├── 06082025-edrkiller-iocs.csv ├── 2023-08-25 Citrix CVE-2023-3519 attacks.csv ├── 2023-10-ColdFusion-ransomware-IOCs.csv ├── 2023-12 Akira followup.csv ├── 2024-02_Payloads_associated_with_ScreenConnect_attacks.csv ├── 2025 Lumma Stealer.csv ├── 20250205_SVGspam.csv ├── 2309 Tiny Turla backdoor.csv ├── 2310 CVE-2023-40044 wsftp ransomware.csv ├── 2311 Vice Society - Rhysida IoCs.csv ├── 2404 impersonation campaign.csv ├── 2505 DragonForce targets SimpleHelp RMM.csv ├── 2507 Gold Blade DLL sideloading RedLoader.csv ├── 3CX IoCs 2023-03.csv ├── 3proxy-backdoor-IOCs.csv ├── ATK-Brutel.csv ├── Andr-FakeApp.csv ├── Android-HiddAd-T ├── Android-fauxanticovid.csv ├── Android-pakchat.csv ├── Android_C23-spyware.csv ├── Atomic-infostealer-IOCs.csv ├── CVE-2018-0798 RTFs ├── CVE-2022-26134_attacks.csv ├── CVE-2022-3236_IOCs.csv ├── CloudChat-IOCs.csv ├── Cryptorom_fakeapps_2.csv ├── DLLsideloading-PlugX-USBworm-2023-03.csv ├── FlowerStormPaaS.csv ├── Follina_CVE-2022-30190_hashes.csv ├── FoolsGoldMetaTraderShaZhuPan.csv ├── IOC-sheet_gootloader2025.csv ├── IOC_imagespam.csv ├── IOC_quishing2024.csv ├── Iranian-banking-malware.csv ├── Karma_Conti_joint_IOCs.csv ├── MAILBOMB-TEAMS-RANSOMWARE.csv ├── Mal-BadNode.csv ├── Mal-EncPk-APV_IOCs.csv ├── Malspam-OtoGonderici ├── Malware-SystemBC.csv ├── Miner-Mrbminer.csv ├── Miner-Tor2Mine.csv ├── MoDi-RAT-reflective-injection.csv ├── Nitrogen 2023-07.csv ├── OWASSRF IOCs 2023-03.csv ├── PJobRAT_IOCs.csv ├── PUA-QuickCPU_xmr-stak.csv ├── Pacific_Rim_Asnarok_iocs.csv ├── Pacific_Rim_CVE-2020-15069_IOCs.csv ├── Pacific_Rim_Covert_Channels_IOCs.csv ├── Pacific_Rim_Cyberoam_acct_IOCs.csv ├── Pacific_Rim_Defending_Forward_IOCs.csv ├── Pacific_Rim_Personal_Panda_IOCs.csv ├── Pacific_Rim_Under_The_Radar_IOCs.csv ├── Qakbot-onenote-attacks.csv ├── README.md ├── Ransom-Lockbit_20220412.csv ├── Ransomware-AstroLocker.csv ├── Ransomware-BlackByte.csv ├── Ransomware-Conti.csv ├── Ransomware-Dharma-RaaS.csv ├── Ransomware-Dharma-console-history-toolbelt-script.txt ├── Ransomware-Egregor.csv ├── Ransomware-EpsilonRed.csv ├── Ransomware-LockBit ├── Ransomware-LockBit.csv ├── Ransomware-Lockbit3-IOCs.csv ├── Ransomware-Matrix ├── Ransomware-Maze.csv ├── Ransomware-MegaCortex ├── Ransomware-Midas.csv ├── Ransomware-MountLocker.csv ├── Ransomware-Netfilim.csv ├── Ransomware-Netwalker ├── Ransomware-Play.csv ├── Ransomware-ProLock.csv ├── Ransomware-Qilin-STAC4365.csv ├── Ransomware-REvil-Kaseya.csv ├── Ransomware-Ryuk.csv ├── Ransomware-Snatch ├── Ransomware_BlackCat - triple ransomware attack.csv ├── Ransomware_BlackKingDom.csv ├── Ransomware_DearCry.csv ├── Ransomware_Hive - triple ransomware attack.csv ├── Ransomware_Lockbit - triple ransomware attack.csv ├── Ransomware_Prolock_services_stopped.csv ├── Ransomware_prolock_processes_stopped.csv ├── STAC1807_June_update.csv ├── STAC6451_IOCs.csv ├── ShaZhuPanfakeapps.csv ├── Stealer-Baldr ├── Sunburst_blocklists.csv ├── Troj-Agent-BKJE.csv ├── Troj-AgentTesla.csv ├── Troj-BazarBackdoor.csv ├── Troj-BazarLd.csv ├── Troj-BuerLd-A.csv ├── Troj-DocDL-AEOL.csv ├── Troj-DropperAsAService.csv ├── Troj-Emotet-Ukraine_maldocs.csv ├── Troj-KilllSomeOne.csv ├── Troj-Kingmine ├── Troj-Miner-AED.csv ├── Troj-PS-FX.csv ├── Troj-Polazert_IOCs.csv ├── Troj-Qakbot.csv ├── Troj-Ransom-GXS.csv ├── Troj-gootloader.csv ├── Troj-gootloader.yara ├── Troj_Agent-BJJB.csv ├── Troj_GuLoader.csv ├── Trojan-Glupteba ├── Trojan-LDMiner.csv ├── Worm-Raspberry-Robin.csv ├── Worm-WannaCry ├── Zemana-driver-IoCs.csv ├── atk-backstab-d.csv ├── bitcoin-addys ├── crimson_palace_2.csv ├── crimson_palace_post-08-2023.csv ├── crimson_palace_prior_intrusions.csv ├── crimson_palace_stac1248-alpha.csv ├── crimson_palace_stac1305_charlie.csv ├── crimson_palace_stac1870_bravo.csv ├── defi-mining-scams-iocs.csv ├── double-dragon-breath-iocs.csv ├── email account compromise 365 2023-06.csv ├── files_hosted_on_discord.csv ├── fleeceware-chatbot-apps.csv ├── gootloader_cats_iocs.csv ├── mal-fakealert.csv ├── maldrivers_release_2.csv ├── malware-MyKings ├── malware-MyKings-domains ├── malware-MyKings-v2.csv ├── malware-Raticate ├── malware-raticate-cloudeye.csv ├── ms-msdt restore registry key.reg ├── papercut-nday-indicators-of-compromise.csv ├── raccoonstealer.csv ├── ransomware_atomsilo.csv ├── ransomware_memento.csv ├── repository-backdoor-IOCs.csv ├── smishing campaign targeting Indian customers 2023-04.csv └── usb worm with global reach.csv /06082025-edrkiller-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/06082025-edrkiller-iocs.csv -------------------------------------------------------------------------------- /2023-08-25 Citrix CVE-2023-3519 attacks.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/2023-08-25 Citrix CVE-2023-3519 attacks.csv -------------------------------------------------------------------------------- /2023-10-ColdFusion-ransomware-IOCs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/2023-10-ColdFusion-ransomware-IOCs.csv -------------------------------------------------------------------------------- /2023-12 Akira followup.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/2023-12 Akira followup.csv -------------------------------------------------------------------------------- /2024-02_Payloads_associated_with_ScreenConnect_attacks.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/2024-02_Payloads_associated_with_ScreenConnect_attacks.csv -------------------------------------------------------------------------------- /2025 Lumma Stealer.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/2025 Lumma Stealer.csv -------------------------------------------------------------------------------- /20250205_SVGspam.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/20250205_SVGspam.csv -------------------------------------------------------------------------------- /2309 Tiny Turla backdoor.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/2309 Tiny Turla backdoor.csv -------------------------------------------------------------------------------- /2310 CVE-2023-40044 wsftp ransomware.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/2310 CVE-2023-40044 wsftp ransomware.csv -------------------------------------------------------------------------------- /2311 Vice Society - Rhysida IoCs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/2311 Vice Society - Rhysida IoCs.csv -------------------------------------------------------------------------------- /2404 impersonation campaign.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/2404 impersonation campaign.csv -------------------------------------------------------------------------------- /2505 DragonForce targets SimpleHelp RMM.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/2505 DragonForce targets SimpleHelp RMM.csv -------------------------------------------------------------------------------- /2507 Gold Blade DLL sideloading RedLoader.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/2507 Gold Blade DLL sideloading RedLoader.csv -------------------------------------------------------------------------------- /3CX IoCs 2023-03.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/3CX IoCs 2023-03.csv -------------------------------------------------------------------------------- /3proxy-backdoor-IOCs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/3proxy-backdoor-IOCs.csv -------------------------------------------------------------------------------- /ATK-Brutel.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/ATK-Brutel.csv -------------------------------------------------------------------------------- /Andr-FakeApp.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Andr-FakeApp.csv -------------------------------------------------------------------------------- /Android-HiddAd-T: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Android-HiddAd-T -------------------------------------------------------------------------------- /Android-fauxanticovid.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Android-fauxanticovid.csv -------------------------------------------------------------------------------- /Android-pakchat.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Android-pakchat.csv -------------------------------------------------------------------------------- /Android_C23-spyware.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Android_C23-spyware.csv -------------------------------------------------------------------------------- /Atomic-infostealer-IOCs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Atomic-infostealer-IOCs.csv -------------------------------------------------------------------------------- /CVE-2018-0798 RTFs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/CVE-2018-0798 RTFs -------------------------------------------------------------------------------- /CVE-2022-26134_attacks.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/CVE-2022-26134_attacks.csv -------------------------------------------------------------------------------- /CVE-2022-3236_IOCs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/CVE-2022-3236_IOCs.csv -------------------------------------------------------------------------------- /CloudChat-IOCs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/CloudChat-IOCs.csv -------------------------------------------------------------------------------- /Cryptorom_fakeapps_2.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Cryptorom_fakeapps_2.csv -------------------------------------------------------------------------------- /DLLsideloading-PlugX-USBworm-2023-03.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/DLLsideloading-PlugX-USBworm-2023-03.csv -------------------------------------------------------------------------------- /FlowerStormPaaS.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/FlowerStormPaaS.csv -------------------------------------------------------------------------------- /Follina_CVE-2022-30190_hashes.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Follina_CVE-2022-30190_hashes.csv -------------------------------------------------------------------------------- /FoolsGoldMetaTraderShaZhuPan.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/FoolsGoldMetaTraderShaZhuPan.csv -------------------------------------------------------------------------------- /IOC-sheet_gootloader2025.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/IOC-sheet_gootloader2025.csv -------------------------------------------------------------------------------- /IOC_imagespam.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/IOC_imagespam.csv -------------------------------------------------------------------------------- /IOC_quishing2024.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/IOC_quishing2024.csv -------------------------------------------------------------------------------- /Iranian-banking-malware.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Iranian-banking-malware.csv -------------------------------------------------------------------------------- /Karma_Conti_joint_IOCs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Karma_Conti_joint_IOCs.csv -------------------------------------------------------------------------------- /MAILBOMB-TEAMS-RANSOMWARE.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/MAILBOMB-TEAMS-RANSOMWARE.csv -------------------------------------------------------------------------------- /Mal-BadNode.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Mal-BadNode.csv -------------------------------------------------------------------------------- /Mal-EncPk-APV_IOCs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Mal-EncPk-APV_IOCs.csv -------------------------------------------------------------------------------- /Malspam-OtoGonderici: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Malspam-OtoGonderici -------------------------------------------------------------------------------- /Malware-SystemBC.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Malware-SystemBC.csv -------------------------------------------------------------------------------- /Miner-Mrbminer.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Miner-Mrbminer.csv -------------------------------------------------------------------------------- /Miner-Tor2Mine.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Miner-Tor2Mine.csv -------------------------------------------------------------------------------- /MoDi-RAT-reflective-injection.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/MoDi-RAT-reflective-injection.csv -------------------------------------------------------------------------------- /Nitrogen 2023-07.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Nitrogen 2023-07.csv -------------------------------------------------------------------------------- /OWASSRF IOCs 2023-03.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/OWASSRF IOCs 2023-03.csv -------------------------------------------------------------------------------- /PJobRAT_IOCs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/PJobRAT_IOCs.csv -------------------------------------------------------------------------------- /PUA-QuickCPU_xmr-stak.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/PUA-QuickCPU_xmr-stak.csv -------------------------------------------------------------------------------- /Pacific_Rim_Asnarok_iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Pacific_Rim_Asnarok_iocs.csv -------------------------------------------------------------------------------- /Pacific_Rim_CVE-2020-15069_IOCs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Pacific_Rim_CVE-2020-15069_IOCs.csv -------------------------------------------------------------------------------- /Pacific_Rim_Covert_Channels_IOCs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Pacific_Rim_Covert_Channels_IOCs.csv -------------------------------------------------------------------------------- /Pacific_Rim_Cyberoam_acct_IOCs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Pacific_Rim_Cyberoam_acct_IOCs.csv -------------------------------------------------------------------------------- /Pacific_Rim_Defending_Forward_IOCs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Pacific_Rim_Defending_Forward_IOCs.csv -------------------------------------------------------------------------------- /Pacific_Rim_Personal_Panda_IOCs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Pacific_Rim_Personal_Panda_IOCs.csv -------------------------------------------------------------------------------- /Pacific_Rim_Under_The_Radar_IOCs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Pacific_Rim_Under_The_Radar_IOCs.csv -------------------------------------------------------------------------------- /Qakbot-onenote-attacks.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Qakbot-onenote-attacks.csv -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/README.md -------------------------------------------------------------------------------- /Ransom-Lockbit_20220412.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransom-Lockbit_20220412.csv -------------------------------------------------------------------------------- /Ransomware-AstroLocker.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware-AstroLocker.csv -------------------------------------------------------------------------------- /Ransomware-BlackByte.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware-BlackByte.csv -------------------------------------------------------------------------------- /Ransomware-Conti.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware-Conti.csv -------------------------------------------------------------------------------- /Ransomware-Dharma-RaaS.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware-Dharma-RaaS.csv -------------------------------------------------------------------------------- /Ransomware-Dharma-console-history-toolbelt-script.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware-Dharma-console-history-toolbelt-script.txt -------------------------------------------------------------------------------- /Ransomware-Egregor.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware-Egregor.csv -------------------------------------------------------------------------------- /Ransomware-EpsilonRed.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware-EpsilonRed.csv -------------------------------------------------------------------------------- /Ransomware-LockBit: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware-LockBit -------------------------------------------------------------------------------- /Ransomware-LockBit.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware-LockBit.csv -------------------------------------------------------------------------------- /Ransomware-Lockbit3-IOCs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware-Lockbit3-IOCs.csv -------------------------------------------------------------------------------- /Ransomware-Matrix: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware-Matrix -------------------------------------------------------------------------------- /Ransomware-Maze.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware-Maze.csv -------------------------------------------------------------------------------- /Ransomware-MegaCortex: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware-MegaCortex -------------------------------------------------------------------------------- /Ransomware-Midas.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware-Midas.csv -------------------------------------------------------------------------------- /Ransomware-MountLocker.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware-MountLocker.csv -------------------------------------------------------------------------------- /Ransomware-Netfilim.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware-Netfilim.csv -------------------------------------------------------------------------------- /Ransomware-Netwalker: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware-Netwalker -------------------------------------------------------------------------------- /Ransomware-Play.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware-Play.csv -------------------------------------------------------------------------------- /Ransomware-ProLock.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware-ProLock.csv -------------------------------------------------------------------------------- /Ransomware-Qilin-STAC4365.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware-Qilin-STAC4365.csv -------------------------------------------------------------------------------- /Ransomware-REvil-Kaseya.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware-REvil-Kaseya.csv -------------------------------------------------------------------------------- /Ransomware-Ryuk.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware-Ryuk.csv -------------------------------------------------------------------------------- /Ransomware-Snatch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware-Snatch -------------------------------------------------------------------------------- /Ransomware_BlackCat - triple ransomware attack.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware_BlackCat - triple ransomware attack.csv -------------------------------------------------------------------------------- /Ransomware_BlackKingDom.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware_BlackKingDom.csv -------------------------------------------------------------------------------- /Ransomware_DearCry.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware_DearCry.csv -------------------------------------------------------------------------------- /Ransomware_Hive - triple ransomware attack.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware_Hive - triple ransomware attack.csv -------------------------------------------------------------------------------- /Ransomware_Lockbit - triple ransomware attack.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware_Lockbit - triple ransomware attack.csv -------------------------------------------------------------------------------- /Ransomware_Prolock_services_stopped.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware_Prolock_services_stopped.csv -------------------------------------------------------------------------------- /Ransomware_prolock_processes_stopped.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Ransomware_prolock_processes_stopped.csv -------------------------------------------------------------------------------- /STAC1807_June_update.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/STAC1807_June_update.csv -------------------------------------------------------------------------------- /STAC6451_IOCs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/STAC6451_IOCs.csv -------------------------------------------------------------------------------- /ShaZhuPanfakeapps.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/ShaZhuPanfakeapps.csv -------------------------------------------------------------------------------- /Stealer-Baldr: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Stealer-Baldr -------------------------------------------------------------------------------- /Sunburst_blocklists.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Sunburst_blocklists.csv -------------------------------------------------------------------------------- /Troj-Agent-BKJE.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Troj-Agent-BKJE.csv -------------------------------------------------------------------------------- /Troj-AgentTesla.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Troj-AgentTesla.csv -------------------------------------------------------------------------------- /Troj-BazarBackdoor.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Troj-BazarBackdoor.csv -------------------------------------------------------------------------------- /Troj-BazarLd.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Troj-BazarLd.csv -------------------------------------------------------------------------------- /Troj-BuerLd-A.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Troj-BuerLd-A.csv -------------------------------------------------------------------------------- /Troj-DocDL-AEOL.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Troj-DocDL-AEOL.csv -------------------------------------------------------------------------------- /Troj-DropperAsAService.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Troj-DropperAsAService.csv -------------------------------------------------------------------------------- /Troj-Emotet-Ukraine_maldocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Troj-Emotet-Ukraine_maldocs.csv -------------------------------------------------------------------------------- /Troj-KilllSomeOne.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Troj-KilllSomeOne.csv -------------------------------------------------------------------------------- /Troj-Kingmine: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Troj-Kingmine -------------------------------------------------------------------------------- /Troj-Miner-AED.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Troj-Miner-AED.csv -------------------------------------------------------------------------------- /Troj-PS-FX.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Troj-PS-FX.csv -------------------------------------------------------------------------------- /Troj-Polazert_IOCs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Troj-Polazert_IOCs.csv -------------------------------------------------------------------------------- /Troj-Qakbot.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Troj-Qakbot.csv -------------------------------------------------------------------------------- /Troj-Ransom-GXS.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Troj-Ransom-GXS.csv -------------------------------------------------------------------------------- /Troj-gootloader.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Troj-gootloader.csv -------------------------------------------------------------------------------- /Troj-gootloader.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Troj-gootloader.yara -------------------------------------------------------------------------------- /Troj_Agent-BJJB.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Troj_Agent-BJJB.csv -------------------------------------------------------------------------------- /Troj_GuLoader.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Troj_GuLoader.csv -------------------------------------------------------------------------------- /Trojan-Glupteba: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Trojan-Glupteba -------------------------------------------------------------------------------- /Trojan-LDMiner.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Trojan-LDMiner.csv -------------------------------------------------------------------------------- /Worm-Raspberry-Robin.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Worm-Raspberry-Robin.csv -------------------------------------------------------------------------------- /Worm-WannaCry: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Worm-WannaCry -------------------------------------------------------------------------------- /Zemana-driver-IoCs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/Zemana-driver-IoCs.csv -------------------------------------------------------------------------------- /atk-backstab-d.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/atk-backstab-d.csv -------------------------------------------------------------------------------- /bitcoin-addys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/bitcoin-addys -------------------------------------------------------------------------------- /crimson_palace_2.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/crimson_palace_2.csv -------------------------------------------------------------------------------- /crimson_palace_post-08-2023.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/crimson_palace_post-08-2023.csv -------------------------------------------------------------------------------- /crimson_palace_prior_intrusions.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/crimson_palace_prior_intrusions.csv -------------------------------------------------------------------------------- /crimson_palace_stac1248-alpha.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/crimson_palace_stac1248-alpha.csv -------------------------------------------------------------------------------- /crimson_palace_stac1305_charlie.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/crimson_palace_stac1305_charlie.csv -------------------------------------------------------------------------------- /crimson_palace_stac1870_bravo.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/crimson_palace_stac1870_bravo.csv -------------------------------------------------------------------------------- /defi-mining-scams-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/defi-mining-scams-iocs.csv -------------------------------------------------------------------------------- /double-dragon-breath-iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/double-dragon-breath-iocs.csv -------------------------------------------------------------------------------- /email account compromise 365 2023-06.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/email account compromise 365 2023-06.csv -------------------------------------------------------------------------------- /files_hosted_on_discord.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/files_hosted_on_discord.csv -------------------------------------------------------------------------------- /fleeceware-chatbot-apps.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/fleeceware-chatbot-apps.csv -------------------------------------------------------------------------------- /gootloader_cats_iocs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/gootloader_cats_iocs.csv -------------------------------------------------------------------------------- /mal-fakealert.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/mal-fakealert.csv -------------------------------------------------------------------------------- /maldrivers_release_2.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/maldrivers_release_2.csv -------------------------------------------------------------------------------- /malware-MyKings: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/malware-MyKings -------------------------------------------------------------------------------- /malware-MyKings-domains: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/malware-MyKings-domains -------------------------------------------------------------------------------- /malware-MyKings-v2.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/malware-MyKings-v2.csv -------------------------------------------------------------------------------- /malware-Raticate: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/malware-Raticate -------------------------------------------------------------------------------- /malware-raticate-cloudeye.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/malware-raticate-cloudeye.csv -------------------------------------------------------------------------------- /ms-msdt restore registry key.reg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/ms-msdt restore registry key.reg -------------------------------------------------------------------------------- /papercut-nday-indicators-of-compromise.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/papercut-nday-indicators-of-compromise.csv -------------------------------------------------------------------------------- /raccoonstealer.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/raccoonstealer.csv -------------------------------------------------------------------------------- /ransomware_atomsilo.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/ransomware_atomsilo.csv -------------------------------------------------------------------------------- /ransomware_memento.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/ransomware_memento.csv -------------------------------------------------------------------------------- /repository-backdoor-IOCs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/repository-backdoor-IOCs.csv -------------------------------------------------------------------------------- /smishing campaign targeting Indian customers 2023-04.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/smishing campaign targeting Indian customers 2023-04.csv -------------------------------------------------------------------------------- /usb worm with global reach.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sophoslabs/IoCs/HEAD/usb worm with global reach.csv --------------------------------------------------------------------------------