├── README.md
└── Yara
    ├── APT
        └── APT_Bitter_T-APT-17.yar
    ├── Dropper
        ├── Vjw0rm.yar
        ├── agent_tesla.yar
        ├── asyncrat.yar
        ├── njrat.yar
        ├── unknown.yar
        ├── valyria.yar
        └── wshrat.yar
    ├── Filetypes
        ├── MALWARE_OneNote_Delivery_Jan23.yar
        ├── SUS_Unsigned_APPX_MSIX_Installer_Feb23.yar
        ├── SUS_Unsigned_APPX_MSIX_Manifest_Feb23.yar
        ├── exe.yar
        ├── iso.yar
        ├── lnk.yar
        ├── powershell.yar
        └── vbs.yar
    ├── Hunting
        └── HUNT_RTF_CVE_2023_21716.yar
    ├── Malware
        ├── MALWARE_Emotet_OneNote_Delivery_wsf_Mar23.yar
        ├── MALWARE_PlugX_USB_Delivery_Jun21.yar
        ├── RANSOM_ESXiArgs_Ransomware_Bash_Feb23.yar
        ├── RANSOM_ESXiArgs_Ransomware_Encrypt_Feb23.yar
        ├── RANSOM_ESXiArgs_Ransomware_Python_Feb23.yar
        ├── RANSOM_Lockbit_Black_Packer.yar
        ├── RANSOM_Magniber_ISO_Jan23.yar
        ├── RANSOM_Magniber_LNK_Jan23.yar
        ├── RANSOM_MedusaLocker_July22.yar
        └── formbook.yar
    ├── Misc
        └── suspicious_sites.yar
    ├── Obfuscation
        ├── javascript_obfuscation.yar
        ├── powershell_obfuscation.yar
        └── vbs_obfuscation.yar
    ├── PowerShell_Misc
        └── download_variations.yar
    ├── RAT
        ├── asyncrat.yar
        ├── n-w0rm.yar
        ├── njrat.yar
        └── wshrat.yar
    ├── Stealer
        └── redline_stealer.yar
    └── Windows
        └── windows_misc.yar


/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/README.md


--------------------------------------------------------------------------------
/Yara/APT/APT_Bitter_T-APT-17.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/APT/APT_Bitter_T-APT-17.yar


--------------------------------------------------------------------------------
/Yara/Dropper/Vjw0rm.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Dropper/Vjw0rm.yar


--------------------------------------------------------------------------------
/Yara/Dropper/agent_tesla.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Dropper/agent_tesla.yar


--------------------------------------------------------------------------------
/Yara/Dropper/asyncrat.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Dropper/asyncrat.yar


--------------------------------------------------------------------------------
/Yara/Dropper/njrat.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Dropper/njrat.yar


--------------------------------------------------------------------------------
/Yara/Dropper/unknown.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Dropper/unknown.yar


--------------------------------------------------------------------------------
/Yara/Dropper/valyria.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Dropper/valyria.yar


--------------------------------------------------------------------------------
/Yara/Dropper/wshrat.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Dropper/wshrat.yar


--------------------------------------------------------------------------------
/Yara/Filetypes/MALWARE_OneNote_Delivery_Jan23.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Filetypes/MALWARE_OneNote_Delivery_Jan23.yar


--------------------------------------------------------------------------------
/Yara/Filetypes/SUS_Unsigned_APPX_MSIX_Installer_Feb23.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Filetypes/SUS_Unsigned_APPX_MSIX_Installer_Feb23.yar


--------------------------------------------------------------------------------
/Yara/Filetypes/SUS_Unsigned_APPX_MSIX_Manifest_Feb23.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Filetypes/SUS_Unsigned_APPX_MSIX_Manifest_Feb23.yar


--------------------------------------------------------------------------------
/Yara/Filetypes/exe.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Filetypes/exe.yar


--------------------------------------------------------------------------------
/Yara/Filetypes/iso.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Filetypes/iso.yar


--------------------------------------------------------------------------------
/Yara/Filetypes/lnk.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Filetypes/lnk.yar


--------------------------------------------------------------------------------
/Yara/Filetypes/powershell.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Filetypes/powershell.yar


--------------------------------------------------------------------------------
/Yara/Filetypes/vbs.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Filetypes/vbs.yar


--------------------------------------------------------------------------------
/Yara/Hunting/HUNT_RTF_CVE_2023_21716.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Hunting/HUNT_RTF_CVE_2023_21716.yar


--------------------------------------------------------------------------------
/Yara/Malware/MALWARE_Emotet_OneNote_Delivery_wsf_Mar23.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Malware/MALWARE_Emotet_OneNote_Delivery_wsf_Mar23.yar


--------------------------------------------------------------------------------
/Yara/Malware/MALWARE_PlugX_USB_Delivery_Jun21.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Malware/MALWARE_PlugX_USB_Delivery_Jun21.yar


--------------------------------------------------------------------------------
/Yara/Malware/RANSOM_ESXiArgs_Ransomware_Bash_Feb23.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Malware/RANSOM_ESXiArgs_Ransomware_Bash_Feb23.yar


--------------------------------------------------------------------------------
/Yara/Malware/RANSOM_ESXiArgs_Ransomware_Encrypt_Feb23.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Malware/RANSOM_ESXiArgs_Ransomware_Encrypt_Feb23.yar


--------------------------------------------------------------------------------
/Yara/Malware/RANSOM_ESXiArgs_Ransomware_Python_Feb23.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Malware/RANSOM_ESXiArgs_Ransomware_Python_Feb23.yar


--------------------------------------------------------------------------------
/Yara/Malware/RANSOM_Lockbit_Black_Packer.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Malware/RANSOM_Lockbit_Black_Packer.yar


--------------------------------------------------------------------------------
/Yara/Malware/RANSOM_Magniber_ISO_Jan23.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Malware/RANSOM_Magniber_ISO_Jan23.yar


--------------------------------------------------------------------------------
/Yara/Malware/RANSOM_Magniber_LNK_Jan23.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Malware/RANSOM_Magniber_LNK_Jan23.yar


--------------------------------------------------------------------------------
/Yara/Malware/RANSOM_MedusaLocker_July22.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Malware/RANSOM_MedusaLocker_July22.yar


--------------------------------------------------------------------------------
/Yara/Malware/formbook.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Malware/formbook.yar


--------------------------------------------------------------------------------
/Yara/Misc/suspicious_sites.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Misc/suspicious_sites.yar


--------------------------------------------------------------------------------
/Yara/Obfuscation/javascript_obfuscation.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Obfuscation/javascript_obfuscation.yar


--------------------------------------------------------------------------------
/Yara/Obfuscation/powershell_obfuscation.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Obfuscation/powershell_obfuscation.yar


--------------------------------------------------------------------------------
/Yara/Obfuscation/vbs_obfuscation.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Obfuscation/vbs_obfuscation.yar


--------------------------------------------------------------------------------
/Yara/PowerShell_Misc/download_variations.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/PowerShell_Misc/download_variations.yar


--------------------------------------------------------------------------------
/Yara/RAT/asyncrat.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/RAT/asyncrat.yar


--------------------------------------------------------------------------------
/Yara/RAT/n-w0rm.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/RAT/n-w0rm.yar


--------------------------------------------------------------------------------
/Yara/RAT/njrat.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/RAT/njrat.yar


--------------------------------------------------------------------------------
/Yara/RAT/wshrat.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/RAT/wshrat.yar


--------------------------------------------------------------------------------
/Yara/Stealer/redline_stealer.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Stealer/redline_stealer.yar


--------------------------------------------------------------------------------
/Yara/Windows/windows_misc.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SIFalcon/Detection/HEAD/Yara/Windows/windows_misc.yar


--------------------------------------------------------------------------------