── evilnumpayload_fmtstr.yar ├── exploit_cve20191458_strings.yar ├── exploit_ez_pwnkit_strings.yar ├── exploit_linux_eop_cve20177308_strings.yar ├── exploit_linux_eop_cve202121974_exploit_strings.yar ├── exploit_linux_eop_dirtyc0w_strings.yar ├── exploit_linux_eop_dirtypipe_strings.yar ├── exploit_linux_eop_polkit_pkexec_strings.yar ├── exploit_linux_eop_pwnkit_strings.yar ├── exploit_linux_eop_rationallove_strings.yar ├── exploit_linux_eop_ubuntu_overlayfs_local_privesc_strings.yar ├── exploit_win_cloudatlas_cve_2018_0798.yar ├── gen_empire_onedrive_stager.yar ├── generic_bat_script_mock_http_services.yar ├── generic_perl_reverse_shell.yar ├── generic_php_webshell.yar ├── generic_python_reverse_shell.yar ├── generic_sharpshooter_payload_1.yar ├── generic_sharpshooter_payload_10.yar ├── generic_sharpshooter_payload_11.yar ├── generic_sharpshooter_payload_12.yar ├── generic_sharpshooter_payload_13.yar ├── generic_sharpshooter_payload_2.yar ├── generic_sharpshooter_payload_3.yar ├── generic_sharpshooter_payload_4.yar ├── generic_sharpshooter_payload_5.yar ├── generic_sharpshooter_payload_6.yar ├── generic_sharpshooter_payload_7.yar ├── generic_sharpshooter_payload_8.yar ├── generic_sharpshooter_payload_9.yar ├── generic_tor_hidden_service_leading_to_winports.yar ├── guerrilla_lemongroup.yar ├── guloader_lnk_file.yar ├── guloader_powershell_1.yar ├── guloader_unpacker.yar ├── guloader_unpacker_decoded.yar ├── guloader_vbscript.yar ├── hacktool_credentialkatz.yar ├── hacktool_defendercontrol_strings.yar ├── hacktool_dnscat2_strings.yar ├── hacktool_duplicatedump_strings.yar ├── hacktool_earthworm_strings.yar ├── hacktool_fscan_strings.yar ├── hacktool_gtunnel_strings.yar ├── hacktool_impacket_compiled_binary.yar ├── hacktool_iox_tunneling.yar ├── hacktool_ipmipwner_strings.yar ├── hacktool_lazagne_strings.yar ├── hacktool_ligolo_relay_strings.yar ├── hacktool_ligolo_strings.yar ├── hacktool_microsocks_strings.yar ├── hacktool_mimikat_ssp_strings.yar ├── hacktool_mimikatz_obfuscated.yar ├── hacktool_mimilite.yar ├── hacktool_nbtscan_strings.yar ├── hacktool_ntdsdumpex_strings.yar ├── hacktool_ntospy_strings.yar ├── hacktool_pplblade_strings.yar ├── hacktool_rubeus_strings.yar ├── hacktool_sharpview_strings.yar ├── hacktool_socat_strings.yar ├── hacktool_stowaway_strings.yar ├── hacktool_win_cookiekatz.yar ├── hacktool_win_gmer.yar ├── hacktool_win_powertool.yar ├── hacktool_win_processhacker.yar ├── hacktool_win_uknowseckeylogger.yar ├── hafnium_tarrask_malware.yar ├── icebot_exported_function.yar ├── icedid_chm_ttp.yar ├── implant_any_sliver.yar ├── implant_any_sliver_not_stripped.yar ├── implant_lin_geacon.yar ├── implant_lin_lightning.yar ├── implant_mac_rustbucket.yar ├── implant_mac_smoothoperator_update_agent.yar ├── implant_macos_geacon.yar ├── implant_mul_alchimist.yar ├── implant_win_apt29_2022_10.yar ├── implant_win_flagpro.yar ├── implant_win_geacon.yar ├── implant_win_graphiron_downloader.yar ├── implant_win_havoc_default_strings.yar ├── implant_win_incontroller.yar ├── implant_win_knotweed_jumplump.yar ├── implant_win_lyceum.yar ├── implant_win_magicrat.yar ├── implant_win_mysterysnail.yar ├── implant_win_pingpull.yar ├── implant_win_quantum_builder_lnk.yar ├── implant_win_quasarrat.yar ├── implant_win_sliver_dll.yar ├── in2al5d_p3in4er_loader.yar ├── infostealer_mac_realst.yar ├── infostealer_win_44caliber.yar ├── infostealer_win_acridrain_mar23.yar ├── infostealer_win_acrstealer_str.yar ├── infostealer_win_agrat.yar ├── infostealer_win_aurora.yar ├── infostealer_win_aurora_str.yar ├── infostealer_win_banditstealer.yar ├── infostealer_win_bebra.yar ├── infostealer_win_blackcap.yar ├── infostealer_win_blackguard_mar23.yar ├── infostealer_win_blustealer.yar ├── infostealer_win_cinoshistealer.yar ├── infostealer_win_daolpu_str.yar ├── infostealer_win_doenerium_str.yar ├── infostealer_win_ducklogs.yar ├── infostealer_win_edgeguard.yar ├── infostealer_win_enigma_initial_loader.yar ├── infostealer_win_enigma_loader_module.yar ├── infostealer_win_enigma_stealer_module.yar ├── infostealer_win_eternity.yar ├── infostealer_win_fwit_strings.yar ├── infostealer_win_ginzostealer_str.yar ├── infostealer_win_gomorrah.yar ├── infostealer_win_grmsk_strings.yar ├── infostealer_win_irontiger_chrome_stealer.yar ├── infostealer_win_leaf.yar ├── infostealer_win_lighting.yar ├── infostealer_win_lumma_strings_aug23.yar ├── infostealer_win_lumma_strings_sept23.yar ├── infostealer_win_mars_stealer.yar ├── infostealer_win_mars_stealer_variant_llcppc1.yar ├── infostealer_win_mars_stealer_xor_routine.yar ├── infostealer_win_meduzastealer.yar ├── infostealer_win_metastealer_strings.yar ├── infostealer_win_monster_stub.yar ├── infostealer_win_nekostealer.yar ├── infostealer_win_nemesis_in_memory.yar ├── infostealer_win_nosu.yar ├── infostealer_win_pennywise_mar23.yar ├── infostealer_win_phoenix.yar ├── infostealer_win_phoenixwave.yar ├── infostealer_win_raccoon_str_takemypainback.yar ├── infostealer_win_redline_strings.yar ├── infostealer_win_solarmarker_dll.yar ├── infostealer_win_solarmarker_powershell.yar ├── infostealer_win_spacestealer.yar ├── infostealer_win_stealc.yar ├── infostealer_win_stealc_str_oct24.yar ├── infostealer_win_stealerium.yar ├── infostealer_win_stormkitty.yar ├── infostealer_win_stormkitty_exfil_urls.yar ├── infostealer_win_titan.yar ├── infostealer_win_vidar_str_jul22.yar ├── infostealer_win_vidar_strings_nov23.yar ├── infostealer_win_vulturi.yar ├── infostealer_win_whitesnake_loader_feb23.yar ├── infostealer_win_whitesnake_stealer_feb23.yar ├── infostealer_win_whitesnake_xor_rc4_july12.yar ├── infostealer_win_xehook_str.yar ├── infostealer_win_xenostealer_strings.yar ├── infostealer_win_xfiles.yar ├── installer_win_minibus.yar ├── keylogger_win_donot.yar ├── killfloor_avkiller_strings.yar ├── kimsuky_konni_dll.yar ├── koi_koiloader.yar ├── koi_netstealer.yar ├── koi_powershell_loading_obfuscatednet.yar ├── koiloader_lnk.yar ├── koiloader_powershell_reflective_loading.yar ├── latrodectus_br4_js_dropper.yar ├── latrodectus_exports.yar ├── launcher_win_bluehaze.yar ├── launcher_win_mistcloak.yar ├── launcher_win_romcom_launcher.yar ├── launcher_win_stealthmutant_bat_launcher.yar ├── lnk_astaroth.yar ├── loader_amadey_clipper_plugin.yar ├── loader_amadey_standalone_may23.yar ├── loader_amadey_stealer_plugin.yar ├── loader_fakebat_initial_powershell_may24.yar ├── loader_fakebat_powershell_fingerprint_may24.yar ├── loader_latrodectus_dll.yar ├── loader_win_abcloader.yar ├── loader_win_aresloader.yar ├── loader_win_batloader_scripts.yar ├── loader_win_bumblebee.yar ├── loader_win_dodgebox.yar ├── loader_win_doppeldridex.yar ├── loader_win_erbium.yar ├── loader_win_fudloader.yar ├── loader_win_gcleaner.yar ├── loader_win_goshellcode.yar ├── loader_win_jennlog.yar ├── loader_win_jinxloader_strings.yar ├── loader_win_konni_bat.yar ├── loader_win_konni_wpnprv.yar ├── loader_win_ninerat.yar ├── loader_win_operationmagalenha_vbs.yar ├── loader_win_piccassoloader.yar ├── loader_win_purecrypter.yar ├── loader_win_red0044_powershell_may24.yar ├── loader_win_revil_loader.yar ├── loader_win_squirrelwaffle.yar ├── loader_win_squirrelwaffle_doc.yar ├── loader_win_stealthvector.yar ├── loader_win_svcready_imports.yar ├── luckymouse_sysupdate_loader.yar ├── luckymouse_sysupdate_payload.yar ├── malicious_lnk_exploiting_webdav_share_generic.yar ├── malware_httpshell_strings.yar ├── malware_remcom_strings.yar ├── malware_sugargh0st_strings.yar ├── malware_swordldr.yar ├── malware_tinyshell_strings.yar ├── malware_valleyrat_1ststage_strings.yar ├── malware_valleyrat_downloader_strings.yar ├── malware_valleyrat_strings_config.yar ├── malware_venom_admin_strings.yar ├── malware_venom_agent_strings.yar ├── malware_win_lyceum_maldoc_macro_20220613.yar ├── malware_win_mex.yar ├── malware_win_passlib.yar ├── manjusaka_samples.yar ├── merlin_crossplatform.yar ├── merlin_linux_elf.yar ├── merlin_win_dll.yar ├── merlin_win_exe.yar ├── miner_lin_xmrig_strings.yar ├── miner_win_xmrig_strings.yar ├── nomercy.yar ├── observerstealer.yar ├── pe_princeransomware_strings.yar ├── pe_stealer_axilestealer_strings.yar ├── pe_stealer_scarletstealer_strings.yar ├── platypus_winlinmac_strings.yar ├── plugx_final_payload.yar ├── radx_stealer.yar ├── ransomware_lin_avoslocker_sections.yar ├── ransomware_lin_avoslocker_strings.yar ├── ransomware_linux_icefire_2023.yar ├── ransomware_mallox.yar ├── ransomware_win_agenda.yar ├── ransomware_win_avoslocker.yar ├── ransomware_win_blackcat.yar ├── ransomware_win_blackmatter.yar ├── ransomware_win_chaos.yar ├── ransomware_win_dodo_2023.yar ├── ransomware_win_eking_rich_header.yar ├── ransomware_win_fonix.yar ├── ransomware_win_honkai_jan2023.yar ├── ransomware_win_karma.yar ├── ransomware_win_lorenz.yar ├── ransomware_win_masons_jan2023.yar ├── ransomware_win_raworld.yar ├── ransomware_win_redeemer.yar ├── ransomware_win_scransom.yar ├── ransomware_win_shrinklocker.yar ├── ransomware_win_voidcrypt.yar ├── ransomware_win_wing.yar ├── rat_darkvision_string.yar ├── rat_lin_gobrat_2023.yar ├── rat_win_arrow_str.yar ├── rat_win_asbit.yar ├── rat_win_asyncrat.yar ├── rat_win_atharvan.yar ├── rat_win_babylon.yar ├── rat_win_borat.yar ├── rat_win_dcrat_qwqdanchun.yar ├── rat_win_hiddenz.yar ├── rat_win_konni_rat.yar ├── rat_win_lilith.yar ├── rat_win_millenium.yar ├── rat_win_nighthawk.yar ├── rat_win_ninerat.yar ├── rat_win_ratel_strings.yar ├── rat_win_remcos.yar ├── rat_win_reverserat.yar ├── rat_win_romcom_payload.yar ├── rat_win_tutclient.yar ├── rat_win_xeno_rat.yar ├── rat_win_xworm_v2.yar ├── rat_win_xworm_v3.yar ├── recotool_adfind_strings.yar ├── reverseshell_win_1st_troy.yar ├── rootkit_diamorphine_strings.yar ├── rootkit_lin_winnti.yar ├── rootkit_win_purplefox_360_tct.yar ├── rootkit_win_purplefox_kernel_driver.yar ├── rootkit_win_purplefox_svchost_txt.yar ├── rule_lazarus_generic_downloader_7c3f94702fa7.yar ├── shell_win_danfuan.yar ├── spyware_and_bahamut.yar ├── spyware_and_fastfire.yar ├── spyware_and_strongpity_mobile_backdoor.yar ├── stealer_win_demotryspy.yar ├── stealer_win_luca.yar ├── stealer_win_mgbot_credential_stealer.yar ├── stealer_win_strela.yar ├── storm_1811_files_dat.yar ├── storm_1811_screenconnect_update.yar ├── strongpity_malware.yar ├── suspicious_users_dev.yar ├── ta410_control_flow_obfuscation.yar ├── technique_csv_dde_exec_regex.yar ├── tinyfluff_nodejs.yar ├── tool_3proxy_strings.yar ├── tool_advancedrun_strings.yar ├── tool_bore_rust_any_platform.yar ├── tool_bypassgodzilla.yar ├── tool_cheat_engine.yar ├── tool_chisel_strings.yar ├── tool_dogtunnel_strings.yar ├── tool_dynamicwrapper_strings.yar ├── tool_edrsandblast_api_strings.yar ├── tool_edrsandblast_cli_strings.yar ├── tool_edrsandblast_kernelcallbacks.yar ├── tool_edrsandblast_strings.yar ├── tool_efspotato.yar ├── tool_ehole.yar ├── tool_enum4linux_strings.yar ├── tool_execit_obfuscator_strings.yar ├── tool_exploit_badpotato_strings.yar ├── tool_exploit_comahawk_strings.yar ├── tool_exploit_rottenpotato_strings.yar ├── tool_generic_python_reverse_shell_strings.yar ├── tool_godpotato.yar ├── tool_gost_tunnel_strings.yar ├── tool_gsocket_strings.yar ├── tool_htran_strings.yar ├── tool_impersonate_strings.yar ├── tool_inswor_strings.yar ├── tool_iodine_strings.yar ├── tool_juicypotato_exploit_strings.yar ├── tool_juicypotatong_strings.yar ├── tool_koblas_server_strings.yar ├── tool_ladon_strings.yar ├── tool_lsass_dump_strings.yar ├── tool_masky_strings.yar ├── tool_multidump_strings.yar ├── tool_nping_strings.yar ├── tool_nssm_strings.yar ├── tool_paexec_strings.yar ├── tool_pchunter_and_related_certificate.yar ├── tool_petitpotato.yar ├── tool_pivotnacci.yar ├── tool_pivotnacci_webshell.yar ├── tool_powershell_unicorn.yar ├── tool_printnotifypotato.yar ├── tool_quarkspwdump.yar ├── tool_rathole_strings.yar ├── tool_realblindingedr_strings.yar ├── tool_reversessh_strings.yar ├── tool_revsocks_strings.yar ├── tool_rsockstun_strings.yar ├── tool_rubeus_strings.yar ├── tool_runpeinmemory_strings.yar ├── tool_safetykatz.yar ├── tool_scanline_strings.yar ├── tool_sharpefspotato_strings.yar ├── tool_sharphoundexecutable_strings.yar ├── tool_sharphoundpowershell_strings.yar ├── tool_sharpnbtscan_strings.yar ├── tool_sharpsecdump.yar ├── tool_soaphound_strings.yar ├── tool_ssf_strings.yar ├── tool_swor.yar ├── tool_sy_runas.yar ├── tool_tacticalrmm_installer_strings.yar ├── tool_tokenplayer_strings.yar ├── tool_webshell_b374k_strings.yar ├── tool_win_blackfly_proxy_config.yar ├── tool_win_driverjack.yar ├── tool_win_forkplayground.yar ├── tool_win_gosecretsdump.yar ├── tool_win_lightrail.yar ├── tool_win_sharpshares.yar ├── tool_win_snap2html.yar ├── tool_xiebroc2_strings.yar ├── tool_yasso_strings.yar ├── trojan_and_keepspy.yar ├── trojan_android_brata.yar ├── trojan_android_cerberus.yar ├── trojan_android_xenomorph.yar ├── trojan_win_bbtok_dll1_sep23.yar ├── trojan_win_bbtok_iso_sep23.yar ├── trojan_win_bbtok_lnk_sep23.yar ├── trojan_win_grandoreiro.yar ├── truesightkiller_avkiller_strings.yar ├── typhon_reborn_stealer.yar ├── unk_quad7_fsynet_strings.yar ├── unk_quad7_netd_strings.yar ├── unk_quad7_updtae_reverse_shell_strings.yar ├── unknown_7777_xlogin.yar ├── unknown_quad7_wildcard_login.yar ├── ursnif.yar ├── ursnif_ldr4.yar ├── vpn_mul_softether.yar ├── water_sigbin_group.yar ├── webshell_icesword_strings.yar ├── webshell_wso_webshell_strings.yar ├── weevely_webshell_payload.yar ├── win_clipper_generic.yar ├── win_infostealer_serpent_strings.yar ├── win_loader_astasialoader_strings.yar ├── win_malware_agnianestealer.yar ├── win_malware_janelarat_strings.yar ├── win_malware_statc_downloader.yar ├── wiper_hermeticwiper_variants.yar ├── wiper_win_caddywiper.yar ├── wiper_win_dnwipe.yar ├── wiper_win_isaacwiper.yar ├── wiper_win_nominatus_toxicbattery.yar ├── wiper_win_ruransom.yar ├── xworm_dotnet_injector.yar ├── yara_runascs.yar └── zip_win_abcloader.yar /Configuration_extractors/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/Configuration_extractors/README.md -------------------------------------------------------------------------------- /Configuration_extractors/kaiji.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/Configuration_extractors/kaiji.py -------------------------------------------------------------------------------- /Configuration_extractors/requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/Configuration_extractors/requirements.txt -------------------------------------------------------------------------------- /IOCs/8220Gang/8220_Gang_iocs_20242409.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/8220Gang/8220_Gang_iocs_20242409.csv -------------------------------------------------------------------------------- /IOCs/DDoSia/20240229_DDoSia_IOC.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/DDoSia/20240229_DDoSia_IOC.csv -------------------------------------------------------------------------------- /IOCs/DarkGate/scripts/AV_checked.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/DarkGate/scripts/AV_checked.txt -------------------------------------------------------------------------------- /IOCs/DarkGate/scripts/action-id-documentations.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/DarkGate/scripts/action-id-documentations.md -------------------------------------------------------------------------------- /IOCs/DiceLoader/scripts/ReflectiveDLLInjection.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/DiceLoader/scripts/ReflectiveDLLInjection.h -------------------------------------------------------------------------------- /IOCs/DiceLoader/scripts/extractor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/DiceLoader/scripts/extractor.py -------------------------------------------------------------------------------- /IOCs/DiceLoader/scripts/fake_c2_tcp_server.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/DiceLoader/scripts/fake_c2_tcp_server.py -------------------------------------------------------------------------------- /IOCs/Doppelgänger/DoppelGänger-observables.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/Doppelgänger/DoppelGänger-observables.csv -------------------------------------------------------------------------------- /IOCs/I2PRAT/I2PRAT_iocs_20250211.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/I2PRAT/I2PRAT_iocs_20250211.csv -------------------------------------------------------------------------------- /IOCs/I2PRAT/scripts/ida_hashes_extraction.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/I2PRAT/scripts/ida_hashes_extraction.py -------------------------------------------------------------------------------- /IOCs/I2PRAT/scripts/resolve_hashes.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/I2PRAT/scripts/resolve_hashes.py -------------------------------------------------------------------------------- /IOCs/Interlock/interlock.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/Interlock/interlock.yar -------------------------------------------------------------------------------- /IOCs/Interlock/interlock_IOCs.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/Interlock/interlock_IOCs.txt -------------------------------------------------------------------------------- /IOCs/Lycantrox/Lycantrox_domains_high_confidence.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/Lycantrox/Lycantrox_domains_high_confidence.txt -------------------------------------------------------------------------------- /IOCs/Lycantrox/Lycantrox_domains_medium_confidence.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/Lycantrox/Lycantrox_domains_medium_confidence.txt -------------------------------------------------------------------------------- /IOCs/MuddyWater/yara/apt_MuddyWater_malicious_pdf.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/MuddyWater/yara/apt_MuddyWater_malicious_pdf.yar -------------------------------------------------------------------------------- /IOCs/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/README.md -------------------------------------------------------------------------------- /IOCs/ScatteredSpider/20240220_ScatteredSpider_IOC.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/ScatteredSpider/20240220_ScatteredSpider_IOC.csv -------------------------------------------------------------------------------- /IOCs/acrstealer/acrstealer_iocs_20240429.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/acrstealer/acrstealer_iocs_20240429.md -------------------------------------------------------------------------------- /IOCs/acrstealer/infostealer_acrstealer_apr24.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/acrstealer/infostealer_acrstealer_apr24.yar -------------------------------------------------------------------------------- /IOCs/activemq/activemq_iocs_20231206.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/activemq/activemq_iocs_20231206.csv -------------------------------------------------------------------------------- /IOCs/apt31/2021-11-10 APT31 - STIX2.jsonl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/apt31/2021-11-10 APT31 - STIX2.jsonl -------------------------------------------------------------------------------- /IOCs/apt31/2021-11-10 APT31 IOCs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/apt31/2021-11-10 APT31 IOCs.csv -------------------------------------------------------------------------------- /IOCs/apt31/yara_rules/apt_misp_apt31_orb_2021.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/apt31/yara_rules/apt_misp_apt31_orb_2021.yar -------------------------------------------------------------------------------- /IOCs/apt31/yara_rules/unk_apt31_tsh_2021.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/apt31/yara_rules/unk_apt31_tsh_2021.yar -------------------------------------------------------------------------------- /IOCs/aurora/aurora_iocs_20221121.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/aurora/aurora_iocs_20221121.csv -------------------------------------------------------------------------------- /IOCs/aurora/yara_rules/infostealer_aurora.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/aurora/yara_rules/infostealer_aurora.yar -------------------------------------------------------------------------------- /IOCs/bluefox/bluefox_iocs_20221102.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/bluefox/bluefox_iocs_20221102.csv -------------------------------------------------------------------------------- /IOCs/bluefox/yara_rules/infostealer_bluefox.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/bluefox/yara_rules/infostealer_bluefox.yar -------------------------------------------------------------------------------- /IOCs/calisto/SSL Certificates SHA1, emails and IPs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/calisto/SSL Certificates SHA1, emails and IPs.csv -------------------------------------------------------------------------------- /IOCs/calisto/calisto_infrastructure_20220622: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/calisto/calisto_infrastructure_20220622 -------------------------------------------------------------------------------- /IOCs/calisto/calisto_infrastructure_20221205: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/calisto/calisto_infrastructure_20221205 -------------------------------------------------------------------------------- /IOCs/clearfake/clearfake_iocs_20231016.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/clearfake/clearfake_iocs_20231016.csv -------------------------------------------------------------------------------- /IOCs/clearfake/clearfake_iocs_20250318.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/clearfake/clearfake_iocs_20250318.csv -------------------------------------------------------------------------------- /IOCs/clearfake/clearfake_malicious_script_content.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/clearfake/clearfake_malicious_script_content.md -------------------------------------------------------------------------------- /IOCs/cs2nginx/cs2nginx_C2.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/cs2nginx/cs2nginx_C2.csv -------------------------------------------------------------------------------- /IOCs/customerloader/customerloader_iocs_20230712.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/customerloader/customerloader_iocs_20230712.csv -------------------------------------------------------------------------------- /IOCs/emotet/2021-01-20_Emotet_Campaign.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/emotet/2021-01-20_Emotet_Campaign.csv -------------------------------------------------------------------------------- /IOCs/evilnum/20220721_EvilNum_domains_list.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/evilnum/20220721_EvilNum_domains_list.txt -------------------------------------------------------------------------------- /IOCs/fakebat/fakebat_iocs_20240702.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/fakebat/fakebat_iocs_20240702.csv -------------------------------------------------------------------------------- /IOCs/gamaredon/yara.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/gamaredon/yara.yar -------------------------------------------------------------------------------- /IOCs/global-analysis-aitm-phishing-threats/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/global-analysis-aitm-phishing-threats/README.md -------------------------------------------------------------------------------- /IOCs/global-analysis-aitm-phishing-threats/cephas/urlscan_io.txt: -------------------------------------------------------------------------------- 1 | https://urlscan.io/result/0196ce8c-22cb-75f8-934b-6f56139d67d1/ 2 | -------------------------------------------------------------------------------- /IOCs/global-analysis-aitm-phishing-threats/evilginx/urlscan_io.txt: -------------------------------------------------------------------------------- 1 | https://urlscan.io/result/0197573d-9165-74f8-b164-f97d03df28c7/ 2 | -------------------------------------------------------------------------------- /IOCs/global-analysis-aitm-phishing-threats/evilproxy/urlscan_io.txt: -------------------------------------------------------------------------------- 1 | https://urlscan.io/result/0197595e-7649-740a-a7a8-68ac52757068/ 2 | -------------------------------------------------------------------------------- /IOCs/global-analysis-aitm-phishing-threats/gabagool/urlscan_io.txt: -------------------------------------------------------------------------------- 1 | https://urlscan.io/result/0197377b-4e3d-7438-b955-c9ea469d916c/ 2 | -------------------------------------------------------------------------------- /IOCs/global-analysis-aitm-phishing-threats/greatness/urlscan_io.txt: -------------------------------------------------------------------------------- 1 | https://urlscan.io/result/0197574c-c916-7244-9c63-b3a0dbd8585d/ 2 | -------------------------------------------------------------------------------- /IOCs/global-analysis-aitm-phishing-threats/mamba-2fa/urlscan_io.txt: -------------------------------------------------------------------------------- 1 | https://urlscan.io/result/019756b4-9e92-734f-bb45-84036db9180c/ 2 | -------------------------------------------------------------------------------- /IOCs/global-analysis-aitm-phishing-threats/nakedpages/urlscan_io.txt: -------------------------------------------------------------------------------- 1 | https://c6a10d7c.bf89d0fd70b126f60de08c49.workers.dev/?qrc=dmljdGltQGV4YW1wbGUuY29t 2 | -------------------------------------------------------------------------------- /IOCs/global-analysis-aitm-phishing-threats/sneaky-2fa/urlscan_io.txt: -------------------------------------------------------------------------------- 1 | https://urlscan.io/result/01975949-8625-719e-b8eb-3327e5f06b2a/ 2 | -------------------------------------------------------------------------------- /IOCs/i_paid_twice/i_paid_twice_iocs_20251106.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/i_paid_twice/i_paid_twice_iocs_20251106.csv -------------------------------------------------------------------------------- /IOCs/mallox/mallox_purecrypter_iocs_20240513.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/mallox/mallox_purecrypter_iocs_20240513.csv -------------------------------------------------------------------------------- /IOCs/marsstealer/mars_stealer_iocs_20220407.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/marsstealer/mars_stealer_iocs_20220407.csv -------------------------------------------------------------------------------- /IOCs/nobelium/2022_01_06_C2 Nobelium.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/nobelium/2022_01_06_C2 Nobelium.csv -------------------------------------------------------------------------------- /IOCs/nobelium/2022_01_06_NOBELIUM_MD5: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/nobelium/2022_01_06_NOBELIUM_MD5 -------------------------------------------------------------------------------- /IOCs/nobelium/yara_rules/apt_nobelium_hta_in_iso.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/nobelium/yara_rules/apt_nobelium_hta_in_iso.yar -------------------------------------------------------------------------------- /IOCs/pikabot/pikabot_iocs_20240603.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/pikabot/pikabot_iocs_20240603.csv -------------------------------------------------------------------------------- /IOCs/privateloader/20220914_privateloader_IOC.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/privateloader/20220914_privateloader_IOC.csv -------------------------------------------------------------------------------- /IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure -------------------------------------------------------------------------------- /IOCs/raccoonstealer/raccoon_stealer_iocs_20220628.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/raccoonstealer/raccoon_stealer_iocs_20220628.csv -------------------------------------------------------------------------------- /IOCs/roamingmantis/roaming_mantis_iocs_20220718.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/roamingmantis/roaming_mantis_iocs_20220718.csv -------------------------------------------------------------------------------- /IOCs/ryuk/2020-10-29 C2 Ryuk.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/ryuk/2020-10-29 C2 Ryuk.csv -------------------------------------------------------------------------------- /IOCs/sneaky2fa/sneaky2fa_iocs_20250116.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/sneaky2fa/sneaky2fa_iocs_20250116.csv -------------------------------------------------------------------------------- /IOCs/stealc/scripts/IDA_strings_deobfuscator.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/stealc/scripts/IDA_strings_deobfuscator.py -------------------------------------------------------------------------------- /IOCs/stealc/scripts/stealc_stealer_c2_extractor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/stealc/scripts/stealc_stealer_c2_extractor.py -------------------------------------------------------------------------------- /IOCs/stealc/stealc_iocs_20230220.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/stealc/stealc_iocs_20230220.csv -------------------------------------------------------------------------------- /IOCs/stealc/suricata_rules/infostealer_stealc.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/stealc/suricata_rules/infostealer_stealc.rules -------------------------------------------------------------------------------- /IOCs/stealc/yara_rules/infostealer_stealc_behavior.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/stealc/yara_rules/infostealer_stealc_behavior.yar -------------------------------------------------------------------------------- /IOCs/tycoon2fa/tycoon2fa_iocs_20240325.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/IOCs/tycoon2fa/tycoon2fa_iocs_20240325.csv -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/LICENSE.md -------------------------------------------------------------------------------- /MaltegoTransforms/LICENSE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/MaltegoTransforms/LICENSE.md -------------------------------------------------------------------------------- /MaltegoTransforms/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/MaltegoTransforms/README.md -------------------------------------------------------------------------------- /MaltegoTransforms/assets/change-path.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/MaltegoTransforms/assets/change-path.gif -------------------------------------------------------------------------------- /MaltegoTransforms/assets/transform-vt.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/MaltegoTransforms/assets/transform-vt.png -------------------------------------------------------------------------------- /MaltegoTransforms/assets/transform-vtb.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/MaltegoTransforms/assets/transform-vtb.png -------------------------------------------------------------------------------- /MaltegoTransforms/export.mtz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/MaltegoTransforms/export.mtz -------------------------------------------------------------------------------- /MaltegoTransforms/requirements.txt: -------------------------------------------------------------------------------- 1 | ipaddress 2 | -------------------------------------------------------------------------------- /MaltegoTransforms/transforms/config.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/MaltegoTransforms/transforms/config.yaml -------------------------------------------------------------------------------- /MaltegoTransforms/transforms/libs/config.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/MaltegoTransforms/transforms/libs/config.py -------------------------------------------------------------------------------- /MaltegoTransforms/transforms/libs/transform.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/MaltegoTransforms/transforms/libs/transform.py -------------------------------------------------------------------------------- /MaltegoTransforms/transforms/openwith.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/MaltegoTransforms/transforms/openwith.py -------------------------------------------------------------------------------- /MaltegoTransforms/transforms/virustotal-behaviour.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/MaltegoTransforms/transforms/virustotal-behaviour.py -------------------------------------------------------------------------------- /MaltegoTransforms/transforms/virustotal.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/MaltegoTransforms/transforms/virustotal.py -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/README.md -------------------------------------------------------------------------------- /Reports/FLINT 2021 - Emotet (EN).pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/Reports/FLINT 2021 - Emotet (EN).pdf -------------------------------------------------------------------------------- /Reports/FLINT 2021 - Emotet (FR).pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/Reports/FLINT 2021 - Emotet (FR).pdf -------------------------------------------------------------------------------- /events/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/events/README.md -------------------------------------------------------------------------------- /events/lookups.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/events/lookups.json -------------------------------------------------------------------------------- /events/smart-descriptions.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/events/smart-descriptions.json -------------------------------------------------------------------------------- /playbooks/templates/Alerts_Shodan_Enrichment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/playbooks/templates/Alerts_Shodan_Enrichment.json -------------------------------------------------------------------------------- /playbooks/templates/CrowdSec_alert_enrichment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/playbooks/templates/CrowdSec_alert_enrichment.json -------------------------------------------------------------------------------- /playbooks/templates/Crowdstrike_dissemination.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/playbooks/templates/Crowdstrike_dissemination.json -------------------------------------------------------------------------------- /playbooks/templates/Enrich_alerts_with_AbuseIPDB.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/playbooks/templates/Enrich_alerts_with_AbuseIPDB.json -------------------------------------------------------------------------------- /playbooks/templates/Enrich_alerts_with_hostnames.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/playbooks/templates/Enrich_alerts_with_hostnames.json -------------------------------------------------------------------------------- /playbooks/templates/HTTP_request_Remediation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/playbooks/templates/HTTP_request_Remediation.json -------------------------------------------------------------------------------- /playbooks/templates/OSINT_to_observables.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/playbooks/templates/OSINT_to_observables.json -------------------------------------------------------------------------------- /playbooks/templates/Reject_old_alerts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/playbooks/templates/Reject_old_alerts.json -------------------------------------------------------------------------------- /playbooks/templates/Shodan_search_to_observables.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/playbooks/templates/Shodan_search_to_observables.json -------------------------------------------------------------------------------- /playbooks/templates/VirusTotal_Enrichement.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/playbooks/templates/VirusTotal_Enrichement.json -------------------------------------------------------------------------------- /playbooks/templates/add_domains_to_ioc_collection.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/playbooks/templates/add_domains_to_ioc_collection.json -------------------------------------------------------------------------------- /playbooks/templates/alert_webhook_internet_scan.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/playbooks/templates/alert_webhook_internet_scan.json -------------------------------------------------------------------------------- /playbooks/templates/create_jira_ticket_on_alert.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/playbooks/templates/create_jira_ticket_on_alert.json -------------------------------------------------------------------------------- /playbooks/templates/forward_google_pubsub_events.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/playbooks/templates/forward_google_pubsub_events.json -------------------------------------------------------------------------------- /playbooks/templates/forward_panda_security_events.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/playbooks/templates/forward_panda_security_events.json -------------------------------------------------------------------------------- /playbooks/templates/forward_vadesecure_records.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/playbooks/templates/forward_vadesecure_records.json -------------------------------------------------------------------------------- /playbooks/templates/imperva_waf_fetch_logs.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/playbooks/templates/imperva_waf_fetch_logs.json -------------------------------------------------------------------------------- /playbooks/templates/msteams_notification.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/playbooks/templates/msteams_notification.json -------------------------------------------------------------------------------- /playbooks/templates/playbook_adware.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/playbooks/templates/playbook_adware.json -------------------------------------------------------------------------------- /playbooks/templates/playbooks.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/playbooks/templates/playbooks.json -------------------------------------------------------------------------------- /playbooks/templates/send_alert_to_nybble_hub.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/playbooks/templates/send_alert_to_nybble_hub.json -------------------------------------------------------------------------------- /playbooks/templates/slack_notification_on_alert.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/playbooks/templates/slack_notification_on_alert.json -------------------------------------------------------------------------------- /playbooks/templates/urgency_to_0_on_rejected.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/playbooks/templates/urgency_to_0_on_rejected.json -------------------------------------------------------------------------------- /scripts/mars_stealer_c2_extractor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/scripts/mars_stealer_c2_extractor.py -------------------------------------------------------------------------------- /scripts/raccoon_stealer_v2_c2_extrator.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/scripts/raccoon_stealer_v2_c2_extrator.py -------------------------------------------------------------------------------- /scripts/test_forwarder.bash: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/scripts/test_forwarder.bash -------------------------------------------------------------------------------- /sigma_rules/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/sigma_rules/README.md -------------------------------------------------------------------------------- /sigma_rules/cloud/aws_ec2_subnet_deleted.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/sigma_rules/cloud/aws_ec2_subnet_deleted.yml -------------------------------------------------------------------------------- /sigma_rules/cloud/aws_iam_password_policy_updated.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/sigma_rules/cloud/aws_iam_password_policy_updated.yml -------------------------------------------------------------------------------- /sigma_rules/cloud/aws_s3_bucket_replication.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/sigma_rules/cloud/aws_s3_bucket_replication.yml -------------------------------------------------------------------------------- /sigma_rules/host/attrib_hiding_files.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/sigma_rules/host/attrib_hiding_files.yml -------------------------------------------------------------------------------- /sigma_rules/host/correlation_html_smuggling.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/sigma_rules/host/correlation_html_smuggling.yml -------------------------------------------------------------------------------- /sigma_rules/host/correlation_iso-lnk_chain.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/sigma_rules/host/correlation_iso-lnk_chain.yml -------------------------------------------------------------------------------- /sigma_rules/host/disable_windows_defender.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/sigma_rules/host/disable_windows_defender.yml -------------------------------------------------------------------------------- /sigma_rules/host/impacket_wmiexec.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/sigma_rules/host/impacket_wmiexec.yml -------------------------------------------------------------------------------- /sigma_rules/host/mdav_disable_base64_encoded.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/sigma_rules/host/mdav_disable_base64_encoded.yml -------------------------------------------------------------------------------- /sigma_rules/host/mdav_disable_services.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/sigma_rules/host/mdav_disable_services.yml -------------------------------------------------------------------------------- /sigma_rules/host/mdav_signatures_removed_mpcmdrun.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/sigma_rules/host/mdav_signatures_removed_mpcmdrun.yml -------------------------------------------------------------------------------- /sigma_rules/host/mdav_threat_detected.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/sigma_rules/host/mdav_threat_detected.yml -------------------------------------------------------------------------------- /sigma_rules/host/mshta_suspicious_child.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/sigma_rules/host/mshta_suspicious_child.yml -------------------------------------------------------------------------------- /sigma_rules/host/non_legit_use_eula_parameter.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/sigma_rules/host/non_legit_use_eula_parameter.yml -------------------------------------------------------------------------------- /sigma_rules/host/powershell_amsi_bypass.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/sigma_rules/host/powershell_amsi_bypass.yml -------------------------------------------------------------------------------- /sigma_rules/host/powershell_suspicious_keywords.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/sigma_rules/host/powershell_suspicious_keywords.yml -------------------------------------------------------------------------------- /sigma_rules/host/procdump_args.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/sigma_rules/host/procdump_args.yml -------------------------------------------------------------------------------- /sigma_rules/host/socks_tunneling_tool.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/sigma_rules/host/socks_tunneling_tool.yml -------------------------------------------------------------------------------- /sigma_rules/host/win_powershell_load_regkey.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/sigma_rules/host/win_powershell_load_regkey.yml -------------------------------------------------------------------------------- /sigma_rules/host/wmic_process_call_create.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/sigma_rules/host/wmic_process_call_create.yml -------------------------------------------------------------------------------- /sigma_rules/network/dynamic_dns_domain.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/sigma_rules/network/dynamic_dns_domain.yml -------------------------------------------------------------------------------- /yara_rules/apt37_rokrat_macho.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt37_rokrat_macho.yar -------------------------------------------------------------------------------- /yara_rules/apt_37_chinotto.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_37_chinotto.yar -------------------------------------------------------------------------------- /yara_rules/apt_3cx_payload_stealer.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_3cx_payload_stealer.yar -------------------------------------------------------------------------------- /yara_rules/apt_agent_racoon_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_agent_racoon_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_andariel_dorarat_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_andariel_dorarat_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_andariel_keylogger_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_andariel_keylogger_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_andariel_nestdoor_variants_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_andariel_nestdoor_variants_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_andariel_siennablue.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_andariel_siennablue.yar -------------------------------------------------------------------------------- /yara_rules/apt_apt10_hui_loader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_apt10_hui_loader.yar -------------------------------------------------------------------------------- /yara_rules/apt_apt28_document_phishing_webpage.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_apt28_document_phishing_webpage.yar -------------------------------------------------------------------------------- /yara_rules/apt_apt28_htmlsmuggling.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_apt28_htmlsmuggling.yar -------------------------------------------------------------------------------- /yara_rules/apt_apt28_htmlsmuggling_disclosing_ip.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_apt28_htmlsmuggling_disclosing_ip.yar -------------------------------------------------------------------------------- /yara_rules/apt_apt28_powershell_ntlm_stealer.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_apt28_powershell_ntlm_stealer.yar -------------------------------------------------------------------------------- /yara_rules/apt_apt28_susp_graphite_downloader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_apt28_susp_graphite_downloader.yar -------------------------------------------------------------------------------- /yara_rules/apt_apt28_ukrnet_phishing_page.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_apt28_ukrnet_phishing_page.yar -------------------------------------------------------------------------------- /yara_rules/apt_apt28_wayzgoose_exploit_string.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_apt28_wayzgoose_exploit_string.yar -------------------------------------------------------------------------------- /yara_rules/apt_apt29_malicious_rdp_file.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_apt29_malicious_rdp_file.yar -------------------------------------------------------------------------------- /yara_rules/apt_apt29_quarterrig.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_apt29_quarterrig.yar -------------------------------------------------------------------------------- /yara_rules/apt_apt29_wineloader_malicious_hta.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_apt29_wineloader_malicious_hta.yar -------------------------------------------------------------------------------- /yara_rules/apt_apt29_wineloader_malicious_pdf.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_apt29_wineloader_malicious_pdf.yar -------------------------------------------------------------------------------- /yara_rules/apt_apt31_pakdoor.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_apt31_pakdoor.yar -------------------------------------------------------------------------------- /yara_rules/apt_apt31_rekoobe.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_apt31_rekoobe.yar -------------------------------------------------------------------------------- /yara_rules/apt_apt33_falsefont.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_apt33_falsefont.yar -------------------------------------------------------------------------------- /yara_rules/apt_apt33_tickler.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_apt33_tickler.yar -------------------------------------------------------------------------------- /yara_rules/apt_apt35_iisraid_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_apt35_iisraid_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_apt37_chinotto_powershell_variant.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_apt37_chinotto_powershell_variant.yar -------------------------------------------------------------------------------- /yara_rules/apt_apt37_malicious_hta_file.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_apt37_malicious_hta_file.yar -------------------------------------------------------------------------------- /yara_rules/apt_apt41_javascript_dropper.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_apt41_javascript_dropper.yar -------------------------------------------------------------------------------- /yara_rules/apt_apt41_keyplug_dropper.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_apt41_keyplug_dropper.yar -------------------------------------------------------------------------------- /yara_rules/apt_apt41_powershell_collection_script.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_apt41_powershell_collection_script.yar -------------------------------------------------------------------------------- /yara_rules/apt_apt_k_47_orpcbackdoor.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_apt_k_47_orpcbackdoor.yar -------------------------------------------------------------------------------- /yara_rules/apt_apt_k_47_walkershell.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_apt_k_47_walkershell.yar -------------------------------------------------------------------------------- /yara_rules/apt_aptc36_vbs_maldoc.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_aptc36_vbs_maldoc.yar -------------------------------------------------------------------------------- /yara_rules/apt_aptc60_downloader_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_aptc60_downloader_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_aptk47_asyncshell.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_aptk47_asyncshell.yar -------------------------------------------------------------------------------- /yara_rules/apt_aptk47_maliciouslnk.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_aptk47_maliciouslnk.yar -------------------------------------------------------------------------------- /yara_rules/apt_aridviper_rustsysjoker.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_aridviper_rustsysjoker.yar -------------------------------------------------------------------------------- /yara_rules/apt_backdoordiplomaty_phantomnet.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_backdoordiplomaty_phantomnet.yar -------------------------------------------------------------------------------- /yara_rules/apt_badmagic_commonmagic_generic_1.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_badmagic_commonmagic_generic_1.yar -------------------------------------------------------------------------------- /yara_rules/apt_badmagic_commonmagic_generic_2.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_badmagic_commonmagic_generic_2.yar -------------------------------------------------------------------------------- /yara_rules/apt_badmagic_commonmagic_main.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_badmagic_commonmagic_main.yar -------------------------------------------------------------------------------- /yara_rules/apt_badmagic_commonmagic_usbstealer.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_badmagic_commonmagic_usbstealer.yar -------------------------------------------------------------------------------- /yara_rules/apt_badmagic_generic_pshscript.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_badmagic_generic_pshscript.yar -------------------------------------------------------------------------------- /yara_rules/apt_badmagic_installpzz_pshscript.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_badmagic_installpzz_pshscript.yar -------------------------------------------------------------------------------- /yara_rules/apt_badmagic_ld_dll_loader_pshscript.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_badmagic_ld_dll_loader_pshscript.yar -------------------------------------------------------------------------------- /yara_rules/apt_badmagic_listfiles_pshscript.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_badmagic_listfiles_pshscript.yar -------------------------------------------------------------------------------- /yara_rules/apt_badmagic_malicious_lnk.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_badmagic_malicious_lnk.yar -------------------------------------------------------------------------------- /yara_rules/apt_badmagic_modules.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_badmagic_modules.yar -------------------------------------------------------------------------------- /yara_rules/apt_badmagic_reco_pshscript.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_badmagic_reco_pshscript.yar -------------------------------------------------------------------------------- /yara_rules/apt_badmagic_startngrok_pshscript.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_badmagic_startngrok_pshscript.yar -------------------------------------------------------------------------------- /yara_rules/apt_badmagic_startrevsocks_pshscript.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_badmagic_startrevsocks_pshscript.yar -------------------------------------------------------------------------------- /yara_rules/apt_blackwood_nspx30_plugin.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_blackwood_nspx30_plugin.yar -------------------------------------------------------------------------------- /yara_rules/apt_boldmove_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_boldmove_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_buhtrap_maldocx.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_buhtrap_maldocx.yar -------------------------------------------------------------------------------- /yara_rules/apt_cerana_keeper_dropboxflop.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_cerana_keeper_dropboxflop.yar -------------------------------------------------------------------------------- /yara_rules/apt_cerana_keeper_yk0130.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_cerana_keeper_yk0130.yar -------------------------------------------------------------------------------- /yara_rules/apt_cloudatlas_init_module_virtualalloc.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_cloudatlas_init_module_virtualalloc.yar -------------------------------------------------------------------------------- /yara_rules/apt_cloudatlas_powershower_clean.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_cloudatlas_powershower_clean.yar -------------------------------------------------------------------------------- /yara_rules/apt_cloudatlas_powershower_module.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_cloudatlas_powershower_module.yar -------------------------------------------------------------------------------- /yara_rules/apt_cloudatlas_powershower_variant.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_cloudatlas_powershower_variant.yar -------------------------------------------------------------------------------- /yara_rules/apt_cloudatlas_powertunnel.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_cloudatlas_powertunnel.yar -------------------------------------------------------------------------------- /yara_rules/apt_cloudatlas_powertunnel_loader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_cloudatlas_powertunnel_loader.yar -------------------------------------------------------------------------------- /yara_rules/apt_cloudmensis_downloader_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_cloudmensis_downloader_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_cloudmensis_spyagent_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_cloudmensis_spyagent_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_coathanger_beacon.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_coathanger_beacon.yar -------------------------------------------------------------------------------- /yara_rules/apt_coathanger_files.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_coathanger_files.yar -------------------------------------------------------------------------------- /yara_rules/apt_cottonsandstorm_win_implant.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_cottonsandstorm_win_implant.yar -------------------------------------------------------------------------------- /yara_rules/apt_dark_pink_pdb_path.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_dark_pink_pdb_path.yar -------------------------------------------------------------------------------- /yara_rules/apt_darkpink_kamikakabot_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_darkpink_kamikakabot_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_darkpink_sample.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_darkpink_sample.yar -------------------------------------------------------------------------------- /yara_rules/apt_emberbear_credpump_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_emberbear_credpump_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_evasive_panda_rphost_dll.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_evasive_panda_rphost_dll.yar -------------------------------------------------------------------------------- /yara_rules/apt_flightnight_malicious_lnk.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_flightnight_malicious_lnk.yar -------------------------------------------------------------------------------- /yara_rules/apt_gamaredon_ddrdoh_vbs_downloader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_gamaredon_ddrdoh_vbs_downloader.yar -------------------------------------------------------------------------------- /yara_rules/apt_gamaredon_doc_external_template.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_gamaredon_doc_external_template.yar -------------------------------------------------------------------------------- /yara_rules/apt_gamaredon_flash_infostealer.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_gamaredon_flash_infostealer.yar -------------------------------------------------------------------------------- /yara_rules/apt_gamaredon_gammaload_malicioushta.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_gamaredon_gammaload_malicioushta.yar -------------------------------------------------------------------------------- /yara_rules/apt_gamaredon_gammaload_maliciouslnk.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_gamaredon_gammaload_maliciouslnk.yar -------------------------------------------------------------------------------- /yara_rules/apt_gamaredon_htmlsmuggling_2024.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_gamaredon_htmlsmuggling_2024.yar -------------------------------------------------------------------------------- /yara_rules/apt_gamaredon_lnk.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_gamaredon_lnk.yar -------------------------------------------------------------------------------- /yara_rules/apt_gamaredon_lnk_spreader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_gamaredon_lnk_spreader.yar -------------------------------------------------------------------------------- /yara_rules/apt_gamaredon_lnks_farl139_hostname.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_gamaredon_lnks_farl139_hostname.yar -------------------------------------------------------------------------------- /yara_rules/apt_gamaredon_powerrevshell.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_gamaredon_powerrevshell.yar -------------------------------------------------------------------------------- /yara_rules/apt_gamaredon_stealer_obfuscation_1.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_gamaredon_stealer_obfuscation_1.yar -------------------------------------------------------------------------------- /yara_rules/apt_gamaredon_stealer_obfuscation_2.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_gamaredon_stealer_obfuscation_2.yar -------------------------------------------------------------------------------- /yara_rules/apt_gamaredon_subtle_paws.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_gamaredon_subtle_paws.yar -------------------------------------------------------------------------------- /yara_rules/apt_gamaredon_vbs_downloader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_gamaredon_vbs_downloader.yar -------------------------------------------------------------------------------- /yara_rules/apt_gelsemium_firewood_backdoor.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_gelsemium_firewood_backdoor.yar -------------------------------------------------------------------------------- /yara_rules/apt_gelsemium_wolfsbane_backdoor.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_gelsemium_wolfsbane_backdoor.yar -------------------------------------------------------------------------------- /yara_rules/apt_gelsemium_wolfsbane_launcher.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_gelsemium_wolfsbane_launcher.yar -------------------------------------------------------------------------------- /yara_rules/apt_gelsemium_wolfsbane_rootkit.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_gelsemium_wolfsbane_rootkit.yar -------------------------------------------------------------------------------- /yara_rules/apt_globalshadow.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_globalshadow.yar -------------------------------------------------------------------------------- /yara_rules/apt_gobrat_2.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_gobrat_2.yar -------------------------------------------------------------------------------- /yara_rules/apt_granitetyphoon_sword2023_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_granitetyphoon_sword2023_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_icepeony_icecache.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_icepeony_icecache.yar -------------------------------------------------------------------------------- /yara_rules/apt_icepeony_iceevent.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_icepeony_iceevent.yar -------------------------------------------------------------------------------- /yara_rules/apt_implant_xdealer_stealer_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_implant_xdealer_stealer_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_implant_xdealer_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_implant_xdealer_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_ir_sugarush_implant.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_ir_sugarush_implant.yar -------------------------------------------------------------------------------- /yara_rules/apt_ivanti_krustyloader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_ivanti_krustyloader.yar -------------------------------------------------------------------------------- /yara_rules/apt_kimsuky_fpspy.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_kimsuky_fpspy.yar -------------------------------------------------------------------------------- /yara_rules/apt_kimsuky_klogexe.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_kimsuky_klogexe.yar -------------------------------------------------------------------------------- /yara_rules/apt_kimsuky_malicious_gotopwsh_lnk.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_kimsuky_malicious_gotopwsh_lnk.yar -------------------------------------------------------------------------------- /yara_rules/apt_kimsuky_malicious_vba.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_kimsuky_malicious_vba.yar -------------------------------------------------------------------------------- /yara_rules/apt_kimsuky_powershell.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_kimsuky_powershell.yar -------------------------------------------------------------------------------- /yara_rules/apt_kimsuky_sharpext_devps1_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_kimsuky_sharpext_devps1_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_kimsuky_sharpext_jsexfil_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_kimsuky_sharpext_jsexfil_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_kimsuky_sharptongue_c2_source.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_kimsuky_sharptongue_c2_source.yar -------------------------------------------------------------------------------- /yara_rules/apt_kimsuky_sharptongue_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_kimsuky_sharptongue_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_kimsuky_toddlershark_obfuscated.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_kimsuky_toddlershark_obfuscated.yar -------------------------------------------------------------------------------- /yara_rules/apt_kimsuky_toddlershark_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_kimsuky_toddlershark_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_kimsuky_validator_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_kimsuky_validator_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_kimsuky_vbs.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_kimsuky_vbs.yar -------------------------------------------------------------------------------- /yara_rules/apt_konni.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_konni.yar -------------------------------------------------------------------------------- /yara_rules/apt_konni_check_bat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_konni_check_bat.yar -------------------------------------------------------------------------------- /yara_rules/apt_konni_dropper.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_konni_dropper.yar -------------------------------------------------------------------------------- /yara_rules/apt_lazarus_backdoored_jslib.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_lazarus_backdoored_jslib.yar -------------------------------------------------------------------------------- /yara_rules/apt_lazarus_blindingcan_rtti.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_lazarus_blindingcan_rtti.yar -------------------------------------------------------------------------------- /yara_rules/apt_lazarus_dangerouspassword_lnk.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_lazarus_dangerouspassword_lnk.yar -------------------------------------------------------------------------------- /yara_rules/apt_lazarus_dll_c2_comms.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_lazarus_dll_c2_comms.yar -------------------------------------------------------------------------------- /yara_rules/apt_lazarus_gopuram_backdoor.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_lazarus_gopuram_backdoor.yar -------------------------------------------------------------------------------- /yara_rules/apt_lazarus_lambload_timecheck.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_lazarus_lambload_timecheck.yar -------------------------------------------------------------------------------- /yara_rules/apt_lazarus_pondrat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_lazarus_pondrat.yar -------------------------------------------------------------------------------- /yara_rules/apt_lazarus_vhd_ransomware_loader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_lazarus_vhd_ransomware_loader.yar -------------------------------------------------------------------------------- /yara_rules/apt_luckymouse_rshell_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_luckymouse_rshell_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_malware_pocoproxy.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_malware_pocoproxy.yar -------------------------------------------------------------------------------- /yara_rules/apt_menupass_maliciouslibvlc_dll.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_menupass_maliciouslibvlc_dll.yar -------------------------------------------------------------------------------- /yara_rules/apt_micdown_encrypted_configuration.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_micdown_encrypted_configuration.yar -------------------------------------------------------------------------------- /yara_rules/apt_muddywater_moriagent.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_muddywater_moriagent.yar -------------------------------------------------------------------------------- /yara_rules/apt_muddywater_powgoop_decode_loop.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_muddywater_powgoop_decode_loop.yar -------------------------------------------------------------------------------- /yara_rules/apt_muddywater_powgoop_decoded.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_muddywater_powgoop_decoded.yar -------------------------------------------------------------------------------- /yara_rules/apt_muddywater_powgoop_loader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_muddywater_powgoop_loader.yar -------------------------------------------------------------------------------- /yara_rules/apt_muddywater_rotrot_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_muddywater_rotrot_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_mustang_panda_nupakage.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_mustang_panda_nupakage.yar -------------------------------------------------------------------------------- /yara_rules/apt_mustang_panda_toneins.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_mustang_panda_toneins.yar -------------------------------------------------------------------------------- /yara_rules/apt_mustang_panda_toneshell.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_mustang_panda_toneshell.yar -------------------------------------------------------------------------------- /yara_rules/apt_mustangpanda_coolclient.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_mustangpanda_coolclient.yar -------------------------------------------------------------------------------- /yara_rules/apt_mustangpanda_decrypt_payload.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_mustangpanda_decrypt_payload.yar -------------------------------------------------------------------------------- /yara_rules/apt_mustangpanda_downloader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_mustangpanda_downloader.yar -------------------------------------------------------------------------------- /yara_rules/apt_mustangpanda_malicious_lnk_worm.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_mustangpanda_malicious_lnk_worm.yar -------------------------------------------------------------------------------- /yara_rules/apt_mustangpanda_mqsttang_qmagent.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_mustangpanda_mqsttang_qmagent.yar -------------------------------------------------------------------------------- /yara_rules/apt_mustangpanda_payload.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_mustangpanda_payload.yar -------------------------------------------------------------------------------- /yara_rules/apt_mustangpanda_tinynote.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_mustangpanda_tinynote.yar -------------------------------------------------------------------------------- /yara_rules/apt_mustangpanda_tonedrop.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_mustangpanda_tonedrop.yar -------------------------------------------------------------------------------- /yara_rules/apt_mustangpanda_windows_remoteshell.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_mustangpanda_windows_remoteshell.yar -------------------------------------------------------------------------------- /yara_rules/apt_mustangpanda_xoreddll.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_mustangpanda_xoreddll.yar -------------------------------------------------------------------------------- /yara_rules/apt_mustangpanda_zpakage.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_mustangpanda_zpakage.yar -------------------------------------------------------------------------------- /yara_rules/apt_nobelium_nativezone_gen.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_nobelium_nativezone_gen.yar -------------------------------------------------------------------------------- /yara_rules/apt_oilrig_clipog_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_oilrig_clipog_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_oilrig_maliciousdocument_may2022.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_oilrig_maliciousdocument_may2022.yar -------------------------------------------------------------------------------- /yara_rules/apt_oilrig_odagent_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_oilrig_odagent_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_oilrig_oilbooster_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_oilrig_oilbooster_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_oilrig_powerexchange.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_oilrig_powerexchange.yar -------------------------------------------------------------------------------- /yara_rules/apt_oilrig_saitama_backdoor_may2022.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_oilrig_saitama_backdoor_may2022.yar -------------------------------------------------------------------------------- /yara_rules/apt_oilrig_sc5kv3_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_oilrig_sc5kv3_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_oilrig_webshell.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_oilrig_webshell.yar -------------------------------------------------------------------------------- /yara_rules/apt_polonium_deepcreep_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_polonium_deepcreep_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_polonium_megacreep_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_polonium_megacreep_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_polonium_technocreep_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_polonium_technocreep_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_qnapworm_loader_may2022.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_qnapworm_loader_may2022.yar -------------------------------------------------------------------------------- /yara_rules/apt_queueseed.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_queueseed.yar -------------------------------------------------------------------------------- /yara_rules/apt_reaper_2fa_phishing_webpage.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_reaper_2fa_phishing_webpage.yar -------------------------------------------------------------------------------- /yara_rules/apt_reaper_malicious_lnk.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_reaper_malicious_lnk.yar -------------------------------------------------------------------------------- /yara_rules/apt_redhotel_maliciouslnk_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_redhotel_maliciouslnk_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_rusticweb_stealer.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_rusticweb_stealer.yar -------------------------------------------------------------------------------- /yara_rules/apt_sandworm_notpetya_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_sandworm_notpetya_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_sandworm_olympicdestroyer.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_sandworm_olympicdestroyer.yar -------------------------------------------------------------------------------- /yara_rules/apt_sandworm_orcshred_apr2022.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_sandworm_orcshred_apr2022.yar -------------------------------------------------------------------------------- /yara_rules/apt_sandworm_powergap_apr2022.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_sandworm_powergap_apr2022.yar -------------------------------------------------------------------------------- /yara_rules/apt_scanbox_framework_not_obfuscated.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_scanbox_framework_not_obfuscated.yar -------------------------------------------------------------------------------- /yara_rules/apt_scanbox_obfuscated_versions.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_scanbox_obfuscated_versions.yar -------------------------------------------------------------------------------- /yara_rules/apt_shadowpad_first_called_function.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_shadowpad_first_called_function.yar -------------------------------------------------------------------------------- /yara_rules/apt_sidecopy_cheex.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_sidecopy_cheex.yar -------------------------------------------------------------------------------- /yara_rules/apt_sidecopy_malicious_macro.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_sidecopy_malicious_macro.yar -------------------------------------------------------------------------------- /yara_rules/apt_sidecopy_reverserat_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_sidecopy_reverserat_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_sofacy_graphitemalware_generic.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_sofacy_graphitemalware_generic.yar -------------------------------------------------------------------------------- /yara_rules/apt_spikedwine_malicious_hta.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_spikedwine_malicious_hta.yar -------------------------------------------------------------------------------- /yara_rules/apt_spikedwine_wineloader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_spikedwine_wineloader.yar -------------------------------------------------------------------------------- /yara_rules/apt_spynote_android_dex_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_spynote_android_dex_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_stripedfly.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_stripedfly.yar -------------------------------------------------------------------------------- /yara_rules/apt_sugargh0stcampaign_malicious_lnk.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_sugargh0stcampaign_malicious_lnk.yar -------------------------------------------------------------------------------- /yara_rules/apt_susp_apt28_uac0063_hatvibe.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_susp_apt28_uac0063_hatvibe.yar -------------------------------------------------------------------------------- /yara_rules/apt_susp_apt28_uac0063_hta_loader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_susp_apt28_uac0063_hta_loader.yar -------------------------------------------------------------------------------- /yara_rules/apt_susp_apt28_uac0063_malicious_doc.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_susp_apt28_uac0063_malicious_doc.yar -------------------------------------------------------------------------------- /yara_rules/apt_susp_lazarus_dangerous_password.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_susp_lazarus_dangerous_password.yar -------------------------------------------------------------------------------- /yara_rules/apt_suspected_sandworm_sdelete_wiper.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_suspected_sandworm_sdelete_wiper.yar -------------------------------------------------------------------------------- /yara_rules/apt_ta410_driver_keylogger.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_ta410_driver_keylogger.yar -------------------------------------------------------------------------------- /yara_rules/apt_ta410_flowcloud_loader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_ta410_flowcloud_loader.yar -------------------------------------------------------------------------------- /yara_rules/apt_ta410_flowcloud_rtti.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_ta410_flowcloud_rtti.yar -------------------------------------------------------------------------------- /yara_rules/apt_ta428_tmanger_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_ta428_tmanger_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_tealkurma_snappytcp_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_tealkurma_snappytcp_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_toddycat_toddybox_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_toddycat_toddybox_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_toddycat_tomberbil_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_toddycat_tomberbil_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_toddycat_waexp_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_toddycat_waexp_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_toneshell_loader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_toneshell_loader.yar -------------------------------------------------------------------------------- /yara_rules/apt_toneshell_shellcode.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_toneshell_shellcode.yar -------------------------------------------------------------------------------- /yara_rules/apt_tortoiseshell_imaploader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_tortoiseshell_imaploader.yar -------------------------------------------------------------------------------- /yara_rules/apt_turla_comlook.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_turla_comlook.yar -------------------------------------------------------------------------------- /yara_rules/apt_turla_kazuar_variant_2023.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_turla_kazuar_variant_2023.yar -------------------------------------------------------------------------------- /yara_rules/apt_uac0099_lonepage.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_uac0099_lonepage.yar -------------------------------------------------------------------------------- /yara_rules/apt_uac0154_malicious_html_smuggling.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_uac0154_malicious_html_smuggling.yar -------------------------------------------------------------------------------- /yara_rules/apt_unc3524_quietexit_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_unc3524_quietexit_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_unc4990_emptyspace_pyc.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_unc4990_emptyspace_pyc.yar -------------------------------------------------------------------------------- /yara_rules/apt_unc4990_explorer_ps1.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_unc4990_explorer_ps1.yar -------------------------------------------------------------------------------- /yara_rules/apt_unc4990_explorer_ps1_reverse_b64.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_unc4990_explorer_ps1_reverse_b64.yar -------------------------------------------------------------------------------- /yara_rules/apt_unk_batcopier_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_unk_batcopier_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_unk_hrserv_webshell_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_unk_hrserv_webshell_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_unk_malicious_lnk.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_unk_malicious_lnk.yar -------------------------------------------------------------------------------- /yara_rules/apt_uta0218_upstyle_backdoor_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_uta0218_upstyle_backdoor_strings.yar -------------------------------------------------------------------------------- /yara_rules/apt_win_disabledefender.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_win_disabledefender.yar -------------------------------------------------------------------------------- /yara_rules/apt_windows_wip19_screencap.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_windows_wip19_screencap.yar -------------------------------------------------------------------------------- /yara_rules/apt_yemen_apk_guardzoo.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/apt_yemen_apk_guardzoo.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_blueshell.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_blueshell.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_lin_bifrost.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_lin_bifrost.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_lin_bpfdoor.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_lin_bpfdoor.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_lin_sysupdate.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_lin_sysupdate.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_mul_sparkrat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_mul_sparkrat.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_mul_supershell_client.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_mul_supershell_client.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_oyster.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_oyster.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_powershellempire_csharp.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_powershellempire_csharp.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_powershellempire_gen.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_powershellempire_gen.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_powershellempire_python.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_powershellempire_python.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_powershellempire_sharpire.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_powershellempire_sharpire.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_sandman_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_sandman_strings.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_win_andardoor.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_win_andardoor.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_win_blackrat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_win_blackrat.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_win_feedload.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_win_feedload.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_win_foresttiger.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_win_foresttiger.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_win_headertip.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_win_headertip.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_win_ketrum2.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_win_ketrum2.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_win_kimsuky.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_win_kimsuky.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_win_mgbot_main.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_win_mgbot_main.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_win_minibike.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_win_minibike.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_win_minibus.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_win_minibus.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_win_nukesped_andariel.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_win_nukesped_andariel.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_win_rokrat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_win_rokrat.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_win_rollsling.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_win_rollsling.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_win_spacecolon.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_win_spacecolon.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_win_sponsor.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_win_sponsor.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_win_volgmer.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_win_volgmer.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_win_warhawk.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_win_warhawk.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_win_winordll64.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_win_winordll64.yar -------------------------------------------------------------------------------- /yara_rules/backdoor_xploitspy_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backdoor_xploitspy_strings.yar -------------------------------------------------------------------------------- /yara_rules/backoor_win_gobear.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backoor_win_gobear.yar -------------------------------------------------------------------------------- /yara_rules/backoor_win_tinyturla_ng.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/backoor_win_tinyturla_ng.yar -------------------------------------------------------------------------------- /yara_rules/bot_lin_enemybot_april22.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/bot_lin_enemybot_april22.yar -------------------------------------------------------------------------------- /yara_rules/bot_lin_kinsing_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/bot_lin_kinsing_strings.yar -------------------------------------------------------------------------------- /yara_rules/bot_lin_lucifer_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/bot_lin_lucifer_strings.yar -------------------------------------------------------------------------------- /yara_rules/bot_lin_xorddos_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/bot_lin_xorddos_strings.yar -------------------------------------------------------------------------------- /yara_rules/bot_lin_zerobot_dec22.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/bot_lin_zerobot_dec22.yar -------------------------------------------------------------------------------- /yara_rules/bot_win_yamabot.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/bot_win_yamabot.yar -------------------------------------------------------------------------------- /yara_rules/botnet_lin_tsunami.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/botnet_lin_tsunami.yar -------------------------------------------------------------------------------- /yara_rules/builder_win_royalroad_rtf.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/builder_win_royalroad_rtf.yar -------------------------------------------------------------------------------- /yara_rules/bumblebee_loader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/bumblebee_loader.yar -------------------------------------------------------------------------------- /yara_rules/bumblebee_vhd.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/bumblebee_vhd.yar -------------------------------------------------------------------------------- /yara_rules/clipper_win_atlas_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/clipper_win_atlas_strings.yar -------------------------------------------------------------------------------- /yara_rules/clipper_win_cryptoclippy.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/clipper_win_cryptoclippy.yar -------------------------------------------------------------------------------- /yara_rules/clwiper_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/clwiper_strings.yar -------------------------------------------------------------------------------- /yara_rules/crime_sload_mainpowershellimplant.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/crime_sload_mainpowershellimplant.yar -------------------------------------------------------------------------------- /yara_rules/crime_sload_vbs_downloader_strings_1.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/crime_sload_vbs_downloader_strings_1.yar -------------------------------------------------------------------------------- /yara_rules/crime_sload_vbs_downloader_strings_2.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/crime_sload_vbs_downloader_strings_2.yar -------------------------------------------------------------------------------- /yara_rules/crime_sload_vbs_wsf_downloader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/crime_sload_vbs_wsf_downloader.yar -------------------------------------------------------------------------------- /yara_rules/crime_sload_zip_archives.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/crime_sload_zip_archives.yar -------------------------------------------------------------------------------- /yara_rules/crimeware_njrat_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/crimeware_njrat_strings.yar -------------------------------------------------------------------------------- /yara_rules/crybercrime_prophetspider_proxy.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/crybercrime_prophetspider_proxy.yar -------------------------------------------------------------------------------- /yara_rules/crypter_vbs_to_exe.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/crypter_vbs_to_exe.yar -------------------------------------------------------------------------------- /yara_rules/crypter_win_dotrunpex.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/crypter_win_dotrunpex.yar -------------------------------------------------------------------------------- /yara_rules/darkriver_encodedurl.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/darkriver_encodedurl.yar -------------------------------------------------------------------------------- /yara_rules/dotnet_injector_new_payload.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/dotnet_injector_new_payload.yar -------------------------------------------------------------------------------- /yara_rules/downloader_kimsuky_lnk.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/downloader_kimsuky_lnk.yar -------------------------------------------------------------------------------- /yara_rules/downloader_mac_rustbucket.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/downloader_mac_rustbucket.yar -------------------------------------------------------------------------------- /yara_rules/downloader_mac_smooth_operator.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/downloader_mac_smooth_operator.yar -------------------------------------------------------------------------------- /yara_rules/downloader_win_andarloader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/downloader_win_andarloader.yar -------------------------------------------------------------------------------- /yara_rules/downloader_win_apt33_tickler.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/downloader_win_apt33_tickler.yar -------------------------------------------------------------------------------- /yara_rules/downloader_win_cobianrat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/downloader_win_cobianrat.yar -------------------------------------------------------------------------------- /yara_rules/downloader_win_curl_agent.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/downloader_win_curl_agent.yar -------------------------------------------------------------------------------- /yara_rules/downloader_win_donot.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/downloader_win_donot.yar -------------------------------------------------------------------------------- /yara_rules/downloader_win_fake_tor_browser.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/downloader_win_fake_tor_browser.yar -------------------------------------------------------------------------------- /yara_rules/downloader_win_newsterminal.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/downloader_win_newsterminal.yar -------------------------------------------------------------------------------- /yara_rules/downloader_win_search.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/downloader_win_search.yar -------------------------------------------------------------------------------- /yara_rules/dropper_mac_lazarus_manuscrypt.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/dropper_mac_lazarus_manuscrypt.yar -------------------------------------------------------------------------------- /yara_rules/dropper_win_konni_cab.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/dropper_win_konni_cab.yar -------------------------------------------------------------------------------- /yara_rules/dropper_win_ninerat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/dropper_win_ninerat.yar -------------------------------------------------------------------------------- /yara_rules/dropper_win_romcom_dropper.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/dropper_win_romcom_dropper.yar -------------------------------------------------------------------------------- /yara_rules/dropper_win_selfau3.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/dropper_win_selfau3.yar -------------------------------------------------------------------------------- /yara_rules/emmenhtal_strings_hta_exe.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/emmenhtal_strings_hta_exe.yar -------------------------------------------------------------------------------- /yara_rules/evilnumpayload_fmtstr.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/evilnumpayload_fmtstr.yar -------------------------------------------------------------------------------- /yara_rules/exploit_cve20191458_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/exploit_cve20191458_strings.yar -------------------------------------------------------------------------------- /yara_rules/exploit_ez_pwnkit_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/exploit_ez_pwnkit_strings.yar -------------------------------------------------------------------------------- /yara_rules/exploit_linux_eop_dirtyc0w_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/exploit_linux_eop_dirtyc0w_strings.yar -------------------------------------------------------------------------------- /yara_rules/exploit_linux_eop_dirtypipe_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/exploit_linux_eop_dirtypipe_strings.yar -------------------------------------------------------------------------------- /yara_rules/exploit_linux_eop_pwnkit_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/exploit_linux_eop_pwnkit_strings.yar -------------------------------------------------------------------------------- /yara_rules/exploit_win_cloudatlas_cve_2018_0798.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/exploit_win_cloudatlas_cve_2018_0798.yar -------------------------------------------------------------------------------- /yara_rules/gen_empire_onedrive_stager.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/gen_empire_onedrive_stager.yar -------------------------------------------------------------------------------- /yara_rules/generic_perl_reverse_shell.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/generic_perl_reverse_shell.yar -------------------------------------------------------------------------------- /yara_rules/generic_php_webshell.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/generic_php_webshell.yar -------------------------------------------------------------------------------- /yara_rules/generic_python_reverse_shell.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/generic_python_reverse_shell.yar -------------------------------------------------------------------------------- /yara_rules/generic_sharpshooter_payload_1.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/generic_sharpshooter_payload_1.yar -------------------------------------------------------------------------------- /yara_rules/generic_sharpshooter_payload_10.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/generic_sharpshooter_payload_10.yar -------------------------------------------------------------------------------- /yara_rules/generic_sharpshooter_payload_11.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/generic_sharpshooter_payload_11.yar -------------------------------------------------------------------------------- /yara_rules/generic_sharpshooter_payload_12.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/generic_sharpshooter_payload_12.yar -------------------------------------------------------------------------------- /yara_rules/generic_sharpshooter_payload_13.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/generic_sharpshooter_payload_13.yar -------------------------------------------------------------------------------- /yara_rules/generic_sharpshooter_payload_2.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/generic_sharpshooter_payload_2.yar -------------------------------------------------------------------------------- /yara_rules/generic_sharpshooter_payload_3.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/generic_sharpshooter_payload_3.yar -------------------------------------------------------------------------------- /yara_rules/generic_sharpshooter_payload_4.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/generic_sharpshooter_payload_4.yar -------------------------------------------------------------------------------- /yara_rules/generic_sharpshooter_payload_5.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/generic_sharpshooter_payload_5.yar -------------------------------------------------------------------------------- /yara_rules/generic_sharpshooter_payload_6.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/generic_sharpshooter_payload_6.yar -------------------------------------------------------------------------------- /yara_rules/generic_sharpshooter_payload_7.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/generic_sharpshooter_payload_7.yar -------------------------------------------------------------------------------- /yara_rules/generic_sharpshooter_payload_8.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/generic_sharpshooter_payload_8.yar -------------------------------------------------------------------------------- /yara_rules/generic_sharpshooter_payload_9.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/generic_sharpshooter_payload_9.yar -------------------------------------------------------------------------------- /yara_rules/guerrilla_lemongroup.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/guerrilla_lemongroup.yar -------------------------------------------------------------------------------- /yara_rules/guloader_lnk_file.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/guloader_lnk_file.yar -------------------------------------------------------------------------------- /yara_rules/guloader_powershell_1.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/guloader_powershell_1.yar -------------------------------------------------------------------------------- /yara_rules/guloader_unpacker.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/guloader_unpacker.yar -------------------------------------------------------------------------------- /yara_rules/guloader_unpacker_decoded.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/guloader_unpacker_decoded.yar -------------------------------------------------------------------------------- /yara_rules/guloader_vbscript.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/guloader_vbscript.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_credentialkatz.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_credentialkatz.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_defendercontrol_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_defendercontrol_strings.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_dnscat2_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_dnscat2_strings.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_duplicatedump_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_duplicatedump_strings.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_earthworm_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_earthworm_strings.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_fscan_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_fscan_strings.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_gtunnel_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_gtunnel_strings.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_impacket_compiled_binary.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_impacket_compiled_binary.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_iox_tunneling.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_iox_tunneling.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_ipmipwner_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_ipmipwner_strings.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_lazagne_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_lazagne_strings.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_ligolo_relay_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_ligolo_relay_strings.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_ligolo_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_ligolo_strings.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_microsocks_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_microsocks_strings.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_mimikat_ssp_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_mimikat_ssp_strings.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_mimikatz_obfuscated.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_mimikatz_obfuscated.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_mimilite.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_mimilite.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_nbtscan_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_nbtscan_strings.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_ntdsdumpex_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_ntdsdumpex_strings.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_ntospy_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_ntospy_strings.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_pplblade_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_pplblade_strings.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_rubeus_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_rubeus_strings.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_sharpview_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_sharpview_strings.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_socat_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_socat_strings.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_stowaway_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_stowaway_strings.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_win_cookiekatz.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_win_cookiekatz.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_win_gmer.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_win_gmer.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_win_powertool.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_win_powertool.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_win_processhacker.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_win_processhacker.yar -------------------------------------------------------------------------------- /yara_rules/hacktool_win_uknowseckeylogger.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hacktool_win_uknowseckeylogger.yar -------------------------------------------------------------------------------- /yara_rules/hafnium_tarrask_malware.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/hafnium_tarrask_malware.yar -------------------------------------------------------------------------------- /yara_rules/icebot_exported_function.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/icebot_exported_function.yar -------------------------------------------------------------------------------- /yara_rules/icedid_chm_ttp.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/icedid_chm_ttp.yar -------------------------------------------------------------------------------- /yara_rules/implant_any_sliver.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/implant_any_sliver.yar -------------------------------------------------------------------------------- /yara_rules/implant_any_sliver_not_stripped.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/implant_any_sliver_not_stripped.yar -------------------------------------------------------------------------------- /yara_rules/implant_lin_geacon.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/implant_lin_geacon.yar -------------------------------------------------------------------------------- /yara_rules/implant_lin_lightning.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/implant_lin_lightning.yar -------------------------------------------------------------------------------- /yara_rules/implant_mac_rustbucket.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/implant_mac_rustbucket.yar -------------------------------------------------------------------------------- /yara_rules/implant_macos_geacon.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/implant_macos_geacon.yar -------------------------------------------------------------------------------- /yara_rules/implant_mul_alchimist.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/implant_mul_alchimist.yar -------------------------------------------------------------------------------- /yara_rules/implant_win_apt29_2022_10.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/implant_win_apt29_2022_10.yar -------------------------------------------------------------------------------- /yara_rules/implant_win_flagpro.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/implant_win_flagpro.yar -------------------------------------------------------------------------------- /yara_rules/implant_win_geacon.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/implant_win_geacon.yar -------------------------------------------------------------------------------- /yara_rules/implant_win_graphiron_downloader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/implant_win_graphiron_downloader.yar -------------------------------------------------------------------------------- /yara_rules/implant_win_havoc_default_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/implant_win_havoc_default_strings.yar -------------------------------------------------------------------------------- /yara_rules/implant_win_incontroller.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/implant_win_incontroller.yar -------------------------------------------------------------------------------- /yara_rules/implant_win_knotweed_jumplump.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/implant_win_knotweed_jumplump.yar -------------------------------------------------------------------------------- /yara_rules/implant_win_lyceum.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/implant_win_lyceum.yar -------------------------------------------------------------------------------- /yara_rules/implant_win_magicrat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/implant_win_magicrat.yar -------------------------------------------------------------------------------- /yara_rules/implant_win_mysterysnail.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/implant_win_mysterysnail.yar -------------------------------------------------------------------------------- /yara_rules/implant_win_pingpull.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/implant_win_pingpull.yar -------------------------------------------------------------------------------- /yara_rules/implant_win_quantum_builder_lnk.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/implant_win_quantum_builder_lnk.yar -------------------------------------------------------------------------------- /yara_rules/implant_win_quasarrat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/implant_win_quasarrat.yar -------------------------------------------------------------------------------- /yara_rules/implant_win_sliver_dll.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/implant_win_sliver_dll.yar -------------------------------------------------------------------------------- /yara_rules/in2al5d_p3in4er_loader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/in2al5d_p3in4er_loader.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_mac_realst.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_mac_realst.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_44caliber.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_44caliber.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_acridrain_mar23.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_acridrain_mar23.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_acrstealer_str.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_acrstealer_str.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_agrat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_agrat.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_aurora.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_aurora.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_aurora_str.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_aurora_str.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_banditstealer.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_banditstealer.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_bebra.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_bebra.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_blackcap.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_blackcap.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_blackguard_mar23.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_blackguard_mar23.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_blustealer.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_blustealer.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_cinoshistealer.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_cinoshistealer.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_daolpu_str.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_daolpu_str.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_doenerium_str.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_doenerium_str.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_ducklogs.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_ducklogs.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_edgeguard.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_edgeguard.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_enigma_loader_module.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_enigma_loader_module.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_eternity.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_eternity.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_fwit_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_fwit_strings.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_ginzostealer_str.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_ginzostealer_str.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_gomorrah.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_gomorrah.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_grmsk_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_grmsk_strings.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_leaf.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_leaf.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_lighting.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_lighting.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_lumma_strings_aug23.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_lumma_strings_aug23.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_lumma_strings_sept23.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_lumma_strings_sept23.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_mars_stealer.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_mars_stealer.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_meduzastealer.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_meduzastealer.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_metastealer_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_metastealer_strings.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_monster_stub.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_monster_stub.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_nekostealer.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_nekostealer.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_nemesis_in_memory.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_nemesis_in_memory.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_nosu.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_nosu.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_pennywise_mar23.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_pennywise_mar23.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_phoenix.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_phoenix.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_phoenixwave.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_phoenixwave.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_redline_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_redline_strings.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_solarmarker_dll.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_solarmarker_dll.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_spacestealer.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_spacestealer.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_stealc.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_stealc.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_stealc_str_oct24.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_stealc_str_oct24.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_stealerium.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_stealerium.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_stormkitty.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_stormkitty.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_titan.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_titan.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_vidar_str_jul22.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_vidar_str_jul22.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_vidar_strings_nov23.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_vidar_strings_nov23.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_vulturi.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_vulturi.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_xehook_str.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_xehook_str.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_xenostealer_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_xenostealer_strings.yar -------------------------------------------------------------------------------- /yara_rules/infostealer_win_xfiles.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/infostealer_win_xfiles.yar -------------------------------------------------------------------------------- /yara_rules/installer_win_minibus.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/installer_win_minibus.yar -------------------------------------------------------------------------------- /yara_rules/keylogger_win_donot.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/keylogger_win_donot.yar -------------------------------------------------------------------------------- /yara_rules/killfloor_avkiller_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/killfloor_avkiller_strings.yar -------------------------------------------------------------------------------- /yara_rules/kimsuky_konni_dll.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/kimsuky_konni_dll.yar -------------------------------------------------------------------------------- /yara_rules/koi_koiloader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/koi_koiloader.yar -------------------------------------------------------------------------------- /yara_rules/koi_netstealer.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/koi_netstealer.yar -------------------------------------------------------------------------------- /yara_rules/koi_powershell_loading_obfuscatednet.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/koi_powershell_loading_obfuscatednet.yar -------------------------------------------------------------------------------- /yara_rules/koiloader_lnk.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/koiloader_lnk.yar -------------------------------------------------------------------------------- /yara_rules/latrodectus_br4_js_dropper.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/latrodectus_br4_js_dropper.yar -------------------------------------------------------------------------------- /yara_rules/latrodectus_exports.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/latrodectus_exports.yar -------------------------------------------------------------------------------- /yara_rules/launcher_win_bluehaze.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/launcher_win_bluehaze.yar -------------------------------------------------------------------------------- /yara_rules/launcher_win_mistcloak.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/launcher_win_mistcloak.yar -------------------------------------------------------------------------------- /yara_rules/launcher_win_romcom_launcher.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/launcher_win_romcom_launcher.yar -------------------------------------------------------------------------------- /yara_rules/lnk_astaroth.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/lnk_astaroth.yar -------------------------------------------------------------------------------- /yara_rules/loader_amadey_clipper_plugin.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/loader_amadey_clipper_plugin.yar -------------------------------------------------------------------------------- /yara_rules/loader_amadey_standalone_may23.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/loader_amadey_standalone_may23.yar -------------------------------------------------------------------------------- /yara_rules/loader_amadey_stealer_plugin.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/loader_amadey_stealer_plugin.yar -------------------------------------------------------------------------------- /yara_rules/loader_latrodectus_dll.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/loader_latrodectus_dll.yar -------------------------------------------------------------------------------- /yara_rules/loader_win_abcloader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/loader_win_abcloader.yar -------------------------------------------------------------------------------- /yara_rules/loader_win_aresloader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/loader_win_aresloader.yar -------------------------------------------------------------------------------- /yara_rules/loader_win_batloader_scripts.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/loader_win_batloader_scripts.yar -------------------------------------------------------------------------------- /yara_rules/loader_win_bumblebee.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/loader_win_bumblebee.yar -------------------------------------------------------------------------------- /yara_rules/loader_win_dodgebox.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/loader_win_dodgebox.yar -------------------------------------------------------------------------------- /yara_rules/loader_win_doppeldridex.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/loader_win_doppeldridex.yar -------------------------------------------------------------------------------- /yara_rules/loader_win_erbium.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/loader_win_erbium.yar -------------------------------------------------------------------------------- /yara_rules/loader_win_fudloader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/loader_win_fudloader.yar -------------------------------------------------------------------------------- /yara_rules/loader_win_gcleaner.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/loader_win_gcleaner.yar -------------------------------------------------------------------------------- /yara_rules/loader_win_goshellcode.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/loader_win_goshellcode.yar -------------------------------------------------------------------------------- /yara_rules/loader_win_jennlog.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/loader_win_jennlog.yar -------------------------------------------------------------------------------- /yara_rules/loader_win_jinxloader_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/loader_win_jinxloader_strings.yar -------------------------------------------------------------------------------- /yara_rules/loader_win_konni_bat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/loader_win_konni_bat.yar -------------------------------------------------------------------------------- /yara_rules/loader_win_konni_wpnprv.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/loader_win_konni_wpnprv.yar -------------------------------------------------------------------------------- /yara_rules/loader_win_ninerat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/loader_win_ninerat.yar -------------------------------------------------------------------------------- /yara_rules/loader_win_operationmagalenha_vbs.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/loader_win_operationmagalenha_vbs.yar -------------------------------------------------------------------------------- /yara_rules/loader_win_piccassoloader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/loader_win_piccassoloader.yar -------------------------------------------------------------------------------- /yara_rules/loader_win_purecrypter.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/loader_win_purecrypter.yar -------------------------------------------------------------------------------- /yara_rules/loader_win_red0044_powershell_may24.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/loader_win_red0044_powershell_may24.yar -------------------------------------------------------------------------------- /yara_rules/loader_win_revil_loader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/loader_win_revil_loader.yar -------------------------------------------------------------------------------- /yara_rules/loader_win_squirrelwaffle.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/loader_win_squirrelwaffle.yar -------------------------------------------------------------------------------- /yara_rules/loader_win_squirrelwaffle_doc.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/loader_win_squirrelwaffle_doc.yar -------------------------------------------------------------------------------- /yara_rules/loader_win_stealthvector.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/loader_win_stealthvector.yar -------------------------------------------------------------------------------- /yara_rules/loader_win_svcready_imports.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/loader_win_svcready_imports.yar -------------------------------------------------------------------------------- /yara_rules/luckymouse_sysupdate_loader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/luckymouse_sysupdate_loader.yar -------------------------------------------------------------------------------- /yara_rules/luckymouse_sysupdate_payload.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/luckymouse_sysupdate_payload.yar -------------------------------------------------------------------------------- /yara_rules/malware_httpshell_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/malware_httpshell_strings.yar -------------------------------------------------------------------------------- /yara_rules/malware_remcom_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/malware_remcom_strings.yar -------------------------------------------------------------------------------- /yara_rules/malware_sugargh0st_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/malware_sugargh0st_strings.yar -------------------------------------------------------------------------------- /yara_rules/malware_swordldr.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/malware_swordldr.yar -------------------------------------------------------------------------------- /yara_rules/malware_tinyshell_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/malware_tinyshell_strings.yar -------------------------------------------------------------------------------- /yara_rules/malware_valleyrat_1ststage_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/malware_valleyrat_1ststage_strings.yar -------------------------------------------------------------------------------- /yara_rules/malware_valleyrat_downloader_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/malware_valleyrat_downloader_strings.yar -------------------------------------------------------------------------------- /yara_rules/malware_valleyrat_strings_config.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/malware_valleyrat_strings_config.yar -------------------------------------------------------------------------------- /yara_rules/malware_venom_admin_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/malware_venom_admin_strings.yar -------------------------------------------------------------------------------- /yara_rules/malware_venom_agent_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/malware_venom_agent_strings.yar -------------------------------------------------------------------------------- /yara_rules/malware_win_mex.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/malware_win_mex.yar -------------------------------------------------------------------------------- /yara_rules/malware_win_passlib.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/malware_win_passlib.yar -------------------------------------------------------------------------------- /yara_rules/manjusaka_samples.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/manjusaka_samples.yar -------------------------------------------------------------------------------- /yara_rules/merlin_crossplatform.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/merlin_crossplatform.yar -------------------------------------------------------------------------------- /yara_rules/merlin_linux_elf.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/merlin_linux_elf.yar -------------------------------------------------------------------------------- /yara_rules/merlin_win_dll.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/merlin_win_dll.yar -------------------------------------------------------------------------------- /yara_rules/merlin_win_exe.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/merlin_win_exe.yar -------------------------------------------------------------------------------- /yara_rules/miner_lin_xmrig_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/miner_lin_xmrig_strings.yar -------------------------------------------------------------------------------- /yara_rules/miner_win_xmrig_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/miner_win_xmrig_strings.yar -------------------------------------------------------------------------------- /yara_rules/nomercy.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/nomercy.yar -------------------------------------------------------------------------------- /yara_rules/observerstealer.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/observerstealer.yar -------------------------------------------------------------------------------- /yara_rules/pe_princeransomware_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/pe_princeransomware_strings.yar -------------------------------------------------------------------------------- /yara_rules/pe_stealer_axilestealer_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/pe_stealer_axilestealer_strings.yar -------------------------------------------------------------------------------- /yara_rules/pe_stealer_scarletstealer_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/pe_stealer_scarletstealer_strings.yar -------------------------------------------------------------------------------- /yara_rules/platypus_winlinmac_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/platypus_winlinmac_strings.yar -------------------------------------------------------------------------------- /yara_rules/plugx_final_payload.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/plugx_final_payload.yar -------------------------------------------------------------------------------- /yara_rules/radx_stealer.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/radx_stealer.yar -------------------------------------------------------------------------------- /yara_rules/ransomware_lin_avoslocker_sections.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/ransomware_lin_avoslocker_sections.yar -------------------------------------------------------------------------------- /yara_rules/ransomware_lin_avoslocker_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/ransomware_lin_avoslocker_strings.yar -------------------------------------------------------------------------------- /yara_rules/ransomware_linux_icefire_2023.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/ransomware_linux_icefire_2023.yar -------------------------------------------------------------------------------- /yara_rules/ransomware_mallox.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/ransomware_mallox.yar -------------------------------------------------------------------------------- /yara_rules/ransomware_win_agenda.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/ransomware_win_agenda.yar -------------------------------------------------------------------------------- /yara_rules/ransomware_win_avoslocker.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/ransomware_win_avoslocker.yar -------------------------------------------------------------------------------- /yara_rules/ransomware_win_blackcat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/ransomware_win_blackcat.yar -------------------------------------------------------------------------------- /yara_rules/ransomware_win_blackmatter.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/ransomware_win_blackmatter.yar -------------------------------------------------------------------------------- /yara_rules/ransomware_win_chaos.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/ransomware_win_chaos.yar -------------------------------------------------------------------------------- /yara_rules/ransomware_win_dodo_2023.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/ransomware_win_dodo_2023.yar -------------------------------------------------------------------------------- /yara_rules/ransomware_win_eking_rich_header.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/ransomware_win_eking_rich_header.yar -------------------------------------------------------------------------------- /yara_rules/ransomware_win_fonix.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/ransomware_win_fonix.yar -------------------------------------------------------------------------------- /yara_rules/ransomware_win_honkai_jan2023.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/ransomware_win_honkai_jan2023.yar -------------------------------------------------------------------------------- /yara_rules/ransomware_win_karma.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/ransomware_win_karma.yar -------------------------------------------------------------------------------- /yara_rules/ransomware_win_lorenz.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/ransomware_win_lorenz.yar -------------------------------------------------------------------------------- /yara_rules/ransomware_win_masons_jan2023.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/ransomware_win_masons_jan2023.yar -------------------------------------------------------------------------------- /yara_rules/ransomware_win_raworld.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/ransomware_win_raworld.yar -------------------------------------------------------------------------------- /yara_rules/ransomware_win_redeemer.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/ransomware_win_redeemer.yar -------------------------------------------------------------------------------- /yara_rules/ransomware_win_scransom.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/ransomware_win_scransom.yar -------------------------------------------------------------------------------- /yara_rules/ransomware_win_shrinklocker.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/ransomware_win_shrinklocker.yar -------------------------------------------------------------------------------- /yara_rules/ransomware_win_voidcrypt.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/ransomware_win_voidcrypt.yar -------------------------------------------------------------------------------- /yara_rules/ransomware_win_wing.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/ransomware_win_wing.yar -------------------------------------------------------------------------------- /yara_rules/rat_darkvision_string.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/rat_darkvision_string.yar -------------------------------------------------------------------------------- /yara_rules/rat_lin_gobrat_2023.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/rat_lin_gobrat_2023.yar -------------------------------------------------------------------------------- /yara_rules/rat_win_arrow_str.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/rat_win_arrow_str.yar -------------------------------------------------------------------------------- /yara_rules/rat_win_asbit.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/rat_win_asbit.yar -------------------------------------------------------------------------------- /yara_rules/rat_win_asyncrat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/rat_win_asyncrat.yar -------------------------------------------------------------------------------- /yara_rules/rat_win_atharvan.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/rat_win_atharvan.yar -------------------------------------------------------------------------------- /yara_rules/rat_win_babylon.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/rat_win_babylon.yar -------------------------------------------------------------------------------- /yara_rules/rat_win_borat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/rat_win_borat.yar -------------------------------------------------------------------------------- /yara_rules/rat_win_dcrat_qwqdanchun.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/rat_win_dcrat_qwqdanchun.yar -------------------------------------------------------------------------------- /yara_rules/rat_win_hiddenz.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/rat_win_hiddenz.yar -------------------------------------------------------------------------------- /yara_rules/rat_win_konni_rat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/rat_win_konni_rat.yar -------------------------------------------------------------------------------- /yara_rules/rat_win_lilith.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/rat_win_lilith.yar -------------------------------------------------------------------------------- /yara_rules/rat_win_millenium.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/rat_win_millenium.yar -------------------------------------------------------------------------------- /yara_rules/rat_win_nighthawk.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/rat_win_nighthawk.yar -------------------------------------------------------------------------------- /yara_rules/rat_win_ninerat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/rat_win_ninerat.yar -------------------------------------------------------------------------------- /yara_rules/rat_win_ratel_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/rat_win_ratel_strings.yar -------------------------------------------------------------------------------- /yara_rules/rat_win_remcos.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/rat_win_remcos.yar -------------------------------------------------------------------------------- /yara_rules/rat_win_reverserat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/rat_win_reverserat.yar -------------------------------------------------------------------------------- /yara_rules/rat_win_romcom_payload.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/rat_win_romcom_payload.yar -------------------------------------------------------------------------------- /yara_rules/rat_win_tutclient.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/rat_win_tutclient.yar -------------------------------------------------------------------------------- /yara_rules/rat_win_xeno_rat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/rat_win_xeno_rat.yar -------------------------------------------------------------------------------- /yara_rules/rat_win_xworm_v2.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/rat_win_xworm_v2.yar -------------------------------------------------------------------------------- /yara_rules/rat_win_xworm_v3.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/rat_win_xworm_v3.yar -------------------------------------------------------------------------------- /yara_rules/recotool_adfind_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/recotool_adfind_strings.yar -------------------------------------------------------------------------------- /yara_rules/reverseshell_win_1st_troy.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/reverseshell_win_1st_troy.yar -------------------------------------------------------------------------------- /yara_rules/rootkit_diamorphine_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/rootkit_diamorphine_strings.yar -------------------------------------------------------------------------------- /yara_rules/rootkit_lin_winnti.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/rootkit_lin_winnti.yar -------------------------------------------------------------------------------- /yara_rules/rootkit_win_purplefox_360_tct.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/rootkit_win_purplefox_360_tct.yar -------------------------------------------------------------------------------- /yara_rules/rootkit_win_purplefox_kernel_driver.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/rootkit_win_purplefox_kernel_driver.yar -------------------------------------------------------------------------------- /yara_rules/rootkit_win_purplefox_svchost_txt.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/rootkit_win_purplefox_svchost_txt.yar -------------------------------------------------------------------------------- /yara_rules/shell_win_danfuan.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/shell_win_danfuan.yar -------------------------------------------------------------------------------- /yara_rules/spyware_and_bahamut.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/spyware_and_bahamut.yar -------------------------------------------------------------------------------- /yara_rules/spyware_and_fastfire.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/spyware_and_fastfire.yar -------------------------------------------------------------------------------- /yara_rules/stealer_win_demotryspy.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/stealer_win_demotryspy.yar -------------------------------------------------------------------------------- /yara_rules/stealer_win_luca.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/stealer_win_luca.yar -------------------------------------------------------------------------------- /yara_rules/stealer_win_mgbot_credential_stealer.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/stealer_win_mgbot_credential_stealer.yar -------------------------------------------------------------------------------- /yara_rules/stealer_win_strela.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/stealer_win_strela.yar -------------------------------------------------------------------------------- /yara_rules/storm_1811_files_dat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/storm_1811_files_dat.yar -------------------------------------------------------------------------------- /yara_rules/storm_1811_screenconnect_update.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/storm_1811_screenconnect_update.yar -------------------------------------------------------------------------------- /yara_rules/strongpity_malware.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/strongpity_malware.yar -------------------------------------------------------------------------------- /yara_rules/suspicious_users_dev.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/suspicious_users_dev.yar -------------------------------------------------------------------------------- /yara_rules/ta410_control_flow_obfuscation.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/ta410_control_flow_obfuscation.yar -------------------------------------------------------------------------------- /yara_rules/technique_csv_dde_exec_regex.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/technique_csv_dde_exec_regex.yar -------------------------------------------------------------------------------- /yara_rules/tinyfluff_nodejs.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tinyfluff_nodejs.yar -------------------------------------------------------------------------------- /yara_rules/tool_3proxy_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_3proxy_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_advancedrun_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_advancedrun_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_bore_rust_any_platform.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_bore_rust_any_platform.yar -------------------------------------------------------------------------------- /yara_rules/tool_bypassgodzilla.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_bypassgodzilla.yar -------------------------------------------------------------------------------- /yara_rules/tool_cheat_engine.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_cheat_engine.yar -------------------------------------------------------------------------------- /yara_rules/tool_chisel_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_chisel_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_dogtunnel_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_dogtunnel_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_dynamicwrapper_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_dynamicwrapper_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_edrsandblast_api_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_edrsandblast_api_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_edrsandblast_cli_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_edrsandblast_cli_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_edrsandblast_kernelcallbacks.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_edrsandblast_kernelcallbacks.yar -------------------------------------------------------------------------------- /yara_rules/tool_edrsandblast_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_edrsandblast_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_efspotato.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_efspotato.yar -------------------------------------------------------------------------------- /yara_rules/tool_ehole.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_ehole.yar -------------------------------------------------------------------------------- /yara_rules/tool_enum4linux_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_enum4linux_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_execit_obfuscator_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_execit_obfuscator_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_exploit_badpotato_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_exploit_badpotato_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_exploit_comahawk_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_exploit_comahawk_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_exploit_rottenpotato_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_exploit_rottenpotato_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_godpotato.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_godpotato.yar -------------------------------------------------------------------------------- /yara_rules/tool_gost_tunnel_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_gost_tunnel_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_gsocket_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_gsocket_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_htran_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_htran_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_impersonate_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_impersonate_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_inswor_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_inswor_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_iodine_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_iodine_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_juicypotato_exploit_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_juicypotato_exploit_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_juicypotatong_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_juicypotatong_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_koblas_server_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_koblas_server_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_ladon_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_ladon_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_lsass_dump_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_lsass_dump_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_masky_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_masky_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_multidump_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_multidump_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_nping_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_nping_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_nssm_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_nssm_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_paexec_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_paexec_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_petitpotato.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_petitpotato.yar -------------------------------------------------------------------------------- /yara_rules/tool_pivotnacci.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_pivotnacci.yar -------------------------------------------------------------------------------- /yara_rules/tool_pivotnacci_webshell.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_pivotnacci_webshell.yar -------------------------------------------------------------------------------- /yara_rules/tool_powershell_unicorn.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_powershell_unicorn.yar -------------------------------------------------------------------------------- /yara_rules/tool_printnotifypotato.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_printnotifypotato.yar -------------------------------------------------------------------------------- /yara_rules/tool_quarkspwdump.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_quarkspwdump.yar -------------------------------------------------------------------------------- /yara_rules/tool_rathole_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_rathole_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_realblindingedr_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_realblindingedr_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_reversessh_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_reversessh_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_revsocks_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_revsocks_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_rsockstun_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_rsockstun_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_rubeus_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_rubeus_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_runpeinmemory_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_runpeinmemory_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_safetykatz.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_safetykatz.yar -------------------------------------------------------------------------------- /yara_rules/tool_scanline_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_scanline_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_sharpefspotato_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_sharpefspotato_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_sharphoundexecutable_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_sharphoundexecutable_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_sharphoundpowershell_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_sharphoundpowershell_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_sharpnbtscan_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_sharpnbtscan_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_sharpsecdump.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_sharpsecdump.yar -------------------------------------------------------------------------------- /yara_rules/tool_soaphound_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_soaphound_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_ssf_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_ssf_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_swor.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_swor.yar -------------------------------------------------------------------------------- /yara_rules/tool_sy_runas.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_sy_runas.yar -------------------------------------------------------------------------------- /yara_rules/tool_tacticalrmm_installer_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_tacticalrmm_installer_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_tokenplayer_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_tokenplayer_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_webshell_b374k_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_webshell_b374k_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_win_blackfly_proxy_config.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_win_blackfly_proxy_config.yar -------------------------------------------------------------------------------- /yara_rules/tool_win_driverjack.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_win_driverjack.yar -------------------------------------------------------------------------------- /yara_rules/tool_win_forkplayground.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_win_forkplayground.yar -------------------------------------------------------------------------------- /yara_rules/tool_win_gosecretsdump.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_win_gosecretsdump.yar -------------------------------------------------------------------------------- /yara_rules/tool_win_lightrail.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_win_lightrail.yar -------------------------------------------------------------------------------- /yara_rules/tool_win_sharpshares.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_win_sharpshares.yar -------------------------------------------------------------------------------- /yara_rules/tool_win_snap2html.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_win_snap2html.yar -------------------------------------------------------------------------------- /yara_rules/tool_xiebroc2_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_xiebroc2_strings.yar -------------------------------------------------------------------------------- /yara_rules/tool_yasso_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/tool_yasso_strings.yar -------------------------------------------------------------------------------- /yara_rules/trojan_and_keepspy.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/trojan_and_keepspy.yar -------------------------------------------------------------------------------- /yara_rules/trojan_android_brata.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/trojan_android_brata.yar -------------------------------------------------------------------------------- /yara_rules/trojan_android_cerberus.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/trojan_android_cerberus.yar -------------------------------------------------------------------------------- /yara_rules/trojan_android_xenomorph.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/trojan_android_xenomorph.yar -------------------------------------------------------------------------------- /yara_rules/trojan_win_bbtok_dll1_sep23.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/trojan_win_bbtok_dll1_sep23.yar -------------------------------------------------------------------------------- /yara_rules/trojan_win_bbtok_iso_sep23.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/trojan_win_bbtok_iso_sep23.yar -------------------------------------------------------------------------------- /yara_rules/trojan_win_bbtok_lnk_sep23.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/trojan_win_bbtok_lnk_sep23.yar -------------------------------------------------------------------------------- /yara_rules/trojan_win_grandoreiro.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/trojan_win_grandoreiro.yar -------------------------------------------------------------------------------- /yara_rules/truesightkiller_avkiller_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/truesightkiller_avkiller_strings.yar -------------------------------------------------------------------------------- /yara_rules/typhon_reborn_stealer.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/typhon_reborn_stealer.yar -------------------------------------------------------------------------------- /yara_rules/unk_quad7_fsynet_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/unk_quad7_fsynet_strings.yar -------------------------------------------------------------------------------- /yara_rules/unk_quad7_netd_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/unk_quad7_netd_strings.yar -------------------------------------------------------------------------------- /yara_rules/unknown_7777_xlogin.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/unknown_7777_xlogin.yar -------------------------------------------------------------------------------- /yara_rules/unknown_quad7_wildcard_login.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/unknown_quad7_wildcard_login.yar -------------------------------------------------------------------------------- /yara_rules/ursnif.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/ursnif.yar -------------------------------------------------------------------------------- /yara_rules/ursnif_ldr4.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/ursnif_ldr4.yar -------------------------------------------------------------------------------- /yara_rules/vpn_mul_softether.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/vpn_mul_softether.yar -------------------------------------------------------------------------------- /yara_rules/water_sigbin_group.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/water_sigbin_group.yar -------------------------------------------------------------------------------- /yara_rules/webshell_icesword_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/webshell_icesword_strings.yar -------------------------------------------------------------------------------- /yara_rules/webshell_wso_webshell_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/webshell_wso_webshell_strings.yar -------------------------------------------------------------------------------- /yara_rules/weevely_webshell_payload.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/weevely_webshell_payload.yar -------------------------------------------------------------------------------- /yara_rules/win_clipper_generic.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/win_clipper_generic.yar -------------------------------------------------------------------------------- /yara_rules/win_infostealer_serpent_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/win_infostealer_serpent_strings.yar -------------------------------------------------------------------------------- /yara_rules/win_loader_astasialoader_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/win_loader_astasialoader_strings.yar -------------------------------------------------------------------------------- /yara_rules/win_malware_agnianestealer.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/win_malware_agnianestealer.yar -------------------------------------------------------------------------------- /yara_rules/win_malware_janelarat_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/win_malware_janelarat_strings.yar -------------------------------------------------------------------------------- /yara_rules/win_malware_statc_downloader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/win_malware_statc_downloader.yar -------------------------------------------------------------------------------- /yara_rules/wiper_hermeticwiper_variants.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/wiper_hermeticwiper_variants.yar -------------------------------------------------------------------------------- /yara_rules/wiper_win_caddywiper.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/wiper_win_caddywiper.yar -------------------------------------------------------------------------------- /yara_rules/wiper_win_dnwipe.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/wiper_win_dnwipe.yar -------------------------------------------------------------------------------- /yara_rules/wiper_win_isaacwiper.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/wiper_win_isaacwiper.yar -------------------------------------------------------------------------------- /yara_rules/wiper_win_nominatus_toxicbattery.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/wiper_win_nominatus_toxicbattery.yar -------------------------------------------------------------------------------- /yara_rules/wiper_win_ruransom.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/wiper_win_ruransom.yar -------------------------------------------------------------------------------- /yara_rules/xworm_dotnet_injector.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/xworm_dotnet_injector.yar -------------------------------------------------------------------------------- /yara_rules/yara_runascs.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/yara_runascs.yar -------------------------------------------------------------------------------- /yara_rules/zip_win_abcloader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SEKOIA-IO/Community/HEAD/yara_rules/zip_win_abcloader.yar --------------------------------------------------------------------------------