forked from Neo23x0/signature-base
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsig-base-rules.csv
We can make this file beautiful and searchable if this error is corrected: It looks like row 2 should actually have 1 column, instead of 2 in line 1.
3199 lines (3199 loc) · 492 KB
/
sig-base-rules.csv
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
ACE_Containing_EXE;Looks for ACE Archives containing an exe/scr file;-;2015-09-09 00:00:00;50;Florian Roth - based on Nick Hoffman' rule - Morphick Inc;FILE
ALFA_SHELL;Detects web shell often used by Iranian APT groups;Internal Research - APT33;2017-09-21 00:00:00;70;Florian Roth;APT,WEBSHELL
APT10_Malware_Sample_Gen;APT 10 / Cloud Hopper malware campaign;https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html;2017-04-06 00:00:00;80;Florian Roth;APT,MAL
APT12_Malware_Aug17;Detects APT 12 Malware;http://blog.macnica.net/blog/2017/08/post-fb81.html;2017-08-30 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL
APT15_Malware_Mar18_BS2005;Detects malware from APT 15 report by NCC Group;https://goo.gl/HZ5XMN;2018-03-10 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL
APT15_Malware_Mar18_MSExchangeTool;Detects malware from APT 15 report by NCC Group;https://goo.gl/HZ5XMN;2018-03-10 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL
APT15_Malware_Mar18_RoyalCli;Detects malware from APT 15 report by NCC Group;https://goo.gl/HZ5XMN;2018-03-10 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL
APT15_Malware_Mar18_RoyalDNS;Detects malware from APT 15 report by NCC Group;https://goo.gl/HZ5XMN;2018-03-10 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL
APT17_Malware_Oct17_1;Detects APT17 malware;https://goo.gl/puVc9q;2017-10-03 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL
APT17_Malware_Oct17_2;Detects APT17 malware;https://goo.gl/puVc9q;2017-10-03 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL
APT17_Malware_Oct17_Gen;Detects APT17 malware;https://goo.gl/puVc9q;2017-10-03 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL
APT17_Sample_FXSST_DLL;Detects Samples related to APT17 activity - file FXSST.DLL;https://goo.gl/ZiJyQv;2015-05-14 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL
APT17_Unsigned_Symantec_Binary_EFA;Detects APT17 malware;https://goo.gl/puVc9q;2017-10-03 00:00:00;70;Florian Roth;APT,EXE,FILE
APT28_CHOPSTICK;Detects a malware that behaves like CHOPSTICK mentioned in APT28 report;https://goo.gl/v3ebal;2015-06-02 00:00:00;60;Florian Roth;APT,EXE,FILE,RUSSIA
APT28_HospitalityMalware_document;Yara Rule for APT28_Hospitality_Malware document identification;http://csecybsec.com/download/zlab/APT28_Hospitality_Malware_report.pdf;1970-01-01 01:00:00;70;CSE CybSec Enterprise - Z-Lab;APT,MAL,RUSSIA
APT28_HospitalityMalware_mvtband_file;Yara Rule for mvtband.dll malware;http://csecybsec.com/download/zlab/APT28_Hospitality_Malware_report.pdf;1970-01-01 01:00:00;70;CSE CybSec Enterprise - Z-Lab;EXTVAR
APT28_SourFace_Malware1;Detects Malware from APT28 incident - SOURFACE is a downloader that obtains a second-stage backdoor from a C2 server.;https://www.fireeye.com/blog/threat-research/2014/10/apt28-a-window-into-russias-cyber-espionage-operations.html;2015-06-01 00:00:00;60;Florian Roth;APT,EXE,FILE,MAL,RUSSIA
APT28_SourFace_Malware2;Detects Malware from APT28 incident - SOURFACE is a downloader that obtains a second-stage backdoor from a C2 server.;https://www.fireeye.com/blog/threat-research/2014/10/apt28-a-window-into-russias-cyber-espionage-operations.html;2015-06-01 00:00:00;60;Florian Roth;APT,EXE,FILE,MAL,RUSSIA
APT28_SourFace_Malware3;Detects Malware from APT28 incident - SOURFACE is a downloader that obtains a second-stage backdoor from a C2 server.;https://www.fireeye.com/blog/threat-research/2014/10/apt28-a-window-into-russias-cyber-espionage-operations.html;2015-06-01 00:00:00;60;Florian Roth;APT,EXE,FILE,MAL,RUSSIA
APT30_Generic_1;FireEye APT30 Report Sample;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE,GEN
APT30_Generic_2;FireEye APT30 Report Sample - from many files;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE,GEN
APT30_Generic_3;FireEye APT30 Report Sample;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE,GEN
APT30_Generic_4;FireEye APT30 Report Sample;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE,GEN
APT30_Generic_5;FireEye APT30 Report Sample;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE,GEN
APT30_Generic_6;FireEye APT30 Report Sample;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE,GEN
APT30_Generic_7;FireEye APT30 Report Sample;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE,GEN
APT30_Generic_8;FireEye APT30 Report Sample;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE,GEN
APT30_Generic_9;FireEye APT30 Report Sample;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE,GEN
APT30_Generic_A;FireEye APT30 Report Sample - file af1c1c5d8031c4942630b6a10270d8f4;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE,GEN
APT30_Generic_B;FireEye APT30 Report Sample - file 29395c528693b69233c1c12bef8a64b3;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE,GEN
APT30_Generic_C;FireEye APT30 Report Sample - file 0c4fcef3b583d0ffffc2b14b9297d3a4;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE,GEN
APT30_Generic_D;FireEye APT30 Report Sample - file 597805832d45d522c4882f21db800ecf;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE,GEN
APT30_Generic_E;FireEye APT30 Report Sample - file 8ff473bedbcc77df2c49a91167b1abeb;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE,GEN
APT30_Generic_E_v2;FireEye APT30 Report Sample - file 71f25831681c19ea17b2f2a84a41bbfb;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE,GEN
APT30_Generic_F;FireEye APT30 Report Sample - file 4c10a1efed25b828e4785d9526507fbc;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE,GEN
APT30_Generic_G;FireEye APT30 Report Sample - file 53f1358cbc298da96ec56e9a08851b4b;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE,GEN
APT30_Generic_H;FireEye APT30 Report Sample - file db3e5c2f2ce07c2d3fa38d6fc1ceb854;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE,GEN
APT30_Generic_I;FireEye APT30 Report Sample - file fe211c7a081c1dac46e3935f7c614549;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE,GEN
APT30_Generic_J;FireEye APT30 Report Sample - file baff5262ae01a9217b10fcd5dad9d1d5;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE,GEN
APT30_Generic_K;FireEye APT30 Report Sample - file b5a343d11e1f7340de99118ce9fc1bbb;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE,GEN
APT30_Microfost;FireEye APT30 Report Sample - file 310a4a62ba3765cbf8e8bbb9f324c503;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_10;FireEye APT30 Report Sample - file 8c713117af4ca6bbd69292a78069e75b;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_11;FireEye APT30 Report Sample - file d97aace631d6f089595f5ce177f54a39;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_12;FireEye APT30 Report Sample - file c95cd106c1fecbd500f4b97566d8dc96;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_13;FireEye APT30 Report Sample - file 95bb314fe8fdbe4df31a6d23b0d378bc;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_14;FireEye APT30 Report Sample - file 6f931c15789d234881be8ae8ccfe33f4;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_15;FireEye APT30 Report Sample - file e26a2afaaddfb09d9ede505c6f1cc4e3;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_16;FireEye APT30 Report Sample - file 37e568bed4ae057e548439dc811b4d3a;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_17;FireEye APT30 Report Sample - file 23813c5bf6a7af322b40bd2fd94bd42e;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_18;FireEye APT30 Report Sample - file b2138a57f723326eda5a26d2dec56851;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_19;FireEye APT30 Report Sample - file 5d4f2871fd1818527ebd65b0ff930a77;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_1;FireEye APT30 Report Sample - file 4c6b21e98ca03e0ef0910e07cef45dac;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_20;FireEye APT30 Report Sample - file 5ae51243647b7d03a5cb20dccbc0d561;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_21;FireEye APT30 Report Sample - file 78c4fcee5b7fdbabf3b9941225d95166;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_22;FireEye APT30 Report Sample - file fad06d7b4450c4631302264486611ec3;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_23;FireEye APT30 Report Sample - file a5ca2c5b4d8c0c1bc93570ed13dcab1a;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_24;FireEye APT30 Report Sample - file 062fe1336459a851bd0ea271bb2afe35;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_25;FireEye APT30 Report Sample - file c4c068200ad8033a0f0cf28507b51842;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_26;FireEye APT30 Report Sample - file 428fc53c84e921ac518e54a5d055f54a;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_27;FireEye APT30 Report Sample - file d38e02eac7e3b299b46ff2607dd0f288;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_28;FireEye APT30 Report Sample - file e62a63307deead5c9fcca6b9a2d51fb0;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_29;FireEye APT30 Report Sample - file 1b81b80ff0edf57da2440456d516cc90;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_2;FireEye APT30 Report Sample - file c4dec6d69d8035d481e4f2c86f580e81;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_30;FireEye APT30 Report Sample - file bf8616bbed6d804a3dea09b230c2ab0c;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_31;FireEye APT30 Report Sample - file d8e68db503f4155ed1aeba95d1f5e3e4;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_33;FireEye APT30 Report Sample - file 5eaf3deaaf2efac92c73ada82a651afe;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_34;FireEye APT30 Report Sample - file a9e8e402a7ee459e4896d0ba83543684;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_35;FireEye APT30 Report Sample - file 414854a9b40f7757ed7bfc6a1b01250f;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_3;FireEye APT30 Report Sample - file 59e055cee87d8faf6f701293e5830b5a;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_4;FireEye APT30 Report Sample - file 6ba315275561d99b1eb8fc614ff0b2b3;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_5;FireEye APT30 Report Sample - file ebf42e8b532e2f3b19046b028b5dfb23;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_6;FireEye APT30 Report Sample - file ee1b23c97f809151805792f8778ead74;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_7;FireEye APT30 Report Sample - file 74b87086887e0c67ffb035069b195ac7;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_8;FireEye APT30 Report Sample - file 44b98f22155f420af4528d17bb4a5ec8;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT30_Sample_9;FireEye APT30 Report Sample - file e3ae3cbc024e39121c87d73e87bb2210;https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf;2015-04-13 00:00:00;70;Florian Roth;APT,FILE
APT34_Malware_Exeruner;Detects APT 34 malware;https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html;2017-12-07 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL
APT34_Malware_HTA;Detects APT 34 malware;https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html;2017-12-07 00:00:00;70;Florian Roth;APT,MAL
APT6_Malware_Sample_Gen;Rule written for 2 malware samples that communicated to APT6 C2 servers;https://otx.alienvault.com/pulse/56c4d1664637f26ad04e5b73/;2016-04-09 00:00:00;80;Florian Roth;APT,EXE,FILE,MAL
APTGroupX_PlugXTrojanLoader_StringDecode;Rule to detect PlugX Malware;https://t.co/4xQ8G2mNap;1970-01-01 01:00:00;80;Jay DiMartino;MAL
APT_APT10_Malware_Imphash_Dec18_1;Detects APT10 malware based on ImpHashes;AlienVault OTX IOCs - statistical sample analysis;2018-12-28 00:00:00;70;Florian Roth;APT,CHINA,EXE,FILE,MAL
APT_APT28_Cannon_Trojan_Nov18_1;Detects Cannon Trojan used by Sofacy;https://researchcenter.paloaltonetworks.com/2018/11/unit42-sofacy-continues-global-attacks-wheels-new-cannon-trojan/;2018-11-20 00:00:00;70;Florian Roth;EXE,FILE,MAL,RUSSIA
APT_Area1_SSF_GoogleSend_Strings;Detects send tool used in phishing campaign reported by Area 1 in December 2018;https://cdn.area1security.com/reports/Area-1-Security-PhishingDiplomacy.pdf;2018-12-19 00:00:00;70;Area 1 (modified by Florian Roth);EXE,FILE
APT_Area1_SSF_PlugX;Detects send tool used in phishing campaign reported by Area 1 in December 2018;https://cdn.area1security.com/reports/Area-1-Security-PhishingDiplomacy.pdf;2018-12-19 00:00:00;70;Area 1;
APT_Cloaked_PsExec;Looks like a cloaked PsExec. May be APT group activity.;-;2014-07-18 00:00:00;60;Florian Roth;APT,EXE,EXTVAR,FILE
APT_Cloaked_ScanLine;Looks like a cloaked ScanLine Port Scanner. May be APT group activity.;-;2014-07-18 00:00:00;50;Florian Roth;APT,EXTVAR,HKTL
APT_Cloaked_SuperScan;Looks like a cloaked SuperScan Port Scanner. May be APT group activity.;-;2014-07-18 00:00:00;50;Florian Roth;APT,EXTVAR,HKTL
APT_CobaltStrike_Beacon_Indicator;Detects CobaltStrike beacons;https://github.com/JPCERTCC/aa-tools/blob/master/cobaltstrikescan.py;2018-11-09 00:00:00;70;JPCERT;EXE,FILE
APT_DarkHydrus_Jul18_1;Detects strings found in malware samples in APT report in DarkHydrus;https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/;2018-07-28 00:00:00;70;Florian Roth;APT,EXE,FILE,MIDDLE_EAST
APT_DarkHydrus_Jul18_2;Detects strings found in malware samples in APT report in DarkHydrus;https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/;2018-07-28 00:00:00;70;Florian Roth;APT,EXE,FILE,MIDDLE_EAST
APT_DarkHydrus_Jul18_3;Detects strings found in malware samples in APT report in DarkHydrus;https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/;2018-07-28 00:00:00;70;Florian Roth;APT,EXE,FILE,MIDDLE_EAST
APT_DarkHydrus_Jul18_4;Detects strings found in malware samples in APT report in DarkHydrus;https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/;2018-07-28 00:00:00;70;Florian Roth;APT,EXE,FILE,MIDDLE_EAST
APT_DarkHydrus_Jul18_5;Detects strings found in malware samples in APT report in DarkHydrus;https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/;2018-07-28 00:00:00;70;Florian Roth;APT,EXE,FILE,MIDDLE_EAST
APT_DonotTeam_YTYframework;Modular malware framework with similarities to EHDevel;arbornetworks.com/blog/asert/don;2018-08-03 00:00:00;70;James E.C, ProofPoint;FILE
APT_FIN7_EXE_Sample_Aug18_10;Detects sample from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;70;Florian Roth;EXE,FILE,RUSSIA
APT_FIN7_EXE_Sample_Aug18_1;Detects sample from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;70;Florian Roth;EXE,FILE,RUSSIA
APT_FIN7_EXE_Sample_Aug18_2;Detects sample from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;70;Florian Roth;EXE,FILE,RUSSIA
APT_FIN7_EXE_Sample_Aug18_3;Detects sample from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;70;Florian Roth;EXE,FILE,RUSSIA
APT_FIN7_EXE_Sample_Aug18_4;Detects sample from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;70;Florian Roth;EXE,FILE,RUSSIA
APT_FIN7_EXE_Sample_Aug18_5;Detects sample from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;70;Florian Roth;EXE,FILE,RUSSIA
APT_FIN7_EXE_Sample_Aug18_6;Detects sample from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;70;Florian Roth;EXE,FILE,RUSSIA
APT_FIN7_EXE_Sample_Aug18_7;Detects sample from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;70;Florian Roth;EXE,FILE,RUSSIA
APT_FIN7_EXE_Sample_Aug18_8;Detects sample from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;70;Florian Roth;EXE,FILE,RUSSIA
APT_FIN7_MalDoc_Aug18_1;Detects malicious Doc from FIN7 campaign;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;70;Florian Roth;RUSSIA
APT_FIN7_Sample_Aug18_1;Detects FIN7 samples mentioned in FireEye report;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;70;Florian Roth;FILE,RUSSIA
APT_FIN7_Sample_Aug18_2;Detects FIN7 malware sample;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;70;Florian Roth;FILE,RUSSIA
APT_FIN7_Sample_EXE_Aug18_1;Detects FIN7 Sample;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;70;Florian Roth;EXE,FILE,RUSSIA
APT_FIN7_Strings_Aug18_1;Detects strings from FIN7 report in August 2018;https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html;2018-08-01 00:00:00;70;Florian Roth;RUSSIA
APT_FallChill_RC4_Keys;Detects FallChill RC4 keys;https://securelist.com/operation-applejeus/87553/;2018-08-21 00:00:00;70;Florian Roth;EXE,FILE
APT_GreyEnergy_Malware_Oct18_1;Detects samples from Grey Energy report;https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/;2018-10-17 00:00:00;70;Florian Roth;EXE,FILE,MAL
APT_GreyEnergy_Malware_Oct18_2;Detects samples from Grey Energy report;https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/;2018-10-17 00:00:00;70;Florian Roth;EXE,FILE,MAL
APT_GreyEnergy_Malware_Oct18_3;Detects samples from Grey Energy report;https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/;2018-10-17 00:00:00;70;Florian Roth;EXE,FILE,MAL
APT_GreyEnergy_Malware_Oct18_4;Detects samples from Grey Energy report;https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/;2018-10-17 00:00:00;70;Florian Roth;EXE,FILE,MAL
APT_GreyEnergy_Malware_Oct18_5;Detects samples from Grey Energy report;https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/;2018-10-17 00:00:00;70;Florian Roth;EXE,FILE,MAL
APT_HiddenCobra_GhostSecret_1;Detects Hidden Cobra Sample;https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/;2018-08-11 00:00:00;70;Florian Roth;EXE,FILE,NK
APT_HiddenCobra_GhostSecret_2;Detects Hidden Cobra Sample;https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/;2018-08-11 00:00:00;70;Florian Roth;EXE,FILE,NK
APT_HiddenCobra_enc_PK_header;Hidden Cobra - Detects trojan with encrypted header;https://www.us-cert.gov/ncas/analysis-reports/AR18-165A;2018-04-12 00:00:00;70;NCCIC trusted 3rd party - Edit: Tobias Michalski;FILE,NK
APT_HiddenCobra_import_obfuscation_2;Hidden Cobra - Detects remote access trojan;https://www.us-cert.gov/ncas/analysis-reports/AR18-165A;2018-04-12 00:00:00;70;NCCIC trusted 3rd party - Edit: Tobias Michalski;FILE,NK,OBFUS
APT_Kaspersky_Duqu2_SamsungPrint;Kaspersky APT Report - Duqu2 Sample - file 2a9a5afc342cde12c6eb9a91ad29f7afdfd8f0fb17b983dcfddceccfbc17af69;https://goo.gl/7yKyOj;2015-06-10 00:00:00;70;Florian Roth;APT,EXE,FILE
APT_Kaspersky_Duqu2_msi3_32;Kaspersky APT Report - Duqu2 Sample - file d8a849654ab97debaf28ae5b749c3b1ff1812ea49978713853333db48c3972c3;https://goo.gl/7yKyOj;2015-06-10 00:00:00;70;Florian Roth;APT,EXE,FILE
APT_Kaspersky_Duqu2_procexp;Kaspersky APT Report - Duqu2 Sample - Malicious MSI;https://goo.gl/7yKyOj;2015-06-10 00:00:00;70;Florian Roth;APT,EXE,FILE
APT_Lazarus_Aug18_1;Detects Lazarus Group Malware;https://securelist.com/operation-applejeus/87553/;2018-08-24 00:00:00;70;Florian Roth;EXE,FILE,MAL,NK
APT_Lazarus_Aug18_2;Detects Lazarus Group Malware;https://securelist.com/operation-applejeus/87553/;2018-08-24 00:00:00;70;Florian Roth;EXE,FILE,MAL,NK
APT_Lazarus_Aug18_Downloader_1;Detects Lazarus Group Malware Downloadery;https://securelist.com/operation-applejeus/87553/;2018-08-24 00:00:00;70;Florian Roth;EXE,FILE,MAL,NK
APT_Lazarus_Dropper_Jun18_1;Detects Lazarus Group Dropper;https://twitter.com/DrunkBinary/status/1002587521073721346;2018-06-01 00:00:00;70;Florian Roth;EXE,FILE,MAL,NK
APT_Lazarus_RAT_Jun18_1;Detects Lazarus Group RAT;https://twitter.com/DrunkBinary/status/1002587521073721346;2018-06-01 00:00:00;70;Florian Roth;EXE,FILE,MAL,NK
APT_Lazarus_RAT_Jun18_2;Detects Lazarus Group RAT;https://twitter.com/DrunkBinary/status/1002587521073721346;2018-06-01 00:00:00;70;Florian Roth;EXE,FILE,MAL,NK
APT_Liudoor;Detects Liudoor daemon backdoor;-;2015-07-23 00:00:00;70;RSA FirstWatch;MAL
APT_MAL_DNS_Hijacking_Campaign_AA19_024A;Detects malware used in DNS Hijackign campaign;https://www.us-cert.gov/ncas/alerts/AA19-024A;2019-01-25 00:00:00;70;Florian Roth;EXE,FILE
APT_ME_BigBang_Gen_Jul18_1;Detects malware from Big Bang campaign against Palestinian authorities;https://research.checkpoint.com/apt-attack-middle-east-big-bang/;2018-07-09 00:00:00;70;Florian Roth;EXE,FILE,GEN
APT_ME_BigBang_Mal_Jul18_1;Detects malware from Big Bang report;https://research.checkpoint.com/apt-attack-middle-east-big-bang/;2018-07-09 00:00:00;70;Florian Roth;EXE,FILE
APT_MagicHound_MalMacro;Detects malicious macro / powershell in Office document;https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations;2017-02-17 00:00:00;70;Florian Roth;FILE,OFFICE
APT_Malware_CommentCrew_MiniASP;CommentCrew Malware MiniASP APT;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL
APT_Malware_PutterPanda_Gen1;Detects a malware ;not set;2015-06-03 00:00:00;70;YarGen Rule Generator;EXE,FILE,MAL
APT_Malware_PutterPanda_Gen4;Detects Malware related to PutterPanda;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;CHINA,EXE,FILE,MAL
APT_Malware_PutterPanda_MsUpdater_1;Detects Malware related to PutterPanda - MSUpdater;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;CHINA,EXE,FILE,MAL
APT_Malware_PutterPanda_MsUpdater_2;Detects Malware related to PutterPanda - MSUpdater;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;CHINA,EXE,FILE,MAL
APT_Malware_PutterPanda_MsUpdater_3;Detects Malware related to PutterPanda - MSUpdater;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;CHINA,EXE,FILE,MAL
APT_Malware_PutterPanda_PSAPI;Detects a malware related to Putter Panda;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;CHINA,EXE,FILE,MAL
APT_Malware_PutterPanda_Rel;Detects an APT malware related to PutterPanda;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;APT,CHINA,EXE,FILE,MAL
APT_Malware_PutterPanda_Rel_2;APT Malware related to PutterPanda Group;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;APT,CHINA,EXE,FILE,MAL
APT_Malware_PutterPanda_WUAUCLT;Detects a malware related to Putter Panda;VT Analysis;2015-06-03 00:00:00;70;Florian Roth;CHINA,MAL
APT_NK_AR18_165A_1;Detects APT malware from AR18-165A report by US CERT;https://www.us-cert.gov/ncas/analysis-reports/AR18-165A;2018-06-15 00:00:00;70;Florian Roth;APT,EXE,FILE
APT_NK_AR18_165A_HiddenCobra_import_deob;Hidden Cobra - Detects installed proxy module as a service;https://www.us-cert.gov/ncas/analysis-reports/AR18-165A;2018-04-12 00:00:00;70;NCCIC trusted 3rd party - Edit: Tobias Michalski;FILE,NK
APT_Project_Sauron_Custom_M1;Detects malware from Project Sauron APT;https://goo.gl/eFoP4A;2016-08-09 00:00:00;70;Florian Roth;APT,EXE,FILE
APT_Project_Sauron_Custom_M2;Detects malware from Project Sauron APT;https://goo.gl/eFoP4A;2016-08-09 00:00:00;70;Florian Roth;APT,EXE,FILE
APT_Project_Sauron_Custom_M3;Detects malware from Project Sauron APT;https://goo.gl/eFoP4A;2016-08-09 00:00:00;70;Florian Roth;APT,EXE,FILE
APT_Project_Sauron_Custom_M4;Detects malware from Project Sauron APT;https://goo.gl/eFoP4A;2016-08-09 00:00:00;70;Florian Roth;APT,EXE,FILE
APT_Project_Sauron_Custom_M6;Detects malware from Project Sauron APT;https://goo.gl/eFoP4A;2016-08-09 00:00:00;70;Florian Roth;APT,EXE,FILE
APT_Project_Sauron_Custom_M7;Detects malware from Project Sauron APT;https://goo.gl/eFoP4A;2016-08-09 00:00:00;70;Florian Roth;APT,EXE,FILE
APT_Project_Sauron_Scripts;Detects scripts (mostly LUA) from Project Sauron report by Kaspersky;https://goo.gl/eFoP4A;2016-08-08 00:00:00;70;Florian Roth;
APT_Project_Sauron_arping_module;Detects strings from arping module - Project Sauron report by Kaspersky;https://goo.gl/eFoP4A;2016-08-08 00:00:00;70;Florian Roth;
APT_Project_Sauron_basex_module;Detects strings from basex module - Project Sauron report by Kaspersky;https://goo.gl/eFoP4A;2016-08-08 00:00:00;70;Florian Roth;
APT_Project_Sauron_dext_module;Detects strings from dext module - Project Sauron report by Kaspersky;https://goo.gl/eFoP4A;2016-08-08 00:00:00;70;Florian Roth;
APT_Project_Sauron_kblogi_module;Detects strings from kblogi module - Project Sauron report by Kaspersky;https://goo.gl/eFoP4A;2016-08-08 00:00:00;70;Florian Roth;
APT_Proxy_Malware_Packed_dev;APT Malware - Proxy;-;2014-11-10 00:00:00;50;FRoth;APT,HKTL,MAL
APT_PupyRAT_PY;Detects Pupy RAT;https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations;2017-02-17 00:00:00;70;Florian Roth;EXE,FILE,MAL
APT_RANCOR_DDKONG_Malware_Exports;Detects DDKONG malware;https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/;2018-06-26 00:00:00;70;Florian Roth;EXE,FILE,MAL
APT_RANCOR_JS_Malware;Rancor Malware;https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/;2018-06-26 00:00:00;70;Florian Roth;FILE,MAL
APT_RANCOR_PLAINTEE_Malware_Exports;Detects PLAINTEE malware;https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/;2018-06-26 00:00:00;70;Florian Roth;EXE,FILE,MAL
APT_RANCOR_PLAINTEE_Variant;Detects PLAINTEE malware;https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/;2018-06-26 00:00:00;70;Florian Roth;EXE,FILE
APT_TA18_149A_Joanap_Sample1;Detects malware from TA18-149A report by US-CERT;https://www.us-cert.gov/ncas/alerts/TA18-149A;2018-05-30 00:00:00;70;Florian Roth;EXE,FILE
APT_TA18_149A_Joanap_Sample2;Detects malware from TA18-149A report by US-CERT;https://www.us-cert.gov/ncas/alerts/TA18-149A;2018-05-30 00:00:00;70;Florian Roth;EXE,FILE
APT_TA18_149A_Joanap_Sample3;Detects malware from TA18-149A report by US-CERT;https://www.us-cert.gov/ncas/alerts/TA18-149A;2018-05-30 00:00:00;70;Florian Roth;EXE,FILE
APT_Thrip_Sample_Jun18_10;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;70;Florian Roth;EXE,FILE
APT_Thrip_Sample_Jun18_11;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;70;Florian Roth;EXE,FILE
APT_Thrip_Sample_Jun18_12;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;70;Florian Roth;EXE,FILE
APT_Thrip_Sample_Jun18_13;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;70;Florian Roth;EXE,FILE
APT_Thrip_Sample_Jun18_14;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;70;Florian Roth;EXE,FILE
APT_Thrip_Sample_Jun18_15;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;70;Florian Roth;EXE,FILE
APT_Thrip_Sample_Jun18_16;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;70;Florian Roth;EXE,FILE
APT_Thrip_Sample_Jun18_17;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;70;Florian Roth;EXE,FILE
APT_Thrip_Sample_Jun18_18;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;70;Florian Roth;EXE,FILE
APT_Thrip_Sample_Jun18_1;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;70;Florian Roth;EXE,FILE
APT_Thrip_Sample_Jun18_2;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;70;Florian Roth;EXE,FILE
APT_Thrip_Sample_Jun18_3;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;70;Florian Roth;EXE,FILE
APT_Thrip_Sample_Jun18_4;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;70;Florian Roth;EXE,FILE
APT_Thrip_Sample_Jun18_5;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;70;Florian Roth;EXE,FILE
APT_Thrip_Sample_Jun18_6;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;70;Florian Roth;EXE,FILE
APT_Thrip_Sample_Jun18_7;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;70;Florian Roth;EXE,FILE
APT_Thrip_Sample_Jun18_8;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;70;Florian Roth;
APT_Thrip_Sample_Jun18_9;Detects sample found in Thrip report by Symantec ;https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets ;2018-06-21 00:00:00;70;Florian Roth;EXE,FILE
APT_Tick_HomamDownloader_Jun18;Detects HomamDownloader from Tick group incident - Weaponized USB;https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/;2018-06-23 00:00:00;70;Florian Roth;EXE,FILE
APT_Tick_Sysmon_Loader_Jun18;Detects Sysmon Loader from Tick group incident - Weaponized USB;https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/;2018-06-23 00:00:00;70;Florian Roth;EXE,FILE
APT_Turla_Agent_BTZ_Gen_1;Detects Turla Agent.BTZ;Internal Research;2018-06-16 00:00:00;80;Florian Roth;EXE,FILE,GEN,RUSSIA
ASPXspy2;Web shell - file ASPXspy2.aspx;not set;2015-01-24 00:00:00;70;Florian Roth;WEBSHELL
ASP_CmdAsp;Webshells Auto-generated - file CmdAsp.asp;-;1970-01-01 01:00:00;70;Florian Roth;WEBSHELL
ASPack_ASPACK;Disclosed hacktool set (old stuff) - file ASPACK.EXE;-;2014-11-23 00:00:00;60;Florian Roth;HKTL
ASPack_Chinese;Disclosed hacktool set (old stuff) - file ASPack Chinese.ini;-;2014-11-23 00:00:00;60;Florian Roth;CHINA,HKTL
Acrotray_Anomaly;Detects an acrotray.exe that does not contain the usual strings;-;1970-01-01 01:00:00;75;Florian Roth;EXE,EXTVAR,FILE
Agent_BTZ_Aug17;Detects Agent.BTZ;http://www.intezer.com/new-variants-of-agent-btz-comrat-found/;2017-08-07 00:00:00;70;Florian Roth;EXE,FILE
Agent_BTZ_Proxy_DLL_1;Detects Agent-BTZ Proxy DLL - activeds.dll;http://www.intezer.com/new-variants-of-agent-btz-comrat-found/;2017-08-07 00:00:00;70;Florian Roth;EXE,FILE,HKTL
Agent_BTZ_Proxy_DLL_2;Detects Agent-BTZ Proxy DLL - activeds.dll;http://www.intezer.com/new-variants-of-agent-btz-comrat-found/;2017-08-07 00:00:00;70;Florian Roth;EXE,FILE,HKTL
Ajan_asp;Semi-Auto-generated - file Ajan.asp.txt;-;1970-01-01 01:00:00;70;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL
Ajax_PHP_Command_Shell_php;Semi-Auto-generated - file Ajax_PHP Command Shell.php.txt;-;1970-01-01 01:00:00;70;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL
AllTheThings;Detects AllTheThings;https://github.com/subTee/AllTheThings;2017-07-27 00:00:00;70;Florian Roth;EXE,FILE,HKTL
Ammyy_Admin_AA_v3;Remote Admin Tool used by APT group Anunak (ru) - file AA_v3.4.exe and AA_v3.5.exe;http://goo.gl/gkAg2E;2014-12-22 00:00:00;55;Florian Roth;APT,HKTL
Amplia_Security_Tool;Amplia Security Tool;-;1970-01-01 01:00:00;60;-;HKTL
Andromeda_MalBot_Jun_1A;Detects a malicious Worm Andromeda / RETADUP;http://blog.trendmicro.com/trendlabs-security-intelligence/information-stealer-found-hitting-israeli-hospitals/;2017-06-30 00:00:00;70;Florian Roth;EXE,FILE,MAL
Angry_IP_Scanner_v2_08_ipscan;Auto-generated rule on file ipscan.exe;-;1970-01-01 01:00:00;70;yarGen Yara Rule Generator by Florian Roth;HKTL
Antichat_Shell_v1_3_php;Semi-Auto-generated - file Antichat Shell v1.3.php.txt;-;1970-01-01 01:00:00;70;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL
Antichat_Socks5_Server_php_php;Semi-Auto-generated - file Antichat Socks5 Server.php.php.txt;-;1970-01-01 01:00:00;70;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL
Antiy_Ports_1_21;Disclosed hacktool set (old stuff) - file Antiy Ports 1.21.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL
Apolmy_Privesc_Trojan;Apolmy Privilege Escalation Trojan used in APT Terracotta;https://blogs.rsa.com/terracotta-vpn-enabler-of-advanced-threat-anonymity/;2015-08-04 00:00:00;80;Florian Roth;APT,EXE,FILE,MAL
AppInitHook;AppInitGlobalHooks-Mimikatz - Hide Mimikatz From Process Lists - file AppInitHook.dll;https://goo.gl/Z292v6;2015-07-15 00:00:00;70;Florian Roth;EXE,FILE,HKTL
Armitage_MeterpreterSession_Strings;Detects Armitage component;Internal Research;2017-12-24 00:00:00;70;Florian Roth;
Armitage_OSX;Detects Armitage component;Internal Research;2017-12-24 00:00:00;70;Florian Roth;
Armitage_msfconsole;Detects Armitage component;Internal Research;2017-12-24 00:00:00;70;Florian Roth;FILE
Arp_EMP_v1_0;Chinese Hacktool Set - file Arp EMP v1.0.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
ArtTrayHookDll;Disclosed hacktool set (old stuff) - file ArtTrayHookDll.dll;-;2014-11-23 00:00:00;60;Florian Roth;HKTL
ArtTray_zip_Folder_ArtTray;Disclosed hacktool set (old stuff) - file ArtTray.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL
Asmodeus_v0_1_pl;Semi-Auto-generated - file Asmodeus v0.1.pl.txt;-;1970-01-01 01:00:00;70;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL
Ayyildiz_Tim___AYT__Shell_v_2_1_Biz_html;Semi-Auto-generated - file Ayyildiz Tim -AYT- Shell v 2.1 Biz.html.txt;-;1970-01-01 01:00:00;70;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL
BIN_Client;Webshells Auto-generated - file Client.exe;-;1970-01-01 01:00:00;70;Florian Roth;WEBSHELL
BIN_Server;Webshells Auto-generated - file Server.exe;-;1970-01-01 01:00:00;70;Florian Roth;WEBSHELL
BKDR_Snarasite_Oct17;Auto-generated rule - file 36ba92cba23971ca9d16a0b4f45c853fd5b3108076464d5f2027b0f56054fd62;Internal Research;2017-10-07 00:00:00;70;Florian Roth;EXE,FILE
BTC_Miner_lsass1_chrome_2;Detects a Bitcoin Miner;Internal Research - CN Actor;2017-06-22 00:00:00;60;Florian Roth;EXE,FILE
BackDooR__fr_;Webshells Auto-generated - file BackDooR (fr).php;-;1970-01-01 01:00:00;70;Florian Roth;WEBSHELL
Backdoor_Naikon_APT_Sample1;Detects backdoors related to the Naikon APT;https://goo.gl/7vHyvh;2015-05-14 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL
Backdoor_Nitol_Jun17;Detects malware backdoor Nitol - file wyawou.exe - Attention: this rule also matches on Upatre Downloader;https://goo.gl/OOB3mH;2017-06-04 00:00:00;70;Florian Roth;EXE,FILE,MAL
Backdoor_Redosdru_Jun17;Detects malware Redosdru - file systemHome.exe;https://goo.gl/OOB3mH;2017-06-04 00:00:00;70;Florian Roth;EXE,FILE
BadRabbit_Gen;Detects BadRabbit Ransomware;https://pastebin.com/Y7pJv3tK;2017-10-25 00:00:00;70;Florian Roth;CRIME,EXE,FILE,MAL,RANSOM
BadRabbit_Mimikatz_Comp;Auto-generated rule - file 2f8c54f9fa8e47596a3beff0031f85360e56840c77f71c6a573ace6f46412035;https://pastebin.com/Y7pJv3tK;2017-10-25 00:00:00;70;Florian Roth;EXE,FILE
Base64_PS1_Shellcode;Detects Base64 encoded PS1 Shellcode;https://twitter.com/ItsReallyNick/status/1062601684566843392;2018-11-14 00:00:00;65;Nick Carr, David Ledbetter;
Base64_encoded_Executable;Detects an base64 encoded executable (often embedded);-;2015-05-28 00:00:00;40;Florian Roth;EXE,EXTVAR,FILE
Batch_Powershell_Invoke_Inveigh;Detects malicious batch file from NCSC report;https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control;2018-04-06 00:00:00;70;NCSC;
Batch_Script_To_Run_PsExec;Detects malicious batch file from NCSC report;https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control;2018-04-06 00:00:00;70;NCSC;
Beacon_K5om;Detects Meterpreter Beacon - file K5om.dll;https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html;2017-06-07 00:00:00;70;Florian Roth;EXE,FILE,HKTL,METASPLOIT
Beastdoor_Backdoor;Detects the backdoor Beastdoor;-;1970-01-01 01:00:00;55;Florian Roth;HKTL,MAL
BeepService_Hacktool;Detects BeepService Hacktool used by Chinese APT groups;https://goo.gl/p32Ozf;2016-05-12 00:00:00;85;Florian Roth;APT,CHINA,EXE,FILE,HKTL
BergSilva_Malware;Detects a malware from the same author as the Indetectables RAT;-;2015-10-01 00:00:00;70;Florian Roth;EXE,FILE,MAL
BernhardPOS;BernhardPOS Credit Card dumping tool;http://morphick.com/blog/2015/7/14/bernhardpos-new-pos-malware-discovered-by-morphick;1970-01-01 01:00:00;70;Nick Hoffman / Jeremy Humble;
BeyondExec_RemoteAccess_Tool;Detects BeyondExec Remote Access Tool - file rexesvr.exe;https://goo.gl/BvYurS;2017-03-17 00:00:00;70;Florian Roth;EXE,FILE,HKTL
Binary_Drop_Certutil;Drop binary as base64 encoded cert trick;https://goo.gl/9DNn8q;2015-07-15 00:00:00;70;Florian Roth;
BlackEnergy_BE_2;Detects BlackEnergy 2 Malware;http://goo.gl/DThzLz;2015-02-19 00:00:00;70;Florian Roth;EXE,FILE,MAL
BlackEnergy_BackdoorPass_DropBear_SSH;Detects the password of the backdoored DropBear SSH Server - BlackEnergy;http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/;2016-01-03 00:00:00;70;Florian Roth;EXE,FILE,MAL,RUSSIA
BlackEnergy_Driver_AMDIDE;Black Energy Malware;http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/;2016-01-04 00:00:00;70;Florian Roth;EXE,FILE,MAL
BlackEnergy_Driver_USBMDM;Black Energy Driver;http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/;2016-01-04 00:00:00;70;Florian Roth;EXE,FILE
BlackEnergy_KillDisk_1;Detects KillDisk malware from BlackEnergy;http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/;2016-01-03 00:00:00;80;Florian Roth;EXE,FILE
BlackEnergy_KillDisk_2;Detects KillDisk malware from BlackEnergy;http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/;2016-01-03 00:00:00;80;Florian Roth;EXE,FILE
BlackEnergy_VBS_Agent;Detects VBS Agent from BlackEnergy Report - file Dropbearrun.vbs;http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/;2016-01-03 00:00:00;70;Florian Roth;SCRIPT
Bladabindi_Malware_B64;Detects Bladabindi Malware using Base64 encoded strings;Internal Research;2016-10-08 00:00:00;70;Florian Roth;EXE,FILE,MAL
BluenoroffPoS_DLL;Bluenoroff POS malware - hkp.dll;http://blog.trex.re.kr/3?category=737685;2018-06-07 00:00:00;70;http://blog.trex.re.kr/;
BluesPortScan;Auto-generated rule on file BluesPortScan.exe;-;1970-01-01 01:00:00;70;yarGen Yara Rule Generator by Florian Roth;HKTL
BronzeButler_DGet_1;Detects malware / hacktool sample from Bronze Butler incident;https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses;2017-10-14 00:00:00;70;Florian Roth;EXE,FILE
BronzeButler_Daserf_C_1;Detects malware / hacktool sample from Bronze Butler incident;https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses;2017-10-14 00:00:00;70;Florian Roth;EXE,FILE
BronzeButler_Daserf_Delphi_1;Detects malware / hacktool sample from Bronze Butler incident;https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses;2017-10-14 00:00:00;70;Florian Roth;EXE,FILE
BronzeButler_RarStar_1;Detects malware / hacktool sample from Bronze Butler incident;https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses;2017-10-14 00:00:00;70;Florian Roth;EXE,FILE
BronzeButler_UACBypass_1;Detects malware / hacktool sample from Bronze Butler incident;https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses;2017-10-14 00:00:00;70;Florian Roth;EXE,FILE
BronzeButler_xxmm_1;Detects malware / hacktool sample from Bronze Butler incident;https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses;2017-10-14 00:00:00;70;Florian Roth;EXE,FILE
Buckeye_Osinfo;Detects OSinfo tool used by the Buckeye APT group;http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong;2016-09-05 00:00:00;70;Florian Roth;APT,EXE,FILE
ByPassFireWall_zip_Folder_Ie;Disclosed hacktool set (old stuff) - file Ie.dll;-;2014-11-23 00:00:00;60;Florian Roth;HKTL
ByPassFireWall_zip_Folder_Inject;Disclosed hacktool set (old stuff) - file Inject.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL
BypassUac2;Auto-generated rule - file BypassUac2.zip;-;1970-01-01 01:00:00;70;yarGen Yara Rule Generator;HKTL
BypassUacDll_6;Auto-generated rule - file BypassUacDll.aps;-;1970-01-01 01:00:00;70;yarGen Yara Rule Generator;HKTL
BypassUac_3;Auto-generated rule - file BypassUacDll.dll;-;1970-01-01 01:00:00;70;yarGen Yara Rule Generator;HKTL
BypassUac_9;Auto-generated rule - file BypassUac.zip;-;1970-01-01 01:00:00;70;yarGen Yara Rule Generator;HKTL
BypassUac_EXE;Auto-generated rule - file BypassUacDll.aps;-;1970-01-01 01:00:00;70;yarGen Yara Rule Generator;HKTL
Bytes_used_in_AES_key_generation;Detects Backdoor.goodor;https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control;2018-04-06 00:00:00;70;NCSC;EXE,FILE,MAL
CACTUSTORCH;Detects CactusTorch Hacktool;https://github.com/mdsecactivebreach/CACTUSTORCH;2017-07-31 00:00:00;70;Florian Roth;HKTL
CGISscan_CGIScan;Auto-generated rule on file CGIScan.exe;-;1970-01-01 01:00:00;70;yarGen Yara Rule Generator by Florian Roth;HKTL
CHAOS_Payload;Detects a CHAOS back connect payload;https://github.com/tiagorlampert/CHAOS;2017-07-15 00:00:00;80;Florian Roth;EXE,FILE
CMStar_Malware_Sep17;Detects CMStar Malware;https://goo.gl/pTffPA;2017-10-03 00:00:00;70;Florian Roth;EXE,FILE,MAL
CN_APT_ZeroT_extracted_Go;Chinese APT by Proofpoint ZeroT RAT - file Go.exe;https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx;2017-02-04 00:00:00;70;Florian Roth;APT,CHINA,EXE,FILE,MAL
CN_APT_ZeroT_extracted_Mcutil;Chinese APT by Proofpoint ZeroT RAT - file Mcutil.dll;https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx;2017-02-04 00:00:00;70;Florian Roth;APT,CHINA,EXE,FILE,MAL
CN_APT_ZeroT_extracted_Zlh;Chinese APT by Proofpoint ZeroT RAT - file Zlh.exe;https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx;2017-02-04 00:00:00;70;Florian Roth;APT,CHINA,EXE,FILE,MAL
CN_APT_ZeroT_nflogger;Chinese APT by Proofpoint ZeroT RAT - file nflogger.dll;https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx;2017-02-04 00:00:00;70;Florian Roth;APT,CHINA,EXE,FILE,HKTL,MAL
CN_Actor_AmmyyAdmin;Detects Ammyy Admin Downloader;Internal Research - CN Actor;2017-06-22 00:00:00;60;Florian Roth;EXE,FILE
CN_Actor_RA_Tool_Ammyy_mscorsvw;Detects Ammyy remote access tool;Internal Research - CN Actor;2017-06-22 00:00:00;70;Florian Roth;EXE,FILE
CN_GUI_Scanner;Detects an unknown GUI scanner tool - CN background;-;2014-04-10 00:00:00;65;Florian Roth;HKTL
CN_Hacktool_1433_Scanner;Detects a chinese MSSQL scanner;-;2014-12-10 00:00:00;40;Florian Roth;HKTL
CN_Hacktool_1433_Scanner_Comp2;Detects a chinese MSSQL scanner - component 2;-;2014-12-10 00:00:00;40;Florian Roth;HKTL
CN_Hacktool_BAT_PortsOpen;Detects a chinese BAT hacktool for local port evaluation;-;2014-12-10 00:00:00;60;Florian Roth;HKTL
CN_Hacktool_MilkT_BAT;Detects a chinese Portscanner named MilkT - shipped BAT;-;2014-12-10 00:00:00;70;Florian Roth;HKTL
CN_Hacktool_MilkT_Scanner;Detects a chinese Portscanner named MilkT;-;2014-12-10 00:00:00;60;Florian Roth;HKTL
CN_Hacktool_SSPort_Portscanner;Detects a chinese Portscanner named SSPort;-;2014-12-10 00:00:00;70;Florian Roth;HKTL
CN_Hacktool_S_EXE_Portscanner;Detects a chinese Portscanner named s.exe;-;2014-12-10 00:00:00;70;Florian Roth;HKTL
CN_Hacktool_ScanPort_Portscanner;Detects a chinese Portscanner named ScanPort;-;2014-12-10 00:00:00;70;Florian Roth;HKTL
CN_Honker_ACCESS_brute;Sample from CN Honker Pentest Toolset - file ACCESS_brute.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_ASP_wshell;Sample from CN Honker Pentest Toolset - file wshell.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE
CN_Honker_Acunetix_Web_Vulnerability_Scanner_8_x_Enterprise_Edition_KeyGen;Sample from CN Honker Pentest Toolset - file Acunetix_Web_Vulnerability_Scanner_8.x_Enterprise_Edition_KeyGen.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,GEN,HKTL
CN_Honker_Alien_D;Script from disclosed CN Honker Pentest Toolset - file D.ASP;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPTS
CN_Honker_Alien_command;Script from disclosed CN Honker Pentest Toolset - file command.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPTS
CN_Honker_Alien_ee;Sample from CN Honker Pentest Toolset - file ee.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_Alien_iispwd;Sample from CN Honker Pentest Toolset - file iispwd.vbs;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;
CN_Honker_Arp_EMP_v1_0;Sample from CN Honker Pentest Toolset - file Arp EMP v1.0.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_AspxClient;Sample from CN Honker Pentest Toolset - file AspxClient.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_Baidu_Extractor_Ver1_0;Sample from CN Honker Pentest Toolset - file Baidu_Extractor_Ver1.0.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_COOKIE_CooKie;Sample from CN Honker Pentest Toolset - file CooKie.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_ChinaChopper;Sample from CN Honker Pentest Toolset - file ChinaChopper.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;CHINA,EXE,FILE
CN_Honker_ChinaChopper_db;Script from disclosed CN Honker Pentest Toolset - file db.mdb;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPTS
CN_Honker_Churrasco;Sample from CN Honker Pentest Toolset - file Churrasco.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_CleanIISLog;Sample from CN Honker Pentest Toolset - file CleanIISLog.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_CnCerT_CCdoor_CMD;Sample from CN Honker Pentest Toolset - file CnCerT.CCdoor.CMD.dll;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_CnCerT_CCdoor_CMD_2;Sample from CN Honker Pentest Toolset - file CnCerT.CCdoor.CMD.dll2;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_Codeeer_Explorer;Sample from CN Honker Pentest Toolset - file Codeeer Explorer.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_CookiesView;Sample from CN Honker Pentest Toolset - file CookiesView.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_CoolScan_scan;Sample from CN Honker Pentest Toolset - file scan.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_Cracker_SHELL;Sample from CN Honker Pentest Toolset - file SHELL.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_DLL_passive_privilege_escalation_ws2help;Sample from CN Honker Pentest Toolset - file ws2help.dll;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_D_injection_V2_32;Sample from CN Honker Pentest Toolset - file D_injection_V2.32.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_DictionaryGenerator;Sample from CN Honker Pentest Toolset - file DictionaryGenerator.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,GEN
CN_Honker_F4ck_Team_F4ck_3;Sample from CN Honker Pentest Toolset - file F4ck_3.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_F4ck_Team_f4ck;Script from disclosed CN Honker Pentest Toolset - file f4ck.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPTS
CN_Honker_F4ck_Team_f4ck_2;Sample from CN Honker Pentest Toolset - file f4ck_2.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_F4ck_Team_f4ck_3;Sample from CN Honker Pentest Toolset - file f4ck.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_FTP_scanning;Sample from CN Honker Pentest Toolset - file FTP_scanning.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_Fckeditor;Sample from CN Honker Pentest Toolset - file Fckeditor.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_Fpipe_FPipe;Sample from CN Honker Pentest Toolset - file FPipe.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;50;Florian Roth;EXE,FILE
CN_Honker_GetHashes;Sample from CN Honker Pentest Toolset - file GetHashes.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_GetHashes_2;Sample from CN Honker Pentest Toolset - file GetHashes.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_GetPass_GetPass;Sample from CN Honker Pentest Toolset - file GetPass.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_GetSyskey;Sample from CN Honker Pentest Toolset - file GetSyskey.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_GetWebShell;Sample from CN Honker Pentest Toolset - file GetWebShell.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_GroupPolicyRemover;Sample from CN Honker Pentest Toolset - file GroupPolicyRemover.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_HASH_32;Sample from CN Honker Pentest Toolset - file 32.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_HASH_PwDump7;Sample from CN Honker Pentest Toolset - file PwDump7.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,HKTL
CN_Honker_HASH_pwhash;Sample from CN Honker Pentest Toolset - file pwhash.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_HTran2_4;Sample from CN Honker Pentest Toolset - file HTran2.4.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_Happy_Happy;Sample from CN Honker Pentest Toolset - file Happy.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_Havij_Havij;Sample from CN Honker Pentest Toolset - file Havij.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_HconSTFportable;Sample from CN Honker Pentest Toolset - file HconSTFportable.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_Hookmsgina;Sample from CN Honker Pentest Toolset - file Hookmsgina.dll;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_Htran_V2_40_htran20;Sample from CN Honker Pentest Toolset - file htran20.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_IIS6_iis6;Sample from CN Honker Pentest Toolset - file iis6.com;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_IIS_logcleaner1_0_readme;Script from disclosed CN Honker Pentest Toolset - file readme.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPTS
CN_Honker_Injection;Sample from CN Honker Pentest Toolset - file Injection.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,HKTL
CN_Honker_Injection_Transit_jmCook;Script from disclosed CN Honker Pentest Toolset - file jmCook.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPTS
CN_Honker_Injection_transit;Sample from CN Honker Pentest Toolset - file Injection_transit.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,HKTL
CN_Honker_Interception3389_setup;Sample from CN Honker Pentest Toolset - file setup.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_Interception;Sample from CN Honker Pentest Toolset - file Interception.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_Intersect2_Beta;Script from disclosed CN Honker Pentest Toolset - file Intersect2-Beta.py;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE,SCRIPTS
CN_Honker_InvasionErasor;Sample from CN Honker Pentest Toolset - file InvasionErasor.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_LPK2_0_LPK;Sample from CN Honker Pentest Toolset - file LPK.DAT;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_Layer_Layer;Sample from CN Honker Pentest Toolset - file Layer.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_LogCleaner;Sample from CN Honker Pentest Toolset - file LogCleaner.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_MAC_IPMAC;Sample from CN Honker Pentest Toolset - file IPMAC.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_MSTSC_can_direct_copy;Sample from CN Honker Pentest Toolset - file MSTSC_can_direct_copy.EXE;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_ManualInjection;Sample from CN Honker Pentest Toolset - file ManualInjection.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,HKTL
CN_Honker_Master_beta_1_7;Sample from CN Honker Pentest Toolset - file Master_beta_1.7.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_MatriXay1073;Sample from CN Honker Pentest Toolset - file MatriXay1073.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_Md5CrackTools;Sample from CN Honker Pentest Toolset - file Md5CrackTools.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_NBSI_3_0;Sample from CN Honker Pentest Toolset - file NBSI 3.0.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_NetFuke_NetFuke;Sample from CN Honker Pentest Toolset - file NetFuke.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_Oracle_v1_0_Oracle;Sample from CN Honker Pentest Toolset - file Oracle.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_PHP_php11;Sample from CN Honker Pentest Toolset - file php11.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;
CN_Honker_Perl_serv_U;Script from disclosed CN Honker Pentest Toolset - file Perl-serv-U.pl;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPTS
CN_Honker_Pk_Pker;Sample from CN Honker Pentest Toolset - file Pker.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_PostgreSQL;Sample from CN Honker Pentest Toolset - file PostgreSQL.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_Pwdump7_Pwdump7;Script from disclosed CN Honker Pentest Toolset - file Pwdump7.bat;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPTS
CN_Honker_SAMInside;Sample from CN Honker Pentest Toolset - file SAMInside.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_SQLServer_inject_Creaked;Sample from CN Honker Pentest Toolset - file SQLServer_inject_Creaked.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_Safe3WVS;Sample from CN Honker Pentest Toolset - file Safe3WVS.EXE;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_ScanHistory;Sample from CN Honker Pentest Toolset - file ScanHistory.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_SegmentWeapon;Sample from CN Honker Pentest Toolset - file SegmentWeapon.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_ShiftBackdoor_Server;Sample from CN Honker Pentest Toolset - file Server.dat;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_SkinHRootkit_SkinH;Sample from CN Honker Pentest Toolset - file SkinH.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_SqlMap_Python_Run;Sample from CN Honker Pentest Toolset - file Run.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,SCRIPT
CN_Honker_Sword1_5;Sample from CN Honker Pentest Toolset - file Sword1.5.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_SwordCollEdition;Sample from CN Honker Pentest Toolset - file SwordCollEdition.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_SwordHonkerEdition;Sample from CN Honker Pentest Toolset - file SwordHonkerEdition.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_T00ls_Lpk_Sethc_v2;Sample from CN Honker Pentest Toolset - file T00ls Lpk Sethc v2.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_T00ls_Lpk_Sethc_v3_0;Sample from CN Honker Pentest Toolset - file T00ls Lpk Sethc v3.0.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_T00ls_Lpk_Sethc_v3_LPK;Sample from CN Honker Pentest Toolset - file LPK.DAT;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_T00ls_Lpk_Sethc_v4_0;Sample from CN Honker Pentest Toolset - file T00ls Lpk Sethc v4.0.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_T00ls_Lpk_Sethc_v4_LPK;Sample from CN Honker Pentest Toolset - file LPK.DAT;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_T00ls_scanner;Sample from CN Honker Pentest Toolset - file T00ls_scanner.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_Tuoku_script_MSSQL_;Script from disclosed CN Honker Pentest Toolset - file MSSQL_.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPTS
CN_Honker_Tuoku_script_oracle_2;Sample from CN Honker Pentest Toolset - file oracle.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;
CN_Honker_WebCruiserWVS;Sample from CN Honker Pentest Toolset - file WebCruiserWVS.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_WebRobot;Sample from CN Honker Pentest Toolset - file WebRobot.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_WebScan_WebScan;Sample from CN Honker Pentest Toolset - file WebScan.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_WebScan_wwwscan;Sample from CN Honker Pentest Toolset - file wwwscan.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_Webshell;Sample from CN Honker Pentest Toolset - file Webshell.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,WEBSHELL
CN_Honker_Webshell_ASPX_aspx2;Webshell from CN Honker Pentest Toolset - file aspx2.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE,WEBSHELL
CN_Honker_Webshell_ASPX_aspx3;Webshell from CN Honker Pentest Toolset - file aspx3.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_ASPX_aspx4;Webshell from CN Honker Pentest Toolset - file aspx4.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_ASPX_aspx;Webshell from CN Honker Pentest Toolset - file aspx.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_ASPX_shell_shell;Webshell from CN Honker Pentest Toolset - file shell.aspx;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_ASPX_sniff;Webshell from CN Honker Pentest Toolset - file sniff.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_ASP_asp1;Webshell from CN Honker Pentest Toolset - file asp1.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_ASP_asp2;Webshell from CN Honker Pentest Toolset - file asp2.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_ASP_asp3;Webshell from CN Honker Pentest Toolset - file asp3.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_ASP_asp404;Webshell from CN Honker Pentest Toolset - file asp404.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_ASP_asp4;Webshell from CN Honker Pentest Toolset - file asp4.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_ASP_hy2006a;Webshell from CN Honker Pentest Toolset - file hy2006a.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_ASP_rootkit;Webshell from CN Honker Pentest Toolset - file rootkit.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_ASP_shell;Webshell from CN Honker Pentest Toolset - file shell.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_ASP_web_asp;Webshell from CN Honker Pentest Toolset - file web.asp.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_FTP_MYSQL_MSSQL_SSH;Webshell from CN Honker Pentest Toolset - file FTP MYSQL MSSQL SSH.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_Injection_Transit_jmPost;Webshell from CN Honker Pentest Toolset - file jmPost.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_Interception3389_get;Webshell from CN Honker Pentest Toolset - file get.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_JSPMSSQL;Webshell from CN Honker Pentest Toolset - file JSPMSSQL.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_JSP_jsp;Webshell from CN Honker Pentest Toolset - file jsp.html;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_Linux_2_6_Exploit;Webshell from CN Honker Pentest Toolset - file 2.6.9;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;LINUX,WEBSHELL
CN_Honker_Webshell_PHP_BlackSky;Webshell from CN Honker Pentest Toolset - file php6.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_PHP_linux;Webshell from CN Honker Pentest Toolset - file linux.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE,WEBSHELL
CN_Honker_Webshell_PHP_php10;Webshell from CN Honker Pentest Toolset - file php10.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_PHP_php1;Webshell from CN Honker Pentest Toolset - file php1.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_PHP_php2;Webshell from CN Honker Pentest Toolset - file php2.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_PHP_php3;Webshell from CN Honker Pentest Toolset - file php3.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_PHP_php4;Webshell from CN Honker Pentest Toolset - file php4.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE,WEBSHELL
CN_Honker_Webshell_PHP_php5;Webshell from CN Honker Pentest Toolset - file php5.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE,WEBSHELL
CN_Honker_Webshell_PHP_php7;Webshell from CN Honker Pentest Toolset - file php7.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_PHP_php8;Webshell from CN Honker Pentest Toolset - file php8.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_PHP_php9;Webshell from CN Honker Pentest Toolset - file php9.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_Serv_U_2_admin_by_lake2;Webshell from CN Honker Pentest Toolset - file Serv-U 2 admin by lake2.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_Serv_U_asp;Webshell from CN Honker Pentest Toolset - file Serv-U asp.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_Serv_U_by_Goldsun;Webshell from CN Honker Pentest Toolset - file Serv-U_by_Goldsun.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_Serv_U_serv_u;Webshell from CN Honker Pentest Toolset - file serv-u.php;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_Serv_U_servu;Webshell from CN Honker Pentest Toolset - file servu.php;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_T00ls_Lpk_Sethc_v4_mail;Webshell from CN Honker Pentest Toolset - file mail.php;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_Tuoku_script_mssql_2;Webshell from CN Honker Pentest Toolset - file mssql.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_Tuoku_script_mysql;Webshell from CN Honker Pentest Toolset - file mysql.aspx;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_Tuoku_script_oracle;Webshell from CN Honker Pentest Toolset - file oracle.jsp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_Tuoku_script_xx;Webshell from CN Honker Pentest Toolset - file xx.php;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_WebShell;Webshell from CN Honker Pentest Toolset - file WebShell.cgi;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell__Injection_jmCook_jmPost_ManualInjection;Webshell from CN Honker Pentest Toolset - from files Injection.exe, jmCook.asp, jmPost.asp, ManualInjection.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;HKTL,WEBSHELL
CN_Honker_Webshell__Serv_U_by_Goldsun_asp3_Serv_U_asp;Webshell from CN Honker Pentest Toolset - from files Serv-U_by_Goldsun.asp, asp3.txt, Serv-U asp.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell__asp4_asp4_MSSQL__MSSQL_;Webshell from CN Honker Pentest Toolset - from files asp4.txt, asp4.txt, MSSQL_.asp, MSSQL_.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell__php1_php7_php9;Webshell from CN Honker Pentest Toolset - from files php1.txt, php7.txt, php9.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_assembly;Webshell from CN Honker Pentest Toolset - file assembly.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_cfmShell;Webshell from CN Honker Pentest Toolset - file cfmShell.cfm;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_cfm_list;Webshell from CN Honker Pentest Toolset - file list.cfm;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_cfm_xl;Webshell from CN Honker Pentest Toolset - file xl.cfm;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE,WEBSHELL
CN_Honker_Webshell_cmfshell;Webshell from CN Honker Pentest Toolset - file cmfshell.cmf;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_dz_phpcms_phpbb;Webshell from CN Honker Pentest Toolset - file dz_phpcms_phpbb.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_jspshell2;Webshell from CN Honker Pentest Toolset - file jspshell2.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_jspshell;Webshell from CN Honker Pentest Toolset - file jspshell.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_mycode12;Webshell from CN Honker Pentest Toolset - file mycode12.cfm;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_nc_1;Webshell from CN Honker Pentest Toolset - file 1.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_offlibrary;Webshell from CN Honker Pentest Toolset - file offlibrary.php;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_phpwebbackup;Webshell from CN Honker Pentest Toolset - file phpwebbackup.php;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE,WEBSHELL
CN_Honker_Webshell_picloaked_1;Webshell from CN Honker Pentest Toolset - file 1.gif;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_portRecall_jsp2;Webshell from CN Honker Pentest Toolset - file jsp2.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_portRecall_jsp;Webshell from CN Honker Pentest Toolset - file jsp.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_su7_x_9_x;Webshell from CN Honker Pentest Toolset - file su7.x-9.x.asp;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_test3693;Webshell from CN Honker Pentest Toolset - file test3693.war;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE,WEBSHELL
CN_Honker_Webshell_udf_udf;Webshell from CN Honker Pentest Toolset - file udf.php;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Webshell_wshell_asp;Webshell from CN Honker Pentest Toolset - file wshell-asp.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;WEBSHELL
CN_Honker_Without_a_trace_Wywz;Sample from CN Honker Pentest Toolset - file Wywz.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_WordpressScanner;Sample from CN Honker Pentest Toolset - file WordpressScanner.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,HKTL,OFFICE
CN_Honker_Xiaokui_conversion_tool;Sample from CN Honker Pentest Toolset - file Xiaokui_conversion_tool.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker__D_injection_V2_32_D_injection_V2_32_D_injection_V2_32;Sample from CN Honker Pentest Toolset - from files D_injection_V2.32.exe, D_injection_V2.32.exe, D_injection_V2.32.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker__LPK_LPK_LPK;Sample from CN Honker Pentest Toolset - from files LPK.DAT, LPK.DAT, LPK.DAT;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker__PostgreSQL_mysql_injectV1_1_Creak_Oracle_SQLServer_inject_Creaked;Sample from CN Honker Pentest Toolset;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker__builder_shift_SkinH;Sample from CN Honker Pentest Toolset - from files builder.exe, shift.exe, SkinH.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker__lcx_HTran2_4_htran20;Sample from CN Honker Pentest Toolset - from files lcx.exe, HTran2.4.exe, htran20.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker__wwwscan_wwwscan_wwwscan_gui;Sample from CN Honker Pentest Toolset - from files wwwscan.exe, wwwscan.exe, wwwscan_gui.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_arp3_7_arp3_7;Sample from CN Honker Pentest Toolset - file arp3.7.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_cleaner_cl_2;Sample from CN Honker Pentest Toolset - file cl.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_cleaniis;Sample from CN Honker Pentest Toolset - file cleaniis.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_clearlogs;Sample from CN Honker Pentest Toolset - file clearlogs.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_dedecms5_7;Sample from CN Honker Pentest Toolset - file dedecms5.7.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_dirdown_dirdown;Sample from CN Honker Pentest Toolset - file dirdown.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_exp_iis7;Sample from CN Honker Pentest Toolset - file iis7.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_exp_ms11011;Sample from CN Honker Pentest Toolset - file ms11011.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_exp_ms11046;Sample from CN Honker Pentest Toolset - file ms11046.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_exp_ms11080;Sample from CN Honker Pentest Toolset - file ms11080.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_exp_win2003;Sample from CN Honker Pentest Toolset - file win2003.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_getlsasrvaddr;Sample from CN Honker Pentest Toolset - file getlsasrvaddr.exe - WCE Amplia Security;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_hashq_Hashq;Sample from CN Honker Pentest Toolset - file Hashq.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_hkmjjiis6;Sample from CN Honker Pentest Toolset - file hkmjjiis6.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_hxdef100;Sample from CN Honker Pentest Toolset - file hxdef100.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_lcx_lcx;Sample from CN Honker Pentest Toolset - HTRAN - file lcx.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_linux_bin;Script from disclosed CN Honker Pentest Toolset - file linux_bin;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPTS
CN_Honker_mafix_root;Script from disclosed CN Honker Pentest Toolset - file root;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPTS
CN_Honker_mempodipper2_6;Sample from CN Honker Pentest Toolset - file mempodipper2.6.39;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;
CN_Honker_ms10048_x64;Sample from CN Honker Pentest Toolset - file ms10048-x64.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_ms10048_x86;Sample from CN Honker Pentest Toolset - file ms10048-x86.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_ms11080_withcmd;Sample from CN Honker Pentest Toolset - file ms11080_withcmd.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_mssqlpw_scan;Script from disclosed CN Honker Pentest Toolset - file mssqlpw scan.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPTS
CN_Honker_mysql_injectV1_1_Creak;Sample from CN Honker Pentest Toolset - file mysql_injectV1.1_Creak.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_nc_MOVE;Script from disclosed CN Honker Pentest Toolset - file MOVE.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPTS
CN_Honker_net_packet_capt;Sample from CN Honker Pentest Toolset - file net_packet_capt.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_net_priv_esc2;Sample from CN Honker Pentest Toolset - file net-priv-esc2.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_no_net_priv_esc_AddUser;Sample from CN Honker Pentest Toolset - file AddUser.dll;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_passwd_dict_3389;Script from disclosed CN Honker Pentest Toolset - file 3389.txt;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPTS
CN_Honker_portRecall_bc;Script from disclosed CN Honker Pentest Toolset - file bc.pl;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPTS
CN_Honker_portRecall_pr;Script from disclosed CN Honker Pentest Toolset - file pr;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPTS
CN_Honker_pr_debug;Sample from CN Honker Pentest Toolset - file debug.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_safe3wvs_cgiscan;Sample from CN Honker Pentest Toolset - file cgiscan.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_shell_brute_tool;Sample from CN Honker Pentest Toolset - file shell_brute_tool.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_sig_3389_2_3389;Sample from CN Honker Pentest Toolset - file 3389.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_sig_3389_3389;Script from disclosed CN Honker Pentest Toolset - file 3389.vbs;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPTS
CN_Honker_sig_3389_3389_2;Script from disclosed CN Honker Pentest Toolset - file 3389.bat;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPTS
CN_Honker_sig_3389_3389_3;Script from disclosed CN Honker Pentest Toolset - file 3389.bat;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;SCRIPTS
CN_Honker_sig_3389_80_AntiFW;Sample from CN Honker Pentest Toolset - file AntiFW.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_sig_3389_DUBrute_v3_0_RC3_2_0;Sample from CN Honker Pentest Toolset - file 2.0.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_sig_3389_DUBrute_v3_0_RC3_3_0;Sample from CN Honker Pentest Toolset - file 3.0.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_sig_3389_mstsc_MSTSCAX;Sample from CN Honker Pentest Toolset - file MSTSCAX.DLL;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_sig_3389_xp3389;Sample from CN Honker Pentest Toolset - file xp3389.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_smsniff_smsniff;Sample from CN Honker Pentest Toolset - file smsniff.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_struts2_catbox;Sample from CN Honker Pentest Toolset - file catbox.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_super_Injection1;Sample from CN Honker Pentest Toolset - file super Injection1.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE,HKTL
CN_Honker_syconfig;Script from disclosed CN Honker Pentest Toolset - file syconfig.dll;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;FILE,SCRIPTS
CN_Honker_termsrvhack;Sample from CN Honker Pentest Toolset - file termsrvhack.dll;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_windows_exp;Sample from CN Honker Pentest Toolset - file exp.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_windows_mstsc_enhanced_RMDSTC;Sample from CN Honker Pentest Toolset - file RMDSTC.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_wwwscan_1_wwwscan;Sample from CN Honker Pentest Toolset - file wwwscan.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Honker_wwwscan_gui;Sample from CN Honker Pentest Toolset - file wwwscan_gui.exe;Disclosed CN Honker Pentest Toolset;2015-06-23 00:00:00;70;Florian Roth;EXE,FILE
CN_Packed_Scanner;Suspiciously packed executable;-;2014-06-10 00:00:00;40;Florian Roth;HKTL
CN_Portscan;CN Port Scanner;-;1970-01-01 01:00:00;70;Florian Roth;FILE,HKTL
CN_Tools_MyUPnP;Chinese Hacktool Set - file MyUPnP.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
CN_Tools_PcShare;Chinese Hacktool Set - file PcShare.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
CN_Tools_Shiell;Chinese Hacktool Set - file Shiell.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
CN_Tools_Temp;Chinese Hacktool Set - file Temp.war;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,FILE,HKTL,SCRIPTS
CN_Tools_VNCLink;Chinese Hacktool Set - file VNCLink.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
CN_Tools_Vscan;Chinese Hacktool Set - file Vscan.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
CN_Tools_hscan;Chinese Hacktool Set - file hscan.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
CN_Tools_item;Chinese Hacktool Set - file item.php;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,HKTL,WEBSHELL
CN_Tools_old;Chinese Hacktool Set - file old.php;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,HKTL,WEBSHELL
CN_Tools_pc;Chinese Hacktool Set - file pc.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
CN_Tools_srss;Chinese Hacktool Set - file srss.bat;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,HKTL,SCRIPTS
CN_Tools_srss_2;Chinese Hacktool Set - file srss.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
CN_Tools_xbat;Chinese Hacktool Set - file xbat.vbs;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,FILE,HKTL,SCRIPTS
CN_Tools_xsniff;Chinese Hacktool Set - file xsniff.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
CN_Toolset_LScanPortss_2;Detects a Chinese hacktool from a disclosed toolset - file LScanPortss.exe;http://qiannao.com/ls/905300366/33834c0c/;2015-03-30 00:00:00;70;Florian Roth;CHINA,HKTL
CN_Toolset_NTscan_PipeCmd;Detects a Chinese hacktool from a disclosed toolset - file PipeCmd.exe;http://qiannao.com/ls/905300366/33834c0c/;2015-03-30 00:00:00;70;Florian Roth;CHINA,HKTL
CN_Toolset__XScanLib_XScanLib_XScanLib;Detects a Chinese hacktool from a disclosed toolset - from files XScanLib.dll, XScanLib.dll, XScanLib.dll;http://qiannao.com/ls/905300366/33834c0c/;2015-03-30 00:00:00;70;Florian Roth;CHINA,HKTL
CN_Toolset_sig_1433_135_sqlr;Detects a Chinese hacktool from a disclosed toolset - file sqlr.exe;http://qiannao.com/ls/905300366/33834c0c/;2015-03-30 00:00:00;70;Florian Roth;CHINA,HKTL
CN_disclosed_20180208_KeyLogger_1;Detects malware from disclosed CN malware set;https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details;2018-02-08 00:00:00;70;Florian Roth;EXE,FILE
CN_disclosed_20180208_Mal1;Detects malware from disclosed CN malware set;https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details;2018-02-08 00:00:00;70;Florian Roth;EXE,FILE
CN_disclosed_20180208_Mal4;Detects malware from disclosed CN malware set;https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details;2018-02-08 00:00:00;70;Florian Roth;EXE,FILE
CN_disclosed_20180208_Mal5;Detects malware from disclosed CN malware set;https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details;2018-02-08 00:00:00;70;Florian Roth;EXE,FILE
CN_disclosed_20180208_System3;Detects malware from disclosed CN malware set;https://twitter.com/cyberintproject/status/961714165550342146;2018-02-08 00:00:00;70;Florian Roth;EXE,FILE
CN_disclosed_20180208_c;Detects malware from disclosed CN malware set;https://twitter.com/cyberintproject/status/961714165550342146;2018-02-08 00:00:00;70;Florian Roth;EXE,FILE
CN_disclosed_20180208_lsls;Detects malware from disclosed CN malware set;https://twitter.com/cyberintproject/status/961714165550342146;2018-02-08 00:00:00;70;Florian Roth;FILE
COZY_FANCY_BEAR_Hunt;Detects Cozy Bear / Fancy Bear C2 Server IPs;https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/;2016-06-14 00:00:00;70;Florian Roth;EXE,FILE,RUSSIA
COZY_FANCY_BEAR_modified_VmUpgradeHelper;Detects a malicious VmUpgradeHelper.exe as mentioned in the CrowdStrike report;https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/;2016-06-14 00:00:00;70;Florian Roth;EXE,EXTVAR,FILE,RUSSIA
COZY_FANCY_BEAR_pagemgr_Hunt;Detects a pagemgr.exe as mentioned in the CrowdStrike report;https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/;2016-06-14 00:00:00;70;Florian Roth;EXE,FILE,RUSSIA
CVE_2014_4076_Exploitcode;Detects an exploit code for CVE-2014-4076;https://github.com/Neo23x0/yarGen;2018-04-04 00:00:00;70;Florian Roth;EXE,EXPLOIT,FILE
CVE_2015_1674_CNGSYS;Detects exploits for CVE-2015-1674;http://www.binvul.com/viewthread.php?tid=508;2015-05-14 00:00:00;70;Florian Roth;EXE,EXPLOIT,FILE
CVE_2015_1701_Taihou;CVE-2015-1701 compiled exploit code;http://goo.gl/W4nU0q;2015-05-13 00:00:00;70;Florian Roth;EXE,EXPLOIT,FILE
CVE_2017_11882_RTF;Detects suspicious Microsoft Equation OLE contents as used in CVE-2017-11882;Internal Research;2018-02-13 00:00:00;60;Florian Roth;EXPLOIT,FILE
CVE_2017_8759_Mal_Doc;Detects malicious files related to CVE-2017-8759 - file Doc1.doc;https://github.com/Voulnet/CVE-2017-8759-Exploit-sample;2017-09-14 00:00:00;70;Florian Roth;EXPLOIT,FILE
CVE_2017_8759_Mal_HTA;Detects malicious files related to CVE-2017-8759 - file cmd.hta;https://github.com/Voulnet/CVE-2017-8759-Exploit-sample;2017-09-14 00:00:00;70;Florian Roth;EXPLOIT,FILE
CVE_2017_8759_SOAP_Excel;Detects malicious files related to CVE-2017-8759;https://twitter.com/buffaloverflow/status/908455053345869825;2017-09-15 00:00:00;60;Florian Roth;EXPLOIT
CVE_2017_8759_SOAP_txt;Detects malicious file in releation with CVE-2017-8759 - file exploit.txt;https://github.com/Voulnet/CVE-2017-8759-Exploit-sample;2017-09-14 00:00:00;70;Florian Roth;EXPLOIT
CVE_2017_8759_SOAP_via_JS;Detects SOAP WDSL Download via JavaScript;https://twitter.com/buffaloverflow/status/907728364278087680;2017-09-14 00:00:00;60;Florian Roth;
CVE_2017_8759_WSDL_in_RTF;Detects malicious RTF file related CVE-2017-8759;https://twitter.com/xdxdxdxdoa/status/908665278199996416;2017-09-15 00:00:00;70;Security Doggo @xdxdxdxdoa;EXPLOIT,EXTVAR
Casper_Backdoor_x86;Casper French Espionage Malware - Win32/ProxyBot.B - x86 Payload http://goo.gl/VRJNLo;http://goo.gl/VRJNLo;2015-03-05 00:00:00;80;Florian Roth;HKTL,MAL
Casper_EXE_Dropper;Casper French Espionage Malware - Win32/ProxyBot.B - Dropper http://goo.gl/VRJNLo;http://goo.gl/VRJNLo;2015-03-05 00:00:00;80;Florian Roth;HKTL,MAL
Casper_Included_Strings;Casper French Espionage Malware - String Match in File - http://goo.gl/VRJNLo;http://goo.gl/VRJNLo;2015-03-06 00:00:00;50;Florian Roth;MAL
Casper_SystemInformation_Output;Casper French Espionage Malware - System Info Output - http://goo.gl/VRJNLo;http://goo.gl/VRJNLo;2015-03-06 00:00:00;70;Florian Roth;MAL
Casus15_php_php;Semi-Auto-generated - file Casus15.php.php.txt;-;1970-01-01 01:00:00;70;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL
Certutil_Decode_OR_Download;Certutil Decode;Internal Research;2017-08-29 00:00:00;40;Florian Roth;EXTVAR,SCRIPTS
Chafer_Exploit_Copyright_2017;Detects Oilrig Internet Server Extension with Copyright (C) 2017 Exploit;https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf;2018-03-22 00:00:00;70;Markus Neis;EXE,FILE
Chafer_Mimikatz_Custom;Detects Custom Mimikatz Version;https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf;2018-03-22 00:00:00;70;Florian Roth / Markus Neis;EXE,FILE
Chafer_Packed_Mimikatz;Detects Oilrig Packed Mimikatz also detected as Chafer_WSC_x64 by FR;https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf;2018-03-22 00:00:00;70;Florian Roth / Markus Neis;EXE,FILE,MIDDLE_EAST
Chafer_Portscanner;Detects Custom Portscanner used by Oilrig;https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf;2018-03-22 00:00:00;70;Markus Neis;EXE,FILE
CheshireCat_Gen1;Auto-generated rule - file ec41b029c3ff4147b6a5252cb8b659f851f4538d4af0a574f7e16bc1cd14a300;https://malware-research.org/prepare-father-of-stuxnet-news-are-coming/;2015-08-08 00:00:00;90;Florian Roth;EXE,FILE
CheshireCat_Gen2;Cheshire Cat Malware;https://malware-research.org/prepare-father-of-stuxnet-news-are-coming/;2015-08-08 00:00:00;70;Florian Roth;EXE,FILE,MAL
CheshireCat_Sample2;Auto-generated rule - file dc18850d065ff6a8364421a9c8f9dd5fcce6c7567f4881466cee00e5cd0c7aa8;https://malware-research.org/prepare-father-of-stuxnet-news-are-coming/;2015-08-08 00:00:00;70;Florian Roth;EXE,FILE
ChinaChopper_Generic;China Chopper Webshells - PHP and ASPX;https://www.fireeye.com/content/dam/legacy/resources/pdfs/fireeye-china-chopper-report.pdf;2015-03-10 00:00:00;70;Florian Roth;CHINA,WEBSHELL
ChinaChopper_caidao;Chinese Hacktool Set - file caidao.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
ChinaChopper_one;Chinese Hacktool Set - file one.asp;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,HKTL,WEBSHELL
ChinaChopper_temp;Chinese Hacktool Set - file temp.asp;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,HKTL,WEBSHELL
ChinaChopper_temp_2;Chinese Hacktool Set - file temp.php;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,HKTL,WEBSHELL
ChinaChopper_temp_3;Chinese Hacktool Set - file temp.aspx;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,FILE,HKTL,WEBSHELL
Chinese_Hacktool_1014;Detects a chinese hacktool with unknown use;-;2014-10-10 00:00:00;60;Florian Roth;HKTL
ChromePass;Detects a tool used by APT groups - file ChromePass.exe;http://goo.gl/igxLyF;2016-09-08 00:00:00;70;Florian Roth;APT,EXE,FILE
CleanIISLog;Disclosed hacktool set (old stuff) - file CleanIISLog.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL
Cloaked_RAR_File;RAR file cloaked by a different extension;-;1970-01-01 01:00:00;70;Florian Roth;EXTVAR,FILE
Cloaked_as_JPG;Detects a cloaked file as JPG;-;2015-02-28 00:00:00;40;Florian Roth (eval section from Didier Stevens);EXTVAR,FILE
CloudDuke_Malware;Detects CloudDuke Malware;https://www.f-secure.com/weblog/archives/00002822.html;2015-07-22 00:00:00;60;Florian Roth;EXE,FILE,MAL,RUSSIA
CmdAsp_asp;Semi-Auto-generated - file CmdAsp.asp.txt;-;1970-01-01 01:00:00;70;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL
CmdShell64;Chinese Hacktool Set - file CmdShell64.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
Cmdshell32;Chinese Hacktool Set - file Cmdshell32.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
CobaltGang_Malware_Aug17_1;Detects a Cobalt Gang malware;https://sslbl.abuse.ch/intel/6ece5ece4192683d2d84e25b0ba7e04f9cb7eb7c;2017-08-09 00:00:00;70;Florian Roth;EXE,FILE,MAL
CobaltGang_Malware_Aug17_2;Detects a Cobalt Gang malware;https://sslbl.abuse.ch/intel/6ece5ece4192683d2d84e25b0ba7e04f9cb7eb7c;2017-08-09 00:00:00;70;Florian Roth;EXE,FILE,MAL
CobaltStrike_CN_Group_BeaconDropper_Aug17;Detects Script Dropper of Cobalt Gang used in August 2017;Internal Research;2017-08-09 00:00:00;70;Florian Roth;MAL
Cobaltgang_PDF_Metadata_Rev_A;Find documents saved from the same potential Cobalt Gang PDF template;https://researchcenter.paloaltonetworks.com/2018/10/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed/;2018-10-25 00:00:00;70;Palo Alto Networks Unit 42;
Codoso_CustomTCP;Codoso CustomTCP Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;70;Florian Roth;EXE,FILE,MAL
Codoso_CustomTCP_2;Detects Codoso APT CustomTCP Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL
Codoso_CustomTCP_3;Detects Codoso APT CustomTCP Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL
Codoso_CustomTCP_4;Detects Codoso APT CustomTCP Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL
Codoso_Gh0st_1;Detects Codoso APT Gh0st Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL
Codoso_Gh0st_2;Detects Codoso APT Gh0st Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL
Codoso_Gh0st_3;Detects Codoso APT Gh0st Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL
Codoso_PGV_PVID_1;Detects Codoso APT PGV PVID Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL
Codoso_PGV_PVID_2;Detects Codoso APT PGV PVID Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL
Codoso_PGV_PVID_3;Detects Codoso APT PGV PVID Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;70;Florian Roth;APT,MAL
Codoso_PGV_PVID_4;Detects Codoso APT PlugX Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL
Codoso_PGV_PVID_5;Detects Codoso APT PGV PVID Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL
Codoso_PGV_PVID_6;Detects Codoso APT PGV_PVID Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL
Codoso_PlugX_1;Detects Codoso APT PlugX Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL
Codoso_PlugX_2;Detects Codoso APT PlugX Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL
Codoso_PlugX_3;Detects Codoso APT PlugX Malware;https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks;2016-01-30 00:00:00;70;Florian Roth;APT,EXE,FILE,MAL
CoinHive_Javascript_MoneroMiner;Detects CoinHive - JavaScript Crypto Miner;https://coinhive.com/documentation/miner;2018-01-04 00:00:00;50;Florian Roth;
CoinMiner_Strings;Detects mining pool protocol string in Executable;https://minergate.com/faq/what-pool-address;2018-01-04 00:00:00;50;Florian Roth;
CookieTools2;Chinese Hacktool Set - file CookieTools2.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
CookieTools;Chinese Hacktool Set - file CookieTools.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
CoreImpact_sysdll_exe;Detects a malware sysdll.exe from the Rocket Kitten APT;-;2014-12-27 00:00:00;70;Florian Roth;APT,MIDDLE_EAST
CorkowDLL;Rule to detect the Corkow DLL files;-;2016-02-11 00:00:00;70;Group IB;EXE,FILE
Crackmapexec_EXE;Detects CrackMapExec hack tool;Internal Research;2018-04-06 00:00:00;85;Florian Roth;EXE,FILE,HKTL
CredentialStealer_Generic_Backdoor;Detects credential stealer byed on many strings that indicate password store access;Internal Research;2017-06-07 00:00:00;70;Florian Roth;EXE,FILE,GEN
CrimsonRAT_Mar18_1;Detects CrimsonRAT malware;Internal Research;2018-03-06 00:00:00;70;Florian Roth;EXE,FILE,MAL
CrowdStrike_Shamoon_DroppedFile;Rule to detect Shamoon malware http://goo.gl/QTxohN;http://www.rsaconference.com/writable/presentations/file_upload/exp-w01-hacking-exposed-day-of-destruction.pdf;1970-01-01 01:00:00;70;-;MIDDLE_EAST
CrunchRAT;Detects CrunchRAT - file CrunchRAT.exe;https://github.com/t3ntman/CrunchRAT;2017-11-03 00:00:00;70;Florian Roth;EXE,FILE,MAL
Customize;Chinese Hacktool Set - file Customize.aspx;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,HKTL,WEBSHELL
Customize_2;Chinese Hacktool Set - file Customize.jsp;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,HKTL,WEBSHELL
DKShell_f0772be3c95802a2d1e7a4a3f5a45dcdef6997f3;Detects a web shell;https://github.com/bartblaze/PHP-backdoors;2016-09-10 00:00:00;70;Florian Roth;FILE,WEBSHELL
DK_Brute;PoS Scammer Toolbox - http://goo.gl/xiIphp - file DK Brute.exe;http://goo.gl/xiIphp;2014-11-22 00:00:00;70;Florian Roth;HKTL
DLL_Injector_Lynx;Detects Lynx DLL Injector;Internal Research;2017-08-20 00:00:00;70;Florian Roth;EXE,FILE,HKTL
DTool_Pro_php;Semi-Auto-generated - file DTool Pro.php.txt;-;1970-01-01 01:00:00;70;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL
DTools2_02_DTools;Chinese Hacktool Set - file DTools.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
DUBrute_DUBrute;Chinese Hacktool Set - file DUBrute.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
DarkComet_Keylogger_File;Looks like a keylogger file created by DarkComet Malware;-;2014-07-25 00:00:00;50;Florian Roth;FILE,HKTL,MAL
DarkEYEv3_Cryptor;Rule to detect DarkEYEv3 encrypted executables (often malware);http://darkeyev3.blogspot.fi/;2015-05-24 00:00:00;55;Florian Roth;EXE,FILE
DarkSecurityTeam_Webshell;Dark Security Team Webshell;-;1970-01-01 01:00:00;50;Florian Roth;WEBSHELL
DarkSpy105;Webshells Auto-generated - file DarkSpy105.exe;-;1970-01-01 01:00:00;70;Florian Roth;WEBSHELL
Daserf_Nov1_BronzeButler;Detects Daserf malware used by Bronze Butler;https://goo.gl/ffeCfd;2017-11-08 00:00:00;70;Florian Roth;EXE,FILE
Datper_Backdoor;Detects Datper Malware;http://blog.jpcert.or.jp/2017/08/detecting-datper-malware-from-proxy-logs.html;2017-08-21 00:00:00;70;Florian Roth;EXE,FILE,MAL
Debug_BDoor;Webshells Auto-generated - file BDoor.dll;-;1970-01-01 01:00:00;70;Florian Roth;MAL,WEBSHELL
Debug_cress;Webshells Auto-generated - file cress.exe;-;1970-01-01 01:00:00;70;Florian Roth;WEBSHELL
Debug_dllTest_2;Webshells Auto-generated - file dllTest.dll;-;1970-01-01 01:00:00;70;Florian Roth;WEBSHELL
DeepPanda_Trojan_Kakfum;Hack Deep Panda - Trojan.Kakfum sqlsrv32.dll;-;2015-02-08 00:00:00;70;Florian Roth;CHINA,MAL
DeepPanda_htran_exe;Hack Deep Panda - htran-exe;-;2015-02-08 00:00:00;70;Florian Roth;CHINA
DeepPanda_lot1;Hack Deep Panda - lot1.tmp-pwdump;-;2015-02-08 00:00:00;70;Florian Roth;CHINA
DeepPanda_sl_txt_packed;Hack Deep Panda - ScanLine sl-txt-packed;-;2015-02-08 00:00:00;70;Florian Roth;CHINA
DefaceKeeper_0_2_php;Semi-Auto-generated - file DefaceKeeper_0.2.php.txt;-;1970-01-01 01:00:00;70;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL
Derusbi_Backdoor_Mar17_1;Detects a variant of the Derusbi backdoor;Internal Research;2017-03-03 00:00:00;70;Florian Roth;EXE,FILE,MAL
Derusbi_Code_Signing_Cert;Detects an executable signed with a certificate also used for Derusbi Trojan - suspicious;http://blog.airbuscybersecurity.com/post/2015/11/Newcomers-in-the-Derusbi-family;2015-12-15 00:00:00;60;Florian Roth;EXE,FILE,MAL
Derusbi_Kernel_Driver_WD_UDFS;Detects Derusbi Kernel Driver;http://blog.airbuscybersecurity.com/post/2015/11/Newcomers-in-the-Derusbi-family;2015-12-15 00:00:00;80;Florian Roth;EXE,FILE
Destructive_Ransomware_Gen1;Detects destructive malware;http://blog.talosintelligence.com/2018/02/olympic-destroyer.html;2018-02-12 00:00:00;70;Florian Roth;CRIME,EXE,FILE
DeviceGuard_WDS_Evasion;Detects WDS file used to circumvent Device Guard;http://www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html;1970-01-01 01:00:00;80;Florian Roth;
Dexter_Malware;Detects the Dexter Trojan/Agent http://goo.gl/oBvy8b;http://goo.gl/oBvy8b;2015-02-10 00:00:00;70;Florian Roth;MAL
Disclosed_0day_POCs_InjectDll;Detects POC code from disclosed 0day hacktool set;Disclosed 0day Repos;2017-07-07 00:00:00;70;Florian Roth;EXE,EXPLOIT,FILE,HKTL
Disclosed_0day_POCs_exploit;Detects POC code from disclosed 0day hacktool set;Disclosed 0day Repos;2017-07-07 00:00:00;70;Florian Roth;EXE,EXPLOIT,FILE,HKTL
Disclosed_0day_POCs_injector;Detects POC code from disclosed 0day hacktool set;Disclosed 0day Repos;2017-07-07 00:00:00;70;Florian Roth;EXE,EXPLOIT,FILE,HKTL
Disclosed_0day_POCs_lpe;Detects POC code from disclosed 0day hacktool set;Disclosed 0day Repos;2017-07-07 00:00:00;70;Florian Roth;EXE,EXPLOIT,FILE,HKTL
Disclosed_0day_POCs_lpe_2;Detects POC code from disclosed 0day hacktool set;Disclosed 0day Repos;2017-07-07 00:00:00;70;Florian Roth;EXE,EXPLOIT,FILE,HKTL
Disclosed_0day_POCs_payload_MSI;Detects POC code from disclosed 0day hacktool set;Disclosed 0day Repos;2017-07-07 00:00:00;70;Florian Roth;EXPLOIT,FILE,HKTL
Disclosed_0day_POCs_shellcodegenerator;Detects POC code from disclosed 0day hacktool set;Disclosed 0day Repos;2017-07-07 00:00:00;70;Florian Roth;EXE,EXPLOIT,FILE,HKTL
Dive_Shell_1_0___Emperor_Hacking_Team_php;Semi-Auto-generated - file Dive Shell 1.0 - Emperor Hacking Team.php.txt;-;1970-01-01 01:00:00;70;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL
DkShell_4000bd83451f0d8501a9dfad60dce39e55ae167d;Detects a web shell;https://github.com/bartblaze/PHP-backdoors;2016-09-10 00:00:00;70;Florian Roth;FILE,WEBSHELL
DllInjection;Webshells Auto-generated - file DllInjection.exe;-;1970-01-01 01:00:00;70;Florian Roth;HKTL,WEBSHELL
Dll_LoadEx;Chinese Hacktool Set - file Dll_LoadEx.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
Docm_in_PDF;Detects an embedded DOCM in PDF combined with OpenAction;Internal Research;2017-05-15 00:00:00;70;Florian Roth;FILE
DomainScanV1_0;Auto-generated rule on file DomainScanV1_0.exe;-;1970-01-01 01:00:00;70;yarGen Yara Rule Generator by Florian Roth;HKTL
Dorkbot_Injector_Malware;Detects Darkbot Injector;Internal Research;2016-10-08 00:00:00;70;Florian Roth;EXE,FILE,HKTL,MAL
Dos_1;Chinese Hacktool Set - file 1.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
Dos_Down32;Chinese Hacktool Set - file Down32.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
Dos_Down64;Chinese Hacktool Set - file Down64.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
Dos_GetPass;Chinese Hacktool Set - file GetPass.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
Dos_NtGod;Chinese Hacktool Set - file NtGod.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
Dos_c;Chinese Hacktool Set - file c.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
Dos_ch;Chinese Hacktool Set - file ch.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
Dos_fp;Chinese Hacktool Set - file fp.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
Dos_iis7;Chinese Hacktool Set - file iis7.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
Dos_iis;Chinese Hacktool Set - file iis.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
Dos_lcx;Chinese Hacktool Set - file lcx.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
Dos_look;Chinese Hacktool Set - file look.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
Dos_netstat;Chinese Hacktool Set - file netstat.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
Dos_sys;Chinese Hacktool Set - file sys.exe;http://tools.zjqhr.com/;2015-06-13 00:00:00;70;Florian Roth;CHINA,EXE,FILE,HKTL
DragonFly_APT_Sep17_1;Detects malware from DrqgonFly APT report;https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group;2017-09-12 00:00:00;70;Florian Roth;APT,EXE,FILE
DragonFly_APT_Sep17_2;Detects malware from DrqgonFly APT report;https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group;2017-09-12 00:00:00;70;Florian Roth;APT,EXE,FILE
DragonFly_APT_Sep17_3;Detects malware from DrqgonFly APT report;https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group;2017-09-12 00:00:00;70;Florian Roth;APT,EXE,FILE
DragonFly_APT_Sep17_4;Detects malware from DrqgonFly APT report;https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group;2017-09-12 00:00:00;70;Florian Roth;APT,EXE,FILE
Dridex_Trojan_XML;Dridex Malware in XML Document;https://threatpost.com/dridex-banking-trojan-spreading-via-macros-in-xml-files/111503;2015-03-08 00:00:00;70;Florian Roth @4nc4p;MAL
DropBear_SSH_Server;Detects DropBear SSH Server (not a threat but used to maintain access);http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/;2016-01-03 00:00:00;50;Florian Roth;EXE,FILE,RUSSIA
Dropper_DeploysMalwareViaSideLoading;Detect a dropper used to deploy an implant via side loading. This dropper has specifically been observed deploying REDLEAVES & PlugX;https://www.us-cert.gov/ncas/alerts/TA17-117A;1970-01-01 01:00:00;70;USG;
Dubnium_Sample_1;Detects sample mentioned in the Dubnium Report;https://goo.gl/AW9Cuu;2016-06-10 00:00:00;70;Florian Roth;EXE,FILE
Dubnium_Sample_2;Detects sample mentioned in the Dubnium Report;https://goo.gl/AW9Cuu;2016-06-10 00:00:00;70;Florian Roth;EXE,FILE
Dubnium_Sample_3;Detects sample mentioned in the Dubnium Report;https://goo.gl/AW9Cuu;2016-06-10 00:00:00;70;Florian Roth;EXE,FILE
Dubnium_Sample_5;Detects sample mentioned in the Dubnium Report;https://goo.gl/AW9Cuu;2016-06-10 00:00:00;70;Florian Roth;EXE,FILE
Dubnium_Sample_6;Detects sample mentioned in the Dubnium Report;https://goo.gl/AW9Cuu;2016-06-10 00:00:00;70;Florian Roth;EXE,FILE
Dubnium_Sample_7;Detects sample mentioned in the Dubnium Report;https://goo.gl/AW9Cuu;2016-06-10 00:00:00;70;Florian Roth;EXE,FILE
Dubnium_Sample_SSHOpenSSL;Detects sample mentioned in the Dubnium Report;https://goo.gl/AW9Cuu;2016-06-10 00:00:00;70;Florian Roth;EXE,FILE
Duqu2_Generic1;Kaspersky APT Report - Duqu2 Sample - Generic Rule;https://goo.gl/7yKyOj;2015-06-10 00:00:00;70;Florian Roth;APT,EXE,FILE,GEN
Duqu2_Sample1;Detects malware - Duqu2 (cross-matches with IronTiger malware and Derusbi);https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/;2016-07-02 00:00:00;80;Florian Roth;EXE,FILE,INDIA
Duqu2_Sample2;Detects Duqu2 Malware;https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/;2016-07-02 00:00:00;80;Florian Roth;EXE,FILE,MAL
Duqu2_Sample3;Detects Duqu2 Malware;https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/;2016-07-02 00:00:00;80;Florian Roth;EXE,FILE,MAL
Duqu2_Sample4;Detects Duqu2 Malware;https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/;2016-07-02 00:00:00;80;Florian Roth;EXE,FILE,MAL
Duqu2_UAs;Detects Duqu2 Executable based on the specific UAs in the file;https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/;2016-07-02 00:00:00;80;Florian Roth;EXE,FILE
DxShell_php_php;Semi-Auto-generated - file DxShell.php.php.txt;-;1970-01-01 01:00:00;70;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL
Dx_php_php;Semi-Auto-generated - file Dx.php.php.txt;-;1970-01-01 01:00:00;70;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL
EFSO_2_asp;Semi-Auto-generated - file EFSO_2.asp.txt;-;1970-01-01 01:00:00;70;Neo23x0 Yara BRG + customization by Stefan -dfate- Molls;WEBSHELL
EQGRP_1212;Detects tool from EQGRP toolset - file 1212.pl;Research;2016-08-15 00:00:00;75;Florian Roth;
EQGRP_1212_dehex;Detects tool from EQGRP toolset - from files 1212.pl, dehex.pl;Research;2016-08-15 00:00:00;75;Florian Roth;FILE
EQGRP_BARPUNCH_BPICKER;EQGRP Toolset Firewall - from files BARPUNCH-3110, BPICKER-3100;Research;2016-08-16 00:00:00;70;Florian Roth;FILE
EQGRP_BBALL;EQGRP Toolset Firewall - file BBALL_E28F6-2201.exe;Research;2016-08-16 00:00:00;70;Florian Roth;FILE
EQGRP_BBALL_M50FW08_2201;EQGRP Toolset Firewall - file BBALL_M50FW08-2201.exe;Research;2016-08-16 00:00:00;70;Florian Roth;FILE
EQGRP_BBANJO;EQGRP Toolset Firewall - file BBANJO-3011.exe;Research;2016-08-16 00:00:00;70;Florian Roth;FILE
EQGRP_BFLEA_2201;EQGRP Toolset Firewall - file BFLEA-2201.exe;Research;2016-08-16 00:00:00;70;Florian Roth;FILE
EQGRP_BICECREAM;EQGRP Toolset Firewall - file BICECREAM-2140;Research;2016-08-16 00:00:00;70;Florian Roth;FILE
EQGRP_BLIAR_BLIQUER;EQGRP Toolset Firewall - from files BLIAR-2110, BLIQUER-2230;Research;2016-08-16 00:00:00;70;Florian Roth;FILE
EQGRP_BPATROL_2201;EQGRP Toolset Firewall - file BPATROL-2201.exe;Research;2016-08-16 00:00:00;70;Florian Roth;FILE
EQGRP_BPIE;EQGRP Toolset Firewall - file BPIE-2201.exe;Research;2016-08-16 00:00:00;70;Florian Roth;FILE
EQGRP_BUSURPER_2211_724;EQGRP Toolset Firewall - file BUSURPER-2211-724.exe;Research;2016-08-16 00:00:00;70;Florian Roth;
EQGRP_BUSURPER_3001_724;EQGRP Toolset Firewall - file BUSURPER-3001-724.exe;Research;2016-08-16 00:00:00;70;Florian Roth;FILE
EQGRP_BananaAid;EQGRP Toolset Firewall - file BananaAid;Research;2016-08-16 00:00:00;70;Florian Roth;
EQGRP_BananaUsurper_writeJetPlow;EQGRP Toolset Firewall - from files BananaUsurper-2120, writeJetPlow-2130;Research;2016-08-16 00:00:00;70;Florian Roth;FILE
EQGRP_BpfCreator_RHEL4;EQGRP Toolset Firewall - file BpfCreator-RHEL4;Research;2016-08-16 00:00:00;70;Florian Roth;FILE
EQGRP_EPBA;EQGRP Toolset Firewall - file EPBA.script;Research;2016-08-16 00:00:00;70;Florian Roth;FILE
EQGRP_Extrabacon_Output;EQGRP Toolset Firewall - Extrabacon exploit output;Research;2016-08-16 00:00:00;70;Florian Roth;
EQGRP_Implants_Gen1;EQGRP Toolset Firewall;Research;2016-08-16 00:00:00;70;Florian Roth;FILE
EQGRP_Implants_Gen2;EQGRP Toolset Firewall;Research;2016-08-16 00:00:00;70;Florian Roth;FILE
EQGRP_Implants_Gen3;EQGRP Toolset Firewall;Research;2016-08-16 00:00:00;70;Florian Roth;FILE
EQGRP_Implants_Gen4;EQGRP Toolset Firewall - from files BLIAR-2110, BLIQUER-2230, BLIQUER-3030, BLIQUER-3120;Research;2016-08-16 00:00:00;70;Florian Roth;FILE
EQGRP_Implants_Gen5;EQGRP Toolset Firewall;Research;2016-08-16 00:00:00;70;Florian Roth;FILE
EQGRP_Implants_Gen6;EQGRP Toolset Firewall;Research;2016-08-16 00:00:00;70;Florian Roth;FILE
EQGRP_MixText;EQGRP Toolset Firewall - file MixText.py;Research;2016-08-16 00:00:00;70;Florian Roth;
EQGRP_RC5_RC6_Opcode;EQGRP Toolset Firewall - RC5 / RC6 opcode;https://securelist.com/blog/incidents/75812/the-equation-giveaway/;2016-08-17 00:00:00;70;Florian Roth;
EQGRP_SecondDate_2211;EQGRP Toolset Firewall - file SecondDate-2211.exe;Research;2016-08-16 00:00:00;70;Florian Roth;FILE
EQGRP_StoreFc;EQGRP Toolset Firewall - file StoreFc.py;Research;2016-08-16 00:00:00;70;Florian Roth;
EQGRP_Unique_Strings;EQGRP Toolset Firewall - Unique strings;Research;2016-08-16 00:00:00;70;Florian Roth;
EQGRP_bc_parser;Detects tool from EQGRP toolset - file bc-parser;Research;2016-08-15 00:00:00;75;Florian Roth;FILE
EQGRP_bo;EQGRP Toolset Firewall - file bo;Research;2016-08-16 00:00:00;70;Florian Roth;FILE
EQGRP_callbacks;EQGRP Toolset Firewall - Callback addresses;Research;2016-08-16 00:00:00;70;Florian Roth;
EQGRP_config_jp1_UA;EQGRP Toolset Firewall - file config_jp1_UA.pl;Research;2016-08-16 00:00:00;70;Florian Roth;
EQGRP_create_dns_injection;EQGRP Toolset Firewall - file create_dns_injection.py;Research;2016-08-16 00:00:00;70;Florian Roth;
EQGRP_create_http_injection;EQGRP Toolset Firewall - file create_http_injection.py;Research;2016-08-16 00:00:00;70;Florian Roth;FILE
EQGRP_dn_1_0_2_1;Detects tool from EQGRP toolset - file dn.1.0.2.1.linux;Research;2016-08-15 00:00:00;75;Florian Roth;FILE
EQGRP_durablenapkin_solaris_2_0_1;Detects tool from EQGRP toolset - file durablenapkin.solaris.2.0.1.1;Research;2016-08-15 00:00:00;75;Florian Roth;FILE
EQGRP_eligiblebombshell_generic;EQGRP Toolset Firewall - from files eligiblebombshell_1.2.0.1.py, eligiblebombshell_1.2.0.1.py;Research;2016-08-16 00:00:00;70;Florian Roth;
EQGRP_eligiblecandidate;EQGRP Toolset Firewall - file eligiblecandidate.py;Research;2016-08-16 00:00:00;70;Florian Roth;
EQGRP_epicbanana_2_1_0_1;EQGRP Toolset Firewall - file epicbanana_2.1.0.1.py;Research;2016-08-16 00:00:00;70;Florian Roth;
EQGRP_extrabacon;EQGRP Toolset Firewall - file extrabacon_1.1.0.1.py;Research;2016-08-16 00:00:00;70;Florian Roth;
EQGRP_false;Detects tool from EQGRP toolset - file false.exe;Research;2016-08-15 00:00:00;75;Florian Roth;EXE,FILE
EQGRP_hexdump;EQGRP Toolset Firewall - file hexdump.py;Research;2016-08-16 00:00:00;70;Florian Roth;FILE
EQGRP_installdate;Detects tool from EQGRP toolset - file installdate.pl;Research;2016-08-15 00:00:00;75;Florian Roth;
EQGRP_jetplow_SH;EQGRP Toolset Firewall - file jetplow.sh;Research;2016-08-16 00:00:00;70;Florian Roth;
EQGRP_morel;Detects tool from EQGRP toolset - file morel.exe;Research;2016-08-15 00:00:00;75;Florian Roth;EXE,FILE
EQGRP_networkProfiler_orderScans;EQGRP Toolset Firewall - file networkProfiler_orderScans.sh;Research;2016-08-16 00:00:00;70;Florian Roth;
EQGRP_noclient_3_0_5;Detects tool from EQGRP toolset - file noclient-3.0.5.3;Research;2016-08-15 00:00:00;75;Florian Roth;FILE
EQGRP_pandarock;EQGRP Toolset Firewall - from files pandarock_v1.11.1.1.bin, pit;Research;2016-08-16 00:00:00;70;Florian Roth;FILE
EQGRP_payload;EQGRP Toolset Firewall - file payload.py;Research;2016-08-16 00:00:00;70;Florian Roth;
EQGRP_screamingplow;EQGRP Toolset Firewall - file screamingplow.sh;Research;2016-08-16 00:00:00;70;Florian Roth;
EQGRP_shellcode;EQGRP Toolset Firewall - file shellcode.py;Research;2016-08-16 00:00:00;70;Florian Roth;
EQGRP_sniffer_xml2pcap;EQGRP Toolset Firewall - file sniffer_xml2pcap;Research;2016-08-16 00:00:00;70;Florian Roth;
EQGRP_sploit;EQGRP Toolset Firewall - from files sploit.py, sploit.py;Research;2016-08-16 00:00:00;70;Florian Roth;FILE
EQGRP_sploit_py;EQGRP Toolset Firewall - file sploit.py;Research;2016-08-16 00:00:00;70;Florian Roth;
EQGRP_ssh_telnet_29;EQGRP Toolset Firewall - from files ssh.py, telnet.py;Research;2016-08-16 00:00:00;70;Florian Roth;
EQGRP_teflondoor;Detects tool from EQGRP toolset - file teflondoor.exe;Research;2016-08-15 00:00:00;75;Florian Roth;EXE,FILE
EQGRP_teflonhandle;Detects tool from EQGRP toolset - file teflonhandle.exe;Research;2016-08-15 00:00:00;75;Florian Roth;EXE,FILE
EQGRP_tinyexec;EQGRP Toolset Firewall - from files tinyexec;Research;2016-08-16 00:00:00;70;Florian Roth;FILE
EQGRP_tinyhttp_setup;EQGRP Toolset Firewall - file tinyhttp_setup.sh;Research;2016-08-16 00:00:00;70;Florian Roth;FILE
EQGRP_tunnel_state_reader;EQGRP Toolset Firewall - file tunnel_state_reader;Research;2016-08-16 00:00:00;70;Florian Roth;
EQGRP_uninstallPBD;EQGRP Toolset Firewall - file uninstallPBD.bat;Research;2016-08-16 00:00:00;70;Florian Roth;
EQGRP_userscript;EQGRP Toolset Firewall - file userscript.FW;Research;2016-08-16 00:00:00;70;Florian Roth;
EQGRP_workit;EQGRP Toolset Firewall - file workit.py;Research;2016-08-16 00:00:00;70;Florian Roth;
EXE_cloaked_as_TXT;Executable with TXT extension;-;1970-01-01 01:00:00;70;Florian Roth;EXE,EXTVAR,FILE
EXE_extension_cloaking;Executable showing different extension (Windows default 'hide known extension');-;1970-01-01 01:00:00;70;Florian Roth;EXTVAR
EXP_DriveCrypt_1;Detects DriveCrypt exploit;Internal Research;2018-08-21 00:00:00;70;Florian Roth;EXE,FILE
EXP_DriveCrypt_x64passldr;Detects DriveCrypt exploit;Internal Research;2018-08-21 00:00:00;70;Florian Roth;EXE,FILE
EXP_Libre_Office_CVE_2018_16858;RCE in Libre Office with crafted ODT file (CVE-2018-16858);https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html;2019-02-01 00:00:00;70;John Lambert @JohnLaTwC / modified by Florian Roth;EXPLOIT,FILE,OFFICE
EXP_potential_CVE_2017_11882;-;https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobalt-strike-payload-exploiting-cve-2017-11882.html;1970-01-01 01:00:00;70;ReversingLabs;EXPLOIT,FILE
EditKeyLog;Disclosed hacktool set (old stuff) - file EditKeyLog.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL
EditKeyLogReadMe;Disclosed hacktool set (old stuff) - file EditKeyLogReadMe.txt;-;2014-11-23 00:00:00;60;Florian Roth;HKTL
EditServer;Disclosed hacktool set (old stuff) - file EditServer.exe;-;2014-11-23 00:00:00;60;Florian Roth;HKTL
EditServer_2;Webshells Auto-generated - file EditServer.exe;-;1970-01-01 01:00:00;70;Florian Roth;WEBSHELL
EditServer_EXE;Webshells Auto-generated - file EditServer.exe;-;1970-01-01 01:00:00;70;Florian Roth;WEBSHELL
EldoS_RawDisk;EldoS Rawdisk Device Driver (Commercial raw disk access driver - used in Operation Shamoon 2.0);https://goo.gl/jKIfGB;2016-12-01 00:00:00;50;Florian Roth (with Binar.ly);EXE,FILE,MIDDLE_EAST
Elise_Jan18_1;Detects Elise malware samples - fake Norton Security NavShExt.dll;https://twitter.com/blu3_team/status/955971742329135105;2018-01-24 00:00:00;70;Florian Roth;EXE,FILE
Embedded_EXE_Cloaking;Detects an embedded executable in a non-executable file;-;2015-02-27 00:00:00;65;Florian Roth;EXTVAR
Emdivi_Gen1;Detects Emdivi Malware;https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/;2015-08-20 00:00:00;80;Florian Roth @Cyber0ps;EXE,FILE,MAL
Emdivi_Gen2;Detects Emdivi Malware;https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/;2015-08-20 00:00:00;80;Florian Roth @Cyber0ps;EXE,FILE,MAL
Emdivi_Gen3;Detects Emdivi Malware;https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/;2015-08-20 00:00:00;80;Florian Roth @Cyber0ps;EXE,FILE,MAL
Emdivi_Gen4;Detects Emdivi Malware;https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/;2015-08-20 00:00:00;80;Florian Roth @Cyber0ps;EXE,FILE,MAL
Emdivi_SFX;Detects Emdivi malware in SFX Archive;https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/;2015-08-20 00:00:00;70;Florian Roth @Cyber0ps;EXE,FILE
Emissary_APT_Malware_1;Detect Emissary Malware - from samples A08E81B411.DAT, ishelp.dll;http://goo.gl/V0epcf;2016-01-02 00:00:00;75;Florian Roth;APT,EXE,FILE,MAL
Empire_Agent_Gen;Detects Empire component - from files agent.ps1, agent.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE
Empire_Exploit_JBoss;Detects Empire component - file Exploit-JBoss.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE
Empire_Exploit_Jenkins;Detects Empire component - file Exploit-Jenkins.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE
Empire_Get_GPPPassword;Detects Empire component - file Get-GPPPassword.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE
Empire_Get_Keystrokes;Detects Empire component - file Get-Keystrokes.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE
Empire_Get_SecurityPackages;Detects Empire component - file Get-SecurityPackages.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE
Empire_Install_SSP;Detects Empire component - file Install-SSP.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE
Empire_Invoke_BypassUAC;Empire - a pure PowerShell post-exploitation agent - file Invoke-BypassUAC.ps1;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT
Empire_Invoke_CredentialInjection_Invoke_Mimikatz_Gen;Detects Empire component - from files Invoke-CredentialInjection.ps1, Invoke-Mimikatz.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE,HKTL
Empire_Invoke_DllInjection;Detects Empire component - file Invoke-DllInjection.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE,HKTL
Empire_Invoke_EgressCheck;Detects Empire component - file Invoke-EgressCheck.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE
Empire_Invoke_Gen;Detects Empire component - from files Invoke-DCSync.ps1, Invoke-PSInject.ps1, Invoke-ReflectivePEInjection.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE,HKTL
Empire_Invoke_InveighRelay_Gen;Detects Empire component - from files Invoke-InveighRelay.ps1, Invoke-InveighRelay.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE
Empire_Invoke_MetasploitPayload;Detects Empire component - file Invoke-MetasploitPayload.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE,METASPLOIT
Empire_Invoke_Mimikatz;Empire - a pure PowerShell post-exploitation agent - file Invoke-Mimikatz.ps1;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT
Empire_Invoke_Mimikatz_Gen;Detects Empire component - file Invoke-Mimikatz.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE
Empire_Invoke_Portscan_Gen;Detects Empire component - from files Invoke-Portscan.ps1, Invoke-Portscan.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE
Empire_Invoke_PostExfil;Detects Empire component - file Invoke-PostExfil.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE
Empire_Invoke_PowerDump;Detects Empire component - file Invoke-PowerDump.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE,HKTL
Empire_Invoke_PsExec;Detects Empire component - file Invoke-PsExec.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE
Empire_Invoke_SMBAutoBrute;Detects Empire component - file Invoke-SMBAutoBrute.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE
Empire_Invoke_SSHCommand;Detects Empire component - file Invoke-SSHCommand.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE
Empire_Invoke_Shellcode;Empire - a pure PowerShell post-exploitation agent - file Invoke-Shellcode.ps1;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT
Empire_Invoke_ShellcodeMSIL;Detects Empire component - file Invoke-ShellcodeMSIL.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE
Empire_Invoke_SmbScanner;Detects Empire component - file Invoke-SmbScanner.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE,HKTL
Empire_KeePassConfig;Detects Empire component - file KeePassConfig.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE
Empire_KeePassConfig_Gen;Detects Empire component - from files KeePassConfig.ps1, KeePassConfig.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE
Empire_Out_Minidump;Detects Empire component - file Out-Minidump.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE
Empire_Persistence;Empire - a pure PowerShell post-exploitation agent - file Persistence.psm1;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT
Empire_PowerShell_Framework_Gen1;Detects Empire component;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE,SCRIPT
Empire_PowerShell_Framework_Gen2;Detects Empire component;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE,SCRIPT
Empire_PowerShell_Framework_Gen3;Detects Empire component;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE,SCRIPT
Empire_PowerShell_Framework_Gen4;Detects Empire component;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE,SCRIPT
Empire_PowerShell_Framework_Gen5;Detects Empire component;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE,SCRIPT
Empire_PowerUp_Gen;Detects Empire component - from files PowerUp.ps1, PowerUp.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE
Empire_ReflectivePick_x64_orig;Detects Empire component - file ReflectivePick_x64_orig.dll;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;EXE,FILE
Empire_Write_HijackDll;Empire - a pure PowerShell post-exploitation agent - file Write-HijackDll.ps1;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT
Empire__Users_neo_code_Workspace_Empire_4sigs_PowerUp;Detects Empire component - file PowerUp.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE
Empire_dumpCredStore;Detects Empire component - file dumpCredStore.ps1;https://github.com/adaptivethreat/Empire;2016-11-05 00:00:00;70;Florian Roth;FILE
Empire_invoke_wmi;Empire - a pure PowerShell post-exploitation agent - file invoke_wmi.py;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT
Empire_lib_modules_credentials_mimikatz_pth;Empire - a pure PowerShell post-exploitation agent - file pth.py;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT
Empire_lib_modules_trollsploit_message;Empire - a pure PowerShell post-exploitation agent - file message.py;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT
Empire_portscan;Empire - a pure PowerShell post-exploitation agent - file portscan.py;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT
Empire_skeleton_key;Empire - a pure PowerShell post-exploitation agent - file skeleton_key.py;https://github.com/PowerShellEmpire/Empire;2015-08-06 00:00:00;70;Florian Roth;SCRIPT
Enfal_Malware;Detects a certain type of Enfal Malware;not set;2015-02-10 00:00:00;60;Florian Roth;MAL
Enfal_Malware_Backdoor;Generic Rule to detect the Enfal Malware;-;2015-02-10 00:00:00;60;Florian Roth;GEN,MAL
EnigmaPacker_Rare;Detects an ENIGMA packed executable;Internal Research;2017-04-27 00:00:00;60;Florian Roth;EXE,FILE
Enigma_Protected_Malware;Detects samples packed by Enigma Protector;https://goo.gl/OEVQ9w;2017-02-03 00:00:00;70;Florian Roth with the help of binar.ly;EXE,FILE
Enigma_Protected_Malware_May17_RhxFiles;Auto-generated rule - file RhxFiles.dll;Internal Research;2017-05-02 00:00:00;70;Florian Roth with the help of binar.ly;EXE,FILE,MAL
EquationDrug_CompatLayer_UnilayDLL;EquationDrug - Unilay.DLL;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;70;Florian Roth @4nc4p;
EquationDrug_FileSystem_Filter;EquationDrug - Filesystem filter driver - volrec.sys, scsi2mgr.sys;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;70;Florian Roth @4nc4p;
EquationDrug_HDDSSD_Op;EquationDrug - HDD/SSD firmware operation - nls_933w.dll;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;70;Florian Roth @4nc4p;
EquationDrug_KernelRootkit;EquationDrug - Kernel mode stage 0 and rootkit (Windows 2000 and above) - msndsrv.sys;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;70;Florian Roth @4nc4p;
EquationDrug_Keylogger;EquationDrug - Key/clipboard logger driver - msrtvd.sys;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;70;Florian Roth @4nc4p;HKTL
EquationDrug_MS_Identifier;Microsoft Identifier used in EquationDrug Platform;-;2015-03-11 00:00:00;70;Florian Roth @4nc4p;
EquationDrug_NetworkSniffer1;EquationDrug - Backdoor driven by network sniffer - mstcp32.sys, fat32.sys;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;70;Florian Roth @4nc4p;MAL
EquationDrug_NetworkSniffer2;EquationDrug - Network Sniffer - tdip.sys;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;70;Florian Roth @4nc4p;
EquationDrug_NetworkSniffer3;EquationDrug - Network Sniffer - tdip.sys;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;70;Florian Roth @4nc4p;
EquationDrug_NetworkSniffer4;EquationDrug - Network-sniffer/patcher - atmdkdrv.sys;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;70;Florian Roth @4nc4p;
EquationDrug_NetworkSniffer5;EquationDrug - Network-sniffer/patcher - atmdkdrv.sys;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;70;Florian Roth @4nc4p;
EquationDrug_PlatformOrchestrator;EquationDrug - Platform orchestrator - mscfg32.dll, svchost32.dll;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;70;Florian Roth @4nc4p;
EquationDrug_VolRec_Driver;EquationDrug - Collector plugin for Volrec - msrstd.sys;http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/;2015-03-11 00:00:00;70;Florian Roth @4nc4p;
EquationGroup_Auditcleaner;Equation Group hack tool leaked by ShadowBrokers- file Auditcleaner;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;HKTL
EquationGroup_DUL;Equation Group hack tool leaked by ShadowBrokers- file DUL;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;FILE,HKTL
EquationGroup_DXGHLP16;EquationGroup Malware - file DXGHLP16.SYS;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;70;Florian Roth;EXE,FILE,MAL
EquationGroup_EquationDrug_Gen_1;EquationGroup Malware;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;70;Florian Roth;EXE,FILE,GEN,MAL
EquationGroup_EquationDrug_Gen_2;EquationGroup Malware - file PortMap_Implant.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;70;Auto Generated;EXE,FILE,GEN,MAL
EquationGroup_EquationDrug_Gen_3;EquationGroup Malware - file mssld.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;70;Auto Generated;EXE,FILE,GEN,MAL
EquationGroup_EquationDrug_Gen_4;EquationGroup Malware - file PC_Level4_flav_dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;70;Auto Generated;EXE,FILE,GEN,MAL
EquationGroup_EquationDrug_Gen_5;EquationGroup Malware - file PC_Level3_http_dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;70;Florian Roth;EXE,FILE,GEN,MAL
EquationGroup_EquationDrug_Gen_6;EquationGroup Malware - file PC_Level3_dll_x64;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;70;Florian Roth;EXE,FILE,GEN,MAL
EquationGroup_EquationDrug_msgkd;EquationGroup Malware - file msgkd.ex_;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;70;Florian Roth;EXE,FILE,MAL
EquationGroup_EquationDrug_mstcp32;EquationGroup Malware - file mstcp32.sys;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;70;Florian Roth;EXE,FILE,MAL
EquationGroup_EquationDrug_ntevt;EquationGroup Malware - file ntevt.sys;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;70;Florian Roth;EXE,FILE,MAL
EquationGroup_EquationDrug_tdi6;EquationGroup Malware - file tdi6.sys;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;70;Florian Roth;EXE,FILE,MAL
EquationGroup_EventLogEdit_Implant;EquationGroup Malware - file EventLogEdit_Implant.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;70;Florian Roth;EXE,FILE,MAL
EquationGroup_GetAdmin_Lp;EquationGroup Malware - file GetAdmin_Lp.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;70;Florian Roth;EXE,FILE,MAL
EquationGroup_LSADUMP_Lp;EquationGroup Malware - file LSADUMP_Lp.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;70;Florian Roth;EXE,FILE,HKTL,MAL
EquationGroup_ModifyGroup_Lp;EquationGroup Malware - file ModifyGroup_Lp.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;70;Florian Roth;EXE,FILE,MAL
EquationGroup_PC_Level3_http_flav_dll;EquationGroup Malware - file PC_Level3_http_flav_dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;70;Florian Roth;EXE,FILE,MAL
EquationGroup_PC_Level3_http_flav_dll_x64;EquationGroup Malware - file PC_Level3_http_flav_dll_x64;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;70;Florian Roth;EXE,FILE,MAL
EquationGroup_PC_Level4_flav_dll_x64;EquationGroup Malware - file PC_Level4_flav_dll_x64;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;70;Florian Roth;EXE,FILE,MAL
EquationGroup_PC_Level4_flav_exe;EquationGroup Malware - file PC_Level4_flav_exe;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;70;Florian Roth;EXE,FILE,MAL
EquationGroup_PassFreely_Lp;EquationGroup Malware - file PassFreely_Lp.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;70;Florian Roth;EXE,FILE,MAL
EquationGroup_PortMap_Lp;EquationGroup Malware - file PortMap_Lp.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;70;Florian Roth;EXE,FILE,MAL
EquationGroup_ProcessHide_Lp;EquationGroup Malware - file ProcessHide_Lp.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;70;Florian Roth;EXE,FILE,MAL
EquationGroup_ProcessOptions_Lp;EquationGroup Malware - file ProcessOptions_Lp.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;70;Florian Roth;EXE,FILE,MAL
EquationGroup_RunAsChild_Lp;EquationGroup Malware - file RunAsChild_Lp.dll;https://goo.gl/tcSoiJ;2017-01-13 00:00:00;70;Florian Roth;EXE,FILE,MAL
EquationGroup_Toolset_Apr17_ActiveDirectory_Target;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_AdUser_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Architouch_1_0_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Architouch_Eternalsynergy_Smbtouch;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Banner_Implant9x;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_DS_ParseLogs;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Darkpulsar_1_1_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_DiBa_Target;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_DiBa_Target_2000;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_DiBa_Target_BH;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_DiBa_Target_BH_2000;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_DllLoad_Target;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_DmGz_Target;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_DmGz_Target_2;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_DoubleFeatureDll_dll_2;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_DoubleFeatureDll_dll_3;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Doublepulsar_1_3_1;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Dsz_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_EXPA;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Easybee_1_0_1;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Easypi_Explodingcan;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Eclipsedwing_Rpcproxy_Pcdlllauncher;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Eclipsedwingtouch_1_0_4;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Educatedscholar_1_0_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Educatedscholartouch_1_0_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Englishmansdentist_1_2_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_EpWrapper;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Erraticgopher_1_0_1;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Erraticgophertouch_1_0_1;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Esteemaudit_2_1_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Esteemaudittouch_2_1_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Eternalromance;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Eternalromance_2;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Explodingcantouch_1_2_1;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_GangsterThief_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Gen1;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Gen2;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Gen3;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Gen4;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_GenKey;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_GetAdmin_LSADUMP_ModifyPrivilege_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_GrDo_FileScanner_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Ifconfig_Target;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Iistouch_1_2_2;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_KisuComms_Target_2000;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Mcl_NtMemory_Std;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Mofconfig_1_0_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Namedpipetouch_2_0_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Oracle_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_PC_Exploit;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_PC_LP;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_PC_Legacy_dll;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_PC_Level3_Gen;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_PC_Level3_http_exe;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_PC_Level_Generic;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_PacketScan_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_ParseCapture;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Processes_Target;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Regread_1_1_1;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_RemoteCommand_Lp;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_RemoteExecute_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_RemoteExecute_Target;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Rpctouch_2_1_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_SendPKTrigger;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_SetCallback;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_SetCallbackPorts;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_SetOurAddr;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_SetPorts;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_SetResourceName;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Shares_Target;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_SlDecoder;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Smbtouch_1_1_1;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_Windows_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17__AddResource;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17__DoubleFeatureReader_DoubleFeatureReader_0;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17__EAFU_ecwi_ESKE_EVFR_RPC2_4;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17__ELV_ESKE_13;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17__ELV_ESKE_ETBL_ETRE_EVFR_11;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17__ELV_ESKE_EVFR_16;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17__ELV_ESKE_EVFR_RPC2_15;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17__ELV_ESKE_EVFR_RideArea2_12;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17__ESKE_RPC2_8;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17__ETBL_ETRE_10;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17__ETBL_ETRE_SMBTOUCH_17;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17__Emphasismine;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17__LSADUMP_Lp_ModifyPrivilege_Lp_PacketScan_Lp_put_Lp_RemoteExecute_Lp_Windows_Lp_wmi_Lp_9;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17__NameProbe_SMBTOUCH_14;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17__SendCFTrigger_SendPKTrigger_6;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17__ecwi_ESKE_EVFR_RPC2_2;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17__vtuner_vtuner_1;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_clocksvc;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_drivers_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_greatdoc_dll_config;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_lp_mstcp;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_msgkd_msslu64_msgki_mssld;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_msgks_mskgu;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_mstcp32_DXGHLP16_tdip;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_ntevt;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_ntfltmgr;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_promiscdetect_safe;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_put_Implant9x;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_pwd_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_rc5;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_regprobe;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_renamer;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_scanner;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_st_lp;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_svctouch;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_tacothief;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_wmi_Implant;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_xxxRIDEAREA;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_yak;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_Toolset_Apr17_yak_min_install;Detects EquationGroup Tool - April Leak;https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation;2017-04-15 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup__ftshell;Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;FILE,HKTL
EquationGroup__ftshell_ftshell_v3_10_3_0;Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;FILE,HKTL
EquationGroup__funnelout_v4_1_0_1;Equation Group hack tool leaked by ShadowBrokers- from files funnelout.v4.1.0.1.pl;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;FILE,HKTL
EquationGroup__ghost_sparc_ghost_x86_3;Equation Group hack tool leaked by ShadowBrokers- from files ghost_sparc, ghost_x86;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;FILE,HKTL
EquationGroup__jparsescan_parsescan_5;Equation Group hack tool leaked by ShadowBrokers- from files jparsescan, parsescan;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;FILE,HKTL
EquationGroup__magicjack_v1_1_0_0_client;Equation Group hack tool leaked by ShadowBrokers- from files magicjack_v1.1.0.0_client-1.1.0.0.py;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;FILE,HKTL
EquationGroup__pclean_v2_1_1_pclean_v2_1_1_4;Equation Group hack tool leaked by ShadowBrokers- from files pclean.v2.1.1.0-linux-i386, pclean.v2.1.1.0-linux-x86_64;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;FILE,HKTL
EquationGroup__scanner_scanner_v2_1_2;Equation Group hack tool leaked by ShadowBrokers- from files scanner, scanner.v2.1.2;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;FILE,HKTL
EquationGroup_calserver;Equation Group hack tool leaked by ShadowBrokers- file calserver;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;FILE,HKTL
EquationGroup_charm_saver_win2k_v_2_0_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_cmsd;Equation Group hack tool leaked by ShadowBrokers- file cmsd;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;FILE,HKTL
EquationGroup_cmsex;Equation Group hack tool leaked by ShadowBrokers- file cmsex;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;FILE,HKTL
EquationGroup_cryptTool;Equation Group hack tool leaked by ShadowBrokers- file cryptTool;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;FILE,HKTL
EquationGroup_curseflower_mswin32_v_1_0_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_cursehappy_win2k_v_6_1_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_cursehelper_win2k_i686_v_2_2_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_curseroot_win2k_v_2_1_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_cursesleepy_mswin32_v_1_0_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_cursetingle_2_0_1_2_mswin32_v_2_0_1;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_cursewham_curserazor_cursezinger_curseroot_win2k;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_curseyo_win2k_v_1_0_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;70;Florian Roth;EXE,FILE
EquationGroup_cursezinger_linuxrh7_3_v_2_0_0;Equation Group hack tool set;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-09 00:00:00;70;Florian Roth;FILE
EquationGroup_dumppoppy;Equation Group hack tool leaked by ShadowBrokers- file dumppoppy;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;HKTL
EquationGroup_ebbisland;Equation Group hack tool leaked by ShadowBrokers- file ebbisland;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;HKTL
EquationGroup_ebbshave;Equation Group hack tool leaked by ShadowBrokers- file ebbshave.v5;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;FILE,HKTL
EquationGroup_eggbasket;Equation Group hack tool leaked by ShadowBrokers- file eggbasket;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;FILE,HKTL
EquationGroup_eh_1_1_0;Equation Group hack tool leaked by ShadowBrokers- file eh.1.1.0.0;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;FILE,HKTL
EquationGroup_elatedmonkey_1_0_1_1;Equation Group hack tool leaked by ShadowBrokers- file elatedmonkey.1.0.1.1.sh;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;FILE,HKTL
EquationGroup_electricslide;Equation Group hack tool leaked by ShadowBrokers- file electricslide;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;FILE,HKTL
EquationGroup_elgingamble;Equation Group hack tool leaked by ShadowBrokers- file elgingamble;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;HKTL
EquationGroup_emptycriss;Equation Group hack tool leaked by ShadowBrokers- file emptycriss;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;HKTL
EquationGroup_envisioncollision;Equation Group hack tool leaked by ShadowBrokers- file envisioncollision;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;FILE,HKTL
EquationGroup_envoytomato;Equation Group hack tool leaked by ShadowBrokers- file envoytomato;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;HKTL
EquationGroup_epoxyresin_v1_0_0;Equation Group hack tool leaked by ShadowBrokers- file epoxyresin.v1.0.0.1;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;FILE,HKTL
EquationGroup_estesfox;Equation Group hack tool leaked by ShadowBrokers- file estesfox;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;HKTL
EquationGroup_estopmoonlit;Equation Group hack tool leaked by ShadowBrokers- file estopmoonlit;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;HKTL
EquationGroup_evolvingstrategy_1_0_1;Equation Group hack tool leaked by ShadowBrokers- file evolvingstrategy.1.0.1.1;https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1;2017-04-08 00:00:00;70;Florian Roth;HKTL