├── .chainguard └── source.yaml ├── .github ├── chainguard │ ├── release.sts.yaml │ └── third-party.sts.yaml ├── dependabot.yml └── workflows │ ├── codeql.yaml │ ├── go-tests.yaml │ ├── release.yaml │ ├── scorecard.yml │ ├── style.yaml │ ├── third-party.yaml │ └── version.yaml ├── .gitignore ├── .golangci.yml ├── .goreleaser.yaml ├── .wokeignore ├── .yara-ci.yml ├── DEVELOPMENT.md ├── LICENSE ├── Makefile ├── README.md ├── SECURITY.md ├── capabilities.md ├── cmd └── mal │ └── mal.go ├── go.mod ├── go.sum ├── images ├── analyze.png ├── diff.png ├── scan.png └── wanted.png ├── pkg ├── action │ ├── archive_test.go │ ├── diff.go │ ├── oci_test.go │ ├── path.go │ ├── process.go │ ├── scan.go │ ├── scan_error.go │ ├── scan_test.go │ └── testdata │ │ ├── 17419.zip │ │ ├── apko.gz │ │ ├── apko.tar.gz │ │ ├── apko.zip │ │ ├── apko_nested.tar.gz │ │ ├── conflict.zip │ │ ├── empty │ │ ├── joblib_0.9.4.dev0_compressed_cache_size_pickle_py35_np19.gz │ │ ├── python │ │ ├── rando │ │ ├── scan_archive │ │ ├── scan_conflict │ │ ├── scan_oci │ │ ├── shell │ │ ├── short │ │ └── static.tar.xz ├── archive │ ├── archive.go │ ├── bz2.go │ ├── deb.go │ ├── fuzz_test.go │ ├── gzip.go │ ├── oci.go │ ├── rpm.go │ ├── tar.go │ ├── testdata │ │ └── fuzz │ │ │ └── FuzzIsValidPath │ │ │ ├── 309f75027cfce63a │ │ │ └── 63b2b417aafe67a1 │ ├── upx.go │ ├── zip.go │ ├── zlib.go │ └── zstd.go ├── compile │ ├── compile.go │ └── compile_test.go ├── malcontent │ └── malcontent.go ├── pool │ └── pool.go ├── profile │ ├── profile.go │ └── profile_test.go ├── programkind │ ├── fuzz_test.go │ ├── programkind.go │ ├── programkind_test.go │ └── testdata │ │ ├── expr │ │ ├── fuzz │ │ └── FuzzGetExt │ │ │ └── aa94859cebcbd47f │ │ ├── libpam.so.0 │ │ ├── ls │ │ ├── peclcmd │ │ ├── snmpd │ │ ├── test.pl │ │ ├── test.sh │ │ └── tiny ├── refresh │ ├── action.go │ ├── diff.go │ └── refresh.go ├── render │ ├── json.go │ ├── markdown.go │ ├── render.go │ ├── simple.go │ ├── stats.go │ ├── strings.go │ ├── tea.go │ ├── tea_style.go │ ├── terminal.go │ ├── terminal_brief.go │ └── yaml.go ├── report │ ├── fuzz_test.go │ ├── report.go │ ├── report_test.go │ ├── strings.go │ └── testdata │ │ └── fuzz │ │ └── FuzzTrimPrefixes │ │ └── 14bc260a87609fb7 └── version │ └── version.go ├── rules ├── anti-behavior │ ├── LD_DEBUG.yara │ ├── LD_PROFILE.yara │ ├── anti-debugger.yara │ ├── blocklist │ │ ├── hostname.yara │ │ ├── ip.yara │ │ ├── mac_addr.yara │ │ └── user.yara │ ├── process-check.yara │ ├── random_behavior.yara │ └── vm-check.yara ├── anti-static │ ├── base64 │ │ ├── eval.yara │ │ ├── exec.yara │ │ ├── function_names.yara │ │ ├── http_agent.yara │ │ ├── import.yara │ │ ├── obfuscated_caller.yara │ │ └── shell.yara │ ├── binary │ │ └── opaque.yara │ ├── elf │ │ ├── base64.yara │ │ ├── content.yara │ │ ├── entropy.yara │ │ ├── header.yara │ │ ├── multiple.yara │ │ └── tiny.yara │ ├── macho │ │ ├── entropy.yara │ │ ├── footer.yara │ │ └── tiny.yara │ ├── obfuscation │ │ ├── bitwise.yara │ │ ├── bool.yara │ │ ├── casing.yara │ │ ├── hex.yara │ │ ├── hidden_literals.yara │ │ ├── js.yara │ │ ├── math.yara │ │ ├── nodejs.yara │ │ ├── obfuscate.yara │ │ ├── osascript.yara │ │ ├── padding.yara │ │ ├── perl.yara │ │ ├── php.yara │ │ ├── powershell.yara │ │ ├── python.yara │ │ ├── python_setuptools.yara │ │ ├── reverse.yara │ │ ├── sh.yara │ │ ├── syscall.yara │ │ ├── url.yara │ │ └── utf16.yara │ ├── packer │ │ ├── aes.yara │ │ ├── allatori_java.yara │ │ ├── blankobf.yara │ │ ├── cx_freeze.yara │ │ ├── decompyle.yara │ │ ├── ezuri.yara │ │ ├── kiteshield.yara │ │ ├── nuitka.yara │ │ ├── pe.yara │ │ ├── py_kramer.yara │ │ ├── py_vare.yara │ │ ├── pycloak.yara │ │ ├── pyobfuscate.yara │ │ ├── shc.yara │ │ └── upx.yara │ ├── unmarshal │ │ └── marshal.yara │ └── xor │ │ ├── xor-certs.yara │ │ ├── xor-commands.yara │ │ ├── xor-functions.yara │ │ ├── xor-paths.yara │ │ ├── xor-table.yara │ │ ├── xor-terms.yara │ │ ├── xor-url.yara │ │ └── xor-user_agent.yara ├── c2 │ ├── addr │ │ ├── discord.yara │ │ ├── http-dynamic.yara │ │ ├── ip.yara │ │ ├── server.yara │ │ ├── telegram.yara │ │ ├── tor_onion.yara │ │ └── url.yara │ ├── client.yara │ ├── connect │ │ ├── bash_tcp.yara │ │ ├── curl_easy.yara │ │ ├── ping_pong.yara │ │ └── server.yara │ ├── discovery │ │ ├── dga.yara │ │ ├── dyndns.yara │ │ ├── ethereum.yara │ │ └── ip-dns_resolver.yara │ ├── listen │ │ └── listen.yara │ ├── refs.yara │ └── tool_transfer │ │ ├── arch.yara │ │ ├── bitsadmin.yara │ │ ├── chmod_dropper.yara │ │ ├── download.yara │ │ ├── dropper.yara │ │ ├── exe_url.yara │ │ ├── fake_doc.yara │ │ ├── github.yara │ │ ├── grayware.yara │ │ ├── http_ip_temp.yara │ │ ├── js.yara │ │ ├── macos.yara │ │ ├── npm.yara │ │ ├── os.yara │ │ ├── osascript.yara │ │ ├── php.yara │ │ ├── powershell.yara │ │ ├── python.yara │ │ ├── ruby.yara │ │ ├── shell.yara │ │ └── terminology.yara ├── collect │ ├── archives │ │ ├── tar-command.yara │ │ ├── unarchive.yara │ │ ├── zip-command.yara │ │ └── zip.yara │ ├── code │ │ └── github_api.yara │ ├── databases │ │ ├── leveldb.yara │ │ ├── mysql.yara │ │ ├── postgresql.yara │ │ └── sqlite.yara │ ├── localstorage.yara │ └── tracking │ │ └── google-analytics.yara ├── credential │ ├── browser │ │ ├── chrome_cookies.yara │ │ ├── chromium_credit_cards.yara │ │ ├── chromium_master_password.yara │ │ ├── cookies.yara │ │ ├── firefox-cookies.yara │ │ ├── firefox-formhistory.yara │ │ └── firefox-master_password.yara │ ├── chat │ │ └── slack.yara │ ├── clipboard.yara │ ├── cloud │ │ ├── aws.yara │ │ ├── dot_env.yara │ │ └── gcloud.yara │ ├── gaming │ │ ├── minecraft.yara │ │ ├── minecraft_feather.yara │ │ └── minecraft_meteor.yara │ ├── keychain │ │ ├── gnome-keyring-daemon.yara │ │ ├── keychain-dump.yara │ │ ├── keychain-unlock.yara │ │ ├── keychain-write.yara │ │ └── keychain.yara │ ├── keylogger.yara │ ├── os │ │ ├── gshadow.yara │ │ └── shadow.yara │ ├── password │ │ ├── hashcat.yara │ │ ├── password.yara │ │ └── password_finder.yara │ ├── server │ │ └── htpasswd.yara │ ├── shell │ │ ├── bash_history.yara │ │ └── zsh_history.yara │ ├── sniffer │ │ ├── bpf.yara │ │ └── pcap.yara │ ├── ssh │ │ ├── putty.yara │ │ ├── ssh.yara │ │ ├── ssh_authorized_hosts.yara │ │ ├── sshd-memory-map.yara │ │ └── sshd.yara │ └── ssl │ │ ├── key.yara │ │ ├── private_key.yara │ │ └── ssl-private.yara ├── crypto │ ├── aes.yara │ ├── blockchain.yara │ ├── cipher.yara │ ├── decrypt.yara │ ├── ecdsa.yara │ ├── ed25519.yara │ ├── elliptic.yara │ ├── encrypt.yara │ ├── encrypted-stream.yara │ ├── ethereum.yara │ ├── fastrand.yara │ ├── fernet.yara │ ├── gost89.yara │ ├── hmac.yara │ ├── openssl.yara │ ├── password.yara │ ├── public_key.yara │ ├── rc4.yara │ ├── ssl.yara │ ├── tls.yara │ ├── uuid.yara │ └── xor.yara ├── data │ ├── base64 │ │ ├── base64-decode.yara │ │ ├── base64-encode.yara │ │ └── external.yara │ ├── builtin │ │ ├── appkit.yara │ │ ├── glibc.yara │ │ ├── kernel_module.yara │ │ ├── multiple.yara │ │ ├── openssl.yara │ │ ├── rsaeuro.yara │ │ └── wolfssl.yara │ ├── compression │ │ ├── asar.yara │ │ ├── bzip2.yara │ │ ├── gzip.yara │ │ ├── lzma.yara │ │ ├── xz.yara │ │ ├── zlib.yara │ │ └── zstd.yara │ ├── embedded │ │ ├── app-manifest.yara │ │ ├── base64.yara │ │ ├── embedded-base64-elf.yara │ │ ├── embedded-base64-gzip.yara │ │ ├── embedded-base64-terms.yara │ │ ├── embedded-base64-url.yara │ │ ├── embedded-base64-zip.yara │ │ ├── embedded-html.yara │ │ ├── embedded-pem-certificate.yara │ │ ├── embedded-pem-private_key.yara │ │ ├── embedded-pem-test_key.yara │ │ ├── embedded-pgp-key.yara │ │ ├── embedded-ssh-key.yara │ │ ├── embedded-ssh-signature.yara │ │ ├── embedded-svg.yara │ │ └── embedded-zstd.yara │ ├── encoding │ │ ├── asn1.yara │ │ ├── audio-golomb.yara │ │ ├── audio-pcm.yara │ │ ├── audio-vorbis.yara │ │ ├── base58.yara │ │ ├── base64.yara │ │ ├── csv.yara │ │ ├── int.yara │ │ ├── json-decode.yara │ │ ├── json-encode.yara │ │ ├── json.yara │ │ ├── marshal.yara │ │ ├── protobuf.yara │ │ ├── qr_code.yara │ │ ├── reverse.yara │ │ ├── url.yara │ │ ├── utf16.yara │ │ └── yaml.yara │ ├── hash │ │ ├── blake2b.yara │ │ ├── fnv.yara │ │ ├── md5.yara │ │ ├── sha1.yara │ │ ├── sha256.yara │ │ ├── sha512.yara │ │ └── whirlpool.yara │ └── random │ │ ├── bytes.yara │ │ └── insecure.yara ├── discover │ ├── browser │ │ └── agent.yara │ ├── cloud │ │ ├── aws-metadata.yara │ │ ├── google-docs.yara │ │ ├── google-metadata.yara │ │ └── google-storage.yara │ ├── components │ │ └── docker.yara │ ├── group │ │ └── lookup.yara │ ├── ip │ │ ├── geoip.yara │ │ └── public_ip.yara │ ├── multiple.yara │ ├── network │ │ ├── connectivity.yara │ │ ├── interface-list.yara │ │ ├── interface.yara │ │ ├── mac-address.yara │ │ └── netstat.yara │ ├── permissions │ │ └── capabilities.yara │ ├── process │ │ ├── egid.yara │ │ ├── euid.yara │ │ ├── name.yara │ │ ├── parent.yara │ │ ├── pid.yara │ │ ├── priority.yara │ │ ├── resource-limits.yara │ │ ├── runtime_deps.yara │ │ ├── uid.yara │ │ └── working_directory.yara │ ├── processes │ │ ├── list.yara │ │ └── pgrep.yara │ ├── system │ │ ├── cpu.yara │ │ ├── dev_full.yara │ │ ├── dmesg.yara │ │ ├── environment.yara │ │ ├── hardware.yara │ │ ├── hostname.yara │ │ ├── machine_id.yara │ │ ├── multiple.yara │ │ ├── platform.yara │ │ ├── proc.yara │ │ ├── sysinfo.yara │ │ └── system_uuid.yara │ └── user │ │ ├── APPDATA.yara │ │ ├── HOME.yara │ │ ├── USER.yara │ │ ├── USERPROFILE.yara │ │ ├── current.yara │ │ ├── dscl.yara │ │ ├── lookup.yara │ │ ├── userinfo.yara │ │ └── username-get.yara ├── evasion │ ├── bypass_security │ │ ├── executionpolicy_bypass.yara │ │ ├── linux │ │ │ ├── iptables.yara │ │ │ ├── iptables_append.yara │ │ │ ├── iptables_delete.yara │ │ │ ├── pam.yara │ │ │ ├── selinux.yara │ │ │ ├── selinux_disable.yara │ │ │ └── ufw.yara │ │ ├── macos │ │ │ ├── authorization.yara │ │ │ ├── sip.yara │ │ │ ├── tcc.yara │ │ │ ├── trusted-certs.yara │ │ │ └── xprotect.yara │ │ └── suspicious-pdb.yara │ ├── covert-location │ │ ├── image-data-read.yara │ │ ├── image-png-smuggling.yara │ │ ├── php_image.yara │ │ ├── python_file.yara │ │ └── wordpress-pre_term_name.yara │ ├── file │ │ ├── attr │ │ │ └── chflags.yara │ │ ├── location │ │ │ ├── HOME.yara │ │ │ ├── chdir-unusual.yara │ │ │ ├── dev-mqueue.yara │ │ │ ├── dev-shm.yara │ │ │ ├── lib.yara │ │ │ ├── multiple.yara │ │ │ ├── pidfile.yara │ │ │ ├── system_directory.yara │ │ │ ├── var-root.yara │ │ │ ├── var-run.yara │ │ │ ├── var-tmp.yara │ │ │ ├── var.yara │ │ │ └── x11-unix.yara │ │ ├── name │ │ │ └── rename_system_binary.yara │ │ └── prefix │ │ │ ├── dev.yara │ │ │ ├── lib.yara │ │ │ ├── prefix.yara │ │ │ ├── proc.yara │ │ │ └── tmp.yara │ ├── hide_artifacts │ │ └── pivot_root.yara │ ├── hijack_execution │ │ ├── DYLD_LIBRARY_PATH.yara │ │ ├── LD_LIBRARY_PATH.yara │ │ └── etc-ld.so.preload.yara │ ├── indicator_blocking │ │ ├── close_window.yara │ │ ├── echo_off.yara │ │ ├── hidden_window.yara │ │ ├── hide_errors.yara │ │ ├── mask_exceptions.yara │ │ ├── process.yara │ │ └── vm.yara │ ├── logging │ │ ├── acct.yara │ │ ├── current_logins.yara │ │ ├── dev_log.yara │ │ ├── dmesg.yara │ │ ├── failed_logins.yara │ │ ├── hide_shell_history.yara │ │ ├── historical_logins.yara │ │ ├── install.yara │ │ ├── notifications.yara │ │ ├── syslog.yara │ │ └── wipe.yara │ ├── mimicry │ │ ├── fake-library.yara │ │ ├── fake-process.yara │ │ ├── fake-updater.yara │ │ ├── fake-var-run-id.yara │ │ └── mdworker.yara │ ├── net │ │ ├── hide_ports.yara │ │ └── http_443.yara │ ├── process_injection │ │ ├── dlsym.yara │ │ ├── process-inject.yara │ │ ├── ptrace.yara │ │ └── readelf.yara │ ├── rootkit │ │ ├── kernel.yara │ │ ├── refs.yara │ │ └── userspace.yara │ ├── security_tools │ │ └── amsi_bypass.yara │ ├── self_deletion │ │ ├── remove_self.yara │ │ └── run_and_delete.yara │ └── time │ │ └── php_no_time_limit.yara ├── exec │ ├── cmd │ │ ├── cmd.yara │ │ ├── npm_preinstall.yara │ │ └── pipe.yara │ ├── conditional │ │ ├── LANG-set.yara │ │ ├── LANG.yara │ │ ├── is_admin.yara │ │ └── root-check.yara │ ├── dylib │ │ ├── address-check.yara │ │ ├── iterate.yara │ │ ├── open.yara │ │ ├── replace.yara │ │ ├── symbol-address.yara │ │ ├── user.yara │ │ └── windll.yara │ ├── imports │ │ └── python.yara │ ├── install_additional │ │ ├── add_apt_key.yara │ │ ├── package-install.yara │ │ └── pip_install.yara │ ├── plugin │ │ └── plugin.yara │ ├── program │ │ ├── hidden.yara │ │ ├── opaque.yara │ │ ├── program-background.yara │ │ ├── program.yara │ │ └── tmpdir.yara │ ├── reconfigure │ │ ├── hostname-set.yara │ │ ├── nmi_watchdog.yara │ │ └── vm.nr_hugepages.yara │ ├── remote_commands │ │ ├── code_eval.yara │ │ └── squiblydoo.yara │ ├── script │ │ ├── activex.yara │ │ ├── automator_launcher.yara │ │ ├── osascript.yara │ │ ├── powershell_encoded.yara │ │ ├── powershell_hidden.yara │ │ ├── python.yara │ │ ├── ruby.yara │ │ ├── shellscript.yara │ │ └── wsh.yara │ ├── shell │ │ ├── SHELL.yara │ │ ├── TERM.yara │ │ ├── arbitrary_command-dev_null.yara │ │ ├── background-sleep.yara │ │ ├── background_launcher.yara │ │ ├── bash_dev_tcp.yara │ │ ├── bash_dev_udp.yara │ │ ├── busybox-exec.yara │ │ ├── byte_offsets.yara │ │ ├── command.yara │ │ ├── echo.yara │ │ ├── exec.yara │ │ ├── ignore_output.yara │ │ ├── nohup.yara │ │ ├── pipe_sh.yara │ │ ├── pipe_to_background.yara │ │ ├── powershell.yara │ │ ├── relative-semicolon.yara │ │ ├── shell32.yara │ │ ├── sighup_trap.yara │ │ ├── tmp_semicolon.yara │ │ └── unusual_redirect.yara │ ├── system_controls │ │ ├── apparmor.yara │ │ ├── stop.yara │ │ └── systemd.yara │ └── tty │ │ ├── curses.yara │ │ ├── getpass.yara │ │ ├── isatty.yara │ │ ├── open.yara │ │ ├── parameters-get.yara │ │ ├── pathname.yara │ │ ├── terminfo.yara │ │ └── vhangup.yara ├── exfil │ ├── Library-Mail.yara │ ├── b64_zlib.yara │ ├── collection.yara │ ├── curl_elf.yara │ ├── curl_post.yara │ ├── discord.yara │ ├── exfil.yara │ ├── http_headers.yara │ ├── interface_testing.yara │ ├── nodejs.yara │ ├── npm.yara │ ├── oauth.yara │ ├── office_file_ext.yara │ ├── oob.yara │ ├── php.yara │ ├── proxy.yara │ ├── smtp.yara │ ├── stealer │ │ ├── archive.yara │ │ ├── browser.yara │ │ ├── camera.yara │ │ ├── clipboard.yara │ │ ├── cloud.yara │ │ ├── connect_glob_exec.yara │ │ ├── credit_card.yara │ │ ├── creds.yara │ │ ├── crypto.yara │ │ ├── cryptocurrency.yara │ │ ├── discord.yara │ │ ├── file.yara │ │ ├── keylogger.yara │ │ ├── linux_server.yara │ │ ├── notes.yara │ │ ├── pam.yara │ │ ├── password.yara │ │ ├── php.yara │ │ ├── python.yara │ │ ├── sqlite.yara │ │ ├── ssh.yara │ │ ├── stealer.yara │ │ ├── telegram.yara │ │ ├── tools.yara │ │ ├── userdata.yara │ │ ├── vmware.yara │ │ └── wallet.yara │ ├── sysinfo_http.yara │ ├── telegram.yara │ ├── upload.yara │ ├── upload_netinfo.yara │ ├── upload_sysinfo.yara │ ├── whoami_hostname.yara │ └── zip.yara ├── false_positives │ ├── acme.yara │ ├── ansible.yara │ ├── ap_compiler.yara │ ├── arangodb.yara │ ├── brave.yara │ ├── brctl.yara │ ├── buildah.yara │ ├── busybox.yara │ ├── clamav.yara │ ├── coraza.yara │ ├── druid.yara │ ├── fastfetch.yara │ ├── filebeat.yara │ ├── flatpak.yara │ ├── fzf.yara │ ├── gitlab.yara │ ├── go_1.17.yara │ ├── jaraco.yara │ ├── kandji.yara │ ├── kibana.yara │ ├── knative.yara │ ├── kong.yara │ ├── libgcj.yara │ ├── linux_src.yara │ ├── lslogins.yara │ ├── ltp.yara │ ├── mattermost.yara │ ├── nextcloud.yara │ ├── nmap.yara │ ├── nvim.yara │ ├── opensearch_dashboard.yara │ ├── osqueryd.yara │ ├── parseable.yara │ ├── pastebinit.yara │ ├── pouchdb.yara │ ├── prisma_client_js.yara │ ├── psm.yara │ ├── psutil.yara │ ├── py_hatch.yara │ ├── py_versioneer.yara │ ├── pytorch.yara │ ├── qemu.yara │ ├── rancher.yara │ ├── rb_train_core.yara │ ├── rust.yara │ ├── security.yara │ ├── setuptools.yara │ ├── snapd.yara │ ├── socat.yara │ ├── sonarqube.yara │ ├── sqlmap.yara │ ├── ssh.yara │ ├── sudo.yara │ ├── systemd.yara │ ├── tensorflow_model_analysis.yara │ ├── torchvision_libs.yara │ ├── trino_upx.yara │ ├── trufflehog.yara │ ├── virtualbox.yara │ ├── vmtools.yara │ ├── wireshark.yara │ ├── wordpress.yara │ └── xdg-open.yara ├── fs │ ├── attributes │ │ ├── chattr.yara │ │ ├── remove.yara │ │ ├── set.yara │ │ └── xattr.yara │ ├── blkid.yara │ ├── device-control.yara │ ├── directory │ │ ├── directory-create.yara │ │ ├── directory-list.yara │ │ ├── directory-remove.yara │ │ └── directory-traverse.yara │ ├── event-monitoring.yara │ ├── fifo-create.yara │ ├── file │ │ ├── binmode.yara │ │ ├── exists.yara │ │ ├── file-access-check.yara │ │ ├── file-append.yara │ │ ├── file-capabilities-set.yara │ │ ├── file-copy.yara │ │ ├── file-create.yara │ │ ├── file-delete-forcibly.yara │ │ ├── file-delete.yara │ │ ├── file-flags-change.yara │ │ ├── file-make_executable.yara │ │ ├── file-open-by_handle.yara │ │ ├── file-open.yara │ │ ├── file-path.yara │ │ ├── file-permission-mask-set.yara │ │ ├── file-permissions-setuid.yara │ │ ├── file-read.yara │ │ ├── file-rename.yara │ │ ├── file-stat.yara │ │ ├── file-sync.yara │ │ ├── file-times-set.yara │ │ ├── file-truncate.yara │ │ └── file-write.yara │ ├── inode-flags.yara │ ├── link-create.yara │ ├── link-read.yara │ ├── lock-update.yara │ ├── loopback.yara │ ├── mmap.yara │ ├── mount.yara │ ├── mounts-read.yara │ ├── node-create.yara │ ├── overwrite.yara │ ├── path │ │ ├── app_data.yara │ │ ├── applications.yara │ │ ├── bin-su.yara │ │ ├── boot.yara │ │ ├── browser_extensions.yara │ │ ├── dev-null.yara │ │ ├── dev.yara │ │ ├── etc-hosts.yara │ │ ├── etc-initd.yara │ │ ├── etc-resolv.conf.yara │ │ ├── etc.yara │ │ ├── file-url.yara │ │ ├── home-config.yara │ │ ├── home.yara │ │ ├── home_library.yara │ │ ├── lib-dynamic.yara │ │ ├── lib64.yara │ │ ├── path-from-cookie.yara │ │ ├── relative.yara │ │ ├── root.yara │ │ ├── tmp.yara │ │ ├── users.yara │ │ ├── usr-bin.yara │ │ ├── usr-lib-python.yara │ │ ├── usr-local.yara │ │ ├── usr-sbin-telnetd.yara │ │ ├── usr-sbin.yara │ │ ├── var-containers.yara │ │ ├── var-log.yara │ │ ├── var-profile.yara │ │ ├── var.yara │ │ └── windows_root.yara │ ├── permission │ │ ├── permission-chown.yara │ │ ├── permission-get.yara │ │ └── permission-modify.yara │ ├── proc │ │ ├── 1-cgroup.yara │ │ ├── arbitrary-pid.yara │ │ ├── cpuinfo.yara │ │ ├── meminfo.yara │ │ ├── mounts.yara │ │ ├── net-dev.yara │ │ ├── net_route.yara │ │ ├── nvidia_gpu.yara │ │ ├── oom_score_adj.yara │ │ ├── pid-cmdline.yara │ │ ├── pid-environ.yara │ │ ├── pid-exe.yara │ │ ├── pid-fd.yara │ │ ├── pid-inspector.yara │ │ ├── pid-maps.yara │ │ ├── pid-stat.yara │ │ ├── pid-statistics.yara │ │ ├── pid-status.yara │ │ ├── self-cgroup.yara │ │ ├── self-cmdline.yara │ │ ├── self-exe.yara │ │ ├── self-mountinfo.yara │ │ ├── self-status.yara │ │ ├── stat.yara │ │ └── sys-kernel-osrelease.yara │ ├── quota-manipulate.yara │ ├── swap │ │ ├── swap-off.yara │ │ └── swap-on.yara │ ├── symlink-create.yara │ ├── symlink-resolve.yara │ ├── tempdir │ │ ├── TEMP.yara │ │ ├── TMPDIR.yara │ │ ├── _MEIPASS.yara │ │ ├── tempdir-create.yara │ │ └── tempdir.yara │ ├── tempfile.yara │ ├── unmount.yara │ └── watch.yara ├── hw │ ├── cpu.yara │ ├── dev │ │ ├── block-device.yara │ │ ├── diskmapper.yara │ │ ├── flash_memory.yara │ │ ├── kmem.yara │ │ ├── mapper.yara │ │ ├── mem.yara │ │ ├── sd_mmc.yara │ │ └── ubi.yara │ ├── disk-info.yara │ ├── hardware-enumeration.yara │ ├── iokit-registry.yara │ ├── keyboard.yara │ ├── numa.yara │ ├── urandom.yara │ ├── webcam.yara │ └── wireless.yara ├── impact │ ├── cryptojacking │ │ ├── argon2d_numa_self.yara │ │ ├── competitive.yara │ │ ├── cryptonight.yara │ │ ├── generic.yara │ │ ├── hugepages_nmi_crypto.yara │ │ ├── monero-pool.yara │ │ ├── multiple.yara │ │ ├── nicehash_pool.yara │ │ ├── tls_dp_port.yara │ │ ├── whirlpool.yara │ │ └── xmrig.yara │ ├── ddos │ │ ├── ddos.yara │ │ └── raw_flooder.yara │ ├── degrade │ │ ├── app.yara │ │ ├── bluescreen.yara │ │ ├── edr.yara │ │ ├── firewall.yara │ │ ├── httpd.yara │ │ ├── infection.yara │ │ ├── linux_paths.yara │ │ ├── panic.yara │ │ ├── procfs_unhide.yara │ │ ├── spctl.yara │ │ ├── sshd.yara │ │ ├── systemd.yara │ │ └── win_defender.yara │ ├── exploit │ │ ├── GCONV_PATH.yara │ │ ├── GLIBC_TUNABLES.yara │ │ ├── breakout.yara │ │ ├── cdn_cgi.yara │ │ ├── cve.yara │ │ ├── cve_list.yara │ │ ├── exploit.yara │ │ ├── kaslr.yara │ │ ├── known_exploits.yara │ │ ├── overflow-shellcode.yara │ │ ├── pwnkit.yara │ │ └── wordpress_xmlrpc.yara │ ├── infection │ │ ├── infected.yara │ │ ├── infector.yara │ │ ├── router.yara │ │ ├── set-default-application.yara │ │ └── worm.yara │ ├── ransom │ │ ├── crypto_tor.yara │ │ ├── curl_aes_base64.yara │ │ ├── decryptor.yara │ │ ├── fernet_listdir.yara │ │ ├── linux.yara │ │ ├── locked.yara │ │ ├── lvt_locker.yara │ │ └── note.yara │ ├── reboot.yara │ ├── registry.yara │ ├── remote_access │ │ ├── agent.yara │ │ ├── backdoor.yara │ │ ├── base64_exec.yara │ │ ├── botnet.yara │ │ ├── browser_extension.yara │ │ ├── crypto_geoip_exec.yara │ │ ├── crypto_listen_socks.yara │ │ ├── curl_easy.yara │ │ ├── daemon.yara │ │ ├── dbg_exec_post.yara │ │ ├── dl_iterate.yara │ │ ├── dll_injection.yara │ │ ├── dlsym_pthread_exec.yara │ │ ├── exec_resolve_tmp.yara │ │ ├── go.yara │ │ ├── heartbeat.yara │ │ ├── implant.yara │ │ ├── ioplatform_sketchy.yara │ │ ├── iptables.yara │ │ ├── kill_rm.yara │ │ ├── listen_shell.yara │ │ ├── net_exec.yara │ │ ├── net_pidlist.yara │ │ ├── net_shell.yara │ │ ├── net_term.yara │ │ ├── nodejs.yara │ │ ├── open_base64.yara │ │ ├── payload.yara │ │ ├── php.yara │ │ ├── php_login.yara │ │ ├── pseudo_terminal.yara │ │ ├── py_setuptools.yara │ │ ├── remote_eval.yara │ │ ├── reverse_shell.yara │ │ ├── router.yara │ │ ├── rtty.yara │ │ ├── socat.yara │ │ ├── socket_filter_exec.yara │ │ ├── ssh.yara │ │ ├── sys_cmd.yara │ │ ├── systemctl.yara │ │ └── trojan.yara │ ├── resource │ │ ├── bank_xfer.yara │ │ └── forkbomb.yara │ ├── rootkit │ │ └── rootkit.yara │ ├── services │ │ └── esxcli.yara │ ├── shutdown.yara │ ├── ui │ │ ├── alert.yara │ │ ├── control.yara │ │ ├── dock-hide.yara │ │ ├── parses-arguments.yara │ │ ├── screen-capture.yara │ │ ├── screensaver.yara │ │ ├── window-watcher.yara │ │ ├── x11-auth.yara │ │ └── xsession.yara │ └── wipe │ │ ├── bash.yara │ │ ├── crypto.yara │ │ ├── desktop.yara │ │ ├── format.yara │ │ └── shadow_copy.yara ├── internal │ └── malcontent.yara ├── lateral │ ├── exploit │ │ └── iot.yara │ ├── scan │ │ ├── brute_force.yara │ │ ├── cve-2024-4577.yara │ │ ├── expect_scanner.yara │ │ ├── passwords.yara │ │ ├── random_target.yara │ │ ├── scan_tool.yara │ │ └── target_ip.yara │ ├── ssh │ │ ├── ssh_attack.yara │ │ └── worm.yara │ └── vmware │ │ └── vms.yara ├── malware │ ├── family │ │ ├── amos.yara │ │ ├── applejeus.yara │ │ ├── avasa-zombie.yara │ │ ├── bdvl.yara │ │ ├── beast.yara │ │ ├── beaver_tail.yara │ │ ├── beurk.yara │ │ ├── clapzok.yara │ │ ├── conti.yara │ │ ├── diamorphine.yara │ │ ├── emp3r0r.yara │ │ ├── fontonlake.yara │ │ ├── gafgyt.yara │ │ ├── gelsemium.yara │ │ ├── kaiji.yara │ │ ├── kubo_injector.yara │ │ ├── leet_hozer.yara │ │ ├── lockscreen.yara │ │ ├── lolminer.yara │ │ ├── mallox.yara │ │ ├── medusa.yara │ │ ├── melofee.yara │ │ ├── messagetap.yara │ │ ├── mirai.yara │ │ ├── pawns.yara │ │ ├── platypus.yara │ │ ├── poseidon_stealer.yara │ │ ├── rustdoor.yara │ │ ├── skuld.yara │ │ ├── sshdoor.yara │ │ ├── stealthworker.yara │ │ ├── tinyshell.yara │ │ ├── vncjew.yara │ │ ├── vshell.yara │ │ └── yakuza.yara │ ├── framework │ │ ├── brute_ratel.yara │ │ ├── cobalt_strike.yara │ │ ├── geacon.yara │ │ ├── havoc.yara │ │ ├── merlin.yara │ │ └── silver.yara │ └── ref.yara ├── mem │ ├── advise.yara │ ├── anonymous-file.yara │ ├── lock.yara │ ├── mprotect.yara │ ├── protect.yara │ └── query.yara ├── net │ ├── dns │ │ ├── dns-over-https.yara │ │ ├── dns-reverse.yara │ │ ├── dns-servers.yara │ │ ├── dns-txt.yara │ │ └── dns.yara │ ├── download │ │ ├── download.yara │ │ └── fetch.yara │ ├── email │ │ ├── exotic_addr.yara │ │ └── send.yara │ ├── ftp │ │ ├── ftp.yara │ │ └── tftp.yara │ ├── http │ │ ├── accept-encoding.yara │ │ ├── accept.yara │ │ ├── auth.yara │ │ ├── content-length.yara │ │ ├── cookies.yara │ │ ├── fake-user-agent.yara │ │ ├── form-upload.yara │ │ ├── http-request.yara │ │ ├── http-server.yara │ │ ├── http.yara │ │ ├── http2.yara │ │ ├── oauth2-google.yara │ │ ├── oauth2-office365.yara │ │ ├── oauth2.yara │ │ ├── post.yara │ │ ├── proxy.yara │ │ ├── webhook.yara │ │ └── websocket.yara │ ├── ip │ │ ├── addr.yara │ │ ├── asn.yara │ │ ├── connect.yara │ │ ├── dial.yara │ │ ├── host_port.yara │ │ ├── icmp.yara │ │ ├── ip-byte-order.yara │ │ ├── ip-multicast-send.yara │ │ ├── ip-parse.yara │ │ ├── ip-resolve.yara │ │ ├── ip-send-unicast.yara │ │ ├── ip-spoof.yara │ │ ├── ip-string.yara │ │ ├── ip.yara │ │ ├── ipp-request.yara │ │ ├── listen-free_port.yara │ │ ├── spoof.yara │ │ ├── sunrpc.yara │ │ ├── syncookie.yara │ │ └── tcp-state_tracker.yara │ ├── p2p │ │ ├── i2p.yara │ │ └── tor.yara │ ├── proxy │ │ ├── proxy-install.yara │ │ ├── proxy_server.yara │ │ ├── reverse_proxy.yara │ │ ├── shadowsocks.yara │ │ ├── socks5.yara │ │ ├── tunnel.yara │ │ └── tunnel_proxy.yara │ ├── remote_control │ │ └── vnc.yara │ ├── resolve │ │ ├── hostname-resolve.yara │ │ └── hostport-parse.yara │ ├── rpc │ │ └── ntlm.yara │ ├── socket │ │ ├── multiplexing.yara │ │ ├── pair.yara │ │ ├── raw.yara │ │ ├── reuseport.yara │ │ ├── socket-connect.yara │ │ ├── socket-listen.yara │ │ ├── socket-local_addr.yara │ │ ├── socket-options-get.yara │ │ ├── socket-options-set.yara │ │ ├── socket-peer-address.yara │ │ ├── socket-receive.yara │ │ ├── socket-send.yara │ │ ├── socket.yara │ │ └── socket_filter.yara │ ├── ssh │ │ └── fake-ssh_user_agent.yara │ ├── ssl │ │ ├── no_verify.yara │ │ └── socket.yara │ ├── tcp │ │ ├── ackflood.yara │ │ ├── attack.yara │ │ ├── connect.yara │ │ ├── grpc.yara │ │ ├── irc.yara │ │ ├── listen.yara │ │ ├── raw.yara │ │ ├── sftp.yara │ │ ├── ssh.yara │ │ └── synflood.yara │ ├── telephony │ │ ├── sms.yara │ │ └── tcap.yara │ ├── tun_tap.yara │ ├── udp │ │ ├── attack.yara │ │ ├── kcp.yara │ │ ├── udp-receive.yara │ │ ├── udp-send.yara │ │ └── upnp.yara │ ├── url │ │ ├── embedded.yara │ │ ├── encode.yara │ │ ├── parse.yara │ │ └── request.yara │ └── webrtc.yara ├── os │ ├── entitlements │ │ └── iokit.yara │ ├── env │ │ ├── get.yara │ │ ├── set.yara │ │ └── unset.yara │ ├── fd │ │ ├── access.yara │ │ ├── epoll.yara │ │ ├── manipulate.yara │ │ ├── multiplex.yara │ │ ├── print.yara │ │ ├── read.yara │ │ ├── sendfile.yara │ │ └── write.yara │ ├── kernel │ │ ├── dispatch-semaphore.yara │ │ ├── hardware-locality.yara │ │ ├── kcore.yara │ │ ├── key-management.yara │ │ ├── netlink.yara │ │ ├── opencl.yara │ │ ├── perfmon.yara │ │ ├── sandbox.yara │ │ ├── seccomp.yara │ │ └── sysctl.yara │ ├── macos_logging.yara │ ├── service │ │ └── syslog.yara │ ├── signal │ │ ├── group-send.yara │ │ ├── handle-ALRM.yara │ │ ├── handle-HUP.yara │ │ ├── handle-INFO.yara │ │ ├── handle-INT.yara │ │ ├── handle-QUIT.yara │ │ ├── handle-WINCH.yara │ │ ├── handle.yara │ │ ├── mask.yara │ │ └── send.yara │ ├── sync │ │ └── semaphore-user.yara │ └── time │ │ ├── clock-convert.yara │ │ ├── clock-get.yara │ │ ├── clock-set.yara │ │ ├── clock-sleep.yara │ │ └── tzinfo.yara ├── persist │ ├── cron │ │ ├── etc_cron_d.yara │ │ └── tab.yara │ ├── daemon │ │ ├── daemon.yara │ │ └── detach.yara │ ├── kernel_module │ │ ├── load.yara │ │ ├── module.yara │ │ ├── name.yara │ │ ├── symbol-lookup.yara │ │ └── unload.yara │ ├── launchd │ │ ├── com.apple.plist.yara │ │ ├── launch-agent.yara │ │ └── launchd-load.yara │ ├── linux_multi.yara │ ├── pid_file.yara │ ├── plugin.yara │ ├── service │ │ ├── install.yara │ │ └── start.yara │ ├── shell │ │ ├── bash.yara │ │ ├── init_files.yara │ │ └── zsh.yara │ ├── ssh_authorized_keys.yara │ ├── sshd_config.yara │ ├── system-configuration.yara │ ├── systemd │ │ ├── execstart-elsewhere.yara │ │ ├── execstop-bin-sh.yara │ │ ├── execstop-elsewhere.yara │ │ ├── execstop-usr-bin.yara │ │ ├── no_blank_lines.yara │ │ ├── no_docs_or_comments.yara │ │ ├── no_output.yara │ │ ├── out_of_dependency_tree.yara │ │ ├── restart-always.yara │ │ └── short-description.yara │ ├── sysv │ │ └── sysv.yara │ ├── windows_start.yara │ ├── writeable_dir.yara │ └── xdg_desktop_entry.yara ├── privesc │ ├── generic.yara │ ├── linpeas.yara │ ├── osascript.yara │ ├── rootshell.yara │ ├── runas.yara │ ├── setuid.yara │ ├── su.yara │ ├── sudo.yara │ ├── sudoers.yara │ └── uac_bypass.yara ├── process │ ├── alarm.yara │ ├── backtrace.yara │ ├── chdir.yara │ ├── chroot.yara │ ├── create.yara │ ├── executable_path.yara │ ├── exists.yara │ ├── group │ │ ├── create.yara │ │ └── set.yara │ ├── groupid-set.yara │ ├── groups-set.yara │ ├── limit-set.yara │ ├── multiprocess.yara │ ├── multithreaded.yara │ ├── name-set.yara │ ├── namespace-set.yara │ ├── print-error.yara │ ├── pthreads.yara │ ├── setpriority.yara │ ├── terminate │ │ ├── arbitrary.yara │ │ ├── kill-multiple.yara │ │ ├── killed_all.yara │ │ ├── taskkill.yara │ │ └── terminate.yara │ ├── unshare.yara │ └── username-set.yara ├── rules.go ├── sec-tool │ ├── credentials │ │ └── mimikatz.yara │ ├── net │ │ ├── chisel.yara │ │ ├── dirbuster.yara │ │ ├── masscan.yara │ │ ├── nmap.yara │ │ ├── trojan.yara │ │ └── venom.yara │ ├── pentest │ │ ├── metasploit_ref.yara │ │ └── smbexec.yara │ ├── pua │ │ └── backtrack.yara │ ├── recon │ │ └── pspy.yara │ └── vulncheck │ │ └── metasploit.yara └── sus │ ├── compiler.yara │ ├── entitlement.yara │ ├── exclamation.yara │ ├── geopolitics.yara │ ├── intercept.yara │ ├── lang.yara │ ├── leetspeak.yara │ └── malicious.yara ├── tests ├── c │ └── clean │ │ ├── falco │ │ ├── filter_compiler.ut.cpp.simple │ │ ├── ppm_events.c.simple │ │ └── string_visitor.ut.cpp.simple │ │ └── ruby_http_parser │ │ └── test.c.simple ├── does-nothing │ ├── does-nothing.go.simple │ └── does-nothing.simple ├── find-missing-testdata.sh ├── javascript │ ├── 2022.an-instance.99.10.9 │ │ └── index.js.simple │ ├── 2024.STRRAT │ │ └── f252f6e0d8f9f687751843dbc0be03d4f2ceb468e8453a4940d │ ├── 2024.lottie-player │ │ └── lottie-player.min.js.mdiff │ ├── 2024.obfuscated │ │ ├── 002b815349c937aa5742a14d349dbc841c7348990e21a42fe7a503a5bfa562a6.js.simple │ │ ├── 009a55a7695bc32f0d031205475b356ceebd840d820ae9e7ee5e6d74ae45185e.js.simple │ │ ├── 04363d3c6d6f3badf15f8e99d3739612a7eec439cdcb4457150bbb330a829e7a.js.simple │ │ └── 0619bf6e9a2151b1b37360cbdd7e46fc7f0059f20ba0ca5853cdbde1f0b29e36.js.simple │ ├── 2024.xmlrpc │ │ └── validator.js.simple │ └── clean │ │ ├── 203.b7219352.chunk.js.simple │ │ ├── 3937.844b09f50594ca2613b4.js.map.simple │ │ ├── 5A50D54796BB27126E03A7E25DD5D589.cache.js.simple │ │ ├── 5D3EB8D016DDDA0665CB8CD8EEA6C537.cache.js.simple │ │ ├── bash.js.simple │ │ ├── connection.js.simple │ │ ├── faker.js.simple │ │ ├── faker.min.js.simple │ │ ├── frequency_lists.js.simple │ │ ├── highlight.esm.js.simple │ │ ├── highlight.js.simple │ │ ├── http2wrapper.js.simple │ │ ├── index.js.map.simple │ │ ├── lottie-player.min.js.simple │ │ ├── mode-php.js.simple │ │ ├── mode-php_laravel_blade.js.simple │ │ ├── napi_rs_runtime.js.simple │ │ ├── php.js.simple │ │ ├── powershell.js.simple │ │ ├── prism-bash.js.simple │ │ ├── prism-bash.min.js.simple │ │ ├── scripts.c88fecd373e21509.js.simple │ │ ├── securityDashboards.plugin.js.simple │ │ ├── yarn-3.8.7.cjs.simple │ │ └── zxcvbn.js.simple ├── linux │ ├── 2019.ChinaZ │ │ └── yk.simple │ ├── 2020.bdvl │ │ └── bdvl.so.simple │ ├── 2021.FontOnLake │ │ └── 45E9.elf.simple │ ├── 2021.XMR-Stak │ │ └── 1b1a56.elf.simple │ ├── 2022.Conti │ │ └── bb64b27.elf_x86_64.simple │ ├── 2022.Magneto │ │ └── magnet_goblin_dropper.sh.simple │ ├── 2022.Symbiote │ │ └── kerneldev.so.bkp.simple │ ├── 2022.bpfdoor │ │ ├── 2023.ConnectBack │ │ │ └── tiny.md │ │ ├── bpfdoor_1.simple │ │ └── bpfdoor_2.simple │ ├── 2022.ez-pwnkit │ │ ├── PWN.so.simple │ │ └── payload.simple │ ├── 2023.ConnectBack │ │ ├── tiny.md │ │ └── tiny2.simple │ ├── 2023.FreeDownloadManager │ │ └── freedownloadmanager.sdiff │ ├── 2023.Gafgyt │ │ └── 5636cddb43.elf.x86.simple │ ├── 2023.Kinsing │ │ └── install.sh.simple │ ├── 2024.Beast │ │ └── wyoming-xray-undress-robert.simple │ ├── 2024.Darkcracks │ │ └── darkcracks.sh.md │ ├── 2024.Gelsemium │ │ ├── dbus.simple │ │ ├── kde.simple │ │ ├── libselinux.so.simple │ │ ├── udevd.simple │ │ └── udevd_multi.simple │ ├── 2024.Kaiji │ │ └── eight-nebraska-autumn-illinois.simple │ ├── 2024.Mirai │ │ ├── f3b4c5d865f143dc8b9edc58a3d427d804a3c2a3988020a60dbac8a242d344f1.elf.simple │ │ └── ppc.simple │ ├── 2024.PAN-OS.Upstyle │ │ ├── dropper.sh.simple │ │ ├── dropper2.sh.simple │ │ ├── update.py.simple │ │ ├── update_base64_payload1.py.simple │ │ └── update_base64_payload2.py.simple │ ├── 2024.Spinning.YARN │ │ └── yarn_w.sh.simple │ ├── 2024.TellYouThePass │ │ └── uranus-ack-mike-cat.simple │ ├── 2024.chisel │ │ └── crondx.simple │ ├── 2024.clobber_xmrig │ │ └── cba8d79949adc3c56c02fee56644f4084b7471bc5aed1c81803054f017240a72.simple │ ├── 2024.fog │ │ └── 5a99a15406c218fd6862f90ed3534fb8f0a888bb0c5a09192eae01d595f05bc5.elf.simple │ ├── 2024.gas │ │ └── gas.simple │ ├── 2024.hadooken │ │ ├── crondr_as_bash.sh.simple │ │ ├── drop1.sh.simple │ │ ├── drop2.sh.simple │ │ ├── drop3.sh.simple │ │ ├── drop3_mod.sh.simple │ │ ├── figure4.py.simple │ │ ├── ssh_worm.sh.simple │ │ └── wipe_logs.sh.simple │ ├── 2024.httpd_killer │ │ └── c1248351b7474443e53a14be4901136077738798d34a93040cffdc6daef31586.elf.simple │ ├── 2024.k4spreader │ │ ├── 2.decoded.simple │ │ ├── 2.simple │ │ ├── d.py.simple │ │ ├── degrader.sh.simple │ │ ├── install.sh.simple │ │ └── knlib.simple │ ├── 2024.kubo_injector │ │ └── injector.json │ ├── 2024.kworker_pretenders │ │ ├── aclocal.m4.simple │ │ ├── emp3r0r.agent.simple │ │ └── gafgyt.simple │ ├── 2024.medusa │ │ └── rkload.simple │ ├── 2024.melofee │ │ ├── 2023.758b0934b7.elf.simple │ │ ├── 2023.8d855c2874.elf.simple │ │ ├── driver_decrypted.simple │ │ └── pskt.simple │ ├── 2024.miner_dropper │ │ └── drop.sh.simple │ ├── 2024.sbcl.market │ │ ├── sbcl.clean.simple │ │ └── sbcl.sdiff │ ├── 2024.sliver │ │ └── de33b8d9694b6b4c44e3459b2151571af5d0e2031551f9f1a70b6db475ba71b2.elf.simple │ ├── 2024.sshdoor │ │ └── dd98ee5273a02829167b255baf9979759f84a0a6b7769a67ecbf6c0c9100c38d.elf.simple │ ├── 2024.vncjew │ │ └── __min__c.json │ ├── 2024.xzutils │ │ ├── liblzma.so.5.6.1.simple │ │ ├── liblzma.so.5.6.3.simple │ │ └── liblzma_la-crc64-fast.o.simple │ ├── UPX │ │ └── 06ed158.md │ ├── clean │ │ ├── Mcrt1.o.simple │ │ ├── ModemManager.service.simple │ │ ├── TEST-07-PID1.main-PID-change.sh.simple │ │ ├── acme.sh.simple │ │ ├── appsec-rules.json.simple │ │ ├── aws-c-io │ │ │ ├── aws-c-io-0.14.10-r0.spdx.json.simple │ │ │ ├── aws-c-io-0.14.11-r0.spdx.json.simple │ │ │ └── aws-c-io.sdiff │ │ ├── bat.simple │ │ ├── bazel.simple │ │ ├── botan.simple │ │ ├── bpftool.simple │ │ ├── buildah.simple │ │ ├── buildkitd.simple │ │ ├── busybox.simple │ │ ├── caddy.simple │ │ ├── chezmoi.simple │ │ ├── chrome.simple │ │ ├── clickhouse.simple │ │ ├── code-oss.md │ │ ├── containerd.simple │ │ ├── cpack.md │ │ ├── default_config.json.simple │ │ ├── emscripten.sh.simple │ │ ├── eza.simple │ │ ├── gcry_blowfish.mod.simple │ │ ├── healthcheck.simple │ │ ├── http-fingerprints.lua.simple │ │ ├── kibana │ │ │ ├── 2d62889e-e758-4c5e-b57e-c735914ee32a_101.json.simple │ │ │ ├── 2e29e96a-b67c-455a-afe4-de6183431d0d_111.json.simple │ │ │ ├── 3728c08d-9b70-456b-b6b8-007c7d246128_5.json.simple │ │ │ ├── 83bf249e-4348-47ba-9741-1202a09556ad_101.json.simple │ │ │ ├── 8da41fc9-7735-4b24-9cc6-c78dfc9fc9c9_108.json.simple │ │ │ ├── 951779c2-82ad-4a6c-82b8-296c1f691449_2.json.simple │ │ │ ├── ac96ceb8-4399-4191-af1d-4feeac1f1f46_108.json.simple │ │ │ ├── cde1bafa-9f01-4f43-a872-605b678968b0_111.json.simple │ │ │ ├── credential_access_dumping_keychain_security.json.simple │ │ │ ├── defense_evasion_defender_exclusion_via_powershell.json.simple │ │ │ ├── securitySolution.chunk.22.js.simple │ │ │ └── securitySolution.chunk.9.js.simple │ │ ├── kolide │ │ │ ├── launcher.simple │ │ │ └── osqueryd.simple │ │ ├── kuma-cp.simple │ │ ├── ld-2.27.so.simple │ │ ├── libBrokenLocale-2.27.so.simple │ │ ├── libasan.so.8.0.0.simple │ │ ├── libc.so.6.simple │ │ ├── libgcj.so.17.0.0.simple │ │ ├── libgcj.so.17.simple │ │ ├── libpam.so.0.simple │ │ ├── libsystemd.so.0.simple │ │ ├── linux-s390x.sh.simple │ │ ├── linux-sparc64.sh.simple │ │ ├── ls.x86_64.md │ │ ├── lslogins.md │ │ ├── melange.simple │ │ ├── minio_x86_64.md │ │ ├── misp_sample.ndjson.log.simple │ │ ├── mongosh.simple │ │ ├── neuvector_agent_aarch64.md │ │ ├── nvim.simple │ │ ├── opa.simple │ │ ├── pam_lastlog.so.simple │ │ ├── pandoc.md │ │ ├── ping.x86_64.md │ │ ├── pull-scripts.simple │ │ ├── pulumi.simple │ │ ├── pypi_package_index.json.simple │ │ ├── qemu-system-xtensa.md │ │ ├── redis-server.aarch64.md │ │ ├── rules.json.simple │ │ ├── runtime-security-fentry.o.simple │ │ ├── runtime-security-syscall-wrapper.o.simple │ │ ├── runtime-security.o.simple │ │ ├── rust_libtest-350a2b8f7a4551b7.so.simple │ │ ├── searchindex.json.simple │ │ ├── slack.md │ │ ├── slirp4netns.simple │ │ ├── sonarlint-metadata.json.simple │ │ ├── sshd.simple │ │ ├── sudo.simple │ │ ├── systemd-sysv-generator.simple │ │ ├── tracer.o.aarch64.simple │ │ ├── tree-sitter.md │ │ ├── trino.linux-amd64.launcher.json │ │ ├── trino.linux-arm64.launcher.json │ │ ├── trino.linux-ppc64le.launcher.json │ │ ├── trivy.simple │ │ ├── trufflehog.md │ │ ├── uuid.so.simple │ │ ├── viewgam.md │ │ ├── vitess │ │ │ ├── vtadmin.simple │ │ │ └── vtclient.simple │ │ ├── wikiticker-2015-09-12-sampled.json.simple │ │ ├── wolfictl.simple │ │ ├── x11vnc.simple │ │ ├── yarn-package.json.simple │ │ └── zipdetails.md │ ├── mimipenguin │ │ ├── bash │ │ │ └── mimipenguin.simple │ │ ├── c │ │ │ └── mimipenguin.simple │ │ └── python │ │ │ └── mimipenguin.simple │ └── synthetic │ │ ├── cnc-dns-over-https.aarch64.simple │ │ └── github-attach-fetch.sh.simple ├── macOS │ ├── 2023.3CX │ │ ├── libffmpeg.change_decrease.mdiff │ │ ├── libffmpeg.change_increase.mdiff │ │ ├── libffmpeg.change_no_change.mdiff │ │ ├── libffmpeg.change_unrelated.mdiff │ │ ├── libffmpeg.decrease.mdiff │ │ ├── libffmpeg.dirty.dylib.simple │ │ ├── libffmpeg.dirty.mdiff │ │ ├── libffmpeg.dylib.simple │ │ ├── libffmpeg.increase.mdiff │ │ ├── libffmpeg.increase_unrelated.mdiff │ │ └── libffmpeg.no_change.mdiff │ ├── 2024.79-137-192-4 │ │ └── var_tmp_exe_starting2.simple │ ├── 2024.AMOS │ │ ├── Cosmical_setup.simple │ │ ├── FlaUI_Driver.simple │ │ ├── Installer.simple │ │ ├── InstallerCrack.simple │ │ ├── WeChat.simple │ │ ├── example.scpt.simple │ │ ├── grey-louisiana-earth-yellow.simple │ │ └── setup.simple │ ├── 2024.AppleApp │ │ └── AppleApp.simple │ ├── 2024.BeaverTail │ │ ├── Jami.json │ │ └── client_5346.py.simple │ ├── 2024.Chrome_Updater │ │ └── upd.simple │ ├── 2024.CryptoNews │ │ └── CryptoNews-PR-Agreement.simple │ ├── 2024.Ezuri │ │ └── libdpt1.so.simple │ ├── 2024.FakeZoom │ │ └── Zoom.simple │ ├── 2024.LightSpy │ │ └── dropper.simple │ ├── 2024.Poseidon │ │ ├── Launcher.simple │ │ └── co.novemberfive.xib2storyboard.simple │ ├── 2024.Previewers │ │ └── Previewers.simple │ ├── 2024.Rustdoor │ │ ├── fakepdf.sh.simple │ │ └── localfile.simple │ ├── 2024.SpectralBlur.DPRK │ │ └── SpectralBlur-macshare.md │ ├── 2024.cobaltstrike │ │ └── EDnFsVAEbP.simple │ └── clean │ │ ├── ls.json │ │ ├── ls.mdiff │ │ ├── ls.sdiff.level_2 │ │ ├── ls.sdiff.trigger_2 │ │ ├── ls.sdiff.trigger_3 │ │ └── ls.stats.json ├── npm │ ├── 2024.bugsnagmw │ │ └── index.js.simple │ ├── 2024.depe-tool │ │ ├── package.json.simple │ │ └── preinstall.json.simple │ ├── 2024.discord-api-ts │ │ └── postinstall.js.simple │ ├── 2024.distube-fast │ │ └── postinstall.js.simple │ ├── 2024.harthat │ │ └── deference.js.simple │ ├── 2024.helmet-validate.axios │ │ └── config.js.simple │ ├── 2024.hlwgirl │ │ └── index.js.simple │ ├── 2024.legacyreact-aws-s3-typescript │ │ └── package.json.simple │ ├── 2024.ndoe-fethc │ │ └── unhook.js.simple │ ├── 2024.next-react-notify │ │ └── tocall.js.simple │ ├── 2024.noblox │ │ └── postinstall.js.json │ ├── 2024.nvmfix │ │ └── config.js.simple │ ├── 2024.persona-tool │ │ └── preinstall.js.simple │ ├── 2024.solana_web3 │ │ ├── v1.95.7.index.browser.esm.js.simple │ │ └── v1.95.8.index.browser.esm.js.simple │ └── 2024.testerrrrrrrrrr │ │ └── init.js.simple ├── php │ ├── 2024.Inull-Studio │ │ └── err.php.simple │ ├── 2024.S3RV4N7-SHELL │ │ └── crot.php.simple │ ├── 2024.WordFence.evasion │ │ └── wp-engine-fast-action.php.simple │ ├── 2024.alfa │ │ └── alfa-obfuscated.php.simple │ ├── 2024.malcure │ │ └── simple.php.simple │ ├── 2024.sagsooz │ │ ├── 2024.php.simple │ │ └── bestmini.php.simple │ └── clean │ │ ├── composer-2.7.7.simple │ │ ├── module.audio-video.quicktime.php.simple │ │ └── run-tests.php.simple ├── python │ ├── 2021.DiscordSafety │ │ └── setup.py.simple │ ├── 2022.PyPI.valyrian_debug │ │ └── valyrian_debug_setup.py.simple │ ├── 2022.activedevbadge-0.39 │ │ └── setup.py.simple │ ├── 2022.aowdjpawojd-0.0.0 │ │ └── aowdjpawojd │ │ │ └── __init__.py.simple │ ├── 2023.JokerSpy │ │ └── shared.dat.simple │ ├── 2023.aiohttp │ │ └── setup.py.simple │ ├── 2023.axderz-1.0.4 │ │ └── setup.py.simple │ ├── 2024.Custom.RAT │ │ └── output.py.simple │ ├── 2024.RookeryCapital_PythonTest │ │ ├── __init__.py.simple │ │ └── obfuscated.py.simple │ ├── 2024.ScreenLocker │ │ └── 0a5f907e9f0dade65fc292d3f1ed1f68cfb68895a84adaa173c543792be891ba.py.simple │ ├── 2024.advpruebitaa9-1.0.0 │ │ └── setup.py.simple │ ├── 2024.aiocpa │ │ └── sync.py.simple │ ├── 2024.business-kpi-manager-5.9.1 │ │ ├── pre_install.py.simple │ │ └── setup.py.simple │ ├── 2024.coloredtxt │ │ ├── base64_payload3.py.simple │ │ ├── os.py.simple │ │ └── unhex.py.simple │ ├── 2024.d3duct1v │ │ ├── s2.py.simple │ │ └── xfilesyncerx.py.simple │ ├── 2024.desktop_nuke │ │ └── 707dc1355c9dfa01d8b47db5d83193170a9a03b9b98b76b6a9e5c0692949e43d.py.simple │ ├── 2024.evildojo666 │ │ └── models.py.simple │ ├── 2024.krypton_ddos │ │ └── b2d4cc2ecf9919bf84ce9ce83bb6b99b68a78181c1976a4f72526c3085096f99.py.simple │ ├── 2024.obfuscation │ │ ├── 03c5d13d880ac4db8f9b45bda438e286a75a60f72ef26cf45670b31ffa92482e.py.simple │ │ ├── 066ebdd750911c0209f31499ffe672ff29c3ea4ec1c660f441729efdb7f2d5a4.py.simple │ │ ├── 1366b919c5beae38d407b7bf136815ba1d1d679017b97af7e9ed84d035559520.py.simple │ │ ├── aad310cf4f61a89a34cf6b454ef481e07ebc515e26da7d9b9854fd24665a1a96.py.simple │ │ └── kramer2.py.simple │ ├── 2024.pyobfuscate │ │ └── 4aa577b492b38c0334b7d2783526a263394e3a4bb349383cbc45786ae2b79b42.py.simple │ ├── 2024.runpython │ │ └── 344006eb4fc501c3937e121409b1f2af1f3f272109ca644755b3f83feb5edb01.py.simple │ ├── 2024.so_sorry_windows │ │ └── aad310cf4f61a89a34cf6b454ef481e07ebc515e26da7d9b9854fd24665a1a96.py.simple │ ├── 2024.ultralytics │ │ ├── v8.3.41 │ │ │ ├── models │ │ │ │ └── yolo │ │ │ │ │ └── model.py.simple │ │ │ └── utils │ │ │ │ └── downloads.py.simple │ │ └── v8.3.46 │ │ │ └── __init__.py.simple │ ├── 2024.yocolor │ │ ├── __init__.py.simple │ │ └── setup.py.json │ └── clean │ │ ├── airflow │ │ ├── botocore_config.py.simple │ │ ├── db.py.simple │ │ └── kubernetes_engine.py.simple │ │ ├── conda-build │ │ └── _load_setup_py_data.py.simple │ │ ├── fonttools │ │ └── psLib.py.simple │ │ ├── gevent │ │ └── test__monkey.py.simple │ │ ├── google-auth-library-python │ │ └── setup.py.simple │ │ ├── google-cloud-sdk │ │ ├── mysql.py.simple │ │ └── requests_setup.py.simple │ │ ├── hatch │ │ └── migrate.py.simple │ │ ├── hopper │ │ └── setup.py.simple │ │ ├── idna │ │ └── setup.py.simple │ │ ├── jaraco │ │ └── __init__.py.simple │ │ ├── magic_trace │ │ └── magic_trace.py.simple │ │ ├── matplotlib │ │ ├── _backend_tk.py.simple │ │ ├── backend_bases.py.simple │ │ ├── backend_qt.py.simple │ │ └── backend_wx.py.simple │ │ ├── mitmproxy │ │ └── raw_display.py.simple │ │ ├── ml_sdk │ │ └── setup.py.simple │ │ ├── numba │ │ └── support.py.simple │ │ ├── numcodecs │ │ └── base64.py.simple │ │ ├── numpy │ │ └── misc_util.py.simple │ │ ├── open_clip_train │ │ └── data.py.simple │ │ ├── pydevd │ │ └── setup_pydevd_cython.py.simple │ │ ├── pyparsing │ │ └── sparser.py.simple │ │ ├── requests │ │ └── setup.py.simple │ │ ├── setuptools │ │ ├── build_meta.py.simple │ │ ├── discovery.py.simple │ │ ├── easy_install.py.simple │ │ ├── namespaces.py.simple │ │ ├── package_index.py.simple │ │ ├── sandbox.py.simple │ │ └── test_pyprojecttoml.py.simple │ │ ├── tensorflow_model_analysis │ │ └── tfjs_predict_extractor_util.py.simple │ │ └── versioneer │ │ └── versioneer.py.simple ├── ruby │ ├── 2018.CMD_Backdoor │ │ └── connect.rb.simple │ ├── 2018.active-support │ │ └── extconf.rb.simple │ ├── 2019.bootstrap-sass │ │ └── middleware.rb.simple │ ├── 2019.rest-client │ │ ├── pastebin.rb.simple │ │ └── request.rb.simple │ ├── 2020.bitcoin-ruby │ │ ├── extconf.rb.simple │ │ └── the_Score.vbs.simple │ ├── 2021.vector │ │ └── vector.rb.simple │ ├── 2023.gunther │ │ └── Rakefile.rb.simple │ ├── 2024.Infecting_Simulation │ │ └── malware.rb.simple │ ├── 2024.Ruby_rootkit │ │ ├── Ruby.c.simple │ │ └── Ruby.rb.simple │ ├── 2024.gtfo │ │ ├── download.rb.simple │ │ ├── rsocket.rb.simple │ │ └── setuid.rb.simple │ ├── 2024.reverse_shells │ │ ├── oreilly1.rb.simple │ │ ├── oreilly2.rb.simple │ │ ├── oreilly3.rb.simple │ │ ├── revshell.rb.simple │ │ ├── rshell.rb.simple │ │ ├── rsocket_open.rb.simple │ │ └── shell.rb.simple │ └── clean │ │ └── homebrew │ │ ├── homebrew_no_overrides_spec.rb.simple │ │ └── homebrew_test.pdf.simple ├── samples_test.go ├── typescript │ └── 2021.CursedGrabber.an0n-chat-lib │ │ ├── build │ │ └── stealer.js.simple │ │ └── src │ │ └── stealer.ts.simple └── windows │ ├── 2024.GitHub.Clipper │ ├── main.exe.simple │ └── raw.py.simple │ ├── 2024.Sharp │ └── sharpil_RAT.exe.md │ ├── 2024.aspdasdksa2 │ ├── Nil.exe.md │ ├── callback.bat.json │ ├── creal.exe.simple │ └── creal.pyc.simple │ ├── 2024.black_basta │ └── dropper.lnk.simple │ └── clean │ ├── Swashbuckle.AspNetCore.ReDoc.dll.simple │ ├── System.Reflection.Metadata.dll.simple │ └── make-win.ps1.simple └── third_party ├── README.md ├── third_party.go └── yara ├── InQuest-VT ├── Adobe_Type_1_Font.yar ├── Adobe_XMP_Identifier.yar ├── Apt29_DLL_May2022.yar ├── Base64_Encoded_Powershell_Directives.yar ├── Base64_Encoded_URL.yar ├── CVE_2014_1761.yar ├── Controlword_Whitespace_RTF.yar ├── EPPlus_OOXML_Document.yar ├── Encrypted_Office_Document.yar ├── Hex_Encoded_Link_in_RTF.yar ├── JS_PDF_Data_Submission.yar ├── LICENSE ├── Microsoft_2007_OLE_Encrypted.yar ├── Microsoft_Excel_Hidden_Macrosheet.yar ├── Microsoft_Excel_with_Macrosheet.yar ├── Microsoft_LNK_with_CMD_EXE_Reference.yar ├── Microsoft_LNK_with_PowerShell_Shortcut_References.yar ├── Microsoft_LNK_with_Windows_Management_Instrumentation_Reference.yar ├── Microsoft_OneNote_with_Suspicious_String.yar ├── Microsoft_Outlook_Phish.yar ├── Office_Document_with_VBA_Project.yar ├── PDF_Containing_JavaScript.yar ├── PDF_Launch_Action_EXE.yar ├── PDF_Launch_Function.yar ├── PDF_with_Embedded_RTF_OLE_Newlines.yar ├── PDF_with_Launch_Action_Function.yar ├── Powershell_Case.yar ├── Powershell_Command_Fileless_August_Malware.yar ├── README.md ├── RELEASE ├── RTF_Anti_Analysis_Header.yar ├── RTF_Composite_Moniker.yar ├── RTF_Embedded_OLE_Header_Obfuscated.yar ├── RTF_File_Malformed_Header.yar ├── RTF_Header_Obfuscation.yar ├── RTF_Memory_Corruption_Vulnerability.yar ├── RTF_Objupdate.yar ├── RTF_with_Suspicious_File_Extension.yar ├── Suspicious_CLSID_RTF.yar ├── Windows_API_Function.yar └── Word_Document_with_Suspicious_Metadata.yar ├── JPCERT ├── 3proxy.yara ├── APT10 │ └── apt10.yara ├── APT29 │ └── apt29.yara ├── BlackTech │ └── blacktech.yara ├── Darkhotel │ └── darkhotel.yara ├── DragonOK │ └── dragonok.yara ├── IcedID.yara ├── Kimsuky.yara ├── Kimsuky │ └── Kimsuky.yara ├── LICENSE ├── Lazarus │ ├── applejeus.yara │ ├── crypthunter.yara │ └── lazarus.yara ├── MedusaLocker.yara ├── README.md ├── RELEASE ├── Remcos.yara ├── RestyLink.yara ├── StealthWorker.yara ├── Tick │ └── tick.yara ├── TokyoX.yara ├── Voldemort.yara ├── adminer.yara ├── agenttesla.yara ├── antiupx.yara ├── applejeus.yara ├── apt10.yara ├── apt29.yara ├── ares.yara ├── asyncrat.yara ├── azorult.yara ├── b374k.yara ├── bebloh.yara ├── blacktech.yara ├── brc4.yara ├── cobaltstrike.yara ├── contagiousinterview.yara ├── crypthunter.yara ├── cve202120837.yara ├── darkcloud.yara ├── darkhotel.yara ├── donut.yara ├── doplugs.yara ├── doraemon.yara ├── dragonok.yara ├── dtsft.yara ├── emotet.yara ├── filesman.yara ├── flubot.yara ├── formbook.yara ├── foxwso.yara ├── getrdoor.yara ├── gobrat.yara ├── hawkeye.yara ├── huiloader.yara ├── inetget.yara ├── ivanti_connect_secure.yara ├── lazarus.yara ├── lodeinfo.yara ├── lokibot.yara ├── machOdownloader.yara ├── maldocinpdf.yara ├── nanocore.yara ├── netwire.yara ├── nimfilecoder.yara ├── njrat.yara ├── noderat.yara ├── other │ ├── 3proxy.yara │ ├── IcedID.yara │ ├── MedusaLocker.yara │ ├── Remcos.yara │ ├── RestyLink.yara │ ├── StealthWorker.yara │ ├── TokyoX.yara │ ├── adminer.yara │ ├── agenttesla.yara │ ├── antiupx.yara │ ├── ares.yara │ ├── asyncrat.yara │ ├── azorult.yara │ ├── b374k.yara │ ├── bebloh.yara │ ├── brc4.yara │ ├── cobaltstrike.yara │ ├── cve202120837.yara │ ├── darkcloud.yara │ ├── donut.yara │ ├── doplugs.yara │ ├── doraemon.yara │ ├── dtsft.yara │ ├── emotet.yara │ ├── filesman.yara │ ├── flubot.yara │ ├── formbook.yara │ ├── foxwso.yara │ ├── gobrat.yara │ ├── hawkeye.yara │ ├── huiloader.yara │ ├── inetget.yara │ ├── ivanti_connect_secure.yara │ ├── lodeinfo.yara │ ├── lokibot.yara │ ├── machOdownloader.yara │ ├── maldocinpdf.yara │ ├── nanocore.yara │ ├── netwire.yara │ ├── nimfilecoder.yara │ ├── njrat.yara │ ├── noderat.yara │ ├── pangolin8rat.yara │ ├── phpfilemanager.yara │ ├── phpmal.yara │ ├── plugx.yara │ ├── poisonivy.yara │ ├── pskiller_sys.yara │ ├── pulsesecure.yara │ ├── qbot.yara │ ├── quasar.yara │ ├── seaspy.yara │ ├── shellcode.yara │ ├── smokeloader.yara │ ├── sqroot.yara │ ├── stealc.yara │ ├── steelclover.yara │ ├── sysrvbot.yara │ ├── tool.yara │ ├── ursnif.yara │ ├── vboxuserrat.yara │ ├── waterpamola.yara │ ├── webrcs.yara │ ├── webview2loader.yara │ └── windealer.yara ├── pangolin8rat.yara ├── phpfilemanager.yara ├── phpmal.yara ├── plugx.yara ├── poisonivy.yara ├── poohlydown.yara ├── pskiller_sys.yara ├── pulsesecure.yara ├── qbot.yara ├── quasar.yara ├── seaspy.yara ├── shellcode.yara ├── smokeloader.yara ├── spygrace.yara ├── sqroot.yara ├── stealc.yara ├── steelclover.yara ├── stonemite.yara ├── sysrvbot.yara ├── tick.yara ├── tool.yara ├── ursnif.yara ├── vboxuserrat.yara ├── veletrix.yara ├── waterpamola.yara ├── webrcs.yara ├── webview2loader.yara └── windealer.yara ├── TTC-CERT ├── RELEASE ├── cve_rules │ └── EXPLOIT_cve_2022-30190.yar └── malware │ ├── APT_apt32_2021_TTPs.yar │ ├── APT_apt32_MHT_backdoor.yar │ ├── APT_mustang_panda_dll_stager.yar │ ├── APT_russia_unknown_bectrl.yar │ ├── GEN_onenote_powershell_command.yar │ ├── MALW_bangkokshell.yar │ ├── MALW_bangkokshell_dll_loader_v3.yar │ ├── MALW_bangkokshell_trishul_rat.yar │ ├── MALW_bookworm.yar │ ├── MALW_doenerium.yar │ ├── MALW_emotet_epoch4.yar │ ├── MALW_golang_cs_loader.yar │ ├── MALW_indexsinas_cryptominer.yar │ ├── MALW_infostealer_vietnamese_based_threat_actors.yar │ ├── MALW_kittipongk_cryptominer.yar │ ├── MALW_pulse_cobaltstrike.yar │ ├── MALW_webshell_citrix_vulnerability_compromise_php.yar │ ├── RANSOM_agenda.yar │ ├── RANSOM_grief.yar │ ├── RANSOM_lockbit_V3.yar │ └── RANSOM_magniber_iso_msiexec.yar ├── YARAForge ├── RELEASE └── yara-rules-full.yar ├── bartblaze ├── APT │ ├── Autumn_Backdoor.yar │ ├── Autumn_Backdoor_Loader.yar │ ├── Confucius_B.yar │ ├── Cotx_RAT.yar │ ├── EE_Dropper.yar │ ├── EE_Loader.yar │ ├── Libcef_Backdoor.yar │ ├── NikiCert.yar │ ├── NikiGo.yar │ ├── NikiHTTP.yar │ ├── RokRAT.yar │ ├── RoyalRoad_RTF.yar │ └── StormDNS.yar ├── LICENSE ├── README.md ├── RELEASE ├── crimeware │ ├── Andromeda.yar │ ├── ArechClient.yar │ ├── ArechClient_Campaign_July2021.yar │ ├── AuroraStealer.yar │ ├── AveMaria.yar │ ├── BazarBackdoor.yar │ ├── BazarLoader.yar │ ├── BroEx.yar │ ├── CrunchyRoll.yar │ ├── Ganelp.yar │ ├── GootLoader_Dotnet │ ├── IcedID.yar │ ├── JSSLoader.yar │ ├── Jupyter.yar │ ├── KeyBase.yar │ ├── LNKR.yar │ ├── Monero_Compromise.yar │ ├── OfflRouter.yar │ ├── Oyster.yar │ ├── Parallax.yar │ ├── Prometei.yar │ ├── PureZip.yar │ ├── PurpleFox.yar │ ├── RedLine.yar │ ├── RedLine_Campaign_June2021.yar │ ├── SaintBot.yar │ ├── ShinnyShield.yar │ ├── SystemBC.yar │ ├── Unk_BR_Banker.yar │ ├── Unk_Crime_Downloader_1.yar │ ├── Unk_Crime_Downloader_2.yar │ ├── Unk_DesktopLoader.yar │ └── ZLoader.yar ├── generic │ ├── AutoIT.yar │ ├── Costura_Protobuf.yar │ ├── DotNet_Reactor.yar │ ├── EnigmaStub.yar │ ├── Generic_Phishing_PDF.yar │ ├── Hidden.yar │ ├── IEuser_author_doc.yar │ ├── ISO_exec.yar │ ├── LNK_Ruleset.yar │ ├── MalScript_Tricks.yar │ ├── MiniTor.yar │ ├── OLEfile_in_CAD_FAS_LSP.yar │ ├── OneNote_BuildPath.yar │ ├── PyInstaller.yar │ ├── Rclone.yar │ ├── Specialist_Repack_Doc.yar │ ├── VMProtectStub.yar │ ├── Webshell_in_image.yar │ ├── WinRAR_ADS_Traversal.yar │ └── oAuth_Phishing_PDF.yar ├── hacktools │ ├── Adaptix_Beacon.yar │ ├── Adfind.yar │ ├── CreateMiniDump.yar │ ├── DefenderControl.yar │ ├── Extract_MachineKey_SharePoint.yar │ ├── GhostShell_SharePoint.yar │ ├── Gmer.yar │ ├── Gmer_Driver.yar │ ├── HiddenVNC.yar │ ├── IISRaid.yar │ ├── IIS_Backdoor.yar │ ├── Impacket.yar │ ├── KPortScan.yar │ ├── LaZagne.yar │ ├── NLBrute.yar │ ├── PowerTool.yar │ ├── RDPWrap.yar │ ├── Responder.yar │ ├── SharpAdidnsdump.yar │ ├── SharpHostInfo.yar │ └── Windows_Credentials_Editor.yar └── ransomware │ ├── Avaddon.yar │ ├── BlackKingDom.yar │ ├── CryLock.yar │ ├── Darkside.yar │ ├── DearCry.yar │ ├── Ekans.yar │ ├── Fusion.yar │ ├── Maze.yar │ ├── Pysa.yar │ ├── REvil_Cert.yar │ ├── REvil_Dropper.yar │ ├── RagnarLocker.yar │ ├── Satan_Mutexes.yar │ ├── Sfile.yar │ ├── Warlock.yar │ ├── WhiteBlack.yar │ ├── WickrMe.yar │ ├── WinLock.yar │ ├── XiaoBa.yar │ └── Zeppelin.yar ├── elastic ├── LICENSE.txt ├── Linux_Backdoor_Bash.yar ├── Linux_Backdoor_Fontonlake.yar ├── Linux_Backdoor_Generic.yar ├── Linux_Backdoor_Python.yar ├── Linux_Backdoor_Tinyshell.yar ├── Linux_Cryptominer_Attribute.yar ├── Linux_Cryptominer_Bscope.yar ├── Linux_Cryptominer_Bulz.yar ├── Linux_Cryptominer_Camelot.yar ├── Linux_Cryptominer_Casdet.yar ├── Linux_Cryptominer_Ccminer.yar ├── Linux_Cryptominer_Flystudio.yar ├── Linux_Cryptominer_Generic.yar ├── Linux_Cryptominer_Ksmdbot.yar ├── Linux_Cryptominer_Loudminer.yar ├── Linux_Cryptominer_Malxmr.yar ├── Linux_Cryptominer_Miancha.yar ├── Linux_Cryptominer_Minertr.yar ├── Linux_Cryptominer_Pgminer.yar ├── Linux_Cryptominer_Presenoker.yar ├── Linux_Cryptominer_Roboto.yar ├── Linux_Cryptominer_Stak.yar ├── Linux_Cryptominer_Ursu.yar ├── Linux_Cryptominer_Uwamson.yar ├── Linux_Cryptominer_Xmrig.yar ├── Linux_Cryptominer_Xmrminer.yar ├── Linux_Cryptominer_Xpaj.yar ├── Linux_Cryptominer_Zexaf.yar ├── Linux_Downloader_Generic.yar ├── Linux_Exploit_Abrox.yar ├── Linux_Exploit_Alie.yar ├── Linux_Exploit_CVE_2009_1897.yar ├── Linux_Exploit_CVE_2009_2698.yar ├── Linux_Exploit_CVE_2009_2908.yar ├── Linux_Exploit_CVE_2010_3301.yar ├── Linux_Exploit_CVE_2012_0056.yar ├── Linux_Exploit_CVE_2014_3153.yar ├── Linux_Exploit_CVE_2016_4557.yar ├── Linux_Exploit_CVE_2016_5195.yar ├── Linux_Exploit_CVE_2017_100011.yar ├── Linux_Exploit_CVE_2017_16995.yar ├── Linux_Exploit_CVE_2018_10561.yar ├── Linux_Exploit_CVE_2019_13272.yar ├── Linux_Exploit_CVE_2021_3156.yar ├── Linux_Exploit_CVE_2021_3490.yar ├── Linux_Exploit_CVE_2021_4034.yar ├── Linux_Exploit_CVE_2022_0847.yar ├── Linux_Exploit_Cornelgen.yar ├── Linux_Exploit_Courier.yar ├── Linux_Exploit_Criscras.yar ├── Linux_Exploit_Dirtycow.yar ├── Linux_Exploit_Enoket.yar ├── Linux_Exploit_Foda.yar ├── Linux_Exploit_IOUring.yar ├── Linux_Exploit_Intfour.yar ├── Linux_Exploit_Local.yar ├── Linux_Exploit_Log4j.yar ├── Linux_Exploit_Lotoor.yar ├── Linux_Exploit_Moogrey.yar ├── Linux_Exploit_Openssl.yar ├── Linux_Exploit_Perl.yar ├── Linux_Exploit_Pulse.yar ├── Linux_Exploit_Race.yar ├── Linux_Exploit_Ramen.yar ├── Linux_Exploit_Sorso.yar ├── Linux_Exploit_Vmsplice.yar ├── Linux_Exploit_Wuftpd.yar ├── Linux_Generic_Threat.yar ├── Linux_Hacktool_Aduh.yar ├── Linux_Hacktool_Bruteforce.yar ├── Linux_Hacktool_Cleanlog.yar ├── Linux_Hacktool_Earthworm.yar ├── Linux_Hacktool_Exploitscan.yar ├── Linux_Hacktool_Flooder.yar ├── Linux_Hacktool_Fontonlake.yar ├── Linux_Hacktool_Infectionmonkey.yar ├── Linux_Hacktool_Lightning.yar ├── Linux_Hacktool_LigoloNG.yar ├── Linux_Hacktool_Outlaw.yar ├── Linux_Hacktool_Portscan.yar ├── Linux_Hacktool_Prochide.yar ├── Linux_Hacktool_Tcpscan.yar ├── Linux_Hacktool_Wipelog.yar ├── Linux_Packer_Patched_UPX.yar ├── Linux_Proxy_Frp.yar ├── Linux_Ransomware_Agenda.yar ├── Linux_Ransomware_Akira.yar ├── Linux_Ransomware_Babuk.yar ├── Linux_Ransomware_BlackBasta.yar ├── Linux_Ransomware_BlackSuit.yar ├── Linux_Ransomware_Clop.yar ├── Linux_Ransomware_Conti.yar ├── Linux_Ransomware_EchoRaix.yar ├── Linux_Ransomware_Erebus.yar ├── Linux_Ransomware_Esxiargs.yar ├── Linux_Ransomware_Gonnacry.yar ├── Linux_Ransomware_Hellokitty.yar ├── Linux_Ransomware_Hive.yar ├── Linux_Ransomware_ItsSoEasy.yar ├── Linux_Ransomware_LimpDemon.yar ├── Linux_Ransomware_Lockbit.yar ├── Linux_Ransomware_Monti.yar ├── Linux_Ransomware_NoEscape.yar ├── Linux_Ransomware_Quantum.yar ├── Linux_Ransomware_RagnarLocker.yar ├── Linux_Ransomware_RedAlert.yar ├── Linux_Ransomware_RoyalPest.yar ├── Linux_Ransomware_SFile.yar ├── Linux_Ransomware_Sodinokibi.yar ├── Linux_Rootkit_Adore.yar ├── Linux_Rootkit_Arkd.yar ├── Linux_Rootkit_Bedevil.yar ├── Linux_Rootkit_BrokePKG.yar ├── Linux_Rootkit_Dakkatoni.yar ├── Linux_Rootkit_Diamorphine.yar ├── Linux_Rootkit_Flipswitch.yar ├── Linux_Rootkit_Fontonlake.yar ├── Linux_Rootkit_Generic.yar ├── Linux_Rootkit_HiddenWasp.yar ├── Linux_Rootkit_Jynx.yar ├── Linux_Rootkit_Kovid.yar ├── Linux_Rootkit_Melofee.yar ├── Linux_Rootkit_Mobkit.yar ├── Linux_Rootkit_Perfctl.yar ├── Linux_Rootkit_Reptile.yar ├── Linux_Rootkit_Snapekit.yar ├── Linux_Rootkit_Suterusu.yar ├── Linux_Shellcode_Generic.yar ├── Linux_Trojan_Adlibrary.yar ├── Linux_Trojan_Asacub.yar ├── Linux_Trojan_Autocolor.yar ├── Linux_Trojan_Azeela.yar ├── Linux_Trojan_BPFDoor.yar ├── Linux_Trojan_Backconnect.yar ├── Linux_Trojan_Backegmm.yar ├── Linux_Trojan_Badbee.yar ├── Linux_Trojan_Banload.yar ├── Linux_Trojan_Bedevil.yar ├── Linux_Trojan_Bish.yar ├── Linux_Trojan_Bluez.yar ├── Linux_Trojan_Cerbu.yar ├── Linux_Trojan_Chinaz.yar ├── Linux_Trojan_Connectback.yar ├── Linux_Trojan_Ddostf.yar ├── Linux_Trojan_DinodasRAT.yar ├── Linux_Trojan_Dnsamp.yar ├── Linux_Trojan_Dofloo.yar ├── Linux_Trojan_Dropperl.yar ├── Linux_Trojan_Ebury.yar ├── Linux_Trojan_FinalDraft.yar ├── Linux_Trojan_Gafgyt.yar ├── Linux_Trojan_Ganiw.yar ├── Linux_Trojan_Generic.yar ├── Linux_Trojan_Getshell.yar ├── Linux_Trojan_Godlua.yar ├── Linux_Trojan_Godropper.yar ├── Linux_Trojan_Gognt.yar ├── Linux_Trojan_Hiddad.yar ├── Linux_Trojan_Ipstorm.yar ├── Linux_Trojan_Ircbot.yar ├── Linux_Trojan_Iroffer.yar ├── Linux_Trojan_Kaiji.yar ├── Linux_Trojan_Kinsing.yar ├── Linux_Trojan_Ladvix.yar ├── Linux_Trojan_Lady.yar ├── Linux_Trojan_Lala.yar ├── Linux_Trojan_Malxmr.yar ├── Linux_Trojan_Marut.yar ├── Linux_Trojan_Masan.yar ├── Linux_Trojan_Mech.yar ├── Linux_Trojan_Mechbot.yar ├── Linux_Trojan_Melofee.yar ├── Linux_Trojan_Merlin.yar ├── Linux_Trojan_Metasploit.yar ├── Linux_Trojan_Meterpreter.yar ├── Linux_Trojan_Mettle.yar ├── Linux_Trojan_Mirai.yar ├── Linux_Trojan_Mobidash.yar ├── Linux_Trojan_Mumblehard.yar ├── Linux_Trojan_Ngioweb.yar ├── Linux_Trojan_Nuker.yar ├── Linux_Trojan_Orbit.yar ├── Linux_Trojan_Patpooty.yar ├── Linux_Trojan_Pnscan.yar ├── Linux_Trojan_Pornoasset.yar ├── Linux_Trojan_Psybnc.yar ├── Linux_Trojan_Pumakit.yar ├── Linux_Trojan_Rbot.yar ├── Linux_Trojan_Rekoobe.yar ├── Linux_Trojan_Roopre.yar ├── Linux_Trojan_Rooter.yar ├── Linux_Trojan_Rotajakiro.yar ├── Linux_Trojan_Rozena.yar ├── Linux_Trojan_Sambashell.yar ├── Linux_Trojan_Sckit.yar ├── Linux_Trojan_Sdbot.yar ├── Linux_Trojan_Setag.yar ├── Linux_Trojan_Sfloost.yar ├── Linux_Trojan_Shark.yar ├── Linux_Trojan_Shellbot.yar ├── Linux_Trojan_Skidmap.yar ├── Linux_Trojan_Snessik.yar ├── Linux_Trojan_Snowlight.yar ├── Linux_Trojan_Springtail.yar ├── Linux_Trojan_Sqlexp.yar ├── Linux_Trojan_Sshdkit.yar ├── Linux_Trojan_Sshdoor.yar ├── Linux_Trojan_Subsevux.yar ├── Linux_Trojan_Swrort.yar ├── Linux_Trojan_Sysrv.yar ├── Linux_Trojan_Torii.yar ├── Linux_Trojan_Truncpx.yar ├── Linux_Trojan_Tsunami.yar ├── Linux_Trojan_Winnti.yar ├── Linux_Trojan_XZBackdoor.yar ├── Linux_Trojan_Xhide.yar ├── Linux_Trojan_Xorddos.yar ├── Linux_Trojan_Xpmmap.yar ├── Linux_Trojan_Zerobot.yar ├── Linux_Trojan_Zpevdo.yar ├── Linux_Virus_Gmon.yar ├── Linux_Virus_Rst.yar ├── Linux_Virus_Staffcounter.yar ├── Linux_Virus_Thebe.yar ├── Linux_Webshell_Generic.yar ├── Linux_Worm_Generic.yar ├── MacOS_Backdoor_Applejeus.yar ├── MacOS_Backdoor_Fakeflashlxk.yar ├── MacOS_Backdoor_Kagent.yar ├── MacOS_Backdoor_Keyboardrecord.yar ├── MacOS_Backdoor_Useragent.yar ├── MacOS_Creddump_KeychainAccess.yar ├── MacOS_Cryptominer_Generic.yar ├── MacOS_Cryptominer_Xmrig.yar ├── MacOS_Exploit_Log4j.yar ├── MacOS_Hacktool_Bifrost.yar ├── MacOS_Hacktool_Swiftbelt.yar ├── MacOS_Infostealer_MdQueryPassw.yar ├── MacOS_Infostealer_MdQuerySecret.yar ├── MacOS_Infostealer_MdQueryTCC.yar ├── MacOS_Infostealer_MdQueryToken.yar ├── MacOS_Trojan_Adload.yar ├── MacOS_Trojan_Amcleaner.yar ├── MacOS_Trojan_Aobokeylogger.yar ├── MacOS_Trojan_Bundlore.yar ├── MacOS_Trojan_Eggshell.yar ├── MacOS_Trojan_Electrorat.yar ├── MacOS_Trojan_Fplayer.yar ├── MacOS_Trojan_Generic.yar ├── MacOS_Trojan_Genieo.yar ├── MacOS_Trojan_Getshell.yar ├── MacOS_Trojan_HLoader.yar ├── MacOS_Trojan_KandyKorn.yar ├── MacOS_Trojan_Metasploit.yar ├── MacOS_Trojan_RustBucket.yar ├── MacOS_Trojan_SugarLoader.yar ├── MacOS_Trojan_Thiefquest.yar ├── MacOS_Virus_Maxofferdeal.yar ├── MacOS_Virus_Pirrit.yar ├── MacOS_Virus_Vsearch.yar ├── Macos_Hacktool_JokerSpy.yar ├── Macos_Infostealer_EncodedOsascript.yar ├── Macos_Infostealer_Wallets.yar ├── Multi_AttackSimulation_Blindspot.yar ├── Multi_Cryptominer_Xmrig.yar ├── Multi_EICAR.yar ├── Multi_Generic_Threat.yar ├── Multi_Hacktool_Gsocket.yar ├── Multi_Hacktool_Nps.yar ├── Multi_Hacktool_Rakshasa.yar ├── Multi_Hacktool_Stowaway.yar ├── Multi_Hacktool_SuperShell.yar ├── Multi_Ransomware_Akira.yar ├── Multi_Ransomware_BlackCat.yar ├── Multi_Ransomware_Luna.yar ├── Multi_Ransomware_RansomHub.yar ├── Multi_Trojan_Coreimpact.yar ├── Multi_Trojan_EmpirGo.yar ├── Multi_Trojan_FinalDraft.yar ├── Multi_Trojan_Goffloader.yar ├── Multi_Trojan_Gosar.yar ├── Multi_Trojan_Merlin.yar ├── Multi_Trojan_Mythic.yar ├── Multi_Trojan_Sliver.yar ├── Multi_Trojan_SparkRat.yar ├── RELEASE ├── Windows_AttackSimulation_Hovercraft.yar ├── Windows_Backdoor_DragonCastling.yar ├── Windows_Backdoor_Goldbackdoor.yar ├── Windows_Backdoor_TeamViewer.yar ├── Windows_Clickfraud_LuckySlots.yar ├── Windows_Cryptominer_Generic.yar ├── Windows_Exploit_CVE_2022_38028.yar ├── Windows_Exploit_Dcom.yar ├── Windows_Exploit_Eternalblue.yar ├── Windows_Exploit_FakePipe.yar ├── Windows_Exploit_Generic.yar ├── Windows_Exploit_IoRing.yar ├── Windows_Exploit_Log4j.yar ├── Windows_Exploit_Perfusion.yar ├── Windows_Exploit_RpcJunction.yar ├── Windows_Generic_MalCert.yar ├── Windows_Generic_Threat.yar ├── Windows_Hacktool_AskCreds.yar ├── Windows_Hacktool_BlackBone.yar ├── Windows_Hacktool_COFFLoader.yar ├── Windows_Hacktool_Capcom.yar ├── Windows_Hacktool_Certify.yar ├── Windows_Hacktool_CheatEngine.yar ├── Windows_Hacktool_ChromeKatz.yar ├── Windows_Hacktool_ClrOxide.yar ├── Windows_Hacktool_CpuLocker.yar ├── Windows_Hacktool_DarkLoadLibrary.yar ├── Windows_Hacktool_Dcsyncer.yar ├── Windows_Hacktool_DinvokeRust.yar ├── Windows_Hacktool_EDRWFP.yar ├── Windows_Hacktool_EDRrecon.yar ├── Windows_Hacktool_ExecuteAssembly.yar ├── Windows_Hacktool_Gmer.yar ├── Windows_Hacktool_GodPotato.yar ├── Windows_Hacktool_Iox.yar ├── Windows_Hacktool_LeiGod.yar ├── Windows_Hacktool_Mimikatz.yar ├── Windows_Hacktool_NetFilter.yar ├── Windows_Hacktool_Nimhawk.yar ├── Windows_Hacktool_Phant0m.yar ├── Windows_Hacktool_PhysMem.yar ├── Windows_Hacktool_ProcessHacker.yar ├── Windows_Hacktool_RingQ.yar ├── Windows_Hacktool_Rubeus.yar ├── Windows_Hacktool_SafetyKatz.yar ├── Windows_Hacktool_Seatbelt.yar ├── Windows_Hacktool_SharPersist.yar ├── Windows_Hacktool_SharpAppLocker.yar ├── Windows_Hacktool_SharpChromium.yar ├── Windows_Hacktool_SharpDump.yar ├── Windows_Hacktool_SharpGPOAbuse.yar ├── Windows_Hacktool_SharpHound.yar ├── Windows_Hacktool_SharpLAPS.yar ├── Windows_Hacktool_SharpMove.yar ├── Windows_Hacktool_SharpRDP.yar ├── Windows_Hacktool_SharpSCCM.yar ├── Windows_Hacktool_SharpShares.yar ├── Windows_Hacktool_SharpStay.yar ├── Windows_Hacktool_SharpUp.yar ├── Windows_Hacktool_SharpView.yar ├── Windows_Hacktool_SharpWMI.yar ├── Windows_Hacktool_SleepObfLoader.yar ├── Windows_Hacktool_WinPEAS_ng.yar ├── Windows_Infostealer_EddieStealer.yar ├── Windows_Infostealer_Generic.yar ├── Windows_Infostealer_NovaBlight.yar ├── Windows_Infostealer_PhemedroneStealer.yar ├── Windows_Infostealer_Strela.yar ├── Windows_PUP_Generic.yar ├── Windows_PUP_MediaArena.yar ├── Windows_PUP_Veriato.yar ├── Windows_Packer_ScrubCrypt.yar ├── Windows_Ransomware_Agenda.yar ├── Windows_Ransomware_Akira.yar ├── Windows_Ransomware_Avoslocker.yar ├── Windows_Ransomware_Azov.yar ├── Windows_Ransomware_Bitpaymer.yar ├── Windows_Ransomware_BlackBasta.yar ├── Windows_Ransomware_BlackHunt.yar ├── Windows_Ransomware_Blackmatter.yar ├── Windows_Ransomware_Cicada3301.yar ├── Windows_Ransomware_Clop.yar ├── Windows_Ransomware_Conti.yar ├── Windows_Ransomware_Crytox.yar ├── Windows_Ransomware_Cuba.yar ├── Windows_Ransomware_Darkside.yar ├── Windows_Ransomware_Dharma.yar ├── Windows_Ransomware_Doppelpaymer.yar ├── Windows_Ransomware_Egregor.yar ├── Windows_Ransomware_GandCrab.yar ├── Windows_Ransomware_Generic.yar ├── Windows_Ransomware_Grief.yar ├── Windows_Ransomware_Haron.yar ├── Windows_Ransomware_Hellokitty.yar ├── Windows_Ransomware_Helloxd.yar ├── Windows_Ransomware_Hive.yar ├── Windows_Ransomware_Lockbit.yar ├── Windows_Ransomware_Lockfile.yar ├── Windows_Ransomware_Magniber.yar ├── Windows_Ransomware_Makop.yar ├── Windows_Ransomware_Maui.yar ├── Windows_Ransomware_Maze.yar ├── Windows_Ransomware_Medusa.yar ├── Windows_Ransomware_Mespinoza.yar ├── Windows_Ransomware_Mountlocker.yar ├── Windows_Ransomware_Nightsky.yar ├── Windows_Ransomware_Pandora.yar ├── Windows_Ransomware_Phobos.yar ├── Windows_Ransomware_Ragnarok.yar ├── Windows_Ransomware_Ransomexx.yar ├── Windows_Ransomware_Rook.yar ├── Windows_Ransomware_Royal.yar ├── Windows_Ransomware_Ryuk.yar ├── Windows_Ransomware_Snake.yar ├── Windows_Ransomware_Sodinokibi.yar ├── Windows_Ransomware_Stop.yar ├── Windows_Ransomware_Thanos.yar ├── Windows_Ransomware_Vgod.yar ├── Windows_Ransomware_Vhd.yar ├── Windows_Ransomware_WannaCry.yar ├── Windows_Ransomware_WhisperGate.yar ├── Windows_RemoteAdmin_UltraVNC.yar ├── Windows_Rootkit_AbyssWorker.yar ├── Windows_Rootkit_R77.yar ├── Windows_Shellcode_Generic.yar ├── Windows_Shellcode_Rdi.yar ├── Windows_Trojan_A310logger.yar ├── Windows_Trojan_ACRStealer.yar ├── Windows_Trojan_Afdk.yar ├── Windows_Trojan_AgentTesla.yar ├── Windows_Trojan_Amadey.yar ├── Windows_Trojan_Arechclient2.yar ├── Windows_Trojan_ArkeiStealer.yar ├── Windows_Trojan_Asyncrat.yar ├── Windows_Trojan_AveMaria.yar ├── Windows_Trojan_Azorult.yar ├── Windows_Trojan_BITSloth.yar ├── Windows_Trojan_Babble.yar ├── Windows_Trojan_Babylonrat.yar ├── Windows_Trojan_Backoff.yar ├── Windows_Trojan_Bandook.yar ├── Windows_Trojan_Bazar.yar ├── Windows_Trojan_Beam.yar ├── Windows_Trojan_Behinder.yar ├── Windows_Trojan_Bitrat.yar ├── Windows_Trojan_BlackShades.yar ├── Windows_Trojan_Blackwood.yar ├── Windows_Trojan_Blister.yar ├── Windows_Trojan_BloodAlchemy.yar ├── Windows_Trojan_BruteRatel.yar ├── Windows_Trojan_Buerloader.yar ├── Windows_Trojan_Bughatch.yar ├── Windows_Trojan_Bumblebee.yar ├── Windows_Trojan_CaesarKbd.yar ├── Windows_Trojan_Carberp.yar ├── Windows_Trojan_CastleLoader.yar ├── Windows_Trojan_Clipbanker.yar ├── Windows_Trojan_CobaltStrike.yar ├── Windows_Trojan_Cryptbot.yar ├── Windows_Trojan_CyberGate.yar ├── Windows_Trojan_DBatLoader.yar ├── Windows_Trojan_DCRat.yar ├── Windows_Trojan_DTrack.yar ├── Windows_Trojan_Danabot.yar ├── Windows_Trojan_DarkCloud.yar ├── Windows_Trojan_DarkGate.yar ├── Windows_Trojan_DarkVNC.yar ├── Windows_Trojan_Darkcomet.yar ├── Windows_Trojan_Deimos.yar ├── Windows_Trojan_DiamondFox.yar ├── Windows_Trojan_Diceloader.yar ├── Windows_Trojan_DodgeBox.yar ├── Windows_Trojan_Donutloader.yar ├── Windows_Trojan_DoorMe.yar ├── Windows_Trojan_DoubleBack.yar ├── Windows_Trojan_DoubleLoader.yar ├── Windows_Trojan_DownTown.yar ├── Windows_Trojan_DragonBreath.yar ├── Windows_Trojan_DreamJob.yar ├── Windows_Trojan_Dridex.yar ├── Windows_Trojan_DustyWarehouse.yar ├── Windows_Trojan_EagerBee.yar ├── Windows_Trojan_Emotet.yar ├── Windows_Trojan_Fabookie.yar ├── Windows_Trojan_FalseFont.yar ├── Windows_Trojan_Farfli.yar ├── Windows_Trojan_Fickerstealer.yar ├── Windows_Trojan_FinalDraft.yar ├── Windows_Trojan_FlawedGrace.yar ├── Windows_Trojan_Formbook.yar ├── Windows_Trojan_Garble.yar ├── Windows_Trojan_Generic.yar ├── Windows_Trojan_Gh0st.yar ├── Windows_Trojan_GhostEngine.yar ├── Windows_Trojan_GhostPulse.yar ├── Windows_Trojan_Glupteba.yar ├── Windows_Trojan_Gozi.yar ├── Windows_Trojan_Grandoreiro.yar ├── Windows_Trojan_GuidLoader.yar ├── Windows_Trojan_Guloader.yar ├── Windows_Trojan_Hancitor.yar ├── Windows_Trojan_Havoc.yar ├── Windows_Trojan_Hawkeye.yar ├── Windows_Trojan_HazelCobra.yar ├── Windows_Trojan_HiddenCli.yar ├── Windows_Trojan_HiddenDriver.yar ├── Windows_Trojan_HijackLoader.yar ├── Windows_Trojan_HotPage.yar ├── Windows_Trojan_IcedID.yar ├── Windows_Trojan_JesterStealer.yar ├── Windows_Trojan_Jupyter.yar ├── Windows_Trojan_KoiLoader.yar ├── Windows_Trojan_Kronos.yar ├── Windows_Trojan_Latrodectus.yar ├── Windows_Trojan_LegionLoader.yar ├── Windows_Trojan_Limerat.yar ├── Windows_Trojan_Lobshot.yar ├── Windows_Trojan_Lokibot.yar ├── Windows_Trojan_Lumma.yar ├── Windows_Trojan_Lurker.yar ├── Windows_Trojan_M0yv.yar ├── Windows_Trojan_MagicRat.yar ├── Windows_Trojan_MassLogger.yar ├── Windows_Trojan_Mata.yar ├── Windows_Trojan_Matanbuchus.yar ├── Windows_Trojan_Merlin.yar ├── Windows_Trojan_MetaStealer.yar ├── Windows_Trojan_Metasploit.yar ├── Windows_Trojan_MicroBackdoor.yar ├── Windows_Trojan_ModPipe.yar ├── Windows_Trojan_MyloBot.yar ├── Windows_Trojan_Nanocore.yar ├── Windows_Trojan_NapListener.yar ├── Windows_Trojan_Netwire.yar ├── Windows_Trojan_Nighthawk.yar ├── Windows_Trojan_Nimplant.yar ├── Windows_Trojan_Njrat.yar ├── Windows_Trojan_NukeSped.yar ├── Windows_Trojan_Octopus.yar ├── Windows_Trojan_OnlyLogger.yar ├── Windows_Trojan_OskiStealer.yar ├── Windows_Trojan_P8Loader.yar ├── Windows_Trojan_Pandastealer.yar ├── Windows_Trojan_Parallax.yar ├── Windows_Trojan_PathLoader.yar ├── Windows_Trojan_Phoreal.yar ├── Windows_Trojan_PikaBot.yar ├── Windows_Trojan_Pingpull.yar ├── Windows_Trojan_PipeDance.yar ├── Windows_Trojan_PizzaPotion.yar ├── Windows_Trojan_PlugX.yar ├── Windows_Trojan_Pony.yar ├── Windows_Trojan_PoshC2.yar ├── Windows_Trojan_PowerSeal.yar ├── Windows_Trojan_PrivateLoader.yar ├── Windows_Trojan_ProtectS.yar ├── Windows_Trojan_Qbot.yar ├── Windows_Trojan_Quasarrat.yar ├── Windows_Trojan_Raccoon.yar ├── Windows_Trojan_RaspberryRobin.yar ├── Windows_Trojan_RedLineStealer.yar ├── Windows_Trojan_Remcos.yar ├── Windows_Trojan_Revcoderat.yar ├── Windows_Trojan_Revengerat.yar ├── Windows_Trojan_Rhadamanthys.yar ├── Windows_Trojan_RoningLoader.yar ├── Windows_Trojan_RudeBird.yar ├── Windows_Trojan_STRRAT.yar ├── Windows_Trojan_SVCReady.yar ├── Windows_Trojan_SadBridge.yar ├── Windows_Trojan_ServHelper.yar ├── Windows_Trojan_ShadowPad.yar ├── Windows_Trojan_ShelbyC2.yar ├── Windows_Trojan_ShelbyLoader.yar ├── Windows_Trojan_Shellter.yar ├── Windows_Trojan_SiestaGraph.yar ├── Windows_Trojan_Sliver.yar ├── Windows_Trojan_Smokeloader.yar ├── Windows_Trojan_SnakeKeylogger.yar ├── Windows_Trojan_SolarMarker.yar ├── Windows_Trojan_SomniRecord.yar ├── Windows_Trojan_SourShark.yar ├── Windows_Trojan_SpectralViper.yar ├── Windows_Trojan_Squirrelwaffle.yar ├── Windows_Trojan_Stealc.yar ├── Windows_Trojan_StormKitty.yar ├── Windows_Trojan_StumpZarus.yar ├── Windows_Trojan_SuddenIcon.yar ├── Windows_Trojan_SysJoker.yar ├── Windows_Trojan_SystemBC.yar ├── Windows_Trojan_Sythe.yar ├── Windows_Trojan_Tofsee.yar ├── Windows_Trojan_Tollbooth.yar ├── Windows_Trojan_Trickbot.yar ├── Windows_Trojan_TwistedTinsel.yar ├── Windows_Trojan_Vidar.yar ├── Windows_Trojan_WarmCookie.yar ├── Windows_Trojan_WhisperGate.yar ├── Windows_Trojan_WikiLoader.yar ├── Windows_Trojan_WineLoader.yar ├── Windows_Trojan_Winos.yar ├── Windows_Trojan_XWorm.yar ├── Windows_Trojan_Xeno.yar ├── Windows_Trojan_Xpertrat.yar ├── Windows_Trojan_XtremeRAT.yar ├── Windows_Trojan_Zeus.yar ├── Windows_Trojan_Zloader.yar ├── Windows_Virus_Expiro.yar ├── Windows_Virus_Floxif.yar ├── Windows_Virus_Neshta.yar ├── Windows_VulnDriver_ATSZIO.yar ├── Windows_VulnDriver_Agent64.yar ├── Windows_VulnDriver_Amifldrv.yar ├── Windows_VulnDriver_ArPot.yar ├── Windows_VulnDriver_AsIo.yar ├── Windows_VulnDriver_Asrock.yar ├── Windows_VulnDriver_Atillk.yar ├── Windows_VulnDriver_BSMI.yar ├── Windows_VulnDriver_Biostar.yar ├── Windows_VulnDriver_CCProtect.yar ├── Windows_VulnDriver_Cpuz.yar ├── Windows_VulnDriver_DBUtil.yar ├── Windows_VulnDriver_DirectIo.yar ├── Windows_VulnDriver_EchoDrv.yar ├── Windows_VulnDriver_ElRawDisk.yar ├── Windows_VulnDriver_Elby.yar ├── Windows_VulnDriver_EneIo.yar ├── Windows_VulnDriver_FidDrv.yar ├── Windows_VulnDriver_Fidpci.yar ├── Windows_VulnDriver_Fileseclab.yar ├── Windows_VulnDriver_GDrv.yar ├── Windows_VulnDriver_GlckIo.yar ├── Windows_VulnDriver_Gvci.yar ├── Windows_VulnDriver_HpPortIo.yar ├── Windows_VulnDriver_HrSword.yar ├── Windows_VulnDriver_IoBitUnlocker.yar ├── Windows_VulnDriver_Iqvw.yar ├── Windows_VulnDriver_LLAccess.yar ├── Windows_VulnDriver_Lha.yar ├── Windows_VulnDriver_MarvinHW.yar ├── Windows_VulnDriver_Mhyprot.yar ├── Windows_VulnDriver_MicroStar.yar ├── Windows_VulnDriver_MsIo.yar ├── Windows_VulnDriver_MtcBsv.yar ├── Windows_VulnDriver_PowerProfiler.yar ├── Windows_VulnDriver_PowerTool.yar ├── Windows_VulnDriver_ProcExp.yar ├── Windows_VulnDriver_ProcId.yar ├── Windows_VulnDriver_RWEverything.yar ├── Windows_VulnDriver_RentDrv.yar ├── Windows_VulnDriver_RtCore.yar ├── Windows_VulnDriver_Rtkio.yar ├── Windows_VulnDriver_Ryzen.yar ├── Windows_VulnDriver_Sandra.yar ├── Windows_VulnDriver_Segwin.yar ├── Windows_VulnDriver_Speedfan.yar ├── Windows_VulnDriver_ThreatFire.yar ├── Windows_VulnDriver_TmComm.yar ├── Windows_VulnDriver_ToshibaBios.yar ├── Windows_VulnDriver_TrueSight.yar ├── Windows_VulnDriver_VBox.yar ├── Windows_VulnDriver_Viragt.yar ├── Windows_VulnDriver_Vmdrv.yar ├── Windows_VulnDriver_WinDivert.yar ├── Windows_VulnDriver_WinFlash.yar ├── Windows_VulnDriver_WinIo.yar ├── Windows_VulnDriver_XTier.yar ├── Windows_VulnDriver_Zam.yar ├── Windows_Wiper_CaddyWiper.yar ├── Windows_Wiper_DoubleZero.yar ├── Windows_Wiper_HermeticWiper.yar └── Windows_Wiper_IsaacWiper.yar ├── huntress ├── LICENSE ├── Malichus.yar ├── RELEASE ├── human2_MOVEit.yar ├── lightspy.yara └── web_exploit_cve_2024_1709_screenconnect.yar ├── php-malware └── php.txt └── update.sh /.chainguard/source.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/.chainguard/source.yaml -------------------------------------------------------------------------------- /.github/chainguard/release.sts.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/.github/chainguard/release.sts.yaml -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/.github/dependabot.yml -------------------------------------------------------------------------------- /.github/workflows/codeql.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/.github/workflows/codeql.yaml -------------------------------------------------------------------------------- /.github/workflows/go-tests.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/.github/workflows/go-tests.yaml -------------------------------------------------------------------------------- /.github/workflows/release.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/.github/workflows/release.yaml -------------------------------------------------------------------------------- /.github/workflows/scorecard.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/.github/workflows/scorecard.yml -------------------------------------------------------------------------------- /.github/workflows/style.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/.github/workflows/style.yaml -------------------------------------------------------------------------------- /.github/workflows/third-party.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/.github/workflows/third-party.yaml -------------------------------------------------------------------------------- /.github/workflows/version.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/.github/workflows/version.yaml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/.gitignore -------------------------------------------------------------------------------- /.golangci.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/.golangci.yml -------------------------------------------------------------------------------- /.goreleaser.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/.goreleaser.yaml -------------------------------------------------------------------------------- /.wokeignore: -------------------------------------------------------------------------------- 1 | third_party/ 2 | test_data/ 3 | samples/ 4 | -------------------------------------------------------------------------------- /.yara-ci.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/.yara-ci.yml -------------------------------------------------------------------------------- /DEVELOPMENT.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/DEVELOPMENT.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/LICENSE -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/README.md -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/SECURITY.md -------------------------------------------------------------------------------- /capabilities.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/capabilities.md -------------------------------------------------------------------------------- /cmd/mal/mal.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/cmd/mal/mal.go -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/go.mod -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/go.sum -------------------------------------------------------------------------------- /images/analyze.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/images/analyze.png -------------------------------------------------------------------------------- /images/diff.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/images/diff.png -------------------------------------------------------------------------------- /images/scan.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/images/scan.png -------------------------------------------------------------------------------- /images/wanted.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/images/wanted.png -------------------------------------------------------------------------------- /pkg/action/archive_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/action/archive_test.go -------------------------------------------------------------------------------- /pkg/action/diff.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/action/diff.go -------------------------------------------------------------------------------- /pkg/action/oci_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/action/oci_test.go -------------------------------------------------------------------------------- /pkg/action/path.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/action/path.go -------------------------------------------------------------------------------- /pkg/action/process.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/action/process.go -------------------------------------------------------------------------------- /pkg/action/scan.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/action/scan.go -------------------------------------------------------------------------------- /pkg/action/scan_error.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/action/scan_error.go -------------------------------------------------------------------------------- /pkg/action/scan_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/action/scan_test.go -------------------------------------------------------------------------------- /pkg/action/testdata/17419.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/action/testdata/17419.zip -------------------------------------------------------------------------------- /pkg/action/testdata/apko.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/action/testdata/apko.gz -------------------------------------------------------------------------------- /pkg/action/testdata/apko.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/action/testdata/apko.tar.gz -------------------------------------------------------------------------------- /pkg/action/testdata/apko.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/action/testdata/apko.zip -------------------------------------------------------------------------------- /pkg/action/testdata/conflict.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/action/testdata/conflict.zip -------------------------------------------------------------------------------- /pkg/action/testdata/empty: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /pkg/action/testdata/python: -------------------------------------------------------------------------------- 1 | import sumtin 2 | -------------------------------------------------------------------------------- /pkg/action/testdata/rando: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/action/testdata/rando -------------------------------------------------------------------------------- /pkg/action/testdata/scan_archive: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/action/testdata/scan_archive -------------------------------------------------------------------------------- /pkg/action/testdata/scan_conflict: -------------------------------------------------------------------------------- 1 | {} 2 | -------------------------------------------------------------------------------- /pkg/action/testdata/scan_oci: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/action/testdata/scan_oci -------------------------------------------------------------------------------- /pkg/action/testdata/shell: -------------------------------------------------------------------------------- 1 | #!/bin/sh -------------------------------------------------------------------------------- /pkg/action/testdata/short: -------------------------------------------------------------------------------- 1 | aa 2 | -------------------------------------------------------------------------------- /pkg/action/testdata/static.tar.xz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/action/testdata/static.tar.xz -------------------------------------------------------------------------------- /pkg/archive/archive.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/archive/archive.go -------------------------------------------------------------------------------- /pkg/archive/bz2.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/archive/bz2.go -------------------------------------------------------------------------------- /pkg/archive/deb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/archive/deb.go -------------------------------------------------------------------------------- /pkg/archive/fuzz_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/archive/fuzz_test.go -------------------------------------------------------------------------------- /pkg/archive/gzip.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/archive/gzip.go -------------------------------------------------------------------------------- /pkg/archive/oci.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/archive/oci.go -------------------------------------------------------------------------------- /pkg/archive/rpm.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/archive/rpm.go -------------------------------------------------------------------------------- /pkg/archive/tar.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/archive/tar.go -------------------------------------------------------------------------------- /pkg/archive/upx.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/archive/upx.go -------------------------------------------------------------------------------- /pkg/archive/zip.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/archive/zip.go -------------------------------------------------------------------------------- /pkg/archive/zlib.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/archive/zlib.go -------------------------------------------------------------------------------- /pkg/archive/zstd.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/archive/zstd.go -------------------------------------------------------------------------------- /pkg/compile/compile.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/compile/compile.go -------------------------------------------------------------------------------- /pkg/compile/compile_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/compile/compile_test.go -------------------------------------------------------------------------------- /pkg/malcontent/malcontent.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/malcontent/malcontent.go -------------------------------------------------------------------------------- /pkg/pool/pool.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/pool/pool.go -------------------------------------------------------------------------------- /pkg/profile/profile.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/profile/profile.go -------------------------------------------------------------------------------- /pkg/profile/profile_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/profile/profile_test.go -------------------------------------------------------------------------------- /pkg/programkind/fuzz_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/programkind/fuzz_test.go -------------------------------------------------------------------------------- /pkg/programkind/programkind.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/programkind/programkind.go -------------------------------------------------------------------------------- /pkg/programkind/programkind_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/programkind/programkind_test.go -------------------------------------------------------------------------------- /pkg/programkind/testdata/expr: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/programkind/testdata/expr -------------------------------------------------------------------------------- /pkg/programkind/testdata/libpam.so.0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/programkind/testdata/libpam.so.0 -------------------------------------------------------------------------------- /pkg/programkind/testdata/ls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/programkind/testdata/ls -------------------------------------------------------------------------------- /pkg/programkind/testdata/peclcmd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/programkind/testdata/peclcmd -------------------------------------------------------------------------------- /pkg/programkind/testdata/snmpd: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | echo "hello" 3 | -------------------------------------------------------------------------------- /pkg/programkind/testdata/test.pl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/programkind/testdata/test.pl -------------------------------------------------------------------------------- /pkg/programkind/testdata/test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -x 2 | echo "hello-bash" 3 | -------------------------------------------------------------------------------- /pkg/programkind/testdata/tiny: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/programkind/testdata/tiny -------------------------------------------------------------------------------- /pkg/refresh/action.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/refresh/action.go -------------------------------------------------------------------------------- /pkg/refresh/diff.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/refresh/diff.go -------------------------------------------------------------------------------- /pkg/refresh/refresh.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/refresh/refresh.go -------------------------------------------------------------------------------- /pkg/render/json.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/render/json.go -------------------------------------------------------------------------------- /pkg/render/markdown.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/render/markdown.go -------------------------------------------------------------------------------- /pkg/render/render.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/render/render.go -------------------------------------------------------------------------------- /pkg/render/simple.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/render/simple.go -------------------------------------------------------------------------------- /pkg/render/stats.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/render/stats.go -------------------------------------------------------------------------------- /pkg/render/strings.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/render/strings.go -------------------------------------------------------------------------------- /pkg/render/tea.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/render/tea.go -------------------------------------------------------------------------------- /pkg/render/tea_style.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/render/tea_style.go -------------------------------------------------------------------------------- /pkg/render/terminal.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/render/terminal.go -------------------------------------------------------------------------------- /pkg/render/terminal_brief.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/render/terminal_brief.go -------------------------------------------------------------------------------- /pkg/render/yaml.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/render/yaml.go -------------------------------------------------------------------------------- /pkg/report/fuzz_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/report/fuzz_test.go -------------------------------------------------------------------------------- /pkg/report/report.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/report/report.go -------------------------------------------------------------------------------- /pkg/report/report_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/report/report_test.go -------------------------------------------------------------------------------- /pkg/report/strings.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/report/strings.go -------------------------------------------------------------------------------- /pkg/version/version.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/pkg/version/version.go -------------------------------------------------------------------------------- /rules/anti-behavior/LD_DEBUG.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/anti-behavior/LD_DEBUG.yara -------------------------------------------------------------------------------- /rules/anti-behavior/LD_PROFILE.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/anti-behavior/LD_PROFILE.yara -------------------------------------------------------------------------------- /rules/anti-behavior/vm-check.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/anti-behavior/vm-check.yara -------------------------------------------------------------------------------- /rules/anti-static/base64/eval.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/anti-static/base64/eval.yara -------------------------------------------------------------------------------- /rules/anti-static/base64/exec.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/anti-static/base64/exec.yara -------------------------------------------------------------------------------- /rules/anti-static/base64/import.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/anti-static/base64/import.yara -------------------------------------------------------------------------------- /rules/anti-static/base64/shell.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/anti-static/base64/shell.yara -------------------------------------------------------------------------------- /rules/anti-static/binary/opaque.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/anti-static/binary/opaque.yara -------------------------------------------------------------------------------- /rules/anti-static/elf/base64.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/anti-static/elf/base64.yara -------------------------------------------------------------------------------- /rules/anti-static/elf/content.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/anti-static/elf/content.yara -------------------------------------------------------------------------------- /rules/anti-static/elf/entropy.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/anti-static/elf/entropy.yara -------------------------------------------------------------------------------- /rules/anti-static/elf/header.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/anti-static/elf/header.yara -------------------------------------------------------------------------------- /rules/anti-static/elf/multiple.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/anti-static/elf/multiple.yara -------------------------------------------------------------------------------- /rules/anti-static/elf/tiny.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/anti-static/elf/tiny.yara -------------------------------------------------------------------------------- /rules/anti-static/macho/entropy.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/anti-static/macho/entropy.yara -------------------------------------------------------------------------------- /rules/anti-static/macho/footer.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/anti-static/macho/footer.yara -------------------------------------------------------------------------------- /rules/anti-static/macho/tiny.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/anti-static/macho/tiny.yara -------------------------------------------------------------------------------- /rules/anti-static/packer/aes.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/anti-static/packer/aes.yara -------------------------------------------------------------------------------- /rules/anti-static/packer/ezuri.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/anti-static/packer/ezuri.yara -------------------------------------------------------------------------------- /rules/anti-static/packer/nuitka.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/anti-static/packer/nuitka.yara -------------------------------------------------------------------------------- /rules/anti-static/packer/pe.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/anti-static/packer/pe.yara -------------------------------------------------------------------------------- /rules/anti-static/packer/shc.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/anti-static/packer/shc.yara -------------------------------------------------------------------------------- /rules/anti-static/packer/upx.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/anti-static/packer/upx.yara -------------------------------------------------------------------------------- /rules/anti-static/xor/xor-certs.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/anti-static/xor/xor-certs.yara -------------------------------------------------------------------------------- /rules/anti-static/xor/xor-paths.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/anti-static/xor/xor-paths.yara -------------------------------------------------------------------------------- /rules/anti-static/xor/xor-table.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/anti-static/xor/xor-table.yara -------------------------------------------------------------------------------- /rules/anti-static/xor/xor-terms.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/anti-static/xor/xor-terms.yara -------------------------------------------------------------------------------- /rules/anti-static/xor/xor-url.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/anti-static/xor/xor-url.yara -------------------------------------------------------------------------------- /rules/c2/addr/discord.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/addr/discord.yara -------------------------------------------------------------------------------- /rules/c2/addr/http-dynamic.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/addr/http-dynamic.yara -------------------------------------------------------------------------------- /rules/c2/addr/ip.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/addr/ip.yara -------------------------------------------------------------------------------- /rules/c2/addr/server.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/addr/server.yara -------------------------------------------------------------------------------- /rules/c2/addr/telegram.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/addr/telegram.yara -------------------------------------------------------------------------------- /rules/c2/addr/tor_onion.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/addr/tor_onion.yara -------------------------------------------------------------------------------- /rules/c2/addr/url.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/addr/url.yara -------------------------------------------------------------------------------- /rules/c2/client.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/client.yara -------------------------------------------------------------------------------- /rules/c2/connect/bash_tcp.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/connect/bash_tcp.yara -------------------------------------------------------------------------------- /rules/c2/connect/curl_easy.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/connect/curl_easy.yara -------------------------------------------------------------------------------- /rules/c2/connect/ping_pong.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/connect/ping_pong.yara -------------------------------------------------------------------------------- /rules/c2/connect/server.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/connect/server.yara -------------------------------------------------------------------------------- /rules/c2/discovery/dga.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/discovery/dga.yara -------------------------------------------------------------------------------- /rules/c2/discovery/dyndns.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/discovery/dyndns.yara -------------------------------------------------------------------------------- /rules/c2/discovery/ethereum.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/discovery/ethereum.yara -------------------------------------------------------------------------------- /rules/c2/listen/listen.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/listen/listen.yara -------------------------------------------------------------------------------- /rules/c2/refs.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/refs.yara -------------------------------------------------------------------------------- /rules/c2/tool_transfer/arch.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/tool_transfer/arch.yara -------------------------------------------------------------------------------- /rules/c2/tool_transfer/download.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/tool_transfer/download.yara -------------------------------------------------------------------------------- /rules/c2/tool_transfer/dropper.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/tool_transfer/dropper.yara -------------------------------------------------------------------------------- /rules/c2/tool_transfer/exe_url.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/tool_transfer/exe_url.yara -------------------------------------------------------------------------------- /rules/c2/tool_transfer/fake_doc.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/tool_transfer/fake_doc.yara -------------------------------------------------------------------------------- /rules/c2/tool_transfer/github.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/tool_transfer/github.yara -------------------------------------------------------------------------------- /rules/c2/tool_transfer/grayware.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/tool_transfer/grayware.yara -------------------------------------------------------------------------------- /rules/c2/tool_transfer/js.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/tool_transfer/js.yara -------------------------------------------------------------------------------- /rules/c2/tool_transfer/macos.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/tool_transfer/macos.yara -------------------------------------------------------------------------------- /rules/c2/tool_transfer/npm.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/tool_transfer/npm.yara -------------------------------------------------------------------------------- /rules/c2/tool_transfer/os.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/tool_transfer/os.yara -------------------------------------------------------------------------------- /rules/c2/tool_transfer/php.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/tool_transfer/php.yara -------------------------------------------------------------------------------- /rules/c2/tool_transfer/python.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/tool_transfer/python.yara -------------------------------------------------------------------------------- /rules/c2/tool_transfer/ruby.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/tool_transfer/ruby.yara -------------------------------------------------------------------------------- /rules/c2/tool_transfer/shell.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/c2/tool_transfer/shell.yara -------------------------------------------------------------------------------- /rules/collect/archives/zip.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/collect/archives/zip.yara -------------------------------------------------------------------------------- /rules/collect/code/github_api.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/collect/code/github_api.yara -------------------------------------------------------------------------------- /rules/collect/databases/leveldb.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/collect/databases/leveldb.yara -------------------------------------------------------------------------------- /rules/collect/databases/mysql.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/collect/databases/mysql.yara -------------------------------------------------------------------------------- /rules/collect/databases/sqlite.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/collect/databases/sqlite.yara -------------------------------------------------------------------------------- /rules/collect/localstorage.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/collect/localstorage.yara -------------------------------------------------------------------------------- /rules/credential/chat/slack.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/credential/chat/slack.yara -------------------------------------------------------------------------------- /rules/credential/clipboard.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/credential/clipboard.yara -------------------------------------------------------------------------------- /rules/credential/cloud/aws.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/credential/cloud/aws.yara -------------------------------------------------------------------------------- /rules/credential/cloud/dot_env.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/credential/cloud/dot_env.yara -------------------------------------------------------------------------------- /rules/credential/cloud/gcloud.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/credential/cloud/gcloud.yara -------------------------------------------------------------------------------- /rules/credential/keylogger.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/credential/keylogger.yara -------------------------------------------------------------------------------- /rules/credential/os/gshadow.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/credential/os/gshadow.yara -------------------------------------------------------------------------------- /rules/credential/os/shadow.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/credential/os/shadow.yara -------------------------------------------------------------------------------- /rules/credential/sniffer/bpf.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/credential/sniffer/bpf.yara -------------------------------------------------------------------------------- /rules/credential/sniffer/pcap.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/credential/sniffer/pcap.yara -------------------------------------------------------------------------------- /rules/credential/ssh/putty.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/credential/ssh/putty.yara -------------------------------------------------------------------------------- /rules/credential/ssh/ssh.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/credential/ssh/ssh.yara -------------------------------------------------------------------------------- /rules/credential/ssh/sshd.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/credential/ssh/sshd.yara -------------------------------------------------------------------------------- /rules/credential/ssl/key.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/credential/ssl/key.yara -------------------------------------------------------------------------------- /rules/crypto/aes.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/crypto/aes.yara -------------------------------------------------------------------------------- /rules/crypto/blockchain.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/crypto/blockchain.yara -------------------------------------------------------------------------------- /rules/crypto/cipher.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/crypto/cipher.yara -------------------------------------------------------------------------------- /rules/crypto/decrypt.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/crypto/decrypt.yara -------------------------------------------------------------------------------- /rules/crypto/ecdsa.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/crypto/ecdsa.yara -------------------------------------------------------------------------------- /rules/crypto/ed25519.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/crypto/ed25519.yara -------------------------------------------------------------------------------- /rules/crypto/elliptic.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/crypto/elliptic.yara -------------------------------------------------------------------------------- /rules/crypto/encrypt.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/crypto/encrypt.yara -------------------------------------------------------------------------------- /rules/crypto/encrypted-stream.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/crypto/encrypted-stream.yara -------------------------------------------------------------------------------- /rules/crypto/ethereum.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/crypto/ethereum.yara -------------------------------------------------------------------------------- /rules/crypto/fastrand.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/crypto/fastrand.yara -------------------------------------------------------------------------------- /rules/crypto/fernet.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/crypto/fernet.yara -------------------------------------------------------------------------------- /rules/crypto/gost89.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/crypto/gost89.yara -------------------------------------------------------------------------------- /rules/crypto/hmac.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/crypto/hmac.yara -------------------------------------------------------------------------------- /rules/crypto/openssl.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/crypto/openssl.yara -------------------------------------------------------------------------------- /rules/crypto/password.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/crypto/password.yara -------------------------------------------------------------------------------- /rules/crypto/public_key.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/crypto/public_key.yara -------------------------------------------------------------------------------- /rules/crypto/rc4.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/crypto/rc4.yara -------------------------------------------------------------------------------- /rules/crypto/ssl.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/crypto/ssl.yara -------------------------------------------------------------------------------- /rules/crypto/tls.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/crypto/tls.yara -------------------------------------------------------------------------------- /rules/crypto/uuid.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/crypto/uuid.yara -------------------------------------------------------------------------------- /rules/crypto/xor.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/crypto/xor.yara -------------------------------------------------------------------------------- /rules/data/base64/base64-decode.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/base64/base64-decode.yara -------------------------------------------------------------------------------- /rules/data/base64/base64-encode.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/base64/base64-encode.yara -------------------------------------------------------------------------------- /rules/data/base64/external.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/base64/external.yara -------------------------------------------------------------------------------- /rules/data/builtin/appkit.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/builtin/appkit.yara -------------------------------------------------------------------------------- /rules/data/builtin/glibc.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/builtin/glibc.yara -------------------------------------------------------------------------------- /rules/data/builtin/multiple.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/builtin/multiple.yara -------------------------------------------------------------------------------- /rules/data/builtin/openssl.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/builtin/openssl.yara -------------------------------------------------------------------------------- /rules/data/builtin/rsaeuro.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/builtin/rsaeuro.yara -------------------------------------------------------------------------------- /rules/data/builtin/wolfssl.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/builtin/wolfssl.yara -------------------------------------------------------------------------------- /rules/data/compression/asar.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/compression/asar.yara -------------------------------------------------------------------------------- /rules/data/compression/bzip2.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/compression/bzip2.yara -------------------------------------------------------------------------------- /rules/data/compression/gzip.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/compression/gzip.yara -------------------------------------------------------------------------------- /rules/data/compression/lzma.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/compression/lzma.yara -------------------------------------------------------------------------------- /rules/data/compression/xz.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/compression/xz.yara -------------------------------------------------------------------------------- /rules/data/compression/zlib.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/compression/zlib.yara -------------------------------------------------------------------------------- /rules/data/compression/zstd.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/compression/zstd.yara -------------------------------------------------------------------------------- /rules/data/embedded/base64.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/embedded/base64.yara -------------------------------------------------------------------------------- /rules/data/encoding/asn1.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/encoding/asn1.yara -------------------------------------------------------------------------------- /rules/data/encoding/audio-pcm.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/encoding/audio-pcm.yara -------------------------------------------------------------------------------- /rules/data/encoding/base58.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/encoding/base58.yara -------------------------------------------------------------------------------- /rules/data/encoding/base64.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/encoding/base64.yara -------------------------------------------------------------------------------- /rules/data/encoding/csv.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/encoding/csv.yara -------------------------------------------------------------------------------- /rules/data/encoding/int.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/encoding/int.yara -------------------------------------------------------------------------------- /rules/data/encoding/json-decode.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/encoding/json-decode.yara -------------------------------------------------------------------------------- /rules/data/encoding/json-encode.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/encoding/json-encode.yara -------------------------------------------------------------------------------- /rules/data/encoding/json.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/encoding/json.yara -------------------------------------------------------------------------------- /rules/data/encoding/marshal.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/encoding/marshal.yara -------------------------------------------------------------------------------- /rules/data/encoding/protobuf.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/encoding/protobuf.yara -------------------------------------------------------------------------------- /rules/data/encoding/qr_code.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/encoding/qr_code.yara -------------------------------------------------------------------------------- /rules/data/encoding/reverse.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/encoding/reverse.yara -------------------------------------------------------------------------------- /rules/data/encoding/url.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/encoding/url.yara -------------------------------------------------------------------------------- /rules/data/encoding/utf16.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/encoding/utf16.yara -------------------------------------------------------------------------------- /rules/data/encoding/yaml.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/encoding/yaml.yara -------------------------------------------------------------------------------- /rules/data/hash/blake2b.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/hash/blake2b.yara -------------------------------------------------------------------------------- /rules/data/hash/fnv.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/hash/fnv.yara -------------------------------------------------------------------------------- /rules/data/hash/md5.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/hash/md5.yara -------------------------------------------------------------------------------- /rules/data/hash/sha1.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/hash/sha1.yara -------------------------------------------------------------------------------- /rules/data/hash/sha256.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/hash/sha256.yara -------------------------------------------------------------------------------- /rules/data/hash/sha512.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/hash/sha512.yara -------------------------------------------------------------------------------- /rules/data/hash/whirlpool.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/hash/whirlpool.yara -------------------------------------------------------------------------------- /rules/data/random/bytes.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/random/bytes.yara -------------------------------------------------------------------------------- /rules/data/random/insecure.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/data/random/insecure.yara -------------------------------------------------------------------------------- /rules/discover/browser/agent.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/browser/agent.yara -------------------------------------------------------------------------------- /rules/discover/group/lookup.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/group/lookup.yara -------------------------------------------------------------------------------- /rules/discover/ip/geoip.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/ip/geoip.yara -------------------------------------------------------------------------------- /rules/discover/ip/public_ip.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/ip/public_ip.yara -------------------------------------------------------------------------------- /rules/discover/multiple.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/multiple.yara -------------------------------------------------------------------------------- /rules/discover/network/netstat.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/network/netstat.yara -------------------------------------------------------------------------------- /rules/discover/process/egid.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/process/egid.yara -------------------------------------------------------------------------------- /rules/discover/process/euid.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/process/euid.yara -------------------------------------------------------------------------------- /rules/discover/process/name.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/process/name.yara -------------------------------------------------------------------------------- /rules/discover/process/parent.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/process/parent.yara -------------------------------------------------------------------------------- /rules/discover/process/pid.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/process/pid.yara -------------------------------------------------------------------------------- /rules/discover/process/priority.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/process/priority.yara -------------------------------------------------------------------------------- /rules/discover/process/uid.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/process/uid.yara -------------------------------------------------------------------------------- /rules/discover/processes/list.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/processes/list.yara -------------------------------------------------------------------------------- /rules/discover/processes/pgrep.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/processes/pgrep.yara -------------------------------------------------------------------------------- /rules/discover/system/cpu.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/system/cpu.yara -------------------------------------------------------------------------------- /rules/discover/system/dev_full.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/system/dev_full.yara -------------------------------------------------------------------------------- /rules/discover/system/dmesg.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/system/dmesg.yara -------------------------------------------------------------------------------- /rules/discover/system/hardware.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/system/hardware.yara -------------------------------------------------------------------------------- /rules/discover/system/hostname.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/system/hostname.yara -------------------------------------------------------------------------------- /rules/discover/system/multiple.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/system/multiple.yara -------------------------------------------------------------------------------- /rules/discover/system/platform.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/system/platform.yara -------------------------------------------------------------------------------- /rules/discover/system/proc.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/system/proc.yara -------------------------------------------------------------------------------- /rules/discover/system/sysinfo.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/system/sysinfo.yara -------------------------------------------------------------------------------- /rules/discover/user/APPDATA.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/user/APPDATA.yara -------------------------------------------------------------------------------- /rules/discover/user/HOME.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/user/HOME.yara -------------------------------------------------------------------------------- /rules/discover/user/USER.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/user/USER.yara -------------------------------------------------------------------------------- /rules/discover/user/USERPROFILE.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/user/USERPROFILE.yara -------------------------------------------------------------------------------- /rules/discover/user/current.yara: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /rules/discover/user/dscl.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/user/dscl.yara -------------------------------------------------------------------------------- /rules/discover/user/lookup.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/user/lookup.yara -------------------------------------------------------------------------------- /rules/discover/user/userinfo.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/discover/user/userinfo.yara -------------------------------------------------------------------------------- /rules/evasion/file/attr/chflags.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/evasion/file/attr/chflags.yara -------------------------------------------------------------------------------- /rules/evasion/file/location/lib.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/evasion/file/location/lib.yara -------------------------------------------------------------------------------- /rules/evasion/file/location/var.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/evasion/file/location/var.yara -------------------------------------------------------------------------------- /rules/evasion/file/prefix/dev.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/evasion/file/prefix/dev.yara -------------------------------------------------------------------------------- /rules/evasion/file/prefix/lib.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/evasion/file/prefix/lib.yara -------------------------------------------------------------------------------- /rules/evasion/file/prefix/proc.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/evasion/file/prefix/proc.yara -------------------------------------------------------------------------------- /rules/evasion/file/prefix/tmp.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/evasion/file/prefix/tmp.yara -------------------------------------------------------------------------------- /rules/evasion/logging/acct.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/evasion/logging/acct.yara -------------------------------------------------------------------------------- /rules/evasion/logging/dev_log.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/evasion/logging/dev_log.yara -------------------------------------------------------------------------------- /rules/evasion/logging/dmesg.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/evasion/logging/dmesg.yara -------------------------------------------------------------------------------- /rules/evasion/logging/install.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/evasion/logging/install.yara -------------------------------------------------------------------------------- /rules/evasion/logging/syslog.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/evasion/logging/syslog.yara -------------------------------------------------------------------------------- /rules/evasion/logging/wipe.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/evasion/logging/wipe.yara -------------------------------------------------------------------------------- /rules/evasion/mimicry/mdworker.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/evasion/mimicry/mdworker.yara -------------------------------------------------------------------------------- /rules/evasion/net/hide_ports.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/evasion/net/hide_ports.yara -------------------------------------------------------------------------------- /rules/evasion/net/http_443.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/evasion/net/http_443.yara -------------------------------------------------------------------------------- /rules/evasion/rootkit/kernel.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/evasion/rootkit/kernel.yara -------------------------------------------------------------------------------- /rules/evasion/rootkit/refs.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/evasion/rootkit/refs.yara -------------------------------------------------------------------------------- /rules/evasion/rootkit/userspace.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/evasion/rootkit/userspace.yara -------------------------------------------------------------------------------- /rules/exec/cmd/cmd.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/cmd/cmd.yara -------------------------------------------------------------------------------- /rules/exec/cmd/npm_preinstall.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/cmd/npm_preinstall.yara -------------------------------------------------------------------------------- /rules/exec/cmd/pipe.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/cmd/pipe.yara -------------------------------------------------------------------------------- /rules/exec/conditional/LANG-set.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/conditional/LANG-set.yara -------------------------------------------------------------------------------- /rules/exec/conditional/LANG.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/conditional/LANG.yara -------------------------------------------------------------------------------- /rules/exec/conditional/is_admin.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/conditional/is_admin.yara -------------------------------------------------------------------------------- /rules/exec/dylib/address-check.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/dylib/address-check.yara -------------------------------------------------------------------------------- /rules/exec/dylib/iterate.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/dylib/iterate.yara -------------------------------------------------------------------------------- /rules/exec/dylib/open.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/dylib/open.yara -------------------------------------------------------------------------------- /rules/exec/dylib/replace.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/dylib/replace.yara -------------------------------------------------------------------------------- /rules/exec/dylib/symbol-address.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/dylib/symbol-address.yara -------------------------------------------------------------------------------- /rules/exec/dylib/user.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/dylib/user.yara -------------------------------------------------------------------------------- /rules/exec/dylib/windll.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/dylib/windll.yara -------------------------------------------------------------------------------- /rules/exec/imports/python.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/imports/python.yara -------------------------------------------------------------------------------- /rules/exec/plugin/plugin.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/plugin/plugin.yara -------------------------------------------------------------------------------- /rules/exec/program/hidden.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/program/hidden.yara -------------------------------------------------------------------------------- /rules/exec/program/opaque.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/program/opaque.yara -------------------------------------------------------------------------------- /rules/exec/program/program.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/program/program.yara -------------------------------------------------------------------------------- /rules/exec/program/tmpdir.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/program/tmpdir.yara -------------------------------------------------------------------------------- /rules/exec/script/activex.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/script/activex.yara -------------------------------------------------------------------------------- /rules/exec/script/osascript.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/script/osascript.yara -------------------------------------------------------------------------------- /rules/exec/script/python.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/script/python.yara -------------------------------------------------------------------------------- /rules/exec/script/ruby.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/script/ruby.yara -------------------------------------------------------------------------------- /rules/exec/script/shellscript.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/script/shellscript.yara -------------------------------------------------------------------------------- /rules/exec/script/wsh.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/script/wsh.yara -------------------------------------------------------------------------------- /rules/exec/shell/SHELL.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/shell/SHELL.yara -------------------------------------------------------------------------------- /rules/exec/shell/TERM.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/shell/TERM.yara -------------------------------------------------------------------------------- /rules/exec/shell/bash_dev_tcp.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/shell/bash_dev_tcp.yara -------------------------------------------------------------------------------- /rules/exec/shell/bash_dev_udp.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/shell/bash_dev_udp.yara -------------------------------------------------------------------------------- /rules/exec/shell/busybox-exec.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/shell/busybox-exec.yara -------------------------------------------------------------------------------- /rules/exec/shell/byte_offsets.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/shell/byte_offsets.yara -------------------------------------------------------------------------------- /rules/exec/shell/command.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/shell/command.yara -------------------------------------------------------------------------------- /rules/exec/shell/echo.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/shell/echo.yara -------------------------------------------------------------------------------- /rules/exec/shell/exec.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/shell/exec.yara -------------------------------------------------------------------------------- /rules/exec/shell/ignore_output.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/shell/ignore_output.yara -------------------------------------------------------------------------------- /rules/exec/shell/nohup.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/shell/nohup.yara -------------------------------------------------------------------------------- /rules/exec/shell/pipe_sh.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/shell/pipe_sh.yara -------------------------------------------------------------------------------- /rules/exec/shell/powershell.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/shell/powershell.yara -------------------------------------------------------------------------------- /rules/exec/shell/shell32.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/shell/shell32.yara -------------------------------------------------------------------------------- /rules/exec/shell/sighup_trap.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/shell/sighup_trap.yara -------------------------------------------------------------------------------- /rules/exec/tty/curses.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/tty/curses.yara -------------------------------------------------------------------------------- /rules/exec/tty/getpass.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/tty/getpass.yara -------------------------------------------------------------------------------- /rules/exec/tty/isatty.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/tty/isatty.yara -------------------------------------------------------------------------------- /rules/exec/tty/open.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/tty/open.yara -------------------------------------------------------------------------------- /rules/exec/tty/pathname.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/tty/pathname.yara -------------------------------------------------------------------------------- /rules/exec/tty/terminfo.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/tty/terminfo.yara -------------------------------------------------------------------------------- /rules/exec/tty/vhangup.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exec/tty/vhangup.yara -------------------------------------------------------------------------------- /rules/exfil/Library-Mail.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/Library-Mail.yara -------------------------------------------------------------------------------- /rules/exfil/b64_zlib.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/b64_zlib.yara -------------------------------------------------------------------------------- /rules/exfil/collection.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/collection.yara -------------------------------------------------------------------------------- /rules/exfil/curl_elf.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/curl_elf.yara -------------------------------------------------------------------------------- /rules/exfil/curl_post.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/curl_post.yara -------------------------------------------------------------------------------- /rules/exfil/discord.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/discord.yara -------------------------------------------------------------------------------- /rules/exfil/exfil.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/exfil.yara -------------------------------------------------------------------------------- /rules/exfil/http_headers.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/http_headers.yara -------------------------------------------------------------------------------- /rules/exfil/nodejs.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/nodejs.yara -------------------------------------------------------------------------------- /rules/exfil/npm.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/npm.yara -------------------------------------------------------------------------------- /rules/exfil/oauth.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/oauth.yara -------------------------------------------------------------------------------- /rules/exfil/office_file_ext.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/office_file_ext.yara -------------------------------------------------------------------------------- /rules/exfil/oob.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/oob.yara -------------------------------------------------------------------------------- /rules/exfil/php.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/php.yara -------------------------------------------------------------------------------- /rules/exfil/proxy.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/proxy.yara -------------------------------------------------------------------------------- /rules/exfil/smtp.yara: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /rules/exfil/stealer/archive.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/stealer/archive.yara -------------------------------------------------------------------------------- /rules/exfil/stealer/browser.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/stealer/browser.yara -------------------------------------------------------------------------------- /rules/exfil/stealer/camera.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/stealer/camera.yara -------------------------------------------------------------------------------- /rules/exfil/stealer/cloud.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/stealer/cloud.yara -------------------------------------------------------------------------------- /rules/exfil/stealer/creds.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/stealer/creds.yara -------------------------------------------------------------------------------- /rules/exfil/stealer/crypto.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/stealer/crypto.yara -------------------------------------------------------------------------------- /rules/exfil/stealer/discord.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/stealer/discord.yara -------------------------------------------------------------------------------- /rules/exfil/stealer/file.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/stealer/file.yara -------------------------------------------------------------------------------- /rules/exfil/stealer/notes.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/stealer/notes.yara -------------------------------------------------------------------------------- /rules/exfil/stealer/pam.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/stealer/pam.yara -------------------------------------------------------------------------------- /rules/exfil/stealer/password.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/stealer/password.yara -------------------------------------------------------------------------------- /rules/exfil/stealer/php.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/stealer/php.yara -------------------------------------------------------------------------------- /rules/exfil/stealer/python.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/stealer/python.yara -------------------------------------------------------------------------------- /rules/exfil/stealer/sqlite.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/stealer/sqlite.yara -------------------------------------------------------------------------------- /rules/exfil/stealer/ssh.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/stealer/ssh.yara -------------------------------------------------------------------------------- /rules/exfil/stealer/stealer.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/stealer/stealer.yara -------------------------------------------------------------------------------- /rules/exfil/stealer/telegram.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/stealer/telegram.yara -------------------------------------------------------------------------------- /rules/exfil/stealer/tools.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/stealer/tools.yara -------------------------------------------------------------------------------- /rules/exfil/stealer/userdata.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/stealer/userdata.yara -------------------------------------------------------------------------------- /rules/exfil/stealer/vmware.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/stealer/vmware.yara -------------------------------------------------------------------------------- /rules/exfil/stealer/wallet.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/stealer/wallet.yara -------------------------------------------------------------------------------- /rules/exfil/sysinfo_http.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/sysinfo_http.yara -------------------------------------------------------------------------------- /rules/exfil/telegram.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/telegram.yara -------------------------------------------------------------------------------- /rules/exfil/upload.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/upload.yara -------------------------------------------------------------------------------- /rules/exfil/upload_netinfo.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/upload_netinfo.yara -------------------------------------------------------------------------------- /rules/exfil/upload_sysinfo.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/upload_sysinfo.yara -------------------------------------------------------------------------------- /rules/exfil/whoami_hostname.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/whoami_hostname.yara -------------------------------------------------------------------------------- /rules/exfil/zip.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/exfil/zip.yara -------------------------------------------------------------------------------- /rules/false_positives/acme.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/false_positives/acme.yara -------------------------------------------------------------------------------- /rules/false_positives/brave.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/false_positives/brave.yara -------------------------------------------------------------------------------- /rules/false_positives/brctl.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/false_positives/brctl.yara -------------------------------------------------------------------------------- /rules/false_positives/clamav.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/false_positives/clamav.yara -------------------------------------------------------------------------------- /rules/false_positives/coraza.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/false_positives/coraza.yara -------------------------------------------------------------------------------- /rules/false_positives/druid.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/false_positives/druid.yara -------------------------------------------------------------------------------- /rules/false_positives/fzf.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/false_positives/fzf.yara -------------------------------------------------------------------------------- /rules/false_positives/gitlab.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/false_positives/gitlab.yara -------------------------------------------------------------------------------- /rules/false_positives/jaraco.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/false_positives/jaraco.yara -------------------------------------------------------------------------------- /rules/false_positives/kandji.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/false_positives/kandji.yara -------------------------------------------------------------------------------- /rules/false_positives/kibana.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/false_positives/kibana.yara -------------------------------------------------------------------------------- /rules/false_positives/kong.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/false_positives/kong.yara -------------------------------------------------------------------------------- /rules/false_positives/libgcj.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/false_positives/libgcj.yara -------------------------------------------------------------------------------- /rules/false_positives/ltp.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/false_positives/ltp.yara -------------------------------------------------------------------------------- /rules/false_positives/nmap.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/false_positives/nmap.yara -------------------------------------------------------------------------------- /rules/false_positives/nvim.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/false_positives/nvim.yara -------------------------------------------------------------------------------- /rules/false_positives/prisma_client_js.yara: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /rules/false_positives/psm.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/false_positives/psm.yara -------------------------------------------------------------------------------- /rules/false_positives/psutil.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/false_positives/psutil.yara -------------------------------------------------------------------------------- /rules/false_positives/qemu.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/false_positives/qemu.yara -------------------------------------------------------------------------------- /rules/false_positives/rust.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/false_positives/rust.yara -------------------------------------------------------------------------------- /rules/false_positives/snapd.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/false_positives/snapd.yara -------------------------------------------------------------------------------- /rules/false_positives/socat.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/false_positives/socat.yara -------------------------------------------------------------------------------- /rules/false_positives/sqlmap.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/false_positives/sqlmap.yara -------------------------------------------------------------------------------- /rules/false_positives/ssh.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/false_positives/ssh.yara -------------------------------------------------------------------------------- /rules/false_positives/sudo.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/false_positives/sudo.yara -------------------------------------------------------------------------------- /rules/fs/attributes/chattr.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/attributes/chattr.yara -------------------------------------------------------------------------------- /rules/fs/attributes/remove.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/attributes/remove.yara -------------------------------------------------------------------------------- /rules/fs/attributes/set.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/attributes/set.yara -------------------------------------------------------------------------------- /rules/fs/attributes/xattr.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/attributes/xattr.yara -------------------------------------------------------------------------------- /rules/fs/blkid.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/blkid.yara -------------------------------------------------------------------------------- /rules/fs/device-control.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/device-control.yara -------------------------------------------------------------------------------- /rules/fs/event-monitoring.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/event-monitoring.yara -------------------------------------------------------------------------------- /rules/fs/fifo-create.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/fifo-create.yara -------------------------------------------------------------------------------- /rules/fs/file/binmode.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/file/binmode.yara -------------------------------------------------------------------------------- /rules/fs/file/exists.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/file/exists.yara -------------------------------------------------------------------------------- /rules/fs/file/file-append.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/file/file-append.yara -------------------------------------------------------------------------------- /rules/fs/file/file-copy.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/file/file-copy.yara -------------------------------------------------------------------------------- /rules/fs/file/file-create.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/file/file-create.yara -------------------------------------------------------------------------------- /rules/fs/file/file-delete.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/file/file-delete.yara -------------------------------------------------------------------------------- /rules/fs/file/file-open.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/file/file-open.yara -------------------------------------------------------------------------------- /rules/fs/file/file-path.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/file/file-path.yara -------------------------------------------------------------------------------- /rules/fs/file/file-read.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/file/file-read.yara -------------------------------------------------------------------------------- /rules/fs/file/file-rename.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/file/file-rename.yara -------------------------------------------------------------------------------- /rules/fs/file/file-stat.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/file/file-stat.yara -------------------------------------------------------------------------------- /rules/fs/file/file-sync.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/file/file-sync.yara -------------------------------------------------------------------------------- /rules/fs/file/file-times-set.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/file/file-times-set.yara -------------------------------------------------------------------------------- /rules/fs/file/file-truncate.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/file/file-truncate.yara -------------------------------------------------------------------------------- /rules/fs/file/file-write.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/file/file-write.yara -------------------------------------------------------------------------------- /rules/fs/inode-flags.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/inode-flags.yara -------------------------------------------------------------------------------- /rules/fs/link-create.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/link-create.yara -------------------------------------------------------------------------------- /rules/fs/link-read.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/link-read.yara -------------------------------------------------------------------------------- /rules/fs/lock-update.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/lock-update.yara -------------------------------------------------------------------------------- /rules/fs/loopback.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/loopback.yara -------------------------------------------------------------------------------- /rules/fs/mmap.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/mmap.yara -------------------------------------------------------------------------------- /rules/fs/mount.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/mount.yara -------------------------------------------------------------------------------- /rules/fs/mounts-read.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/mounts-read.yara -------------------------------------------------------------------------------- /rules/fs/node-create.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/node-create.yara -------------------------------------------------------------------------------- /rules/fs/overwrite.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/overwrite.yara -------------------------------------------------------------------------------- /rules/fs/path/app_data.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/path/app_data.yara -------------------------------------------------------------------------------- /rules/fs/path/applications.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/path/applications.yara -------------------------------------------------------------------------------- /rules/fs/path/bin-su.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/path/bin-su.yara -------------------------------------------------------------------------------- /rules/fs/path/boot.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/path/boot.yara -------------------------------------------------------------------------------- /rules/fs/path/dev-null.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/path/dev-null.yara -------------------------------------------------------------------------------- /rules/fs/path/dev.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/path/dev.yara -------------------------------------------------------------------------------- /rules/fs/path/etc-hosts.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/path/etc-hosts.yara -------------------------------------------------------------------------------- /rules/fs/path/etc-initd.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/path/etc-initd.yara -------------------------------------------------------------------------------- /rules/fs/path/etc.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/path/etc.yara -------------------------------------------------------------------------------- /rules/fs/path/file-url.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/path/file-url.yara -------------------------------------------------------------------------------- /rules/fs/path/home-config.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/path/home-config.yara -------------------------------------------------------------------------------- /rules/fs/path/home.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/path/home.yara -------------------------------------------------------------------------------- /rules/fs/path/home_library.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/path/home_library.yara -------------------------------------------------------------------------------- /rules/fs/path/lib-dynamic.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/path/lib-dynamic.yara -------------------------------------------------------------------------------- /rules/fs/path/lib64.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/path/lib64.yara -------------------------------------------------------------------------------- /rules/fs/path/relative.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/path/relative.yara -------------------------------------------------------------------------------- /rules/fs/path/root.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/path/root.yara -------------------------------------------------------------------------------- /rules/fs/path/tmp.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/path/tmp.yara -------------------------------------------------------------------------------- /rules/fs/path/users.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/path/users.yara -------------------------------------------------------------------------------- /rules/fs/path/usr-bin.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/path/usr-bin.yara -------------------------------------------------------------------------------- /rules/fs/path/usr-lib-python.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/path/usr-lib-python.yara -------------------------------------------------------------------------------- /rules/fs/path/usr-local.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/path/usr-local.yara -------------------------------------------------------------------------------- /rules/fs/path/usr-sbin.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/path/usr-sbin.yara -------------------------------------------------------------------------------- /rules/fs/path/var-containers.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/path/var-containers.yara -------------------------------------------------------------------------------- /rules/fs/path/var-log.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/path/var-log.yara -------------------------------------------------------------------------------- /rules/fs/path/var-profile.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/path/var-profile.yara -------------------------------------------------------------------------------- /rules/fs/path/var.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/path/var.yara -------------------------------------------------------------------------------- /rules/fs/path/windows_root.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/path/windows_root.yara -------------------------------------------------------------------------------- /rules/fs/proc/1-cgroup.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/proc/1-cgroup.yara -------------------------------------------------------------------------------- /rules/fs/proc/arbitrary-pid.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/proc/arbitrary-pid.yara -------------------------------------------------------------------------------- /rules/fs/proc/cpuinfo.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/proc/cpuinfo.yara -------------------------------------------------------------------------------- /rules/fs/proc/meminfo.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/proc/meminfo.yara -------------------------------------------------------------------------------- /rules/fs/proc/mounts.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/proc/mounts.yara -------------------------------------------------------------------------------- /rules/fs/proc/net-dev.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/proc/net-dev.yara -------------------------------------------------------------------------------- /rules/fs/proc/net_route.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/proc/net_route.yara -------------------------------------------------------------------------------- /rules/fs/proc/nvidia_gpu.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/proc/nvidia_gpu.yara -------------------------------------------------------------------------------- /rules/fs/proc/oom_score_adj.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/proc/oom_score_adj.yara -------------------------------------------------------------------------------- /rules/fs/proc/pid-cmdline.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/proc/pid-cmdline.yara -------------------------------------------------------------------------------- /rules/fs/proc/pid-environ.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/proc/pid-environ.yara -------------------------------------------------------------------------------- /rules/fs/proc/pid-exe.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/proc/pid-exe.yara -------------------------------------------------------------------------------- /rules/fs/proc/pid-fd.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/proc/pid-fd.yara -------------------------------------------------------------------------------- /rules/fs/proc/pid-inspector.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/proc/pid-inspector.yara -------------------------------------------------------------------------------- /rules/fs/proc/pid-maps.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/proc/pid-maps.yara -------------------------------------------------------------------------------- /rules/fs/proc/pid-stat.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/proc/pid-stat.yara -------------------------------------------------------------------------------- /rules/fs/proc/pid-statistics.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/proc/pid-statistics.yara -------------------------------------------------------------------------------- /rules/fs/proc/pid-status.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/proc/pid-status.yara -------------------------------------------------------------------------------- /rules/fs/proc/self-cgroup.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/proc/self-cgroup.yara -------------------------------------------------------------------------------- /rules/fs/proc/self-cmdline.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/proc/self-cmdline.yara -------------------------------------------------------------------------------- /rules/fs/proc/self-exe.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/proc/self-exe.yara -------------------------------------------------------------------------------- /rules/fs/proc/self-mountinfo.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/proc/self-mountinfo.yara -------------------------------------------------------------------------------- /rules/fs/proc/self-status.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/proc/self-status.yara -------------------------------------------------------------------------------- /rules/fs/proc/stat.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/proc/stat.yara -------------------------------------------------------------------------------- /rules/fs/quota-manipulate.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/quota-manipulate.yara -------------------------------------------------------------------------------- /rules/fs/swap/swap-off.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/swap/swap-off.yara -------------------------------------------------------------------------------- /rules/fs/swap/swap-on.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/swap/swap-on.yara -------------------------------------------------------------------------------- /rules/fs/symlink-create.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/symlink-create.yara -------------------------------------------------------------------------------- /rules/fs/symlink-resolve.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/symlink-resolve.yara -------------------------------------------------------------------------------- /rules/fs/tempdir/TEMP.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/tempdir/TEMP.yara -------------------------------------------------------------------------------- /rules/fs/tempdir/TMPDIR.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/tempdir/TMPDIR.yara -------------------------------------------------------------------------------- /rules/fs/tempdir/_MEIPASS.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/tempdir/_MEIPASS.yara -------------------------------------------------------------------------------- /rules/fs/tempdir/tempdir.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/tempdir/tempdir.yara -------------------------------------------------------------------------------- /rules/fs/tempfile.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/tempfile.yara -------------------------------------------------------------------------------- /rules/fs/unmount.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/unmount.yara -------------------------------------------------------------------------------- /rules/fs/watch.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/fs/watch.yara -------------------------------------------------------------------------------- /rules/hw/cpu.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/hw/cpu.yara -------------------------------------------------------------------------------- /rules/hw/dev/block-device.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/hw/dev/block-device.yara -------------------------------------------------------------------------------- /rules/hw/dev/diskmapper.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/hw/dev/diskmapper.yara -------------------------------------------------------------------------------- /rules/hw/dev/flash_memory.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/hw/dev/flash_memory.yara -------------------------------------------------------------------------------- /rules/hw/dev/kmem.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/hw/dev/kmem.yara -------------------------------------------------------------------------------- /rules/hw/dev/mapper.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/hw/dev/mapper.yara -------------------------------------------------------------------------------- /rules/hw/dev/mem.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/hw/dev/mem.yara -------------------------------------------------------------------------------- /rules/hw/dev/sd_mmc.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/hw/dev/sd_mmc.yara -------------------------------------------------------------------------------- /rules/hw/dev/ubi.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/hw/dev/ubi.yara -------------------------------------------------------------------------------- /rules/hw/disk-info.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/hw/disk-info.yara -------------------------------------------------------------------------------- /rules/hw/iokit-registry.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/hw/iokit-registry.yara -------------------------------------------------------------------------------- /rules/hw/keyboard.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/hw/keyboard.yara -------------------------------------------------------------------------------- /rules/hw/numa.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/hw/numa.yara -------------------------------------------------------------------------------- /rules/hw/urandom.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/hw/urandom.yara -------------------------------------------------------------------------------- /rules/hw/webcam.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/hw/webcam.yara -------------------------------------------------------------------------------- /rules/hw/wireless.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/hw/wireless.yara -------------------------------------------------------------------------------- /rules/impact/cryptojacking/whirlpool.yara: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /rules/impact/ddos/ddos.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/ddos/ddos.yara -------------------------------------------------------------------------------- /rules/impact/degrade/app.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/degrade/app.yara -------------------------------------------------------------------------------- /rules/impact/degrade/edr.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/degrade/edr.yara -------------------------------------------------------------------------------- /rules/impact/degrade/httpd.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/degrade/httpd.yara -------------------------------------------------------------------------------- /rules/impact/degrade/panic.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/degrade/panic.yara -------------------------------------------------------------------------------- /rules/impact/degrade/spctl.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/degrade/spctl.yara -------------------------------------------------------------------------------- /rules/impact/degrade/sshd.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/degrade/sshd.yara -------------------------------------------------------------------------------- /rules/impact/degrade/systemd.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/degrade/systemd.yara -------------------------------------------------------------------------------- /rules/impact/exploit/cdn_cgi.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/exploit/cdn_cgi.yara -------------------------------------------------------------------------------- /rules/impact/exploit/cve.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/exploit/cve.yara -------------------------------------------------------------------------------- /rules/impact/exploit/exploit.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/exploit/exploit.yara -------------------------------------------------------------------------------- /rules/impact/exploit/kaslr.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/exploit/kaslr.yara -------------------------------------------------------------------------------- /rules/impact/exploit/pwnkit.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/exploit/pwnkit.yara -------------------------------------------------------------------------------- /rules/impact/infection/worm.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/infection/worm.yara -------------------------------------------------------------------------------- /rules/impact/ransom/linux.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/ransom/linux.yara -------------------------------------------------------------------------------- /rules/impact/ransom/locked.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/ransom/locked.yara -------------------------------------------------------------------------------- /rules/impact/ransom/note.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/ransom/note.yara -------------------------------------------------------------------------------- /rules/impact/reboot.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/reboot.yara -------------------------------------------------------------------------------- /rules/impact/registry.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/registry.yara -------------------------------------------------------------------------------- /rules/impact/remote_access/go.yara: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /rules/impact/rootkit/rootkit.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/rootkit/rootkit.yara -------------------------------------------------------------------------------- /rules/impact/services/esxcli.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/services/esxcli.yara -------------------------------------------------------------------------------- /rules/impact/shutdown.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/shutdown.yara -------------------------------------------------------------------------------- /rules/impact/ui/alert.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/ui/alert.yara -------------------------------------------------------------------------------- /rules/impact/ui/control.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/ui/control.yara -------------------------------------------------------------------------------- /rules/impact/ui/dock-hide.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/ui/dock-hide.yara -------------------------------------------------------------------------------- /rules/impact/ui/screensaver.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/ui/screensaver.yara -------------------------------------------------------------------------------- /rules/impact/ui/x11-auth.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/ui/x11-auth.yara -------------------------------------------------------------------------------- /rules/impact/ui/xsession.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/ui/xsession.yara -------------------------------------------------------------------------------- /rules/impact/wipe/bash.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/wipe/bash.yara -------------------------------------------------------------------------------- /rules/impact/wipe/crypto.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/wipe/crypto.yara -------------------------------------------------------------------------------- /rules/impact/wipe/desktop.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/wipe/desktop.yara -------------------------------------------------------------------------------- /rules/impact/wipe/format.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/impact/wipe/format.yara -------------------------------------------------------------------------------- /rules/internal/malcontent.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/internal/malcontent.yara -------------------------------------------------------------------------------- /rules/lateral/exploit/iot.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/lateral/exploit/iot.yara -------------------------------------------------------------------------------- /rules/lateral/scan/passwords.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/lateral/scan/passwords.yara -------------------------------------------------------------------------------- /rules/lateral/scan/scan_tool.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/lateral/scan/scan_tool.yara -------------------------------------------------------------------------------- /rules/lateral/scan/target_ip.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/lateral/scan/target_ip.yara -------------------------------------------------------------------------------- /rules/lateral/ssh/ssh_attack.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/lateral/ssh/ssh_attack.yara -------------------------------------------------------------------------------- /rules/lateral/ssh/worm.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/lateral/ssh/worm.yara -------------------------------------------------------------------------------- /rules/lateral/vmware/vms.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/lateral/vmware/vms.yara -------------------------------------------------------------------------------- /rules/malware/family/amos.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/malware/family/amos.yara -------------------------------------------------------------------------------- /rules/malware/family/bdvl.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/malware/family/bdvl.yara -------------------------------------------------------------------------------- /rules/malware/family/beast.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/malware/family/beast.yara -------------------------------------------------------------------------------- /rules/malware/family/beurk.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/malware/family/beurk.yara -------------------------------------------------------------------------------- /rules/malware/family/clapzok.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/malware/family/clapzok.yara -------------------------------------------------------------------------------- /rules/malware/family/conti.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/malware/family/conti.yara -------------------------------------------------------------------------------- /rules/malware/family/emp3r0r.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/malware/family/emp3r0r.yara -------------------------------------------------------------------------------- /rules/malware/family/gafgyt.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/malware/family/gafgyt.yara -------------------------------------------------------------------------------- /rules/malware/family/kaiji.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/malware/family/kaiji.yara -------------------------------------------------------------------------------- /rules/malware/family/mallox.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/malware/family/mallox.yara -------------------------------------------------------------------------------- /rules/malware/family/medusa.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/malware/family/medusa.yara -------------------------------------------------------------------------------- /rules/malware/family/melofee.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/malware/family/melofee.yara -------------------------------------------------------------------------------- /rules/malware/family/mirai.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/malware/family/mirai.yara -------------------------------------------------------------------------------- /rules/malware/family/pawns.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/malware/family/pawns.yara -------------------------------------------------------------------------------- /rules/malware/family/skuld.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/malware/family/skuld.yara -------------------------------------------------------------------------------- /rules/malware/family/sshdoor.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/malware/family/sshdoor.yara -------------------------------------------------------------------------------- /rules/malware/family/vncjew.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/malware/family/vncjew.yara -------------------------------------------------------------------------------- /rules/malware/family/vshell.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/malware/family/vshell.yara -------------------------------------------------------------------------------- /rules/malware/family/yakuza.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/malware/family/yakuza.yara -------------------------------------------------------------------------------- /rules/malware/ref.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/malware/ref.yara -------------------------------------------------------------------------------- /rules/mem/advise.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/mem/advise.yara -------------------------------------------------------------------------------- /rules/mem/anonymous-file.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/mem/anonymous-file.yara -------------------------------------------------------------------------------- /rules/mem/lock.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/mem/lock.yara -------------------------------------------------------------------------------- /rules/mem/mprotect.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/mem/mprotect.yara -------------------------------------------------------------------------------- /rules/mem/protect.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/mem/protect.yara -------------------------------------------------------------------------------- /rules/mem/query.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/mem/query.yara -------------------------------------------------------------------------------- /rules/net/dns/dns-over-https.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/dns/dns-over-https.yara -------------------------------------------------------------------------------- /rules/net/dns/dns-reverse.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/dns/dns-reverse.yara -------------------------------------------------------------------------------- /rules/net/dns/dns-servers.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/dns/dns-servers.yara -------------------------------------------------------------------------------- /rules/net/dns/dns-txt.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/dns/dns-txt.yara -------------------------------------------------------------------------------- /rules/net/dns/dns.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/dns/dns.yara -------------------------------------------------------------------------------- /rules/net/download/download.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/download/download.yara -------------------------------------------------------------------------------- /rules/net/download/fetch.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/download/fetch.yara -------------------------------------------------------------------------------- /rules/net/email/exotic_addr.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/email/exotic_addr.yara -------------------------------------------------------------------------------- /rules/net/email/send.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/email/send.yara -------------------------------------------------------------------------------- /rules/net/ftp/ftp.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/ftp/ftp.yara -------------------------------------------------------------------------------- /rules/net/ftp/tftp.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/ftp/tftp.yara -------------------------------------------------------------------------------- /rules/net/http/accept.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/http/accept.yara -------------------------------------------------------------------------------- /rules/net/http/auth.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/http/auth.yara -------------------------------------------------------------------------------- /rules/net/http/cookies.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/http/cookies.yara -------------------------------------------------------------------------------- /rules/net/http/form-upload.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/http/form-upload.yara -------------------------------------------------------------------------------- /rules/net/http/http-request.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/http/http-request.yara -------------------------------------------------------------------------------- /rules/net/http/http-server.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/http/http-server.yara -------------------------------------------------------------------------------- /rules/net/http/http.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/http/http.yara -------------------------------------------------------------------------------- /rules/net/http/http2.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/http/http2.yara -------------------------------------------------------------------------------- /rules/net/http/oauth2-google.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/http/oauth2-google.yara -------------------------------------------------------------------------------- /rules/net/http/oauth2.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/http/oauth2.yara -------------------------------------------------------------------------------- /rules/net/http/post.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/http/post.yara -------------------------------------------------------------------------------- /rules/net/http/proxy.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/http/proxy.yara -------------------------------------------------------------------------------- /rules/net/http/webhook.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/http/webhook.yara -------------------------------------------------------------------------------- /rules/net/http/websocket.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/http/websocket.yara -------------------------------------------------------------------------------- /rules/net/ip/addr.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/ip/addr.yara -------------------------------------------------------------------------------- /rules/net/ip/asn.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/ip/asn.yara -------------------------------------------------------------------------------- /rules/net/ip/connect.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/ip/connect.yara -------------------------------------------------------------------------------- /rules/net/ip/dial.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/ip/dial.yara -------------------------------------------------------------------------------- /rules/net/ip/host_port.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/ip/host_port.yara -------------------------------------------------------------------------------- /rules/net/ip/icmp.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/ip/icmp.yara -------------------------------------------------------------------------------- /rules/net/ip/ip-byte-order.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/ip/ip-byte-order.yara -------------------------------------------------------------------------------- /rules/net/ip/ip-parse.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/ip/ip-parse.yara -------------------------------------------------------------------------------- /rules/net/ip/ip-resolve.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/ip/ip-resolve.yara -------------------------------------------------------------------------------- /rules/net/ip/ip-send-unicast.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/ip/ip-send-unicast.yara -------------------------------------------------------------------------------- /rules/net/ip/ip-spoof.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/ip/ip-spoof.yara -------------------------------------------------------------------------------- /rules/net/ip/ip-string.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/ip/ip-string.yara -------------------------------------------------------------------------------- /rules/net/ip/ip.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/ip/ip.yara -------------------------------------------------------------------------------- /rules/net/ip/ipp-request.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/ip/ipp-request.yara -------------------------------------------------------------------------------- /rules/net/ip/spoof.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/ip/spoof.yara -------------------------------------------------------------------------------- /rules/net/ip/sunrpc.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/ip/sunrpc.yara -------------------------------------------------------------------------------- /rules/net/ip/syncookie.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/ip/syncookie.yara -------------------------------------------------------------------------------- /rules/net/p2p/i2p.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/p2p/i2p.yara -------------------------------------------------------------------------------- /rules/net/p2p/tor.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/p2p/tor.yara -------------------------------------------------------------------------------- /rules/net/proxy/proxy_server.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/proxy/proxy_server.yara -------------------------------------------------------------------------------- /rules/net/proxy/shadowsocks.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/proxy/shadowsocks.yara -------------------------------------------------------------------------------- /rules/net/proxy/socks5.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/proxy/socks5.yara -------------------------------------------------------------------------------- /rules/net/proxy/tunnel.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/proxy/tunnel.yara -------------------------------------------------------------------------------- /rules/net/proxy/tunnel_proxy.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/proxy/tunnel_proxy.yara -------------------------------------------------------------------------------- /rules/net/remote_control/vnc.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/remote_control/vnc.yara -------------------------------------------------------------------------------- /rules/net/rpc/ntlm.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/rpc/ntlm.yara -------------------------------------------------------------------------------- /rules/net/socket/pair.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/socket/pair.yara -------------------------------------------------------------------------------- /rules/net/socket/raw.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/socket/raw.yara -------------------------------------------------------------------------------- /rules/net/socket/reuseport.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/socket/reuseport.yara -------------------------------------------------------------------------------- /rules/net/socket/socket-send.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/socket/socket-send.yara -------------------------------------------------------------------------------- /rules/net/socket/socket.yara: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /rules/net/ssl/no_verify.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/ssl/no_verify.yara -------------------------------------------------------------------------------- /rules/net/ssl/socket.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/ssl/socket.yara -------------------------------------------------------------------------------- /rules/net/tcp/ackflood.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/tcp/ackflood.yara -------------------------------------------------------------------------------- /rules/net/tcp/attack.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/tcp/attack.yara -------------------------------------------------------------------------------- /rules/net/tcp/connect.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/tcp/connect.yara -------------------------------------------------------------------------------- /rules/net/tcp/grpc.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/tcp/grpc.yara -------------------------------------------------------------------------------- /rules/net/tcp/irc.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/tcp/irc.yara -------------------------------------------------------------------------------- /rules/net/tcp/listen.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/tcp/listen.yara -------------------------------------------------------------------------------- /rules/net/tcp/raw.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/tcp/raw.yara -------------------------------------------------------------------------------- /rules/net/tcp/sftp.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/tcp/sftp.yara -------------------------------------------------------------------------------- /rules/net/tcp/ssh.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/tcp/ssh.yara -------------------------------------------------------------------------------- /rules/net/tcp/synflood.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/tcp/synflood.yara -------------------------------------------------------------------------------- /rules/net/telephony/sms.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/telephony/sms.yara -------------------------------------------------------------------------------- /rules/net/telephony/tcap.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/telephony/tcap.yara -------------------------------------------------------------------------------- /rules/net/tun_tap.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/tun_tap.yara -------------------------------------------------------------------------------- /rules/net/udp/attack.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/udp/attack.yara -------------------------------------------------------------------------------- /rules/net/udp/kcp.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/udp/kcp.yara -------------------------------------------------------------------------------- /rules/net/udp/udp-receive.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/udp/udp-receive.yara -------------------------------------------------------------------------------- /rules/net/udp/udp-send.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/udp/udp-send.yara -------------------------------------------------------------------------------- /rules/net/udp/upnp.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/udp/upnp.yara -------------------------------------------------------------------------------- /rules/net/url/embedded.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/url/embedded.yara -------------------------------------------------------------------------------- /rules/net/url/encode.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/url/encode.yara -------------------------------------------------------------------------------- /rules/net/url/parse.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/url/parse.yara -------------------------------------------------------------------------------- /rules/net/url/request.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/url/request.yara -------------------------------------------------------------------------------- /rules/net/webrtc.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/net/webrtc.yara -------------------------------------------------------------------------------- /rules/os/entitlements/iokit.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/entitlements/iokit.yara -------------------------------------------------------------------------------- /rules/os/env/get.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/env/get.yara -------------------------------------------------------------------------------- /rules/os/env/set.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/env/set.yara -------------------------------------------------------------------------------- /rules/os/env/unset.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/env/unset.yara -------------------------------------------------------------------------------- /rules/os/fd/access.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/fd/access.yara -------------------------------------------------------------------------------- /rules/os/fd/epoll.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/fd/epoll.yara -------------------------------------------------------------------------------- /rules/os/fd/manipulate.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/fd/manipulate.yara -------------------------------------------------------------------------------- /rules/os/fd/multiplex.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/fd/multiplex.yara -------------------------------------------------------------------------------- /rules/os/fd/print.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/fd/print.yara -------------------------------------------------------------------------------- /rules/os/fd/read.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/fd/read.yara -------------------------------------------------------------------------------- /rules/os/fd/sendfile.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/fd/sendfile.yara -------------------------------------------------------------------------------- /rules/os/fd/write.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/fd/write.yara -------------------------------------------------------------------------------- /rules/os/kernel/kcore.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/kernel/kcore.yara -------------------------------------------------------------------------------- /rules/os/kernel/netlink.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/kernel/netlink.yara -------------------------------------------------------------------------------- /rules/os/kernel/opencl.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/kernel/opencl.yara -------------------------------------------------------------------------------- /rules/os/kernel/perfmon.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/kernel/perfmon.yara -------------------------------------------------------------------------------- /rules/os/kernel/sandbox.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/kernel/sandbox.yara -------------------------------------------------------------------------------- /rules/os/kernel/seccomp.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/kernel/seccomp.yara -------------------------------------------------------------------------------- /rules/os/kernel/sysctl.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/kernel/sysctl.yara -------------------------------------------------------------------------------- /rules/os/macos_logging.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/macos_logging.yara -------------------------------------------------------------------------------- /rules/os/service/syslog.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/service/syslog.yara -------------------------------------------------------------------------------- /rules/os/signal/group-send.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/signal/group-send.yara -------------------------------------------------------------------------------- /rules/os/signal/handle-ALRM.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/signal/handle-ALRM.yara -------------------------------------------------------------------------------- /rules/os/signal/handle-HUP.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/signal/handle-HUP.yara -------------------------------------------------------------------------------- /rules/os/signal/handle-INFO.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/signal/handle-INFO.yara -------------------------------------------------------------------------------- /rules/os/signal/handle-INT.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/signal/handle-INT.yara -------------------------------------------------------------------------------- /rules/os/signal/handle-QUIT.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/signal/handle-QUIT.yara -------------------------------------------------------------------------------- /rules/os/signal/handle-WINCH.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/signal/handle-WINCH.yara -------------------------------------------------------------------------------- /rules/os/signal/handle.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/signal/handle.yara -------------------------------------------------------------------------------- /rules/os/signal/mask.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/signal/mask.yara -------------------------------------------------------------------------------- /rules/os/signal/send.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/signal/send.yara -------------------------------------------------------------------------------- /rules/os/sync/semaphore-user.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/sync/semaphore-user.yara -------------------------------------------------------------------------------- /rules/os/time/clock-convert.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/time/clock-convert.yara -------------------------------------------------------------------------------- /rules/os/time/clock-get.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/time/clock-get.yara -------------------------------------------------------------------------------- /rules/os/time/clock-set.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/time/clock-set.yara -------------------------------------------------------------------------------- /rules/os/time/clock-sleep.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/time/clock-sleep.yara -------------------------------------------------------------------------------- /rules/os/time/tzinfo.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/os/time/tzinfo.yara -------------------------------------------------------------------------------- /rules/persist/cron/tab.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/persist/cron/tab.yara -------------------------------------------------------------------------------- /rules/persist/daemon/daemon.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/persist/daemon/daemon.yara -------------------------------------------------------------------------------- /rules/persist/daemon/detach.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/persist/daemon/detach.yara -------------------------------------------------------------------------------- /rules/persist/linux_multi.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/persist/linux_multi.yara -------------------------------------------------------------------------------- /rules/persist/pid_file.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/persist/pid_file.yara -------------------------------------------------------------------------------- /rules/persist/plugin.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/persist/plugin.yara -------------------------------------------------------------------------------- /rules/persist/service/start.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/persist/service/start.yara -------------------------------------------------------------------------------- /rules/persist/shell/bash.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/persist/shell/bash.yara -------------------------------------------------------------------------------- /rules/persist/shell/zsh.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/persist/shell/zsh.yara -------------------------------------------------------------------------------- /rules/persist/sshd_config.yara: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /rules/persist/sysv/sysv.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/persist/sysv/sysv.yara -------------------------------------------------------------------------------- /rules/persist/windows_start.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/persist/windows_start.yara -------------------------------------------------------------------------------- /rules/persist/writeable_dir.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/persist/writeable_dir.yara -------------------------------------------------------------------------------- /rules/privesc/generic.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/privesc/generic.yara -------------------------------------------------------------------------------- /rules/privesc/linpeas.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/privesc/linpeas.yara -------------------------------------------------------------------------------- /rules/privesc/osascript.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/privesc/osascript.yara -------------------------------------------------------------------------------- /rules/privesc/rootshell.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/privesc/rootshell.yara -------------------------------------------------------------------------------- /rules/privesc/runas.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/privesc/runas.yara -------------------------------------------------------------------------------- /rules/privesc/setuid.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/privesc/setuid.yara -------------------------------------------------------------------------------- /rules/privesc/su.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/privesc/su.yara -------------------------------------------------------------------------------- /rules/privesc/sudo.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/privesc/sudo.yara -------------------------------------------------------------------------------- /rules/privesc/sudoers.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/privesc/sudoers.yara -------------------------------------------------------------------------------- /rules/privesc/uac_bypass.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/privesc/uac_bypass.yara -------------------------------------------------------------------------------- /rules/process/alarm.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/process/alarm.yara -------------------------------------------------------------------------------- /rules/process/backtrace.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/process/backtrace.yara -------------------------------------------------------------------------------- /rules/process/chdir.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/process/chdir.yara -------------------------------------------------------------------------------- /rules/process/chroot.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/process/chroot.yara -------------------------------------------------------------------------------- /rules/process/create.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/process/create.yara -------------------------------------------------------------------------------- /rules/process/exists.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/process/exists.yara -------------------------------------------------------------------------------- /rules/process/group/create.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/process/group/create.yara -------------------------------------------------------------------------------- /rules/process/group/set.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/process/group/set.yara -------------------------------------------------------------------------------- /rules/process/groupid-set.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/process/groupid-set.yara -------------------------------------------------------------------------------- /rules/process/groups-set.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/process/groups-set.yara -------------------------------------------------------------------------------- /rules/process/limit-set.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/process/limit-set.yara -------------------------------------------------------------------------------- /rules/process/multiprocess.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/process/multiprocess.yara -------------------------------------------------------------------------------- /rules/process/multithreaded.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/process/multithreaded.yara -------------------------------------------------------------------------------- /rules/process/name-set.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/process/name-set.yara -------------------------------------------------------------------------------- /rules/process/namespace-set.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/process/namespace-set.yara -------------------------------------------------------------------------------- /rules/process/print-error.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/process/print-error.yara -------------------------------------------------------------------------------- /rules/process/pthreads.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/process/pthreads.yara -------------------------------------------------------------------------------- /rules/process/setpriority.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/process/setpriority.yara -------------------------------------------------------------------------------- /rules/process/unshare.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/process/unshare.yara -------------------------------------------------------------------------------- /rules/process/username-set.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/process/username-set.yara -------------------------------------------------------------------------------- /rules/rules.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/rules.go -------------------------------------------------------------------------------- /rules/sec-tool/net/chisel.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/sec-tool/net/chisel.yara -------------------------------------------------------------------------------- /rules/sec-tool/net/dirbuster.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/sec-tool/net/dirbuster.yara -------------------------------------------------------------------------------- /rules/sec-tool/net/masscan.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/sec-tool/net/masscan.yara -------------------------------------------------------------------------------- /rules/sec-tool/net/nmap.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/sec-tool/net/nmap.yara -------------------------------------------------------------------------------- /rules/sec-tool/net/trojan.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/sec-tool/net/trojan.yara -------------------------------------------------------------------------------- /rules/sec-tool/net/venom.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/sec-tool/net/venom.yara -------------------------------------------------------------------------------- /rules/sec-tool/pua/backtrack.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/sec-tool/pua/backtrack.yara -------------------------------------------------------------------------------- /rules/sec-tool/recon/pspy.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/sec-tool/recon/pspy.yara -------------------------------------------------------------------------------- /rules/sus/compiler.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/sus/compiler.yara -------------------------------------------------------------------------------- /rules/sus/entitlement.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/sus/entitlement.yara -------------------------------------------------------------------------------- /rules/sus/exclamation.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/sus/exclamation.yara -------------------------------------------------------------------------------- /rules/sus/geopolitics.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/sus/geopolitics.yara -------------------------------------------------------------------------------- /rules/sus/intercept.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/sus/intercept.yara -------------------------------------------------------------------------------- /rules/sus/lang.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/sus/lang.yara -------------------------------------------------------------------------------- /rules/sus/leetspeak.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/sus/leetspeak.yara -------------------------------------------------------------------------------- /rules/sus/malicious.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/rules/sus/malicious.yara -------------------------------------------------------------------------------- /tests/does-nothing/does-nothing.go.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/find-missing-testdata.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/find-missing-testdata.sh -------------------------------------------------------------------------------- /tests/javascript/2024.STRRAT/f252f6e0d8f9f687751843dbc0be03d4f2ceb468e8453a4940d: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/javascript/clean/3937.844b09f50594ca2613b4.js.map.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/javascript/clean/index.js.map.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/2019.ChinaZ/yk.simple: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/2019.ChinaZ/yk.simple -------------------------------------------------------------------------------- /tests/linux/2024.Mirai/ppc.simple: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/2024.Mirai/ppc.simple -------------------------------------------------------------------------------- /tests/linux/2024.gas/gas.simple: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/2024.gas/gas.simple -------------------------------------------------------------------------------- /tests/linux/2024.k4spreader/2.decoded.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/2024.k4spreader/2.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/UPX/06ed158.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/UPX/06ed158.md -------------------------------------------------------------------------------- /tests/linux/clean/Mcrt1.o.simple: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/Mcrt1.o.simple -------------------------------------------------------------------------------- /tests/linux/clean/acme.sh.simple: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/acme.sh.simple -------------------------------------------------------------------------------- /tests/linux/clean/appsec-rules.json.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/clean/aws-c-io/aws-c-io-0.14.10-r0.spdx.json.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/clean/aws-c-io/aws-c-io-0.14.11-r0.spdx.json.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/clean/aws-c-io/aws-c-io.sdiff: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/clean/bat.simple: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/bat.simple -------------------------------------------------------------------------------- /tests/linux/clean/bazel.simple: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/bazel.simple -------------------------------------------------------------------------------- /tests/linux/clean/botan.simple: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/botan.simple -------------------------------------------------------------------------------- /tests/linux/clean/bpftool.simple: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/bpftool.simple -------------------------------------------------------------------------------- /tests/linux/clean/buildah.simple: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/buildah.simple -------------------------------------------------------------------------------- /tests/linux/clean/busybox.simple: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/busybox.simple -------------------------------------------------------------------------------- /tests/linux/clean/caddy.simple: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/caddy.simple -------------------------------------------------------------------------------- /tests/linux/clean/chezmoi.simple: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/chezmoi.simple -------------------------------------------------------------------------------- /tests/linux/clean/chrome.simple: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/chrome.simple -------------------------------------------------------------------------------- /tests/linux/clean/code-oss.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/code-oss.md -------------------------------------------------------------------------------- /tests/linux/clean/cpack.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/cpack.md -------------------------------------------------------------------------------- /tests/linux/clean/default_config.json.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/clean/eza.simple: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/eza.simple -------------------------------------------------------------------------------- /tests/linux/clean/kibana/2d62889e-e758-4c5e-b57e-c735914ee32a_101.json.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/clean/kibana/2e29e96a-b67c-455a-afe4-de6183431d0d_111.json.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/clean/kibana/3728c08d-9b70-456b-b6b8-007c7d246128_5.json.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/clean/kibana/83bf249e-4348-47ba-9741-1202a09556ad_101.json.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/clean/kibana/8da41fc9-7735-4b24-9cc6-c78dfc9fc9c9_108.json.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/clean/kibana/951779c2-82ad-4a6c-82b8-296c1f691449_2.json.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/clean/kibana/ac96ceb8-4399-4191-af1d-4feeac1f1f46_108.json.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/clean/kibana/cde1bafa-9f01-4f43-a872-605b678968b0_111.json.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/clean/kibana/credential_access_dumping_keychain_security.json.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/clean/kibana/defense_evasion_defender_exclusion_via_powershell.json.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/clean/kuma-cp.simple: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/kuma-cp.simple -------------------------------------------------------------------------------- /tests/linux/clean/libBrokenLocale-2.27.so.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/clean/ls.x86_64.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/ls.x86_64.md -------------------------------------------------------------------------------- /tests/linux/clean/lslogins.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/lslogins.md -------------------------------------------------------------------------------- /tests/linux/clean/melange.simple: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/melange.simple -------------------------------------------------------------------------------- /tests/linux/clean/minio_x86_64.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/clean/misp_sample.ndjson.log.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/clean/mongosh.simple: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/mongosh.simple -------------------------------------------------------------------------------- /tests/linux/clean/neuvector_agent_aarch64.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/clean/nvim.simple: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/nvim.simple -------------------------------------------------------------------------------- /tests/linux/clean/opa.simple: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/opa.simple -------------------------------------------------------------------------------- /tests/linux/clean/pandoc.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/pandoc.md -------------------------------------------------------------------------------- /tests/linux/clean/ping.x86_64.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/ping.x86_64.md -------------------------------------------------------------------------------- /tests/linux/clean/pulumi.simple: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/pulumi.simple -------------------------------------------------------------------------------- /tests/linux/clean/pypi_package_index.json.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/clean/rules.json.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/clean/searchindex.json.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/clean/slack.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/slack.md -------------------------------------------------------------------------------- /tests/linux/clean/sonarlint-metadata.json.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/clean/sshd.simple: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/sshd.simple -------------------------------------------------------------------------------- /tests/linux/clean/sudo.simple: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/sudo.simple -------------------------------------------------------------------------------- /tests/linux/clean/tree-sitter.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/tree-sitter.md -------------------------------------------------------------------------------- /tests/linux/clean/trivy.simple: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/trivy.simple -------------------------------------------------------------------------------- /tests/linux/clean/trufflehog.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/trufflehog.md -------------------------------------------------------------------------------- /tests/linux/clean/uuid.so.simple: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/uuid.so.simple -------------------------------------------------------------------------------- /tests/linux/clean/viewgam.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/viewgam.md -------------------------------------------------------------------------------- /tests/linux/clean/vitess/vtadmin.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/clean/vitess/vtclient.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/clean/wikiticker-2015-09-12-sampled.json.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/linux/clean/wolfictl.simple: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/wolfictl.simple -------------------------------------------------------------------------------- /tests/linux/clean/x11vnc.simple: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/x11vnc.simple -------------------------------------------------------------------------------- /tests/linux/clean/zipdetails.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/linux/clean/zipdetails.md -------------------------------------------------------------------------------- /tests/macOS/2023.3CX/libffmpeg.change_no_change.mdiff: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/macOS/2023.3CX/libffmpeg.decrease.mdiff: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/macOS/2023.3CX/libffmpeg.no_change.mdiff: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/macOS/clean/ls.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/macOS/clean/ls.json -------------------------------------------------------------------------------- /tests/macOS/clean/ls.mdiff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/macOS/clean/ls.mdiff -------------------------------------------------------------------------------- /tests/macOS/clean/ls.sdiff.level_2: -------------------------------------------------------------------------------- 1 | *** changed (0 added, 1 removed): macOS/clean/ls 2 | -process/name_set 3 | -------------------------------------------------------------------------------- /tests/macOS/clean/ls.sdiff.trigger_3: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/macOS/clean/ls.stats.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/macOS/clean/ls.stats.json -------------------------------------------------------------------------------- /tests/npm/2024.depe-tool/preinstall.json.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/ruby/2020.bitcoin-ruby/the_Score.vbs.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/ruby/clean/homebrew/homebrew_test.pdf.simple: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/samples_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/tests/samples_test.go -------------------------------------------------------------------------------- /third_party/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/third_party/README.md -------------------------------------------------------------------------------- /third_party/third_party.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/third_party/third_party.go -------------------------------------------------------------------------------- /third_party/yara/InQuest-VT/RELEASE: -------------------------------------------------------------------------------- 1 | 589bbefc22847193cac455858fa15e627d671918 2 | -------------------------------------------------------------------------------- /third_party/yara/JPCERT/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/third_party/yara/JPCERT/LICENSE -------------------------------------------------------------------------------- /third_party/yara/JPCERT/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/third_party/yara/JPCERT/README.md -------------------------------------------------------------------------------- /third_party/yara/JPCERT/RELEASE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/third_party/yara/JPCERT/RELEASE -------------------------------------------------------------------------------- /third_party/yara/JPCERT/ares.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/third_party/yara/JPCERT/ares.yara -------------------------------------------------------------------------------- /third_party/yara/JPCERT/brc4.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/third_party/yara/JPCERT/brc4.yara -------------------------------------------------------------------------------- /third_party/yara/JPCERT/qbot.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/third_party/yara/JPCERT/qbot.yara -------------------------------------------------------------------------------- /third_party/yara/JPCERT/tick.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/third_party/yara/JPCERT/tick.yara -------------------------------------------------------------------------------- /third_party/yara/JPCERT/tool.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/third_party/yara/JPCERT/tool.yara -------------------------------------------------------------------------------- /third_party/yara/TTC-CERT/RELEASE: -------------------------------------------------------------------------------- 1 | 70d6ea39ba8a297df7abf3abcea2e227099fa88f 2 | -------------------------------------------------------------------------------- /third_party/yara/YARAForge/RELEASE: -------------------------------------------------------------------------------- 1 | 20251123 2 | -------------------------------------------------------------------------------- /third_party/yara/bartblaze/RELEASE: -------------------------------------------------------------------------------- 1 | 9f699cd0b0949da4f4991547514dbeaf1c432114 2 | -------------------------------------------------------------------------------- /third_party/yara/elastic/RELEASE: -------------------------------------------------------------------------------- 1 | 17025f8d9c954332e85bdd4b1873a9b91dcaf180 2 | -------------------------------------------------------------------------------- /third_party/yara/huntress/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/third_party/yara/huntress/LICENSE -------------------------------------------------------------------------------- /third_party/yara/huntress/RELEASE: -------------------------------------------------------------------------------- 1 | 2b451c40c155c523aaf0e8911c820eae204704a9 2 | -------------------------------------------------------------------------------- /third_party/yara/update.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/chainguard-dev/malcontent/HEAD/third_party/yara/update.sh --------------------------------------------------------------------------------