← Back to Pulse Feed
PULSE DETAIL
Abuse.ch dump of all community yara uploads.
MITRE ATT&CK & Malware Families
Indicators of Compromise (788)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 276f14d432601003b6bf0caa8cd82fec | MD5 of 1bed3755276abd9b54db13882fcf29c543ebf604be3b7fcf060cbd6d68bcd23f | 2024-03-22 | |
| FileHash-SHA1 | bd30ada16bfd7de0224bbdaa67245f898546a8bb | SHA1 of 1bed3755276abd9b54db13882fcf29c543ebf604be3b7fcf060cbd6d68bcd23f | 2024-03-22 | |
| FileHash-SHA256 | 1bed3755276abd9b54db13882fcf29c543ebf604be3b7fcf060cbd6d68bcd23f | — | 2024-03-22 | |
| domain | export.name | — | 2024-03-22 | |
| FileHash-MD5 | 68031a2b11c02bee00a0a687110994be | — | 2024-03-22 | |
| FileHash-MD5 | 6fd5d31d607a212c6f7651c79e7655a3 | MD5 of 364275326bbfc4a3b89233dabdaf3230a3d149ab774678342a40644ad9f8d614 | 2024-03-22 | |
| FileHash-SHA1 | ddd18e208aff7b00a46e06f8d9485f81ff4221ea | SHA1 of 364275326bbfc4a3b89233dabdaf3230a3d149ab774678342a40644ad9f8d614 | 2024-03-22 | |
| FileHash-SHA256 | 364275326bbfc4a3b89233dabdaf3230a3d149ab774678342a40644ad9f8d614 | — | 2024-03-22 | |
| domain | resource.name | — | 2024-03-22 | |
| domain | section.name | — | 2024-03-22 | |
| FileHash-MD5 | 83ab6775cf9cc1d55bbb189854699c8f | — | 2024-03-22 | |
| FileHash-SHA256 | 14a5d850c255623f9472e3c650abce0c78d32f0276b315b3a276a0462d97a1ac | — | 2024-03-22 | |
| FileHash-SHA256 | 1a0c6d8588ad2bcc8fe37d32aad70981dd42eca259d570799beb531448d25ece | — | 2024-03-22 | |
| FileHash-SHA256 | c199d37d9a06a0f4c75f70a8abd3d0c2faeb17b255174c5e67392d81cf5ff0ec | — | 2024-03-22 | |
| YARA | edbc650cbcbc482b4e9e407b9d35c92908351d01 | Identify QuasarRAT samples | 2024-03-22 | |
| FileHash-MD5 | e4c356cf822cda0ca8e8161cb5bf6c39 | MD5 of 267071df79927abd1e57f57106924dd8a68e1c4ed74e7b69403cdcdf6e6a453b | 2024-03-22 | |
| FileHash-SHA1 | ee350f5295fc127285791b76f2a2be98d7681a91 | SHA1 of 267071df79927abd1e57f57106924dd8a68e1c4ed74e7b69403cdcdf6e6a453b | 2024-03-22 | |
| FileHash-SHA256 | 267071df79927abd1e57f57106924dd8a68e1c4ed74e7b69403cdcdf6e6a453b | — | 2024-03-22 | |
| URL | https://hanagram.jp/wp/wp-content/themes/hanagram/rss-old.php | — | 2024-03-22 | |
| URL | https://thefinetreats.com/wp-content/themes/twentyseventeen/rss-old.php | — | 2024-03-22 | |
| YARA | ef18ec86e25c17aa48f9c33539db6e9345978456 | — | 2024-03-22 | |
| domain | hanagram.jp | — | 2024-03-22 | |
| domain | thefinetreats.com | — | 2024-03-22 | |
| FileHash-MD5 | 96728cdb39ea05f8c8b1d80195a2914b | — | 2024-03-22 | |
| FileHash-SHA1 | f4a85ddbb12e4b726a93edb5b96b02f7fd2d0f41 | SHA1 of 96728cdb39ea05f8c8b1d80195a2914b | 2024-03-22 | |
| FileHash-SHA256 | 6448b20c2df8ce8ff8de24094f6961fc3889b60a2a650ecfe4e7ccab52175000 | SHA256 of 96728cdb39ea05f8c8b1d80195a2914b | 2024-03-22 | |
| YARA | c798a73b1bd1e3770b56cf99bd79707fe9d6626c | Detect PE files compiled with PyInstaller with AntiDecompilation string. Observed in GlobalNet botnet campaign. | 2024-03-22 | |
| FileHash-MD5 | f7c5ba27cb34c2dc76ee711a9e57b938 | MD5 of 07f5e74ebd8a4c7edd1812f4c766052239b7da74ca67fd75f143c1f833a4672b | 2024-03-22 | |
| FileHash-SHA1 | 7979300a589177cac2796cfb003af0c523246749 | SHA1 of 07f5e74ebd8a4c7edd1812f4c766052239b7da74ca67fd75f143c1f833a4672b | 2024-03-22 | |
| FileHash-SHA256 | 07f5e74ebd8a4c7edd1812f4c766052239b7da74ca67fd75f143c1f833a4672b | — | 2024-03-22 | |
| YARA | beba8f5a2f4e78f010f917fd5c5b5fd490a6991c | Detects the Atlantida Stealer malware based on matched strings | 2024-03-22 | |
| FileHash-MD5 | 6b1266f334d8f6c9986d1c94275a63fa | MD5 of f0b789e7ac0c5eee6f264daeb13620aaf4baaa09a3e519a1c136822b63241c3e | 2024-03-22 | |
| FileHash-SHA1 | b03d2359f0d4ae8847962cf049cb8e2645822dec | SHA1 of f0b789e7ac0c5eee6f264daeb13620aaf4baaa09a3e519a1c136822b63241c3e | 2024-03-22 | |
| FileHash-SHA256 | f0b789e7ac0c5eee6f264daeb13620aaf4baaa09a3e519a1c136822b63241c3e | — | 2024-03-22 | |
| FileHash-MD5 | 00000000000000000000000000000000 | — | 2024-03-22 | |
| YARA | 47b9d4201bf622cedf89ba2ef8e79c48be5dd9fc | — | 2024-03-22 | |
| FileHash-MD5 | 22a968beda8a033eb31ae175b7e0a937 | — | 2024-03-22 | |
| FileHash-SHA1 | 124b04f28a87a780c8362663f47e8f6c11579aa5 | SHA1 of 22a968beda8a033eb31ae175b7e0a937 | 2024-03-22 | |
| FileHash-SHA256 | d2f1cccfe688c074c3d58ae8f7be7b10dbea5d7ae53320c3f7b6e48cd4f62955 | SHA256 of 22a968beda8a033eb31ae175b7e0a937 | 2024-03-22 | |
| YARA | 4658d7c59ffc54fcd6ca63ed44ba5dd8ec057dd6 | — | 2024-03-22 | |
| FileHash-MD5 | 7b419724d28a464fa3ccead029201e05 | — | 2024-03-22 | |
| YARA | 76258f15fb25c1415fe08a18c36e53d514d15396 | Detects the unpacked Vidar binary. | 2024-03-22 | |
| CVE | CVE-2018-0798 | — | 2024-03-22 | |
| FileHash-MD5 | 49500807ca5f7d2b08d09729921f4714 | MD5 of bd0d25194634b2c74188cfa3be6668590e564e6fe26a6fe3335f95cbc943ce1d | 2024-03-22 | |
| FileHash-MD5 | a1d9e1dccfbba118d52f95ec6cc7c943 | MD5 of 0c7158f9fc2093caf5ea1e34d8b8fffce0780ffd25191fac9c9b52c3208bc450 | 2024-03-22 | |
| FileHash-MD5 | edd437fa61fca68eefc2d0c832dc80aa | MD5 of 3992d5a725126952f61b27d43bd4e03afa5fa4a694dca7cf8bbf555448795cd6 | 2024-03-22 | |
| FileHash-SHA1 | 7fafa0794ed5687a4d85c5d868edf4e9ac0fcb87 | SHA1 of 3992d5a725126952f61b27d43bd4e03afa5fa4a694dca7cf8bbf555448795cd6 | 2024-03-22 | |
| FileHash-SHA1 | 8efa4d5574a0c80733e9824ec146521385a68424 | SHA1 of 0c7158f9fc2093caf5ea1e34d8b8fffce0780ffd25191fac9c9b52c3208bc450 | 2024-03-22 | |
| FileHash-SHA1 | cb9beeaae4077170b085b0e92f8e3872dda2ee8b | SHA1 of bd0d25194634b2c74188cfa3be6668590e564e6fe26a6fe3335f95cbc943ce1d | 2024-03-22 | |
| FileHash-SHA256 | 0c7158f9fc2093caf5ea1e34d8b8fffce0780ffd25191fac9c9b52c3208bc450 | — | 2024-03-22 | |
| FileHash-SHA256 | 3992d5a725126952f61b27d43bd4e03afa5fa4a694dca7cf8bbf555448795cd6 | — | 2024-03-22 | |
| FileHash-SHA256 | bd0d25194634b2c74188cfa3be6668590e564e6fe26a6fe3335f95cbc943ce1d | — | 2024-03-22 | |
| URL | https://www.secuinfra.com/en/techtalk/whatever-floats-your-boat-bitter-apt-continues-to-target-bangladesh | — | 2024-03-22 | |
| YARA | 0360d3aa05f488aba94882bb14fbff612999c501 | Detects Bitter (T-APT-17) shellcode in oleObject (CVE-2018-0798) | 2024-03-22 | |
| hostname | www.secuinfra.com | — | 2024-03-22 | |
| FileHash-MD5 | bd9981b13c37d3ba04e55152243b1e3e | MD5 of 4669160ec356a8640cef92ddbaf7247d717a3ef1 | 2024-03-22 | |
| FileHash-SHA1 | 4669160ec356a8640cef92ddbaf7247d717a3ef1 | — | 2024-03-22 | |
| FileHash-SHA256 | 595a7ea981a3948c4f387a5a6af54a70a41dd604685c72cbd2a55880c2b702ed | SHA256 of 4669160ec356a8640cef92ddbaf7247d717a3ef1 | 2024-03-22 | |
| YARA | c11a37079a48bf1138a58ae48b336fad19bf4a9a | detects Orign Logger | 2024-03-22 | |
| yara@bin.re | — | 2024-03-22 | ||
| FileHash-MD5 | 0f00b9d4f63ec99dc4bb6dd729811e9a | MD5 of 7bd84d2f0ac282b9351f5243f5ad4c85b7bd6081fcf8887a89d33f0ba7422eeb | 2024-03-22 | |
| FileHash-MD5 | 1b0344949f65b67c032e1179ce6311b7 | — | 2024-03-22 | |
| FileHash-SHA1 | af8f481f1992ae61d5c688625478e241264cc4fb | SHA1 of 7bd84d2f0ac282b9351f5243f5ad4c85b7bd6081fcf8887a89d33f0ba7422eeb | 2024-03-22 | |
| FileHash-SHA256 | 7bd84d2f0ac282b9351f5243f5ad4c85b7bd6081fcf8887a89d33f0ba7422eeb | — | 2024-03-22 | |
| FileHash-MD5 | 956e9017817d45887c738b82fdf47f4a | — | 2024-03-22 | |
| YARA | 9c377fc77bda3a4706575f76f7e129bcac154a81 | Detects OriginBot(net) / OriginLoader malware. | 2024-03-22 | |
| FileHash-MD5 | 69660f5abb08fc430cf756a44d19e039 | — | 2024-03-22 | |
| YARA | 4be2583d257399f3561c5ab79c2ffb6a1a308b9e | Detects suspicious, unsigned Microsoft Windows APPX/MSIX Installer Packages | 2024-03-22 | |
| FileHash-MD5 | 29a405557da7bb24b2f278c5c46dfd3c | — | 2024-03-22 | |
| FileHash-SHA1 | a089591a65546d9f25e769c7f22b0c61e1836223 | SHA1 of 29a405557da7bb24b2f278c5c46dfd3c | 2024-03-22 | |
| FileHash-SHA256 | 0e3933b1489a91bfe99dd652d7e64c09380b210d2404f32b26251d34fa58ca8b | SHA256 of 29a405557da7bb24b2f278c5c46dfd3c | 2024-03-22 | |
| YARA | 9266d6e0d5edab2e529f173c8bd8c8da6d69bb31 | — | 2024-03-22 | |
| FileHash-MD5 | 768a03270a3ac83610a382bc18ee0021 | — | 2024-03-22 | |
| FileHash-SHA256 | 74ff68245745b9d4cec9ef3c539d8da15295bdc70caa6fdb0632acdd9be4130a | — | 2024-03-22 | |
| FileHash-SHA256 | 9f44a4cbc30e7a05d7eb00b531a9b3a4ada5d49ecf585b48892643a189358526 | — | 2024-03-22 | |
| YARA | 3402fbba1aa863cf601577d868f5ed9bb9ae9358 | — | 2024-03-22 | |
| URL | https://blog.sekoia.io/bumblebee-a-new-trendy-loader-for-initial-access-brokers/ | — | 2024-03-22 | |
| FileHash-MD5 | 6d58437232ebab24d810270096e6e20b | — | 2024-03-22 | |
| YARA | b00df79863768c05cdf00c58c46a93c1566fadd3 | Find BumbleBee samples based on specific strings | 2024-03-22 | |
| domain | sekoia.io | — | 2024-03-22 | |
| hostname | blog.sekoia.io | — | 2024-03-22 | |
| FileHash-MD5 | 3b25a34bb08f4759792c24b121109513 | — | 2024-03-22 | |
| YARA | 020cff9fbb3d4b09de5455bf28387455562c731f | signed_sys_with_vulnerablity | 2024-03-22 | |
| FileHash-MD5 | 3ab86f13c521e72bf4e8475ccd1e62e3 | MD5 of 37c52481711631a5c73a6341bd8bea302ad57f02199db7624b580058547fb5a9 | 2024-03-22 | |
| FileHash-SHA1 | a1b2b1c4995ba4665d4db71653037f3075e111fb | SHA1 of 37c52481711631a5c73a6341bd8bea302ad57f02199db7624b580058547fb5a9 | 2024-03-22 | |
| FileHash-SHA256 | 37c52481711631a5c73a6341bd8bea302ad57f02199db7624b580058547fb5a9 | — | 2024-03-22 | |
| FileHash-MD5 | 87429e9223d45e0359cd1c41c0301836 | MD5 of a8c24a3e54a4b323973f61630c92ecaad067598ef2547350c9d108bc175774b9 | 2024-03-22 | |
| FileHash-SHA1 | 120891212a78114fe114217012c2a000727e034b | SHA1 of a8c24a3e54a4b323973f61630c92ecaad067598ef2547350c9d108bc175774b9 | 2024-03-22 | |
| FileHash-SHA256 | a8c24a3e54a4b323973f61630c92ecaad067598ef2547350c9d108bc175774b9 | — | 2024-03-22 | |
| FileHash-MD5 | 295527e2e38da97167979ade004de880 | — | 2024-03-22 | |
| FileHash-SHA256 | 4875a9c4af3044db281c5dc02e5386c77f331e3b92e5ae79ff9961d8cd1f7c4f | — | 2024-03-22 | |
| YARA | d3d83f194ff06f18e89e0457fcc57a267553c807 | Detects Javascript code in crafted SVG files delivering malware | 2024-03-22 | |
| FileHash-MD5 | 954d81de1c53158b0050b38d4f4b4801 | — | 2024-03-22 | |
| YARA | ae6c222c80452cc0501edd041b01531978042fce | Hunting rule for LockBit Black/3.0 ransom notes | 2024-03-22 | |
| FileHash-MD5 | 88a2d6e140afe5bcad7a3b6bdb449e9c | — | 2024-03-22 | |
| FileHash-MD5 | 915e45bdd9ab88edc45ec036df811eb0 | MD5 of d9e9008e6e668b1c484f7afe757b1102bb930059b66ef5f282c472af35778c28 | 2024-03-22 | |
| FileHash-SHA1 | 0dcecce56cf06e06f248108809fac859d7c8b168 | SHA1 of d9e9008e6e668b1c484f7afe757b1102bb930059b66ef5f282c472af35778c28 | 2024-03-22 | |
| FileHash-SHA1 | cc66ad468955717ab92600c770da8c1601a4ff33 | — | 2024-03-22 | |
| FileHash-SHA256 | d9e9008e6e668b1c484f7afe757b1102bb930059b66ef5f282c472af35778c28 | — | 2024-03-22 | |
| URL | https://reboot.show/boredape/downloadx.cmdsrc\\main.rs | — | 2024-03-22 | |
| YARA | 87d956399472f2c4c61956e7998af02c94bff19f | — | 2024-03-22 | |
| domain | iter.rs | — | 2024-03-22 | |
| domain | main.rs | — | 2024-03-22 | |
| domain | reboot.show | — | 2024-03-22 | |
| FileHash-MD5 | c73c38662b7283befc65c87a2d82ac94 | — | 2024-03-22 | |
| YARA | cccb2061bce194fa62b2e76461e924323a3e653d | Lucasstealer | 2024-03-22 | |
| FileHash-MD5 | 3afb4573dea2dbac4bb5f1915f7a4dce | — | 2024-03-22 | |
| FileHash-SHA1 | 9ad8b880f3ab35f0d1a7fe46d9d8e0bea36e0d14 | — | 2024-03-22 | |
| FileHash-SHA256 | 52901dc481d1be2129725e3c4810ae895f9840e27a1dce69630dedcf71b6c021 | — | 2024-03-22 | |
| YARA | be56469e7851840529662464350ea5edba27c5f3 | detects unpacked Laplas Clipper | 2024-03-22 | |
| FileHash-MD5 | 9725ec075e92e25ea5b6e99c35c7aa74 | — | 2024-03-22 | |
| YARA | 37472d231ea6c89e987804d90ea61a66410a33d8 | — | 2024-03-22 | |
| FileHash-MD5 | 1ce280542553dc383b768b9189808e27 | — | 2024-03-22 | |
| FileHash-SHA1 | a4aa13bc217654398a465af9ac1d9bfe7e379687 | SHA1 of 1ce280542553dc383b768b9189808e27 | 2024-03-22 | |
| FileHash-SHA256 | 73ca0cb843657ad24506e24f1c6ef1d626f15fd3880c0a2c309ca6c697aa6f34 | SHA256 of 1ce280542553dc383b768b9189808e27 | 2024-03-22 | |
| FileHash-MD5 | 0e56ecfe46a100ed5be6a7ea5a43432c | — | 2024-03-22 | |
| YARA | fa3e2fbcff68df5d0261a3e66b6be9f63c38e112 | Nymaim Loader | 2024-03-22 | |
| FileHash-MD5 | 88f183304b99c897aacfa321d58e1840 | MD5 of 61b8fbea8c0dfa337eb7ff978124ddf496d0c5f29bcb5672f3bd3d6bf832ac92 | 2024-03-22 | |
| FileHash-SHA1 | 4a705f58918c00431de453d5b5f621fa42ff7169 | SHA1 of 61b8fbea8c0dfa337eb7ff978124ddf496d0c5f29bcb5672f3bd3d6bf832ac92 | 2024-03-22 | |
| FileHash-SHA256 | 61b8fbea8c0dfa337eb7ff978124ddf496d0c5f29bcb5672f3bd3d6bf832ac92 | — | 2024-03-22 | |
| FileHash-MD5 | 53f9c2f2f1a755fc04130fd5e9fcaff4 | — | 2024-03-22 | |
| FileHash-MD5 | e299ac0fd27e67160225400bdd27366f | — | 2024-03-22 | |
| FileHash-SHA1 | 3f517b5b64080dee853fc875921ba7c17cdc9169 | SHA1 of 53f9c2f2f1a755fc04130fd5e9fcaff4 | 2024-03-22 | |
| FileHash-SHA1 | 65011c91a7fbae82f4a6f3c81ff396b96f84359c | SHA1 of e299ac0fd27e67160225400bdd27366f | 2024-03-22 | |
| FileHash-SHA256 | cb2758f0f595a4fd22411088590a3bb671834342e73b86c4ef9d863d28eec8ed | SHA256 of e299ac0fd27e67160225400bdd27366f | 2024-03-22 | |
| FileHash-SHA256 | e37fb761922a83426384d20cf959ea563df4575e6b9d4387f06129a47e7f848e | SHA256 of 53f9c2f2f1a755fc04130fd5e9fcaff4 | 2024-03-22 | |
| URL | http://s.com/%d.html | — | 2024-03-22 | |
| YARA | bfbf6d46ccc6ecc81045467bf9a68ecbb8f72c1c | — | 2024-03-22 | |
| FileHash-MD5 | 76d69ec491c0711f6cc60fbafcabf095 | — | 2024-03-22 | |
| FileHash-SHA256 | 326d50895323302d3abaa782d5c9e89e7ee70c3a4fbd5e49624b49027af30cc5 | — | 2024-03-22 | |
| YARA | 2c21a2cd2a21a5cfa81dd6fe048311b8a9ecddc3 | packed SVCReady / win.svcready | 2024-03-22 | |
| FileHash-MD5 | 37af5cd8fc35f39f0815827f7b80b304 | — | 2024-03-22 | |
| FileHash-MD5 | 6ab83f7de850de708722440d96007ea2 | MD5 of 8a287fbd024544c34b5db983af093504d25be864a821010f4cd2d00a2a6ad435 | 2024-03-22 | |
| FileHash-SHA1 | 916d3c55f0f22425e70dfb6168af30ec704ba3f5 | SHA1 of 8a287fbd024544c34b5db983af093504d25be864a821010f4cd2d00a2a6ad435 | 2024-03-22 | |
| FileHash-SHA256 | 8a287fbd024544c34b5db983af093504d25be864a821010f4cd2d00a2a6ad435 | — | 2024-03-22 | |
| URL | https://blog.sekoia.io/unveiling-the-intricacies-of-diceloader/ | — | 2024-03-22 | |
| FileHash-MD5 | 5c13ee5dbe45d02ed74ef101b2e82ae6 | — | 2024-03-22 | |
| FileHash-SHA1 | bdc36bc233675e7a96faa2c4917e9b756cc2a2a0 | — | 2024-03-22 | |
| FileHash-SHA256 | ad1e39076212d8d58ff45d1e24d681fe0c600304bd20388cddcf9182b1d28c2f | — | 2024-03-22 | |
| YARA | 3600483232589363146e353a33ff1f5d4b176dcf | detects a downloader with a DGA based on the Bitcoin Genesis Block | 2024-03-22 | |
| FileHash-MD5 | 7841e2b26f05e82ae5c1576cc9914707 | — | 2024-03-22 | |
| FileHash-SHA1 | 23cc3f7ade79238ce186ae093fb117a79a286217 | — | 2024-03-22 | |
| FileHash-SHA256 | 03fa8979048b1c96b9180000002bc32bca5fd3e88b4c964403c18b8e88000000 | — | 2024-03-22 | |
| FileHash-SHA256 | 8e243b9cac0ac0741432d0b008d1ea730681f29af3a7c1fec875f2ebe7925ac3 | — | 2024-03-22 | |
| FileHash-SHA256 | d6067e1501f202563d369a09b40765d56e9be98cdf98214b634eef96abec3bb2 | — | 2024-03-22 | |
| YARA | 0eea9a2514f404a5f94a6b4eb0b42af21db32129 | Detects UPATRE Trojan variant. | 2024-03-22 | |
| FileHash-MD5 | 7d066ca5aabee7ca02095468d7cb5202 | — | 2024-03-22 | |
| FileHash-MD5 | 736bc598358bfd2d88645399ceb66351 | — | 2024-03-22 | |
| FileHash-MD5 | 98f17c5cde1f1a0c9e4d63027d801d6d | MD5 of 58d851d4909cd3833f18aec033c8856dc14c5ba60e037114193b92c18e9670b8 | 2024-03-22 | |
| FileHash-SHA1 | 62f8a5ae440d8a028632a638b90540c4b0c696e7 | SHA1 of 58d851d4909cd3833f18aec033c8856dc14c5ba60e037114193b92c18e9670b8 | 2024-03-22 | |
| FileHash-SHA256 | 58d851d4909cd3833f18aec033c8856dc14c5ba60e037114193b92c18e9670b8 | — | 2024-03-22 | |
| FileHash-MD5 | 4b1518535af6344af39bd90aa02a6c0d | MD5 of 238dcc5611ed9066b63d2d0109c9b623f54f8d7b61d5f9de59694cfc60a4e646 | 2024-03-22 | |
| FileHash-MD5 | 55f1ba0b782341fa929d61651ef47f0c | — | 2024-03-22 | |
| FileHash-SHA1 | 183b74ec94b19c1f4af194e4d606270053669913 | SHA1 of 238dcc5611ed9066b63d2d0109c9b623f54f8d7b61d5f9de59694cfc60a4e646 | 2024-03-22 | |
| FileHash-SHA256 | 238dcc5611ed9066b63d2d0109c9b623f54f8d7b61d5f9de59694cfc60a4e646 | — | 2024-03-22 | |
| CVE | CVE-2023-36884 | — | 2024-03-22 | |
| FileHash-MD5 | b6ad6198e155921dc11c855c03d8c264 | — | 2024-03-22 | |
| YARA | 1ff386e721a15df1beb5137b3f9c9091ab6bd0ed | Related to CVE-2023-36884. Hunts for any zip-like archive (eg. office documents) that have an embedded .rtf file, based on the '.rtf' extension of the file. | 2024-03-22 | |
| FileHash-MD5 | 3947a0556c4159f49b9a7f9d23e2b4f5 | MD5 of 40f07bdfb74e61fe7d7973bcd4167ffefcff2f8ba2ed6f82e9fcb5a295aaf113 | 2024-03-22 | |
| FileHash-MD5 | 68ba6d9812051a668115149f195b1956 | MD5 of 9877fc613035d533feda6adc6848e183bf8c8660de3a34b1acd73c75e62e2823 | 2024-03-22 | |
| FileHash-SHA1 | 3ee1ee149ba1d4eaa8c638334d2b3233fe5ee2b5 | SHA1 of 40f07bdfb74e61fe7d7973bcd4167ffefcff2f8ba2ed6f82e9fcb5a295aaf113 | 2024-03-22 | |
| FileHash-SHA1 | e106690c140bbf6de3e12f5cecaae1a4da3eac21 | SHA1 of 9877fc613035d533feda6adc6848e183bf8c8660de3a34b1acd73c75e62e2823 | 2024-03-22 | |
| FileHash-SHA256 | 40f07bdfb74e61fe7d7973bcd4167ffefcff2f8ba2ed6f82e9fcb5a295aaf113 | — | 2024-03-22 | |
| FileHash-SHA256 | 9877fc613035d533feda6adc6848e183bf8c8660de3a34b1acd73c75e62e2823 | — | 2024-03-22 | |
| domain | dotnet.is | — | 2024-03-22 | |
| FileHash-MD5 | 9933577fa741233071f0714d7fbffbff | — | 2024-03-22 | |
| FileHash-SHA256 | 7c4591fd03b73ba6d0ec71a3cf89a04bfb4bd240d359117d96834a83727bdcc2 | — | 2024-03-22 | |
| FileHash-SHA256 | 8fd4f59a30ef77ddf94cfb61d50212c8604316634c26e2bd0849494cba8da1af | — | 2024-03-22 | |
| FileHash-SHA256 | b75681c1f99c4caf541478cc417ee9e8fba48f9b902c45d8bda0158a61ba1a2f | — | 2024-03-22 | |
| FileHash-SHA256 | ca2234b9c6f7c453b91a1ca10fc7b05487f94850be7ac5ea42986347d93772d8 | — | 2024-03-22 | |
| FileHash-SHA256 | dd9fcdcaf5c26fc27863c86aa65948924f23ab9faa261562cbc9d65ac80d33d4 | — | 2024-03-22 | |
| URL | https://www.secuinfra.com/en/news/the-whale-surfaces-again-emotet-epoch4-spam-botnet-returns/ | — | 2024-03-22 | |
| YARA | cd43102a2539f765d076c2e99d9d59dfbf00ee35 | Detects Microsoft OneNote files used to deliver Emotet (VBScript Payload) | 2024-03-22 | |
| FileHash-MD5 | 6b6398fa7d461b09b8652ec0f8bafeb4 | — | 2024-03-22 | |
| FileHash-SHA1 | 43bf88ea96bb4de9f4bbc66686820260033cd2d7 | — | 2024-03-22 | |
| FileHash-SHA256 | bd2976d327a94f87c933a3632a1c56d0050b047506f5146b1a47d2b9fd5b798d | — | 2024-03-22 | |
| YARA | a90451b774e3952ba8a983cbe0282524f407b35e | detects unpacked Phorpiex samples | 2024-03-22 | |
| FileHash-MD5 | 9f4693fc0c511135129493f2161d1e86 | — | 2024-03-22 | |
| FileHash-MD5 | c59c5aff84e626996a4bb74908d7d301 | MD5 of c1d5818fc1485e70c43d4575fd81197980602726802d61e3a0d2e0781c4b3b7f | 2024-03-22 | |
| FileHash-SHA1 | ae3158f627192f2a2ba68f46321a7f80bb5bb548 | SHA1 of c1d5818fc1485e70c43d4575fd81197980602726802d61e3a0d2e0781c4b3b7f | 2024-03-22 | |
| FileHash-SHA256 | c1d5818fc1485e70c43d4575fd81197980602726802d61e3a0d2e0781c4b3b7f | — | 2024-03-22 | |
| YARA | 8a1fa9cff03dfb25a5621f7e16088f1da0d7234b | — | 2024-03-22 | |
| FileHash-MD5 | 9727d5c2a5133f3b6a6466cc530a5048 | — | 2024-03-22 | |
| YARA | 43a0d2fd93cf260654ea35e893dd85adf55a7a5c | — | 2024-03-22 | |
| FileHash-MD5 | 7961263963841010a049265956b14666 | — | 2024-03-22 | |
| FileHash-MD5 | 7f07fd94e5bb907093556781cc464017 | — | 2024-03-22 | |
| FileHash-SHA256 | 72b92683052e0c813890caf7b4f8bfd331a8b2afc324dd545d46138f677178c4 | — | 2024-03-22 | |
| FileHash-MD5 | 52486a446dd4fc5842a47b57d3febec7 | — | 2024-03-22 | |
| YARA | 15c077e8d220474648af2019842d9dba9dd958ed | OneNote files that contain embedded files that are not pictures. | 2024-03-22 | |
| FileHash-MD5 | a58086585317b4551730a11000b8cfa3 | — | 2024-03-22 | |
| FileHash-SHA256 | b62f72df91cffe7861b84a38070e25834ca32334bea0a0e25274a60a242ea669 | — | 2024-03-22 | |
| URL | https://valhalla.nextron-systems.com/info/rule/MAL_LimeRAT_Mar23 | — | 2024-03-22 | |
| YARA | da152f4d2c2d1fbb79aa005bf1132748d5f9ea90 | Detects Lime RAT malware samples based on the strings matched | 2024-03-22 | |
| hostname | valhalla.nextron-systems.com | — | 2024-03-22 | |
| FileHash-MD5 | 51bb70b9a31d07c7d57da0c5b26545d4 | — | 2024-03-22 | |
| FileHash-MD5 | 8f70a0f45532261cb4df2800b141551d | — | 2024-03-22 | |
| FileHash-MD5 | dbf48bf522a272297266c35b965c6054 | — | 2024-03-22 | |
| FileHash-SHA1 | f5a0e2589f7dd01e93271e4cb8165e1ca6341964 | SHA1 of dbf48bf522a272297266c35b965c6054 | 2024-03-22 | |
| FileHash-SHA256 | 6f7f9de3238003897f35b86caf942f088f14e88ecb1a5a1329ef5a7d421f7008 | SHA256 of dbf48bf522a272297266c35b965c6054 | 2024-03-22 | |
| URL | http://120.0.0.0 | — | 2024-03-22 | |
| YARA | 4ce415dc235a4ab6ba1419c61943928a3b52e28d | Detects PrivateLoader malware. | 2024-03-22 | |
| domain | db-ip.com | — | 2024-03-22 | |
| domain | ipgeolocation.io | — | 2024-03-22 | |
| FileHash-MD5 | b35cde0ed02bf71f1a87721d09746f7b | — | 2024-03-22 | |
| FileHash-SHA1 | 0cf266265f77e387a9d396888651240f2b458e0a | SHA1 of b35cde0ed02bf71f1a87721d09746f7b | 2024-03-22 | |
| FileHash-SHA256 | 47f3c8bf3329c2ef862cf12567849555b17b930c8d7c0d571f4e112dae1453b1 | SHA256 of b35cde0ed02bf71f1a87721d09746f7b | 2024-03-22 | |
| YARA | 52a75ce79c94093d2c4b7bb3cb924a57b895218d | Detects Raccoon Stealer version 2.0 (called Recordbreaker before attribution). | 2024-03-22 | |
| yara@firehak.com | — | 2024-03-22 | ||
| FileHash-MD5 | 059175be5681a633190cd9631e2975f6 | MD5 of d4a847fa9c4c7130a852a2e197b205493170a8b44426d9ec481fc4b285a92666 | 2024-03-22 | |
| FileHash-SHA1 | fb4ad5d21f0d8c6755eb4addba0ac288bd2574b6 | SHA1 of d4a847fa9c4c7130a852a2e197b205493170a8b44426d9ec481fc4b285a92666 | 2024-03-22 | |
| FileHash-SHA256 | d4a847fa9c4c7130a852a2e197b205493170a8b44426d9ec481fc4b285a92666 | — | 2024-03-22 | |
| URL | http://undgrddapc4reaunnrdrmnagvdelqfvmgycuvilgwb5uxm25sxawaoqd.onion | — | 2024-03-22 | |
| YARA | 74923418609aa0ed202d1ca7a1bbcb9cdd1da49e | Hunting rule for samples of 'Underground Ransomware', linked to IndustrialSpy and Storm-0978 | 2024-03-22 | |
| domain | undgrddapc4reaunnrdrmnagvdelqfvmgycuvilgwb5uxm25sxawaoqd.onion | — | 2024-03-22 | |
| FileHash-MD5 | 1ac728095ebedb5d25bea43e69014bc4 | — | 2024-03-22 | |
| YARA | b0b05d57a4a5cd0f5f127ea3241924dfd6fdbf6e | Looks for a suspicious UNC string in .eml files & .ole files | 2024-03-22 | |
| FileHash-MD5 | 3fdf448f17f65a9677f6597c807060f1 | — | 2024-03-22 | |
| YARA | ea13f3d782bd6fa0cc401ccfd45489d79dc906f6 | — | 2024-03-22 | |
| FileHash-MD5 | 25cfcfdb6d73d9cfd88a5247d4038727 | — | 2024-03-22 | |
| FileHash-SHA1 | 912d1ef61750bc622ee069cdeed2adbfe208c54d | — | 2024-03-22 | |
| FileHash-SHA256 | 03effd3f94517b08061db014de12f8bf01166a04e93adc2f240a6616bb3bd29a | — | 2024-03-22 | |
| YARA | f516188537ed923482fcd23073d3da84e89cf8a4 | matches unpacked Amadey samples | 2024-03-22 | |
| FileHash-MD5 | 76100929a9bad1da1d9421a91980a4b3 | MD5 of 7149acb072fe3dcf4dcc6524be68bd76a9a2896e125ff2dddefb32a4357f47f6 | 2024-03-22 | |
| FileHash-SHA1 | 470d3c29cf2bafb0666abd06a86b64eb5e24fd3d | SHA1 of 7149acb072fe3dcf4dcc6524be68bd76a9a2896e125ff2dddefb32a4357f47f6 | 2024-03-22 | |
| FileHash-SHA256 | 7149acb072fe3dcf4dcc6524be68bd76a9a2896e125ff2dddefb32a4357f47f6 | — | 2024-03-22 | |
| YARA | 2b2368cb83c07aa8adb94336daa9b4b386bddb19 | Detects Xamalicious Android malware samples based on the strings matched | 2024-03-22 | |
| FileHash-MD5 | 6c4d797d402ae5519c33f85e33d45fb6 | — | 2024-03-22 | |
| FileHash-SHA256 | 7d9304eeb8f4c5823eecbedde65cc2877c809824c9203d16221c70eb591ee8ce | — | 2024-03-22 | |
| YARA | 7d20b785545a2f2f5d187fe577f21465fb371ddb | Detects executables packed with VxLang | 2024-03-22 | |
| FileHash-MD5 | caa16eb9c17c381a6d80c821fb0daf0a | MD5 of 5289529957d52c9d5fc2e47aa9924fd1de21b902509dee0241d5d6b056733a94 | 2024-03-22 | |
| FileHash-SHA1 | 7ae6a4dccfad29879bb904cf72ea055ed3521630 | SHA1 of 5289529957d52c9d5fc2e47aa9924fd1de21b902509dee0241d5d6b056733a94 | 2024-03-22 | |
| FileHash-SHA256 | 5289529957d52c9d5fc2e47aa9924fd1de21b902509dee0241d5d6b056733a94 | — | 2024-03-22 | |
| YARA | e8ecfb26d4f6761d461db41d44695fb742ff769a | — | 2024-03-22 | |
| FileHash-MD5 | b204bee0440f1d7b82c64107610ea9b5 | — | 2024-03-22 | |
| YARA | 7d06ca6f8fcb8eceb7123a1357bf6ed8aedb6c25 | — | 2024-03-22 | |
| FileHash-MD5 | 756ae39f96d2714087e6d7f252a95b19 | — | 2024-03-22 | |
| FileHash-MD5 | 92e466525e810b79ae23eac344a52027 | — | 2024-03-22 | |
| FileHash-SHA1 | 911584e1b90847e96e2c4434cefa16bd9e9dff70 | SHA1 of 92e466525e810b79ae23eac344a52027 | 2024-03-22 | |
| FileHash-SHA256 | 96baba74a907890b995f23c7db21568f7bfb5dbf417ed90ca311482b99702b72 | SHA256 of 92e466525e810b79ae23eac344a52027 | 2024-03-22 | |
| YARA | e08611278c12de90d19102e59c1411faadbfdd05 | Tofsee malware | 2024-03-22 | |
| YARA | 5872a0e2b061a92d0fd0781f0f1d4b44370c2339 | — | 2024-03-22 | |
| FileHash-MD5 | 98e9fd3bcd9e94f5a8b2566c9dcf97d2 | MD5 of d6cd0080d401be8a91a55b006795701680073df8cd7a0b5bc54e314370549dc4 | 2024-03-22 | |
| FileHash-SHA1 | 4aa63df081da09910535b2edc300e48a71fe13df | SHA1 of d6cd0080d401be8a91a55b006795701680073df8cd7a0b5bc54e314370549dc4 | 2024-03-22 | |
| FileHash-SHA256 | d6cd0080d401be8a91a55b006795701680073df8cd7a0b5bc54e314370549dc4 | — | 2024-03-22 | |
| URL | https://www.securonix.com/blog/securonix-threat-research-security-advisory-new-returgence-attack-campaign-turkish-hackers-target-mssql-servers-to-deliver-domain-wide-mimic-ransomware/ | — | 2024-03-22 | |
| YARA | 5e526172030fe9b05726227ba6b60889c245e16f | Detects Mimic ransomware samples based on the strings matched | 2024-03-22 | |
| hostname | www.securonix.com | — | 2024-03-22 | |
| FileHash-MD5 | 6dfa9980dfab53220b893d360e36e09b | — | 2024-03-22 | |
| FileHash-MD5 | e0802b7e9a99fdbe21c766f49a999b72 | — | 2024-03-22 | |
| FileHash-SHA256 | 3eecb083d138fdcb5642cd2f0ed00ae6533eb44508e224f198961449d944dd14 | — | 2024-03-22 | |
| FileHash-MD5 | 7ea17ffb336a7d8b24d62ba78151d264 | — | 2024-03-22 | |
| FileHash-MD5 | ff98d730c7b4fbaa92b85279e37acb21 | — | 2024-03-22 | |
| FileHash-SHA256 | dd261a5db199b32414c33136aed44c3ebe2ae55f18991ae3dc341fc43a1ef7f4 | — | 2024-03-22 | |
| FileHash-MD5 | a1d8eceb8c701feb83b225d73fc237be | — | 2024-03-22 | |
| FileHash-MD5 | b92e25fdf67d41fe9a0f94a46fd5528a | — | 2024-03-22 | |
| YARA | 51ed45c50b4f54ce079d52153f7f810628ffbcdf | — | 2024-03-22 | |
| domain | function.name | — | 2024-03-22 | |
| FileHash-MD5 | 9aebf3da4677af9275c461261e5abde3 | — | 2024-03-22 | |
| FileHash-MD5 | f364d1b15bb2049549d9084496ad239b | MD5 of e846d3cfad85b09f8fdb0460fff53cfda1176f4e9e420bf60ed88d39b1ef93db | 2024-03-22 | |
| FileHash-SHA1 | adbe8eb29c5e442a8515ba9c63a62126427ada8e | SHA1 of e846d3cfad85b09f8fdb0460fff53cfda1176f4e9e420bf60ed88d39b1ef93db | 2024-03-22 | |
| FileHash-SHA256 | e846d3cfad85b09f8fdb0460fff53cfda1176f4e9e420bf60ed88d39b1ef93db | — | 2024-03-22 | |
| URL | https://inquest.net/blog/around-we-go-planet-stealer-emerges/ | — | 2024-03-22 | |
| YARA | f7d4df56847d7d079b29bbef84585f3c1d256f75 | Detects Planet Stealer malware | 2024-03-22 | |
| domain | inquest.net | — | 2024-03-22 | |
| FileHash-MD5 | b4f10039927b040f0470b956c74a31b4 | MD5 of 114935488cc5f5d1664dbc4c305d97a7d356b0f6d823e282978792045f1c7ddb | 2024-03-22 | |
| FileHash-SHA1 | fa1063d4b00b4ffd9cc1411b653bce3b1ca8123f | SHA1 of 114935488cc5f5d1664dbc4c305d97a7d356b0f6d823e282978792045f1c7ddb | 2024-03-22 | |
| FileHash-SHA256 | 114935488cc5f5d1664dbc4c305d97a7d356b0f6d823e282978792045f1c7ddb | — | 2024-03-22 | |
| URL | https://blog.cluster25.duskrise.com/2024/01/30/russian-apt-opposition | — | 2024-03-22 | |
| domain | api-gate.xyz | — | 2024-03-22 | |
| domain | pdf-online.top | — | 2024-03-22 | |
| hostname | blog.cluster25.duskrise.com | — | 2024-03-22 | |
| FileHash-MD5 | c90459986070e38fd8260d4430e23dfd | — | 2024-03-22 | |
| YARA | a234ed74eb6ba42485551e98fb549af7fc8e802a | Identify Chinese APT Backdoor | 2024-03-22 | |
| FileHash-MD5 | 00e59c5ea76face15c42450c71676e03 | — | 2024-03-22 | |
| YARA | a5d7956952cd6a60524e4f1af54c62d6a47f0bcf | Detects GuLoader/CloudEye VBScripts | 2024-03-22 | |
| domain | ankitanubhav.info | — | 2024-03-22 | |
| ankit.yara@inbox.ru | — | 2024-03-22 | ||
| FileHash-MD5 | 2aef21ef6759026b3008e5a9a1cff67f | — | 2024-03-22 | |
| FileHash-SHA1 | 7129b65d792626fbbec20e5bdfb78a7767c0fb15 | SHA1 of 2aef21ef6759026b3008e5a9a1cff67f | 2024-03-22 | |
| FileHash-SHA256 | eaa3c236ac36a494df1131cb2a3ce4d6729e3f43ba66e7e6309e95791fc16dcb | SHA256 of 2aef21ef6759026b3008e5a9a1cff67f | 2024-03-22 | |
| YARA | 3f20288b5bebb9dd46b5b7f8327fb451dab5bbad | A Rule to detect brute ratel stager payloads. | 2024-03-22 | |
| FileHash-MD5 | 38745539b71cf201bb502437f891d799 | MD5 of 80e8defa5377018b093b5b90de0f2957f7062144c83a09a56bba1fe4eda932ce | 2024-03-22 | |
| FileHash-MD5 | 628e4a77536859ffc2853005924db2ef | MD5 of d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee | 2024-03-22 | |
| FileHash-SHA1 | c2a321b6078acfab582a195c3eaf3fe05e095ce0 | SHA1 of d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee | 2024-03-22 | |
| FileHash-SHA1 | f2a72bee623659d3ba16b365024020868246d901 | SHA1 of 80e8defa5377018b093b5b90de0f2957f7062144c83a09a56bba1fe4eda932ce | 2024-03-22 | |
| FileHash-SHA256 | 506f3b12853375a1fbbf85c82ddf13341cf941c5acd4a39a51d6addf145a7a51 | — | 2024-03-22 | |
| FileHash-SHA256 | 80e8defa5377018b093b5b90de0f2957f7062144c83a09a56bba1fe4eda932ce | SHA256 of 38745539b71cf201bb502437f891d799 | 2024-03-22 | |
| FileHash-SHA256 | d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee | — | 2024-03-22 | |
| FileHash-MD5 | 4fcc9569ca63cb2f5777954ac4c9290f | — | 2024-03-22 | |
| FileHash-SHA1 | 06bce1f8cb6ac839094f735e73ed16db070f2f3d | SHA1 of 4fcc9569ca63cb2f5777954ac4c9290f | 2024-03-22 | |
| FileHash-SHA256 | 132581a4352f13abea4512d496874cdcdf9e518d2bd2f789bd20a07c4ff03c3c | SHA256 of 4fcc9569ca63cb2f5777954ac4c9290f | 2024-03-22 | |
| YARA | f617934476a07e6125f91728cee3f2a990df1f8c | Detects SocGholish obfuscated variant first observed in July 2022 | 2024-03-22 | |
| FileHash-MD5 | 290789ea9d99813a07294ac848f808c9 | MD5 of 685636f918689b63f3a6ede86c29dc70d12a16c48f9396cd7446d4022063bf00 | 2024-03-22 | |
| FileHash-SHA1 | 0dafc7f7a92951ad5b7f650b01b8d5ef03f18ae7 | SHA1 of 685636f918689b63f3a6ede86c29dc70d12a16c48f9396cd7446d4022063bf00 | 2024-03-22 | |
| FileHash-SHA256 | 685636f918689b63f3a6ede86c29dc70d12a16c48f9396cd7446d4022063bf00 | — | 2024-03-22 | |
| hostname | dotnet.assembly.name | — | 2024-03-22 | |
| FileHash-MD5 | 8fc15b030254c0d49f18d06c696d6986 | — | 2024-03-22 | |
| FileHash-SHA1 | 75f62f4d419b921bc081b5e8387665ac3cffd0d7 | SHA1 of 8fc15b030254c0d49f18d06c696d6986 | 2024-03-22 | |
| FileHash-SHA256 | bd68ecd681b844232f050c21c1ea914590351ef64e889d8ef37ea63bd9e2a2ec | SHA256 of 8fc15b030254c0d49f18d06c696d6986 | 2024-03-22 | |
| URL | https://research.openanalysis.net/matanbuchus/loader/yara/triage/dumpulator/emulation/2022/06/19/matanbuchus-triage.html | — | 2024-03-22 | |
| YARA | 582235f13af8a12052ca751cbf427103fc4144d5 | Detects Matanbuchus MaaS loader and core | 2024-03-22 | |
| hostname | research.openanalysis.net | — | 2024-03-22 | |
| FileHash-MD5 | 1b81357e3161759f68a610643bc0503b | MD5 of dc1b15e48b68e9670bf3038e095f4afb4b0d8a68b84ae6c05184af7f3f5ecf54 | 2024-03-22 | |
| FileHash-MD5 | 3453d05a0acbd06c8774c2ba16644a9f | MD5 of 0b9a82356134087c4bb62f78496b5461b9fcc572 | 2024-03-22 | |
| FileHash-MD5 | e6ae92d8e49e7ca23041ebc189ba858d | MD5 of 594e7f7f09a943efc7670edb0926516cfb3c6a0c0036ac1b2370ce3791bf2978 | 2024-03-22 | |
| FileHash-SHA1 | 0b9a82356134087c4bb62f78496b5461b9fcc572 | — | 2024-03-22 | |
| FileHash-SHA1 | 86ec331da3b3ed7a6c0ee108cb3cc36130b9b43d | SHA1 of 594e7f7f09a943efc7670edb0926516cfb3c6a0c0036ac1b2370ce3791bf2978 | 2024-03-22 | |
| FileHash-SHA1 | 9682a044b93e02f31b6c2c579e10a508ab9bf7ef | SHA1 of dc1b15e48b68e9670bf3038e095f4afb4b0d8a68b84ae6c05184af7f3f5ecf54 | 2024-03-22 | |
| FileHash-SHA256 | 056600460166ef60106651e20066d4681066d3a70f6654f704661b350f665aae | — | 2024-03-22 | |
| FileHash-SHA256 | 252351cb1fb743379b4072903a5f6c5d29774bf1957defd9a7e19890b3f84146 | SHA256 of 0b9a82356134087c4bb62f78496b5461b9fcc572 | 2024-03-22 | |
| FileHash-SHA256 | 594e7f7f09a943efc7670edb0926516cfb3c6a0c0036ac1b2370ce3791bf2978 | — | 2024-03-22 | |
| FileHash-SHA256 | 670566d4681066d3a70f663bff0066de2b1166151911663eda01666dd70166af | — | 2024-03-22 | |
| FileHash-SHA256 | 816be092816bb01c816b60732c4b9093816b000000000388046612af0f666790 | — | 2024-03-22 | |
| FileHash-SHA256 | c785e4eeffff1c940210eb0ac785e4eeffffcc9102108b45180fbe0885c9740c | — | 2024-03-22 | |
| FileHash-SHA256 | dc1b15e48b68e9670bf3038e095f4afb4b0d8a68b84ae6c05184af7f3f5ecf54 | — | 2024-03-22 | |
| YARA | 76df75d80ba08805aff8e5869cd05ccd20b45ddd | Detects DARKME trojan variants. | 2024-03-22 | |
| FileHash-MD5 | c8c78623627fe4577e4f51871b47a1c2 | MD5 of 789d04c93488adf85d8d7988c0d050648cd91ad469f9e63e04d290523dfb1d93 | 2024-03-22 | |
| FileHash-SHA1 | 84e2183358f3f9ab5c80da4aaf69da9986f5bdb6 | SHA1 of 789d04c93488adf85d8d7988c0d050648cd91ad469f9e63e04d290523dfb1d93 | 2024-03-22 | |
| FileHash-SHA256 | 789d04c93488adf85d8d7988c0d050648cd91ad469f9e63e04d290523dfb1d93 | — | 2024-03-22 | |
| YARA | f3cfac2f62dad7f5cdeb1c0b0bee4231a735fb8f | Detects Hydra Android malware samples based on the strings matched | 2024-03-22 | |
| FileHash-MD5 | e527b3f10217c1d663e567e041947033 | MD5 of 8e85cb6f2215999dc6823ea3982ff4376c2cbea53286e95ed00250a4a2fe4729 | 2024-03-22 | |
| FileHash-SHA1 | 168d8c11681ac4f59f335688b21ef7ffb83bc84d | SHA1 of 8e85cb6f2215999dc6823ea3982ff4376c2cbea53286e95ed00250a4a2fe4729 | 2024-03-22 | |
| FileHash-SHA256 | 8e85cb6f2215999dc6823ea3982ff4376c2cbea53286e95ed00250a4a2fe4729 | — | 2024-03-22 | |
| YARA | 176cac17fe906906a121834e636e479ec94ae260 | — | 2024-03-22 | |
| CVE | CVE-2023-38831 | — | 2024-03-22 | |
| FileHash-MD5 | 1491abddc3885142ff20e1f384587099 | MD5 of 2010a748827129b926cf3e604b02aa77f5a7482da2a15350504d252ee13c823b | 2024-03-22 | |
| FileHash-MD5 | 3a7ad5fdfc9e51c4ee5df425169add1a | — | 2024-03-22 | |
| FileHash-MD5 | 4c7bd6d657ba4d3fce54b74fe33ed3b3 | MD5 of 61c15d6a247fbb07c9dcbce79285f7f4fcc45f806521e86a2fc252a311834670 | 2024-03-22 | |
| FileHash-SHA1 | 2955008a965309a97933efb133a9727e7c016268 | SHA1 of 61c15d6a247fbb07c9dcbce79285f7f4fcc45f806521e86a2fc252a311834670 | 2024-03-22 | |
| FileHash-SHA1 | 94ea099c591ec582b3edd35f540c1fe0cc954cb4 | SHA1 of 2010a748827129b926cf3e604b02aa77f5a7482da2a15350504d252ee13c823b | 2024-03-22 | |
| FileHash-SHA256 | 2010a748827129b926cf3e604b02aa77f5a7482da2a15350504d252ee13c823b | — | 2024-03-22 | |
| FileHash-SHA256 | 43f5eb815eed859395614a61251797aa777bfb694a9ef42fbafe058dff84d158 | — | 2024-03-22 | |
| FileHash-SHA256 | 61c15d6a247fbb07c9dcbce79285f7f4fcc45f806521e86a2fc252a311834670 | — | 2024-03-22 | |
| FileHash-SHA256 | bfb8ca50a455f2cd8cf7bd2486bf8baa950779b58a7eab69b0c151509d157578 | — | 2024-03-22 | |
| FileHash-MD5 | b93bd94b8f568deac0143bf93f7d8bd8 | — | 2024-03-22 | |
| YARA | e4939d2b027b0ad6244111f9b75e0522fa828e1f | Detects iso > lnk > js > cmd > dll execution chain | 2024-03-22 | |
| FileHash-MD5 | 7526665a9d5d3d4b0cfffb2192c0c2b3 | — | 2024-03-22 | |
| FileHash-MD5 | 8151e61aec021fa04bce8a30ea052e9d | — | 2024-03-22 | |
| FileHash-MD5 | a39e68ae37310b79c72025c6dfba0a2a | — | 2024-03-22 | |
| FileHash-SHA1 | 13bf754b44526a7a8b5b96cec0e482312c14838c | — | 2024-03-22 | |
| FileHash-SHA1 | 4b972d2e74a286e9663d25913610b409e713befd | — | 2024-03-22 | |
| FileHash-SHA1 | ae007e61c16514a182d21ee4e802b7fcb07f3871 | — | 2024-03-22 | |
| FileHash-SHA256 | 868fceaa4c01c2e2ceee3a27ac24ec9c16c55401a7e5a7ca05f14463f88c180f | — | 2024-03-22 | |
| FileHash-SHA256 | bb5cd698b03b3a47a2e55a6be3d62f3ee7c55630eb831b787e458f96aefe631b | — | 2024-03-22 | |
| FileHash-SHA256 | c5395d24c0a1302d23f95c1f95de0f662dc457ef785138b0e58b0324965c8a84 | — | 2024-03-22 | |
| YARA | 4f8f8588d7ea2021fd09bdaebb5ed3770c449b10 | detects GCleaner | 2024-03-22 | |
| FileHash-MD5 | 9b8ecdecbe7ac4bbf4568817f6f1fc39 | — | 2024-03-22 | |
| FileHash-SHA256 | 79a4c04639a0a9983467370b38de262641da79ccd51a0cdcd53aba20158f1b3a | — | 2024-03-22 | |
| YARA | 0944d5f1f0bf428fc5db33d3df5cc0523d95e25b | Detects Tuga Ransomware Samples | 2024-03-22 | |
| YARA | 79f746b2ba2d5d3086b4a9e985593ea6f9c7ba56 | — | 2024-03-22 | |
| FileHash-MD5 | 44e8c23bfb649ecf4cb753ec332899dd | — | 2024-03-22 | |
| FileHash-SHA1 | 465f5b6de78ee184f1ee3400e4edaa0e85558d9e | SHA1 of 44e8c23bfb649ecf4cb753ec332899dd | 2024-03-22 | |
| FileHash-SHA256 | 0d38f8bf831f1dbbe9a058930127171f24c3df8dae81e6aa66c430a63cbe0509 | SHA256 of 44e8c23bfb649ecf4cb753ec332899dd | 2024-03-22 | |
| YARA | 7a3fb72a3b4f8ec2e6c962721d7ccb9789dee93b | Rule detecting Lockbit3 ransomware samples | 2024-03-22 | |
| FileHash-MD5 | 4d5da2273e2d7cce6ac37027afd286af | MD5 of 5dcbffef867b44bbb828cfb4a21c9fb1fa3404b4d8b6f4e8118c62addbf859da | 2024-03-22 | |
| FileHash-SHA1 | 85a659971ad5aea58ff20a078532e688f7e1659b | SHA1 of 5dcbffef867b44bbb828cfb4a21c9fb1fa3404b4d8b6f4e8118c62addbf859da | 2024-03-22 | |
| FileHash-SHA256 | 5dcbffef867b44bbb828cfb4a21c9fb1fa3404b4d8b6f4e8118c62addbf859da | — | 2024-03-22 | |
| YARA | 6394e00396333367dc15a507d8f2cf8ae2222d92 | Matanbuchus MSI contains CAB with DLL via Zip via HTML Smuggling via Zip as malspam attachment / TA570 who normally delivers Qakbot | 2024-03-22 | |
| FileHash-MD5 | 33cc3be935639f1e0d1d7483b8286d7c | — | 2024-03-22 | |
| FileHash-SHA1 | f3daf7cbe67fb84fea0ee5922df8a32324760161 | SHA1 of 33cc3be935639f1e0d1d7483b8286d7c | 2024-03-22 | |
| FileHash-SHA256 | 94489764825f620e777a34161d0ce506a49eec20bc27c3d63370e493a737d50e | SHA256 of 33cc3be935639f1e0d1d7483b8286d7c | 2024-03-22 | |
| YARA | 4ad6d57c236792e354fdddd71df1450333b6dc3d | Find MX fin custom function names and prefixes. | 2024-03-22 | |
| FileHash-MD5 | 1ab44b19be472634d648de85991aefeb | — | 2024-03-22 | |
| YARA | 5a6bebbd2421b3477d211bb68c85fe1761d3bbd5 | Attempts to identify common strings used in a stage 1 Pikabot maldoc. During the infection, the malicious .js file this rule attempts to detect was observed in a ZIP file. | 2024-03-22 | |
| FileHash-MD5 | c0060c0741833af67121390922c44f91 | — | 2024-03-22 | |
| FileHash-SHA1 | 622eb93e34445c752eeaa623ef9ac6978e58f2fc | SHA1 of c0060c0741833af67121390922c44f91 | 2024-03-22 | |
| FileHash-SHA256 | d1bceccf5d2b900a6b601c612346fdb3fa5bb0e2faeefcac3f9c29dc1d74838d | SHA256 of c0060c0741833af67121390922c44f91 | 2024-03-22 | |
| YARA | 5d95837a1b49ae905a03548423de51c9cf9eb231 | New code execution technique using Powerpoint has been seen in the wild. The technique is triggered by using hyperlinks instead of Run Program/Macro. This new method has bypassed all the vendors for 220 days since 2022-02-02. | 2024-03-22 | |
| FileHash-MD5 | 456373bc4955e0b6750e8791ab84f004 | — | 2024-03-22 | |
| YARA | a8e1f3244fbd0537b2d5848ed269ff10c497dcb1 | Qakbot New Campaign ISO | 2024-03-22 | |
| URL | https://www.secuinfra.com/en/techtalk/hide-your-hypervisor-analysis-of-esxiargs-ransomware/ | — | 2024-03-22 | |
| FileHash-MD5 | d0d36f169f1458806053aae482af5010 | — | 2024-03-22 | |
| FileHash-SHA1 | e603944aceb5c0885a8627de12f36b159bbf2f05 | SHA1 of d0d36f169f1458806053aae482af5010 | 2024-03-22 | |
| FileHash-SHA256 | 10c3b6b03a9bf105d264a8e7f30dcab0a6c59a414529b0af0a6bd9f1d2984459 | SHA256 of d0d36f169f1458806053aae482af5010 | 2024-03-22 | |
| YARA | 22cf8a95d4517c8db2949a29101cf2a409e94a98 | Detects the ESXiArgs Ransomware encryption bash script | 2024-03-22 | |
| FileHash-MD5 | 7792250c87624329163817277531a5ef | — | 2024-03-22 | |
| FileHash-SHA1 | d26cf199acd803da60a32aadc94e6e772de5b49a | SHA1 of 7792250c87624329163817277531a5ef | 2024-03-22 | |
| FileHash-SHA256 | e08a8ff9fadce5026127708c57b363bd0b2217a0a96d9ba4e7994601ad1a8963 | SHA256 of 7792250c87624329163817277531a5ef | 2024-03-22 | |
| YARA | 29d9e26aa4f9eb8c6e3a61576d08c0f3e7275b47 | Detects an SFX archive with automatic script execution | 2024-03-22 | |
| FileHash-MD5 | 7fdeb5fb041463416620cf9f446532e4 | — | 2024-03-22 | |
| FileHash-SHA1 | 308812900935c76b01b05a69a9785c86640a7353 | SHA1 of 7fdeb5fb041463416620cf9f446532e4 | 2024-03-22 | |
| FileHash-SHA256 | bfff1dc04e57141fb9e42260ef6e1e11e0a24d077574820d1e1e69bc4cc34e3b | SHA256 of 7fdeb5fb041463416620cf9f446532e4 | 2024-03-22 | |
| YARA | 9739af00007d7cc7d6fb36d4145a31b103f63272 | — | 2024-03-22 | |
| FileHash-MD5 | 159e8962c4646eb3ed7c7837f6143f47 | — | 2024-03-22 | |
| YARA | 253aa9794435df9f4e6ea04bee6c4f077e791659 | Detects unpacked or memory-dumped QBot samples | 2024-03-22 | |
| FileHash-MD5 | b4a31fa229cd1074c5cbd1c84a01c6ae | MD5 of 8cad755bcf420135c0f406fb92138dcb0c1602bf72c15ed725bd3b76062dafe5 | 2024-03-22 | |
| FileHash-SHA1 | 7241eab7e06cf5152c6503251cffb2ccccc3c8b5 | SHA1 of 8cad755bcf420135c0f406fb92138dcb0c1602bf72c15ed725bd3b76062dafe5 | 2024-03-22 | |
| FileHash-SHA256 | 8cad755bcf420135c0f406fb92138dcb0c1602bf72c15ed725bd3b76062dafe5 | — | 2024-03-22 | |
| URL | https://fr3d.hk/blog/colibri-loader-back-to-basics | — | 2024-03-22 | |
| FileHash-MD5 | e0a68b98992c1699876f818a22b5b907 | — | 2024-03-22 | |
| YARA | a94b7b7a42db0a1ff7d981f6557361ddb330c1fa | Packed ColibriLoader malware | 2024-03-22 | |
| domain | fr3d.hk | — | 2024-03-22 | |
| FileHash-MD5 | 57ec0f7cf124d1ae3b73e643a6ac1dad | MD5 of 8b0d8651e035fcc91c39b3260c871342d1652c97b37c86f07a561828b652e907 | 2024-03-22 | |
| FileHash-SHA1 | 213c548e0a5e3fefe37bb857f0f6e3230d29675c | SHA1 of 57ec0f7cf124d1ae3b73e643a6ac1dad | 2024-03-22 | |
| FileHash-SHA256 | 8b0d8651e035fcc91c39b3260c871342d1652c97b37c86f07a561828b652e907 | SHA256 of 57ec0f7cf124d1ae3b73e643a6ac1dad | 2024-03-22 | |
| YARA | 16bdd62cb02106d6f2621c110baab2d055da5970 | Detects Strela Stealer | 2024-03-22 | |
| FileHash-MD5 | bd00ea0d160476fc35403a954714db46 | — | 2024-03-22 | |
| YARA | a4a2a141b541c04375f90397f53180ad72c16e5c | — | 2024-03-22 | |
| FileHash-MD5 | 26a6a0c852677a193994e4a3ccc8c2eb | MD5 of 07377209fe68a98e9bca310d9749daa4eb79558e9fc419cf0b02a9e37679038d | 2024-03-22 | |
| FileHash-SHA1 | 70560aff35f1904f822e49d3316303877819eef8 | SHA1 of 07377209fe68a98e9bca310d9749daa4eb79558e9fc419cf0b02a9e37679038d | 2024-03-22 | |
| FileHash-SHA256 | 07377209fe68a98e9bca310d9749daa4eb79558e9fc419cf0b02a9e37679038d | — | 2024-03-22 | |
| YARA | 9aa9d9d5f7438f8c71de043fdaeae877ecce51c6 | Detects Office HTML injection through docfiles with Windows Protocol Handler execution | 2024-03-22 | |
| FileHash-MD5 | f5a798d562d773921ce333dafb78ecdb | — | 2024-03-22 | |
| YARA | ff8606767f27aaed409fd2479b1a2cdc48a1178d | Detection of Babuk esxi ransomware copies | 2024-03-22 | |
| FileHash-MD5 | 851a0ba8fbb71710075bdfe6dcef92eb | — | 2024-03-22 | |
| FileHash-MD5 | ca52ef8f80a99a01e97dc8cf7d3f5487 | — | 2024-03-22 | |
| FileHash-SHA256 | 396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6 | — | 2024-03-22 | |
| YARA | 01f9616a1424b58d20aa905ae3b3599cf8fa691f | — | 2024-03-22 | |
| FileHash-MD5 | 55ab7e652976d25997875f678c935de7 | MD5 of dc6beb5019ee21ab207c146ece5080d00f20a103 | 2024-03-22 | |
| FileHash-SHA1 | dc6beb5019ee21ab207c146ece5080d00f20a103 | — | 2024-03-22 | |
| FileHash-SHA256 | a89ebd7157336141eb14ed9084491cc5bdfce103b4db065e433dff47a1803731 | SHA256 of dc6beb5019ee21ab207c146ece5080d00f20a103 | 2024-03-22 | |
| YARA | 62850dfb5542ad432f7c95d997ba21323a198ba1 | detects the Rekoobe Linux backdoor | 2024-03-22 | |
| FileHash-MD5 | 87b010bc90cd7dd776fb42ea5b3f85d3 | — | 2024-03-22 | |
| FileHash-SHA1 | ad165a6b2bd5b56932657b96edffa851b5b00b15 | — | 2024-03-22 | |
| FileHash-SHA1 | f25846f8cda8b0460e1db02ba6d3836ad3721f62 | SHA1 of 87b010bc90cd7dd776fb42ea5b3f85d3 | 2024-03-22 | |
| FileHash-SHA256 | 11b1b2375d9d840912cfd1f0d0d04d93ed0cddb0ae4ddb550a5b62cd044d6b66 | SHA256 of 87b010bc90cd7dd776fb42ea5b3f85d3 | 2024-03-22 | |
| YARA | c6a7fc1112044b0b9afbe8df4ff252906da55997 | Detects the ESXiArgs Ransomware 'encrypt' binary | 2024-03-22 | |
| FileHash-MD5 | 48b74a60787e54387294ac125b7ed128 | — | 2024-03-22 | |
| FileHash-MD5 | f4959e947cee62a3fa34d9c191dd9351 | — | 2024-03-22 | |
| FileHash-SHA256 | 1a7bb878c826fe0ca9a0677ed072ee9a57a228a09ee02b3c5bd00f54f354930f | — | 2024-03-22 | |
| FileHash-MD5 | ab3b45315e4054bf80adea0e2646ff32 | — | 2024-03-22 | |
| FileHash-SHA256 | ddf7b9bf24b19ee183d788f482a01e517048587e8ce21f5d32c927f6f0371824 | — | 2024-03-22 | |
| FileHash-MD5 | 6c044bddd01118d311681a9b2d1dd627 | — | 2024-03-22 | |
| FileHash-SHA1 | c5984f03c34d4792fb68d589a5fa5e80e46ae944 | SHA1 of 6c044bddd01118d311681a9b2d1dd627 | 2024-03-22 | |
| FileHash-SHA256 | 3ed21a4bfcf9838e06ad3058d13d5c28026c17dc996953a22a00f0609b0df3b9 | SHA256 of 6c044bddd01118d311681a9b2d1dd627 | 2024-03-22 | |
| YARA | 63c55776fdc5fc3c40b2de9bd976fce06cded49e | — | 2024-03-22 | |
| FileHash-MD5 | 2815dee54a6b81eb32c95d42afae25d2 | MD5 of 30c1f93a3d798bb18ef3439db0ada4e0059e1f6ddd5d860ec993393b31a62842 | 2024-03-22 | |
| FileHash-SHA1 | 9c3f46f24a2fc4dbab05abc0012197b1026a5bdf | SHA1 of 30c1f93a3d798bb18ef3439db0ada4e0059e1f6ddd5d860ec993393b31a62842 | 2024-03-22 | |
| FileHash-SHA256 | 30c1f93a3d798bb18ef3439db0ada4e0059e1f6ddd5d860ec993393b31a62842 | — | 2024-03-22 | |
| FileHash-MD5 | 82040e02a2c16b12957659e1356a5e19 | — | 2024-03-22 | |
| FileHash-SHA1 | a4bc61e671875a5a63f3221b9e04d9295bc8e5be | SHA1 of 82040e02a2c16b12957659e1356a5e19 | 2024-03-22 | |
| FileHash-SHA256 | a7dfb6bb7ca1c8271570ddcf81bb921cf4f222e6e190e5f420d4e1eda0a0c1f2 | SHA256 of 82040e02a2c16b12957659e1356a5e19 | 2024-03-22 | |
| YARA | 7f95d4f1b8255367664fa3ad56c79e00da1eb2c0 | GHISLER Golang based GO Stealer , POST /sendlog to http port 5000 , Userid HTTP header | 2024-03-22 | |
| FileHash-MD5 | 045ff7ed5a360b19dcc4c5bd9211d194 | — | 2024-03-22 | |
| YARA | 74576583bed5c1b3b96de3c44aa085fec3bdb719 | Detect pe file that no import table | 2024-03-22 | |
| FileHash-MD5 | e3f89049dc5f0065ee4d780f8aef9c04 | — | 2024-03-22 | |
| FileHash-SHA1 | 4c0000000114020000000000c000000000000046 | — | 2024-03-22 | |
| FileHash-SHA1 | ba5fcbdbd5b71bfc52b8a824bd40c547a7223260 | SHA1 of e3f89049dc5f0065ee4d780f8aef9c04 | 2024-03-22 | |
| FileHash-SHA256 | 21286ed0b3e56f49c287617ee5bf4ef687c627e342d72297008e3fce73a5ae20 | SHA256 of e3f89049dc5f0065ee4d780f8aef9c04 | 2024-03-22 | |
| YARA | 6a9797bd520e3d0cb1ec0fca21c2a346938adbf5 | what the rule does | 2024-03-22 | |
| FileHash-MD5 | f2e27b9475a522da99d577599222a32d | — | 2024-03-22 | |
| URL | http://3ytm3d25hfzvbylkxiwyqmpvzys5of7l4pbosm7ol7czlkplgukjq6yd.onion/post/ | — | 2024-03-22 | |
| YARA | ce142064832cb8a1f5a1c7499f437f555943ee37 | Detects the ransomware note of the Slug ransomware group | 2024-03-22 | |
| domain | 3ytm3d25hfzvbylkxiwyqmpvzys5of7l4pbosm7ol7czlkplgukjq6yd.onion | — | 2024-03-22 | |
| FileHash-MD5 | a21768190f3b9feae33aaef660cb7a83 | MD5 of 55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047 | 2024-03-22 | |
| FileHash-SHA1 | 24780657328783ef50ae0964b23288e68841a421 | SHA1 of 55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047 | 2024-03-22 | |
| FileHash-SHA256 | 55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047 | — | 2024-03-22 | |
| FileHash-MD5 | a457d941f930f29840dc8219796e35bd | — | 2024-03-22 | |
| FileHash-SHA1 | cb5ef82070d4fc7a55473b537590dc402750d0b4 | SHA1 of a457d941f930f29840dc8219796e35bd | 2024-03-22 | |
| FileHash-SHA256 | 83402accb7cacbb3d6f6cc570ae9f1668b650324ad3c2489452e4378e9141012 | SHA256 of a457d941f930f29840dc8219796e35bd | 2024-03-22 | |
| YARA | 76daff4d2a23978d0f674fe4de6d330c8353f1a4 | Detects suspicius tiny ZIP files with malicious lnk files | 2024-03-22 | |
| FileHash-MD5 | 23ff15d2d88c243499b0e9d8d9f5445a | — | 2024-03-22 | |
| YARA | 12d9b23adb1e3f0f8fbb2cdc5a698c6f6ed66e19 | Identify ScareCrow/GoShell samples | 2024-03-22 | |
| domain | cgocallbackg1.fun | — | 2024-03-22 | |
| FileHash-MD5 | 51c153501e991f6ce4901e6d9578d0c8 | MD5 of 3816f17052b28603855bde3e57db77a8455bdea4 | 2024-03-22 | |
| FileHash-MD5 | 65692e1d5b98225dbfb1b6b2b8935689 | — | 2024-03-22 | |
| FileHash-SHA1 | 0b51765c175954c9e47c39309e020bcb0f90b783 | — | 2024-03-22 | |
| FileHash-SHA1 | 3816f17052b28603855bde3e57db77a8455bdea4 | — | 2024-03-22 | |
| FileHash-SHA256 | 5a42aa4fc8180c7489ce54d7a43f19d49136bd15ed7decf81f6e9e638bdaee2b | — | 2024-03-22 | |
| FileHash-SHA256 | c148c449e1f6c4c53a7278090453d935d1ab71c3e8b69511f98993b6057f612d | SHA256 of 3816f17052b28603855bde3e57db77a8455bdea4 | 2024-03-22 | |
| YARA | 24a7495d8f24c990a8b3cb707aba208ae82a59f2 | detects Aurora Stealer samples | 2024-03-22 | |
| hostname | eq.main.data | — | 2024-03-22 | |
| YARA | 20bfdfaab790c52011df23c30cbe81a4eea2dff7 | Detects Tofsee botnet, also known as Gheg | 2024-03-22 | |
| FileHash-MD5 | 1ed070e0d33db9f159a576e6430c273c | MD5 of d06072f959d895f2fc9a57f44bf6357596c5c3410e90dabe06b171161f37d690 | 2024-03-22 | |
| FileHash-SHA1 | f3cfa3be452787c9ca1653899c6f18f83fd2d820 | SHA1 of d06072f959d895f2fc9a57f44bf6357596c5c3410e90dabe06b171161f37d690 | 2024-03-22 | |
| FileHash-SHA256 | d06072f959d895f2fc9a57f44bf6357596c5c3410e90dabe06b171161f37d690 | — | 2024-03-22 | |
| YARA | 164bb61351112e5f1355fb972fd5a084a76d9d54 | detects XFiles-Stealer | 2024-03-22 | |
| FileHash-MD5 | 81c2db976c46628b590c6e02d4e54d67 | — | 2024-03-22 | |
| FileHash-SHA256 | 957ca1ae2bbb01a37d1108b314160716643933ec9ef9072a4c50c39b224662df | — | 2024-03-22 | |
| FileHash-MD5 | fea4bbbae71c91d89d592598c22cadba | MD5 of ba85b8a6507b9f4272229af0606356bab42af42f5ee2633f23c5e149c3fb9ca4 | 2024-03-22 | |
| FileHash-SHA1 | f28ee1fd1650faca08b710b6469be14f7d18d68b | SHA1 of ba85b8a6507b9f4272229af0606356bab42af42f5ee2633f23c5e149c3fb9ca4 | 2024-03-22 | |
| FileHash-SHA256 | ba85b8a6507b9f4272229af0606356bab42af42f5ee2633f23c5e149c3fb9ca4 | — | 2024-03-22 | |
| FileHash-MD5 | 7dbfe0186e52ef2da13079f6d5b800d7 | MD5 of cda99e504a122208862739087cf16b4838e9f051acfcbeb9ec794923b414c018 | 2024-03-22 | |
| FileHash-SHA1 | 0b7e0bc361ba5309e555820094433bddc8a73707 | SHA1 of cda99e504a122208862739087cf16b4838e9f051acfcbeb9ec794923b414c018 | 2024-03-22 | |
| FileHash-SHA256 | cda99e504a122208862739087cf16b4838e9f051acfcbeb9ec794923b414c018 | — | 2024-03-22 | |
| YARA | 277a0f24c93cfb9d015e263b43c6faa7f9016d56 | Detect files referencing .Net AppLaunch.exe | 2024-03-22 | |
| YARA | 9f683a2b670768d5595faddd186b0a8ed2817bca | Detects container formats commonly smuggled through password-protected zips | 2024-03-22 | |
| FileHash-MD5 | 152ea1d672c7955f3da965dc320dc170 | — | 2024-03-22 | |
| YARA | 4a8a81a1444d28db9771aa00720dcc9b872f3f76 | DarkGate Strings Decryption Routine | 2024-03-22 | |
| YARA | 15f2e2c8dbe212514150614555ede048c3dc1b1f | Detects a campaign targeted towards LatinAmerican Hotels,generally leading to AsyncRAT | 2024-03-22 | |
| FileHash-MD5 | a6e7c231a699d4efe85080ce5fb36dfb | MD5 of 01c5836655c6a4212676c78ec96c0ac6b778a411e61a2da1f545eba8f784e980 | 2024-03-22 | |
| FileHash-SHA1 | 461e4e6e8240cc43f4c19dc3dbb365575e06e259 | SHA1 of 01c5836655c6a4212676c78ec96c0ac6b778a411e61a2da1f545eba8f784e980 | 2024-03-22 | |
| FileHash-SHA256 | 01c5836655c6a4212676c78ec96c0ac6b778a411e61a2da1f545eba8f784e980 | — | 2024-03-22 | |
| FileHash-MD5 | 799a7f1507e5e7328081a038987e9a6f | — | 2024-03-22 | |
| FileHash-MD5 | 826108ccdfa62079420f7d8036244133 | — | 2024-03-22 | |
| FileHash-SHA1 | e83a7b6c0f756d1ab505fdb92f8c2707ecb6784e | SHA1 of 826108ccdfa62079420f7d8036244133 | 2024-03-22 | |
| FileHash-SHA256 | ffe8dbb5865f5493872432f968c9a6183fdf7b79f62b17b5093af5028497cb33 | SHA256 of 826108ccdfa62079420f7d8036244133 | 2024-03-22 | |
| YARA | eb6d809fe11ca7ba6eeab49c91974f341b385b6b | Detect interesting files containing sfx with pdb paths. | 2024-03-22 | |
| FileHash-MD5 | cdd9564a48975f25e846bd3dd3b958ef | — | 2024-03-22 | |
| YARA | c84f064891e5a7a877d34fdae146f5a758738d58 | Detect files is `SliverFox` malware | 2024-03-22 | |
| FileHash-MD5 | 1a7e222ee2b63b43c8c7b497a5b0f252 | — | 2024-03-22 | |
| FileHash-MD5 | 48d4a6a3111a18b082fa3638b1568f64 | — | 2024-03-22 | |
| FileHash-SHA256 | 490625afa4de3eac3b03d1ca3e81afab07b5e748423319ee6e08f58c40d20250 | — | 2024-03-22 | |
| FileHash-MD5 | 2240ae6f0dcbc0537836dfd9205a1f2b | — | 2024-03-22 | |
| FileHash-MD5 | 05b6f459be513bf6120e9b2b85f6c844 | MD5 of e1ecf0f7bd90553baaa83dcdc177e1d2b20d6ee5520f5d9b44cdf59389432b10 | 2024-03-22 | |
| FileHash-MD5 | 9a0d92c54d88bd609899fc03b0511df4 | — | 2024-03-22 | |
| FileHash-MD5 | b3a8c88297daecdb9b0ac54a3c107797 | MD5 of a881c9f40c1a5be3919cafb2ebe2bb5b19e29f0f7b28186ee1f4b554d692e776 | 2024-03-22 | |
| FileHash-MD5 | e907b96b3a2773e8cd582e4019534188 | — | 2024-03-22 | |
| FileHash-SHA1 | 46660f562fe01b5df0e1ac03dd44b4cc8d2fa5f5 | SHA1 of a881c9f40c1a5be3919cafb2ebe2bb5b19e29f0f7b28186ee1f4b554d692e776 | 2024-03-22 | |
| FileHash-SHA1 | 56dddfda80d3eb6d6cd3f0531719cf9fac5abf4a | SHA1 of e1ecf0f7bd90553baaa83dcdc177e1d2b20d6ee5520f5d9b44cdf59389432b10 | 2024-03-22 | |
| FileHash-SHA256 | 0de42118dd0cd861bea13de097457ccb407aae901b14e0bec59b0abe660cdf1f | — | 2024-03-22 | |
| FileHash-SHA256 | a881c9f40c1a5be3919cafb2ebe2bb5b19e29f0f7b28186ee1f4b554d692e776 | — | 2024-03-22 | |
| FileHash-SHA256 | e1ecf0f7bd90553baaa83dcdc177e1d2b20d6ee5520f5d9b44cdf59389432b10 | — | 2024-03-22 | |
| FileHash-MD5 | fea6fc878029babdca3a1579be0ae771 | MD5 of 131d2aa44782c8100c563cd5febf49fcb4d26952d7e6e2ef22f805664686ffff | 2024-03-22 | |
| FileHash-SHA1 | 6f3e607d54e98d884c3d280e73abf5be85fd6168 | SHA1 of 131d2aa44782c8100c563cd5febf49fcb4d26952d7e6e2ef22f805664686ffff | 2024-03-22 | |
| FileHash-SHA256 | 131d2aa44782c8100c563cd5febf49fcb4d26952d7e6e2ef22f805664686ffff | — | 2024-03-22 | |
| YARA | d056cd33a4dd0ad0ffab4782a59dcd5466d3ebc7 | — | 2024-03-22 | |
| FileHash-MD5 | d5f065d3ac9dc75041af218718f4950e | — | 2024-03-22 | |
| YARA | 77362b3dc67dee44d12ae9dcb3b54b1e3dbed59e | Detects IcedID ISO archives | 2024-03-22 | |
| FileHash-MD5 | 8d0fffd6b8b127e0972e281c85fbf11c | — | 2024-03-22 | |
| FileHash-SHA256 | 218a64bc50f4f82d07c459868b321ec0ef5cf315b012255a129e0bde5cc80320 | — | 2024-03-22 | |
| YARA | 4485a3611cf370d91fe4fa11af9a3f8954caab93 | — | 2024-03-22 | |
| FileHash-MD5 | 3b95df58613ef642a6a2f057b9b4c73c | MD5 of b2c28cdc4468f65e6fe2f5ef3691fa682057ed51c4347ad6b9672a9e19b5565e | 2024-03-22 | |
| FileHash-MD5 | 61bbcc87a2b0a78cb1b75cf28ba8b8c7 | MD5 of a5bcb48c0d29fbe956236107b074e66ffc61900bc5abfb127087bb1f4928615c | 2024-03-22 | |
| FileHash-MD5 | 889d65ac70a24e56cacc509de50cb7bd | MD5 of 13c573cad2740d61e676440657b09033a5bec1e96aa1f404eed62ba819858d78 | 2024-03-22 | |
| FileHash-MD5 | b68f3ab21fa026759cef1cf0e45507d1 | MD5 of 82aab01a3776e83695437f63dacda88a7e382af65af4af1306b5dbddbf34f9eb | 2024-03-22 | |
| FileHash-MD5 | ba56886fe4adc6f7b1f0cacb83d9c7fa | MD5 of 7024ec02c9670d02462764dcf99b9a66b29907eae5462edb7ae974fe2efeebad | 2024-03-22 | |
| FileHash-MD5 | dead3e978bb4dc4a73b6de27332adbdf | MD5 of 68ac44d1a9d77c25a97d2c443435459d757136f0d447bfe79027f7ef23a89fce | 2024-03-22 | |
| FileHash-MD5 | e2e58c6b4fc6aa36eb5f6b5e6b8743ff | MD5 of ca9da17b4b24bb5b24cc4274cc7040525092dffdaa5922f4a381e5e21ebf33aa | 2024-03-22 | |
| FileHash-MD5 | f035940b5e20a2ecda4f7ea5c682aa84 | MD5 of 6bc2ab410376c1587717b2293f2f3ce47cb341f4c527a729da28ce00adaaa8db | 2024-03-22 | |
| FileHash-SHA1 | 0005be24d1c69eec92305e7eec1ad3c594227e73 | SHA1 of b2c28cdc4468f65e6fe2f5ef3691fa682057ed51c4347ad6b9672a9e19b5565e | 2024-03-22 | |
| FileHash-SHA1 | 1fa6495fea81c68dab704c258c1c1624bdfbd560 | SHA1 of 82aab01a3776e83695437f63dacda88a7e382af65af4af1306b5dbddbf34f9eb | 2024-03-22 | |
| FileHash-SHA1 | 4bb39d0b9af213bc87ad278d6a112a9885487abd | SHA1 of 7024ec02c9670d02462764dcf99b9a66b29907eae5462edb7ae974fe2efeebad | 2024-03-22 | |
| FileHash-SHA1 | 69d51fb780982d928411d39244c1d0ff1c34b103 | SHA1 of ca9da17b4b24bb5b24cc4274cc7040525092dffdaa5922f4a381e5e21ebf33aa | 2024-03-22 | |
| FileHash-SHA1 | 8ed8ef1727c3feb5bd2228db8f13fd0898d2e2b2 | SHA1 of 6bc2ab410376c1587717b2293f2f3ce47cb341f4c527a729da28ce00adaaa8db | 2024-03-22 | |
| FileHash-SHA1 | a0ce0c551ab26100a0436c42d3130a2cb8455d53 | SHA1 of a5bcb48c0d29fbe956236107b074e66ffc61900bc5abfb127087bb1f4928615c | 2024-03-22 | |
| FileHash-SHA1 | d9ec9c59848c08785d729a5627fa1e57400efef1 | SHA1 of 13c573cad2740d61e676440657b09033a5bec1e96aa1f404eed62ba819858d78 | 2024-03-22 | |
| FileHash-SHA1 | f427f0d6f77e95f9e156b8c78f13d16470997af1 | SHA1 of 68ac44d1a9d77c25a97d2c443435459d757136f0d447bfe79027f7ef23a89fce | 2024-03-22 | |
| FileHash-SHA256 | 13c573cad2740d61e676440657b09033a5bec1e96aa1f404eed62ba819858d78 | — | 2024-03-22 | |
| FileHash-SHA256 | 68ac44d1a9d77c25a97d2c443435459d757136f0d447bfe79027f7ef23a89fce | — | 2024-03-22 | |
| FileHash-SHA256 | 6bc2ab410376c1587717b2293f2f3ce47cb341f4c527a729da28ce00adaaa8db | — | 2024-03-22 | |
| FileHash-SHA256 | 7024ec02c9670d02462764dcf99b9a66b29907eae5462edb7ae974fe2efeebad | — | 2024-03-22 | |
| FileHash-SHA256 | 82aab01a3776e83695437f63dacda88a7e382af65af4af1306b5dbddbf34f9eb | — | 2024-03-22 | |
| FileHash-SHA256 | a5bcb48c0d29fbe956236107b074e66ffc61900bc5abfb127087bb1f4928615c | — | 2024-03-22 | |
| FileHash-SHA256 | b2c28cdc4468f65e6fe2f5ef3691fa682057ed51c4347ad6b9672a9e19b5565e | — | 2024-03-22 | |
| FileHash-SHA256 | ca9da17b4b24bb5b24cc4274cc7040525092dffdaa5922f4a381e5e21ebf33aa | — | 2024-03-22 | |
| YARA | f910e584af1b86c9520f9a472f2df251a948c3af | Detects the packer used by bumblebee, the rule is based on the code responsible for allocating memory for a critical structure in its logic. | 2024-03-22 | |
| YARA | 1a4d5adf568c99d426b7b77020b0a588034f90b7 | Hunting rule for the Lockbit Black loader, based on https://twitter.com/vxunderground/status/1543661557883740161 | 2024-03-22 | |
| FileHash-MD5 | 47f4b4d8f95a7e842691120c66309d5b | MD5 of 18f891a3737bb53cd1ab451e2140654a376a43b2d75f6695f3133d47a41952b6 | 2024-03-22 | |
| FileHash-SHA1 | 1922698073911b18f60edd84ff8d13461fbd4c5a | SHA1 of 18f891a3737bb53cd1ab451e2140654a376a43b2d75f6695f3133d47a41952b6 | 2024-03-22 | |
| FileHash-SHA256 | 18f891a3737bb53cd1ab451e2140654a376a43b2d75f6695f3133d47a41952b6 | — | 2024-03-22 | |
| YARA | d393fce63230f53009948a224cc2a2d74907033f | Detects the Masepie malware Python script based on matched strings | 2024-03-22 | |
| domain | socket.af | — | 2024-03-22 | |
| FileHash-MD5 | f2fb54c7c909191ae10e34e50766a118 | — | 2024-03-22 | |
| YARA | 4367152c7434723a4d020c452764ffd2ab1f4315 | Detects Microsoft OneNote files used to deliver Emotet (.wsf Payload) | 2024-03-22 | |
| FileHash-MD5 | b6c8d82a4ec67398c756fc1f36e32511 | — | 2024-03-22 | |
| YARA | 3a16fa8fcd0ce1df4eb36f4f5638891a0acec9c0 | Detects a OneNote malicious loader mostly used by QBot (TA570/TA577) | 2024-03-22 | |
| FileHash-SHA1 | 646f52926e01221c981490c8107c2f771679743a | — | 2024-03-22 | |
| CVE | CVE-2022-30190 | — | 2024-03-22 | |
| FileHash-MD5 | 5f15a9b76ad6ba5229cb427ad7c7a4f6 | MD5 of 62f262d180a5a48f89be19369a8425bec596bc6a02ed23100424930791ae3df0 | 2024-03-22 | |
| FileHash-SHA1 | 69a1c36bc6f1719f69a81960bf62d62b956f4bf8 | SHA1 of 62f262d180a5a48f89be19369a8425bec596bc6a02ed23100424930791ae3df0 | 2024-03-22 | |
| FileHash-SHA256 | 62f262d180a5a48f89be19369a8425bec596bc6a02ed23100424930791ae3df0 | — | 2024-03-22 | |
| YARA | 59e09700ec4beb9c014d8cdd99b1eb4a637195c5 | Detects a suspicious pattern in docx document.xml.rels file as seen in CVE-2022-30190 / Follina exploitation | 2024-03-22 | |
| FileHash-MD5 | 3b25a34bb08f4759792c24b121109503 | — | 2024-03-22 | |
| YARA | db6881566a67142743affd75ff88f7db8e33b866 | vulnerablity_driver2_PhysicalMemory | 2024-03-22 | |
| FileHash-MD5 | f1bbf3a0c6c52953803e5804f4e37b15 | — | 2024-03-22 | |
| YARA | 78fcb429fc8beb6c86184d906a85beabfe489116 | ColibriLoader malware | 2024-03-22 | |
| FileHash-MD5 | ed4ddd89e6ab5211cd7fdbfe51d9576b | — | 2024-03-22 | |
| FileHash-SHA1 | 7b6beb9870646bc50b10014536ed3bb088a2e3de | — | 2024-03-22 | |
| FileHash-SHA256 | 352f8e45cd6085eea17fffeeef91251192ceaf494336460cc888bbdd0051ec71 | — | 2024-03-22 | |
| YARA | d6f5c667c5213d6d362837841e67b372a3fcee41 | detect unpacked Vidar samples | 2024-03-22 | |
| FileHash-MD5 | 7704241dd8770b11b50b1448647197a5 | MD5 of 1762536a663879d5fb8a94c1d145331e1d001fb27f787d79691f9f8208fc68f2 | 2024-03-22 | |
| FileHash-MD5 | ed4aa283499e90f2a02acb700ea35a45 | — | 2024-03-22 | |
| FileHash-SHA1 | 51d93beda0036202bc0db3160a2032fd7c5b8951 | SHA1 of 1762536a663879d5fb8a94c1d145331e1d001fb27f787d79691f9f8208fc68f2 | 2024-03-22 | |
| FileHash-SHA256 | 1762536a663879d5fb8a94c1d145331e1d001fb27f787d79691f9f8208fc68f2 | — | 2024-03-22 | |
| URL | https://www.cyfirma.com/outofband/xeno-rat-a-new-remote-access-trojan-with-advance-capabilities/ | — | 2024-03-22 | |
| hostname | www.cyfirma.com | — | 2024-03-22 | |
| FileHash-MD5 | fedb6673626b89a9ee414a5eb642a9d9 | — | 2024-03-22 | |
| FileHash-SHA256 | 16ecec4efa2174dec11f6a295779f905c8f593ab5cc96ae0f5249dc50469841c | — | 2024-03-22 | |
| YARA | 26016ed9f391cbaee3b157b3a443f497f182eab7 | Detects Magniber Ransomware LNK files from fake Windows Update delivery method | 2024-03-22 | |
| FileHash-MD5 | 6005e1ccaea62626a5481e09bbb653da | MD5 of 74138872ec0d0791b7f58eda8585250af40feaf9 | 2024-03-22 | |
| FileHash-SHA1 | 74138872ec0d0791b7f58eda8585250af40feaf9 | — | 2024-03-22 | |
| FileHash-SHA256 | 7fc6a365af13150e7b1738129832ebd91f1010705b0ab0955a295e2c7d88be62 | SHA256 of 74138872ec0d0791b7f58eda8585250af40feaf9 | 2024-03-22 | |
| YARA | d03b6db00ee05c13bdb651b750259e7486006cab | detects unpacked Xwormmm samples | 2024-03-22 | |
| FileHash-MD5 | 5c6c510a0a0a0a0a0a4b515c59666770 | — | 2024-03-22 | |
| FileHash-MD5 | 8e807154c587dcd490696b24a47c5e8a | MD5 of 03665e203217c40ee4e82777fd756c8e696d4068f5346f39cc132bd8bc4dc3c7 | 2024-03-22 | |
| FileHash-SHA1 | 6e3abe6f27c1bb7de22277b0c1b3d67b53669d49 | SHA1 of 03665e203217c40ee4e82777fd756c8e696d4068f5346f39cc132bd8bc4dc3c7 | 2024-03-22 | |
| FileHash-SHA256 | 03665e203217c40ee4e82777fd756c8e696d4068f5346f39cc132bd8bc4dc3c7 | — | 2024-03-22 | |
| YARA | c2c2a0408076fbcaf51c2087a9a4dcb53ccc2126 | Possible EMOTET payload | 2024-03-22 | |
| YARA | 6eb1a2dae684afc5cba4e1de1dc538eace3e22ff | Identify partial Agent Tesla strings | 2024-03-22 | |
| FileHash-MD5 | e01931b3aba4437a92578dc802e5c41d | MD5 of 00799e6150e97f696635718d61f1a4f993994b87 | 2024-03-22 | |
| FileHash-SHA1 | 00799e6150e97f696635718d61f1a4f993994b87 | — | 2024-03-22 | |
| FileHash-SHA256 | 87d51bb9692823d8176ad97f0e86c1e79d704509b5ce92b23daee7dfb2d96aaa | SHA256 of 00799e6150e97f696635718d61f1a4f993994b87 | 2024-03-22 | |
| YARA | 85a38da0fe3b420bcba79fa8bdcb0e958bbf2f4c | Triggers on ISOs created with AnyBurn using volume names such as 12_19_2022. | 2024-03-22 | |
| FileHash-MD5 | 7897feb76a3beab6fe8aa9851a894437 | — | 2024-03-22 | |
| YARA | d213e84e01c46c771f13c64c50be664d3863e53e | Detects AveMaria RAT a.k.a. WarZone | 2024-03-22 | |
| FileHash-MD5 | d3fa8e6816f5a99fc9218192f02e7611 | — | 2024-03-22 | |
| YARA | 643f65cf3b9bab6f44bd8d0c88663c101133a03f | — | 2024-03-22 | |
| FileHash-MD5 | 554d25724c8f6f53af8921d0ef6b6f42 | — | 2024-03-22 | |
| YARA | 2c3fef81878b6676b2c80b7c0716df73278767a3 | — | 2024-03-22 | |
| FileHash-MD5 | c7e39ead7df59e09be30f8c3ffbf4d28 | MD5 of 056d28621dca8990caf159f8e14069a2343b48146473d2ac586ca9a51dfbbba7 | 2024-03-22 | |
| FileHash-SHA1 | f899f21f993568266635a25be1ef4d0aa56531b2 | SHA1 of 056d28621dca8990caf159f8e14069a2343b48146473d2ac586ca9a51dfbbba7 | 2024-03-22 | |
| FileHash-SHA256 | 056d28621dca8990caf159f8e14069a2343b48146473d2ac586ca9a51dfbbba7 | — | 2024-03-22 | |
| YARA | 415647ba9c1f158a7b3f24fe767516245139b122 | Detect Linux version of BlackCat Ransomware | 2024-03-22 | |
| FileHash-MD5 | d8c80dc68e24a6b3c2ac31e1ef489612 | MD5 of 72b81424d6235f17b3fc393958481e0316c63ca7ab9907914b5a737ba1ad2374 | 2024-03-22 | |
| FileHash-SHA1 | 43622b9573413e17985b3a95cbe18cfe01fadf42 | SHA1 of 72b81424d6235f17b3fc393958481e0316c63ca7ab9907914b5a737ba1ad2374 | 2024-03-22 | |
| FileHash-SHA256 | 72b81424d6235f17b3fc393958481e0316c63ca7ab9907914b5a737ba1ad2374 | — | 2024-03-22 | |
| FileHash-MD5 | b00bd190f37328c060a0446e6414de72 | — | 2024-03-22 | |
| FileHash-SHA256 | cc9e5bfeb86b7fe80b33a4004eb0912820f09dec29a426a8a4136f7306c08d04 | — | 2024-03-22 | |
| YARA | 03e73fb082065dcee1387e4bf5bae00fb79e7f8a | — | 2024-03-22 | |
| FileHash-MD5 | b042b2a8981a94b7afe680d94808e9f8 | MD5 of c6765d92e540af845b3cbc4caa4f9e9d00d5003a36c9cb548ea79bb14c7e8f66 | 2024-03-22 | |
| FileHash-SHA1 | 52e8602e9137b2e02802512be143bb537cb8d56e | SHA1 of c6765d92e540af845b3cbc4caa4f9e9d00d5003a36c9cb548ea79bb14c7e8f66 | 2024-03-22 | |
| FileHash-SHA256 | c6765d92e540af845b3cbc4caa4f9e9d00d5003a36c9cb548ea79bb14c7e8f66 | — | 2024-03-22 | |
| FileHash-MD5 | c6897769c0af03215d61e8e63416e5fc | MD5 of 12261b515dabba8a5bb0daf0a904792d3acd8f9b | 2024-03-22 | |
| FileHash-SHA1 | 12261b515dabba8a5bb0daf0a904792d3acd8f9b | — | 2024-03-22 | |
| FileHash-SHA256 | ceae593f359a902398e094e1cdbc4502c8fd0ba6b71e625969da6df5464dea95 | SHA256 of 12261b515dabba8a5bb0daf0a904792d3acd8f9b | 2024-03-22 | |
| YARA | ea755a313eff58f07afb00cb67672a8fb211ecbb | matches unpacked ModernLoader samples | 2024-03-22 | |
| FileHash-MD5 | 5692c5708c71d0916ca48662a7ea9caf | — | 2024-03-22 | |
| FileHash-SHA1 | fb4538d4b78bd28dfcb1392ddb95c623edb571b1 | SHA1 of 5692c5708c71d0916ca48662a7ea9caf | 2024-03-22 | |
| FileHash-SHA256 | b3e7143c9eb1ca9a80a552fc354e4e31ba964486a9fe3af01b5bda1a627303d6 | SHA256 of 5692c5708c71d0916ca48662a7ea9caf | 2024-03-22 | |
| URL | https://0x0d4y.blog/icedid-technical-analysis/ | — | 2024-03-22 | |
| YARA | b91bb0738de546f3993118c5a1a6c1c3c3e2f7aa | This rule detects samples from the IcedID family unpacked in memory, identifying code reuse of key functions. | 2024-03-22 | |
| domain | 0x0d4y.blog | — | 2024-03-22 | |
| YARA | 223384562e1f9eb12d42f6f1eeaa64fc05bb4938 | — | 2024-03-22 | |
| FileHash-MD5 | 0ba1d5a26f15f5f7942d0435fa63947e | — | 2024-03-22 | |
| FileHash-SHA1 | 92284cdbefe3fe21a57aa1b0fba23dbca16069eb | SHA1 of 0ba1d5a26f15f5f7942d0435fa63947e | 2024-03-22 | |
| FileHash-SHA256 | 7d14b98cdc1b898bd0d9be80398fc59ab560e8c44e0a9dedac8ad4ece3d450b0 | SHA256 of 0ba1d5a26f15f5f7942d0435fa63947e | 2024-03-22 | |
| YARA | a2c40c8cc2b82ba0b2def213b7e2bce154300091 | Detects Play Ransomware | 2024-03-22 | |
| FileHash-MD5 | 45060af466c55ef1ac1f0569be7ab744 | — | 2024-03-22 | |
| FileHash-MD5 | 627bf650478d9ae5063b70545b3e6942 | — | 2024-03-22 | |
| FileHash-MD5 | 95caaebc8023b12215a0853fa8d1a9f7 | — | 2024-03-22 | |
| FileHash-SHA256 | 3b1b5dfb8c3605227c131e388379ad19d2ad6d240e69beb858d5ea50a7d506f9 | — | 2024-03-22 | |
| YARA | bbf21914833cfe542123192fd595f4d4f79223b2 | — | 2024-03-22 | |
| FileHash-MD5 | 6ffbbca108cfe838ca7138e381df210d | — | 2024-03-22 | |
| FileHash-SHA1 | bcfb0c02dcc12ed022600c67b8e059beed580cd2 | SHA1 of 6ffbbca108cfe838ca7138e381df210d | 2024-03-22 | |
| FileHash-SHA256 | dab30b7895ab22c54ae495b1e99d858f2b2132bf849b4f4d0ea9a7832539ed78 | SHA256 of 6ffbbca108cfe838ca7138e381df210d | 2024-03-22 | |
| YARA | 47398f09b3b2f253686492f27a0d628ef44e1442 | — | 2024-03-22 | |
| FileHash-MD5 | 22c2e9caea842dcd382cffa8fe73fff6 | MD5 of 6bccfdbe392cf2eef8a337fbb8af90a662773d8cd73cec1ac1e0f51686840215 | 2024-03-22 | |
| FileHash-MD5 | 823791a9bfed88b3af85698e8f019254 | MD5 of 58b525579968cba0c68e8f7ae12e51e0b5542acc2c14a2e75fa6df44556e373f | 2024-03-22 | |
| FileHash-SHA1 | 009b40f13a1ff4622e9524fb99ebc4582e1980b5 | SHA1 of 6bccfdbe392cf2eef8a337fbb8af90a662773d8cd73cec1ac1e0f51686840215 | 2024-03-22 | |
| FileHash-SHA1 | 506803fd5335f75862e0ea271716a6e97cd66b13 | SHA1 of 58b525579968cba0c68e8f7ae12e51e0b5542acc2c14a2e75fa6df44556e373f | 2024-03-22 | |
| FileHash-SHA256 | 58b525579968cba0c68e8f7ae12e51e0b5542acc2c14a2e75fa6df44556e373f | — | 2024-03-22 | |
| FileHash-SHA256 | 6bccfdbe392cf2eef8a337fbb8af90a662773d8cd73cec1ac1e0f51686840215 | — | 2024-03-22 | |
| YARA | 0cf7ac07b6c0a7d76d5e99b7c9bc6acee9b46196 | — | 2024-03-22 | |
| YARA | e2dd8a5e0210a177218157e7d4eccdf417fe2da5 | — | 2024-03-22 | |
| hacknpatch@infosec.exchange | — | 2024-03-22 | ||
| FileHash-MD5 | 74f53a6ad69f61379b6ca74144b597e6 | — | 2024-03-22 | |
| FileHash-MD5 | e719388778f14e77819a62c5759d114b | MD5 of 540fe15ae176cadcfa059354fcdfe59a41089450 | 2024-03-22 | |
| FileHash-SHA1 | 540fe15ae176cadcfa059354fcdfe59a41089450 | — | 2024-03-22 | |
| FileHash-SHA1 | f188b5edc93ca1e250aee92db84f416b1642ec7f | — | 2024-03-22 | |
| FileHash-SHA256 | d45c7e27054ba5d38a10e7e9d302e1d6ce74f17cf23085b65ccfba08e21a8d0b | — | 2024-03-22 | |
| FileHash-SHA256 | d932a62ab0fb28e439a5a7aab8db97b286533eafccf039dd079537ac9e91f551 | SHA256 of 540fe15ae176cadcfa059354fcdfe59a41089450 | 2024-03-22 | |
| YARA | 8a5e0aceb802aadac19c806afddee100bfa1b2dc | detects the unpacked Erbium stealer | 2024-03-22 | |
| FileHash-MD5 | 861b80a75ecfb083c46f6e52277b69a9 | MD5 of 538bb2540aad0dcb512c6f0023607382456f9037d869b4bf00bcbdb18856b338 | 2024-03-22 | |
| FileHash-SHA1 | 2dd3e77210ec0f0785646e40bedf683443a846b7 | SHA1 of 538bb2540aad0dcb512c6f0023607382456f9037d869b4bf00bcbdb18856b338 | 2024-03-22 | |
| FileHash-SHA256 | 538bb2540aad0dcb512c6f0023607382456f9037d869b4bf00bcbdb18856b338 | — | 2024-03-22 | |
| YARA | 5f2befa29c699f176c80983454ade82226356d41 | — | 2024-03-22 | |
| FileHash-MD5 | 2ba1411c46d529f2ae6a7c154d13f029 | — | 2024-03-22 | |
| FileHash-SHA256 | 4165190e60ad5abd437c7768174b12748d391b8b97c874b5bdf8d025c5e17f43 | — | 2024-03-22 | |
| YARA | b33ff3fdac8004b8f635dd88a118e0e05b3bf097 | — | 2024-03-22 | |
| FileHash-MD5 | 71e1cfb5e5a515cea2c3537b78325abf | MD5 of 55901c2d5489d6ac5a0671971d29a31f4cdfa2e03d56e18c1585d78547a26396 | 2024-03-22 | |
| FileHash-SHA1 | bcc9e35c28430264575831e851182eca7219116f | SHA1 of 55901c2d5489d6ac5a0671971d29a31f4cdfa2e03d56e18c1585d78547a26396 | 2024-03-22 | |
| FileHash-SHA256 | 55901c2d5489d6ac5a0671971d29a31f4cdfa2e03d56e18c1585d78547a26396 | — | 2024-03-22 | |
| YARA | c5e5a8b67e7d0dd259ea5c3beb8a3c953d82cb70 | Detects Bitter (T-APT-17) PDB Paths | 2024-03-22 | |
| FileHash-MD5 | 9c817fe677e2505306455d42d081252c | — | 2024-03-22 | |
| FileHash-SHA1 | 42b18e70f988f90074bcef5eacf8a65915181daa | SHA1 of 9c817fe677e2505306455d42d081252c | 2024-03-22 | |
| FileHash-SHA256 | c1b594b4e47d437a5f73891c1a7112452dfbd9243ac3e77fdb72871af430b19e | SHA256 of 9c817fe677e2505306455d42d081252c | 2024-03-22 | |
| YARA | 80b02b85985c0c90ea8ccd7f8ef3691c3f093de0 | — | 2024-03-22 | |
| FileHash-MD5 | 3b25a34bb08f4759792c24b121109506 | — | 2024-03-22 | |
| YARA | da46560be838c57cf2ae8741a1366886027e97fd | Detects RWX-S signed binaries. This only verifies that the image contains a signature, not that it is valid. | 2024-03-22 | |
| FileHash-MD5 | 40116e24a4cbd01af4d2637cf9008f54 | MD5 of e05142f8375070d1ea25ed3a31404ca37b4e1ac88c26832682d8d2f9f4f6d0ae | 2024-03-22 | |
| FileHash-MD5 | 4745f0dbe50ba732cffb72c3cb62e51a | MD5 of 63fb47c3b4693409ebadf8a5179141af5cf45a46d1e98e5f763ca0d7d64fb17c | 2024-03-22 | |
| FileHash-SHA1 | 44295938e2cf01cdce8dacf1d54965b192a30c03 | SHA1 of 63fb47c3b4693409ebadf8a5179141af5cf45a46d1e98e5f763ca0d7d64fb17c | 2024-03-22 | |
| FileHash-SHA1 | bf7d1488909cbeb914b63c0e00aa614558bb64cb | SHA1 of e05142f8375070d1ea25ed3a31404ca37b4e1ac88c26832682d8d2f9f4f6d0ae | 2024-03-22 | |
| FileHash-SHA256 | 63fb47c3b4693409ebadf8a5179141af5cf45a46d1e98e5f763ca0d7d64fb17c | — | 2024-03-22 | |
| FileHash-SHA256 | e05142f8375070d1ea25ed3a31404ca37b4e1ac88c26832682d8d2f9f4f6d0ae | — | 2024-03-22 | |
| URL | https://blockchain-newtech.com/download/download.asp | — | 2024-03-22 | |
| URL | https://fasttet.com/user/agency.asp | — | 2024-03-22 | |
| domain | blockchain-newtech.com | — | 2024-03-22 | |
| domain | fasttet.com | — | 2024-03-22 | |
| FileHash-MD5 | 71c3772dd2f4c60a13e3e5a1180154b7 | — | 2024-03-22 | |
| YARA | 857014c3ac6e83be9545286c861a5f40e1c7b3e2 | Erbium Stealer in its obfuscated format | 2024-03-22 | |
| FileHash-MD5 | 72b8f5d6ed58add5bf34b7d051ce40b3 | — | 2024-03-22 | |
| YARA | 5330d792d0d9c4d14f469cab0982ccbb73ae0746 | Detects files commpressed with ZPAQ alg. | 2024-03-22 | |
| FileHash-MD5 | 21e13f2cb269defeae5e1d09887d47bb | — | 2024-03-22 | |
| FileHash-SHA1 | 16d7ecf09fc98798a6170e4cef2745e0bee3f5c7 | SHA1 of 21e13f2cb269defeae5e1d09887d47bb | 2024-03-22 | |
| FileHash-SHA256 | 543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91 | SHA256 of 21e13f2cb269defeae5e1d09887d47bb | 2024-03-22 | |
| YARA | 5d8199e717998408673974bce0e99892f87bf85b | Detects suspicious use of the the free hex editor HxD's icon in PE files that don't seem to be a legitimate version of HxD | 2024-03-22 | |
| FileHash-MD5 | b4b6c316ba4285d42649026d38f9ea43 | — | 2024-03-22 | |
| FileHash-SHA1 | 64687275e66785969585d29020fabb011865af45 | SHA1 of b4b6c316ba4285d42649026d38f9ea43 | 2024-03-22 | |
| FileHash-SHA256 | 20d724d8e30e64f74aaab99ab360c896590a8faa06b8d1ac71424660a2e08d3a | SHA256 of b4b6c316ba4285d42649026d38f9ea43 | 2024-03-22 | |
| FileHash-MD5 | 71a3802f52847e83d3bacd011451b595 | — | 2024-03-22 | |
| FileHash-SHA1 | 3e3f59225ee95442b9ae67d8500ee76bde36bd98 | SHA1 of 71a3802f52847e83d3bacd011451b595 | 2024-03-22 | |
| FileHash-SHA256 | da1a6f5a5312ea5776be761f446e3d15d42b785004b967cfc034e8984d1c88ca | SHA256 of 71a3802f52847e83d3bacd011451b595 | 2024-03-22 | |
| FileHash-SHA256 | 4dcbcc070e7e3d0696c777b63e185406e3042de835b734fe7bb33cc12e539bf6 | — | 2024-03-22 | |
| YARA | 0675f0fbbf313f4c37bd7bb852535618be285d1a | Detects Magniber Ransomware ISO files from fake Windows Update delivery method | 2024-03-22 | |
| FileHash-MD5 | 1ecb6415fe6756853dbcc92639c74635 | MD5 of de30f2ba2d8916db5ce398ed580714e2a8e75376f31dc346b0e3c898ee0ae4cf | 2024-03-22 | |
| FileHash-MD5 | 65b3b312dfaf25a72e9171271909357e | MD5 of 3f00a56cbf9a0e59309f395a6a0b3457c7675a657b3e091d1a9440bd17963f59 | 2024-03-22 | |
| FileHash-SHA1 | 27ad6c052c8e7ae897c61863b521537fcc020bdb | SHA1 of de30f2ba2d8916db5ce398ed580714e2a8e75376f31dc346b0e3c898ee0ae4cf | 2024-03-22 | |
| FileHash-SHA1 | fdc327d8b4053966e1e3d80bd57e025e2723fe09 | SHA1 of 3f00a56cbf9a0e59309f395a6a0b3457c7675a657b3e091d1a9440bd17963f59 | 2024-03-22 | |
| FileHash-SHA256 | 18af397a27e58afb901c92f37569d48e3372cf073915723e4e73d44537bcf54d | — | 2024-03-22 | |
| FileHash-SHA256 | 3f00a56cbf9a0e59309f395a6a0b3457c7675a657b3e091d1a9440bd17963f59 | — | 2024-03-22 | |
| FileHash-SHA256 | bfc979c0146d792283f825f99772370f6ff294dfb5b1e056943696aee9bc9f7b | — | 2024-03-22 | |
| FileHash-SHA256 | de30f2ba2d8916db5ce398ed580714e2a8e75376f31dc346b0e3c898ee0ae4cf | — | 2024-03-22 | |
| FileHash-SHA256 | e0d9f2a72d64108a93e0cfd8066c04ed8eabe2ed43b80b3f589b9b21e7f9a488 | — | 2024-03-22 | |
| YARA | 75be7982158a8f93b82ca4a2bf77c550f461e269 | Detects suspicious Microsoft OneNote files used to deliver Malware | 2024-03-22 | |
| FileHash-MD5 | 28b01b187ecb0bdc1301da975b52a2fa | — | 2024-03-22 | |
| YARA | ba8b9fe6252fac61236c686755bd86c1ecc6c134 | Detects custom base64 used by SocGholish | 2024-03-22 | |
| FileHash-MD5 | 7fb296f96e098bdaaaa518c2ba176ece | — | 2024-03-22 | |
| YARA | b966cb8c654b87c6fbb0c01fe0160e7524e570d9 | Detects reverse obfuscated socgholish string | 2024-03-22 | |
| YARA | 2bb9692c75857556c5c16cc111611e00e094ffc6 | Detects suspicious Microsoft Windows APPX/MSIX Installer Manifests | 2024-03-22 | |
| FileHash-MD5 | ff19670725eaf5df6f3d2ca656d3db27 | — | 2024-03-22 | |
| YARA | 5afe02f2e7ff0f960a5a88c4431710291dccbddb | Detects a WSF loader used to deploy Qakbot DLL | 2024-03-22 | |
| FileHash-MD5 | dcd7323af2490ceccfc9da2c7f92c54a | — | 2024-03-22 | |
| YARA | 90b5f69e8a6db04c123bc88e3c7c67e601e85476 | detects Agent Tesla | 2024-03-22 | |
| FileHash-MD5 | 62174157b42e5c8c86b05baf56dfd24b | — | 2024-03-22 | |
| FileHash-SHA256 | 5cb70c87f0b98279420dde0592770394bf8d5b57df50bce4106d868154fd74cb | — | 2024-03-22 | |
| FileHash-SHA256 | b7f891f4ed079420e16c4509680cfad824b061feb94a0d801c96b82e1f7d52ad | — | 2024-03-22 | |
| FileHash-SHA256 | c8f27c0e0d4e91b1a6f62f165d45d8616fc24d9c798eb8ab4269a60e29a2de5e | — | 2024-03-22 | |
| YARA | c5128565f03c50461470797b34adc0076e03c91e | detects DanaBot | 2024-03-22 | |
| FileHash-MD5 | 2a0575b66a700edb40a07434895bf7a9 | — | 2024-03-22 | |
| FileHash-SHA1 | 7cbd06b095b449b25c6feef602ddcdaa4af80e55 | SHA1 of 2a0575b66a700edb40a07434895bf7a9 | 2024-03-22 | |
| FileHash-SHA256 | 58da7be9794e698089cab73670670427426a846d477815a0770a6689d6b70e02 | SHA256 of 2a0575b66a700edb40a07434895bf7a9 | 2024-03-22 | |
| YARA | e7af49058712e2f9adbcfb47461f3666f6af3d72 | detects the lime rat | 2024-03-22 | |
| FileHash-MD5 | c5eb9c6ded323a8db7eb739e514bb46c | — | 2024-03-22 | |
| FileHash-SHA1 | cede3aa5e1821a47f416c64bc48d1aab72eb48ca | — | 2024-03-22 | |
| FileHash-SHA256 | 5a2283a997ab6a9680b69f9318315df3c9e634b3c4dd4a46f8bc5df35fc81284 | — | 2024-03-22 | |
| YARA | f14d040682224a3309fba0e3779f48896b97e37b | detects the loader of the Lu0bot malware | 2024-03-22 | |
| FileHash-MD5 | ffaa02061474361bc88fbdbbe1c0737d | — | 2024-03-22 | |
| YARA | 391e91f49b46486fa480447c4023de6e0d2d175f | — | 2024-03-22 | |
| YARA | 669df71e08f61a51f32698f6fa8c5aba357c39ed | Detects Bitter (T-APT-17) Almond RAT (.NET) | 2024-03-22 | |
| FileHash-MD5 | 7639fdbeac0f75cbcbd9b623a8a6b0d6 | — | 2024-03-22 | |
| YARA | b06219a4eca02d39a2c0047c3fcc4f1fc1a9738b | Unknown phishkit | 2024-03-22 | |
| FileHash-MD5 | 1b1b73382580c4be6fa24e8297e1849d | — | 2024-03-22 | |
| FileHash-MD5 | 1c6ba04dc9808084846ac1005deb9c85 | — | 2024-03-22 | |
| FileHash-SHA256 | 10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63 | — | 2024-03-22 | |
| YARA | 627961f979c1b206c18d73a2670895834c925ef2 | files - file ~tmp01925d3f.exe | 2024-03-22 | |
| FileHash-MD5 | 554d25724c8f6f53af8721d0ef6b6f42 | — | 2024-03-22 | |
| FileHash-SHA1 | 12aa02a42690740e106790852709edd8648177ac | SHA1 of 554d25724c8f6f53af8721d0ef6b6f42 | 2024-03-22 | |
| FileHash-SHA256 | e43fff23b2fff04d4a335ab5ff3cf69ba90bcc0dbe35901cf1c1e020614a0f07 | SHA256 of 554d25724c8f6f53af8721d0ef6b6f42 | 2024-03-22 | |
| YARA | e20fd0f962cdb56103e370cad33d1cf5c71e1295 | — | 2024-03-22 | |
| FileHash-MD5 | 26ddf1d4f84651f1b35fb6885d6ed325 | — | 2024-03-22 | |
| YARA | 6dab1f95ef12988824fc10a53cf0d4091efeee0c | Search for samples containing certain fingerprints | 2024-03-22 | |
| FileHash-MD5 | c358fe0e8837cc577315fc38892b937d | — | 2024-03-22 | |
| FileHash-SHA1 | 5e5c89147d248e16d24d673a1f77589c892db6f6 | SHA1 of c358fe0e8837cc577315fc38892b937d | 2024-03-22 | |
| FileHash-SHA256 | 773d147a031d8ef06ee8ec20b614a4fd9733668efeb2b05aa03e36baaf082878 | SHA256 of c358fe0e8837cc577315fc38892b937d | 2024-03-22 | |
| YARA | 72cac556378b98930068515dadfe9949d4233393 | Detects the ESXiArgs Ransomware encryption python script | 2024-03-22 | |
| FileHash-MD5 | deff93081ccb3fda7a12f6e9e3ad15ad | — | 2024-03-22 | |
| FileHash-SHA1 | 90c541806f23a127002de5b4038be731ba1458ca | — | 2024-03-22 | |
| FileHash-SHA256 | 030eb56e155fb01d7b190866aaa8b3128f935afd0b7a7b2178dc8e2eb84228b0 | — | 2024-03-22 | |
| URL | https://www.synacktiv.com/publications/krustyloader-rust-malware-linked-to-ivanti-connectsecure-compromises | — | 2024-03-22 | |
| hostname | www.synacktiv.com | — | 2024-03-22 | |
| FileHash-MD5 | 57b00a449fc132c2f5d139c6d1cee7cd | MD5 of ec901217558e77f2f449031a6a1190b1e99b30fa1bb8d8dabc3a99bc69833784 | 2024-03-22 | |
| FileHash-SHA1 | 560877ab92f78fa0aef8bb846674cd4e68729b64 | SHA1 of ec901217558e77f2f449031a6a1190b1e99b30fa1bb8d8dabc3a99bc69833784 | 2024-03-22 | |
| FileHash-SHA256 | ec901217558e77f2f449031a6a1190b1e99b30fa1bb8d8dabc3a99bc69833784 | — | 2024-03-22 | |
| YARA | 3526abe459f119b58e52425f323ec57daa58f68f | — | 2024-03-22 | |
| FileHash-MD5 | 2e5467cba76f44a088d39f78c5e807b6 | — | 2024-03-22 | |
| FileHash-MD5 | bb52051b05b6b1ccccc83df14f66df33 | — | 2024-03-22 | |
| FileHash-SHA256 | aa4b851898ca945e0970296800f0273ed170da6349d370fc450412a40497ceff | — | 2024-03-22 | |
| YARA | 00b3b087378e5e45b8eee715f3875e3c8632cb07 | — | 2024-03-22 | |
| FileHash-MD5 | b951629aedffbabc180ee80f9725f024 | MD5 of a43e0864905fe7afd6d8dbf26bd27d898a2effd386e81cfbc08cae9cf94ed968 | 2024-03-22 | |
| FileHash-SHA1 | 73c17369f2c4e3ce36d4f8917d011dde9a26eb07 | SHA1 of a43e0864905fe7afd6d8dbf26bd27d898a2effd386e81cfbc08cae9cf94ed968 | 2024-03-22 | |
| FileHash-SHA256 | a43e0864905fe7afd6d8dbf26bd27d898a2effd386e81cfbc08cae9cf94ed968 | — | 2024-03-22 | |
| YARA | 73a4ceddd5646a5263c56877805ee8fb84693a7d | Detects Microsoft OneNote files used to deliver Emotet (.js Payload) | 2024-03-22 | |
| FileHash-MD5 | 99549bcea63af5f81b01decf427519af | MD5 of 855f411bd0667b650c4f2fd3c9fbb4fa9209cf40b0d655fa9304dcdd956e0808 | 2024-03-22 | |
| FileHash-SHA1 | 4b91a6ea7258a947e59c6522cd5898e7c0a6a88f | — | 2024-03-22 | |
| FileHash-SHA1 | c7fcbaedf6b077b3d9bfc4720c3860a5d848bcb4 | SHA1 of 855f411bd0667b650c4f2fd3c9fbb4fa9209cf40b0d655fa9304dcdd956e0808 | 2024-03-22 | |
| FileHash-SHA256 | 855f411bd0667b650c4f2fd3c9fbb4fa9209cf40b0d655fa9304dcdd956e0808 | — | 2024-03-22 | |
| YARA | 52511f0f11207a75700db01ec70740d23ff4fd12 | — | 2024-03-22 | |
| FileHash-MD5 | 7a5c8f91ebcb37887631254be023767c | MD5 of 2b9d440e0a2b6b641c148826946d60bb71a28f866922b05847548563708b4450 | 2024-03-22 | |
| FileHash-SHA1 | ee47f5b29ab0a873c9d04db9e089b94ea75087b3 | SHA1 of 2b9d440e0a2b6b641c148826946d60bb71a28f866922b05847548563708b4450 | 2024-03-22 | |
| FileHash-SHA256 | 2b9d440e0a2b6b641c148826946d60bb71a28f866922b05847548563708b4450 | — | 2024-03-22 | |
| FileHash-MD5 | a728603061b5aa98fa40fb0447ba71e3 | MD5 of 5d8446a23b80e9b6cb7406c2ba81d606685cf11b24e9eb8309153a47b04f3aad | 2024-03-22 | |
| FileHash-SHA1 | ee0e249026d4ab18f34cb2c8670cb868a9bb03f6 | SHA1 of 5d8446a23b80e9b6cb7406c2ba81d606685cf11b24e9eb8309153a47b04f3aad | 2024-03-22 | |
| FileHash-SHA256 | 5d8446a23b80e9b6cb7406c2ba81d606685cf11b24e9eb8309153a47b04f3aad | — | 2024-03-22 | |
| YARA | b245ce062d68cd22c4da5260461d213c7625ce56 | detects the imminent rat | 2024-03-22 | |
| FileHash-MD5 | 38edeba93cc729b7099d74a7780d4dd6 | — | 2024-03-22 | |
| FileHash-SHA1 | fc8f8072e45a11c707b5809ec2368953389cce33 | SHA1 of 38edeba93cc729b7099d74a7780d4dd6 | 2024-03-22 | |
| FileHash-SHA256 | 0bb7b001d42695cc0d5807fbdbd61fa8058a8ccc6819f56e197f5b143bcf12f6 | SHA256 of 38edeba93cc729b7099d74a7780d4dd6 | 2024-03-22 | |
| YARA | 352632dde0c7b6a2c587e223bd0f8422ecee82ed | — | 2024-03-22 | |
| FileHash-MD5 | d4a302a3910df519a28ec8401bd441d0 | MD5 of 36d8cb1447e2c5da60d2b86bf29856919c25f8e71a17f1d0d61d03c5e0505e4b | 2024-03-22 | |
| FileHash-MD5 | fa39f2f66ea81c985caf7a3aca53d7eb | — | 2024-03-22 | |
| FileHash-SHA1 | f87f7604d80fa041912ec19f7e2a26dbe059d00d | SHA1 of 36d8cb1447e2c5da60d2b86bf29856919c25f8e71a17f1d0d61d03c5e0505e4b | 2024-03-22 | |
| FileHash-SHA256 | 36d8cb1447e2c5da60d2b86bf29856919c25f8e71a17f1d0d61d03c5e0505e4b | — | 2024-03-22 | |
| FileHash-SHA256 | e907c22288dacb37efa07481fef7a0d4ec0ce42954f12b2572ea7f5ffeecf313 | — | 2024-03-22 | |
| FileHash-SHA256 | ef9fce75334befe0b435798c0b61dab1239ea5bc62b97654943676dd96dc6318 | — | 2024-03-22 | |
| YARA | 838a5e62dc24aee4a804d3f5b94b56e919550f20 | — | 2024-03-22 | |
| FileHash-MD5 | f1e66f626c6c4a52bf3efc0518d06303 | — | 2024-03-22 | |
| FileHash-SHA1 | 7f4b2229e6ae614d86d74917f6d5b41890e62a26 | — | 2024-03-22 | |
| YARA | 3b8401459a184cf1994932a318ad66ccaf0fde10 | Detects win.qakbot. | 2024-03-22 | |
| FileHash-MD5 | 084b4397d2c3590155fed50f0ad9afcf | — | 2024-03-22 | |
| YARA | 4ee71bfb8d4c03ff518d4ecd0ce71992accd539f | Detects targeted spear phishing campaigns using a private PaaS based on filenames. | 2024-03-22 | |
| FileHash-MD5 | 7e2e4af82407b97d8f00d1ff764924d4 | — | 2024-03-22 | |
| YARA | 2d4055a06a9c5cd35e6425738dbe7692114028e9 | Detects Erbium Stealer's loader | 2024-03-22 | |
| FileHash-MD5 | cb1b7d3a9bd4f3742c3b8c4c21c808b8 | — | 2024-03-22 | |
| YARA | 325a38457507e3d96f4bf41d493c4a58eaaac0c4 | Eternity function routines | 2024-03-22 | |
| FileHash-MD5 | 1807f10ee386d0702bbfcd1a4da76fd1 | — | 2024-03-22 | |
| YARA | 55829837aa62275d549ae7bd92b79d89e65b3095 | Detects QBOT HTML smuggling variants | 2024-03-22 |
References (205)
↗ DLL_BankingTrojan_Coyote_Feb2024.yar
↗ Dll_Backdoor_FalseFront_Jan2024.yar
↗ Diff_QuasarRAT_01.yar
↗ DLL_TinyTurla_Strings_Feb2024.yar
↗ globalnet_files.yar
↗ EXE_Stealer_Atlantida.yar
↗ EXE_Python_Stealer_Jan2024.yar
↗ meth_peb_parsing.yar
↗ RABBITHUNT_cls.yar
↗ vidar_stealer_unpacked.yar
↗ APT_Bitter_Maldoc_Verify.yar
↗ win_origin_logger_b5c8.yar
↗ EXE_Stealer_Elusive_Feb2024.yar
↗ win_originbot.yar
↗ SUS_Unsigned_APPX_MSIX_Installer_Feb23.yar
↗ bumblebee_win_generic.yar
↗ yarahub_win_stealc_bytecodes_oct_2023.yar
↗ loader_win_bumblebee.yar
↗ signed_sys_with_vulnerablity.yar
↗ EXE_Backdoor_Rust_March2024.yar
↗ EXE_Backdoor_GoBear_Feb2024.yar
↗ MALWARE_APT29_SVG_Delivery_Jul23.yar
↗ lockbitblack_ransomnote.yar
↗ EXE_Stealer_RustyStealer_Feb2024.yar
↗ LucaStealer.yar
↗ win_laplas_clipper_9c96.yar
↗ koi_loader.yar
↗ ItsSoEasy_Ransomware_C_Var.yar
↗ Nymaim.yar
↗ EXE_Stealer_TrollStealer_Feb2024.yar
↗ PseudoManuscriptLoader.yar
↗ SVCReady_Packed.yar
↗ DLL_DiceLoader_Fin7_Feb2024.yar
↗ win_bitcoin_genesis_b9_ce9f.yar
↗ WIN32_MAL_TROJ_UPATRE_SMBG.yar
↗ yes.yar
↗ DLL_Unknown_China_Feb2024.yar
↗ DLL_Loader_Pikabot_March2024.yar
↗ Embedded_RTF_File.yar
↗ yarahub_win_njrat_bytecodes_V2_oct_2023.yar
↗ ItsSoEasy_Ransomware_basic.yar
↗ MALWARE_Emotet_OneNote_Delivery_vbs_Mar23.yar
↗ win_phorpiex_a_84fc.yar
↗ EXE_Virus_Neshta_March2024.yar
↗ meth_get_eip.yar
↗ DLL_Loader_Wineloader_March2024.yar
↗ OneNote_EmbeddedFiles_NoPictures.yar
↗ LimeRAT.yar
↗ privateloader.yar
↗ RaccoonV2.yar
↗ MALWARE_Storm0978_Underground_Ransomware_Jul23.yar
↗ SUS_UNC_InEmail.yar
↗ redline_win_generic.yar
↗ win_amadey_a9f4.yar
↗ Android_Backdoor_Xamalicious.yar
↗ VxLang_Packer.yar
↗ DLL_North_Korean_Lazarus_March2024.yar
↗ pe_packer_pecompact2.yar
↗ win_tofsee_bot.yar
↗ crashedtech_loader.yar
↗ EXE_Ransomware_Mimic.yar
↗ DLL_News_Penguin_Feb2024.yar
↗ DLL_Mustang_Panda_March2024.yar
↗ EXE_Stealer_Nightingale_Imphash_Jan2024.yar
↗ EXE_Stealer_Nightingale_Jan2024.yar
↗ EXE_Stealer_Planet_March2024.yar
↗ LNK_Dropper_Russian_APT_Feb2024.yar
↗ Chinese_APT_Backdoor.yar
↗ Guloader_VBScript.yar
↗ bruteratelc4.yar
↗ RANSOM_Lockbit_Black_Packer.yar
↗ SocGholish_Variant_B.yar
↗ DLL_RAT_WogRAT_March2024.yar
↗ win_matanbuchus.yar
↗ WIN32_MAL_TROJ_DARKME.yar
↗ Android_BankingTrojan_Hydra.yar
↗ ELF_RAT_Bifrost_March2024.yar
↗ EXPLOIT_WinRAR_CVE_2023_38831_Aug23.yar
↗ ISO_LNK_JS_CMD_DLL.yar
↗ win_gcleaner_de41.yar
↗ ItsSoEasy_Ransomware.yar
↗ EXE_Ransomware_Tuga_March2024.yar
↗ RABBITHUNT_loader.yar
↗ LockBit3_ransomware.yar
↗ Matanbuchus_MSI_2.yar
↗ MX_fin_custom_allakore_rat.yar
↗ PikaBot_Stage1_20240222.yar
↗ Powerpoint_Code_Execution.yar
↗ Qakbot_IsoCampaign.yar
↗ RANSOM_ESXiArgs_Ransomware_Bash_Feb23.yar
↗ SelfExtractingRAR.yar
↗ PUPPETLOADER_loader.yar
↗ unpacked_qbot.yar
↗ ELF_Backdoor_ZipLine_Feb2024.yar
↗ win_colibriloader.yar
↗ win_strelastealer.yar
↗ android_apk_hook.yar
↗ MALWARE_Storm0978_HTML_PROTHANDLER_Jul23.yar
↗ babuk_copycat_esxi.yar
↗ EXE_Ransomware_Phobos_Feb2024.yar
↗ elf_rekoobe_b3_06c9.yar
↗ RANSOM_ESXiArgs_Ransomware_Encryptor_Feb23.yar
↗ EXE_Trojan_RomCom_Feb2024.yar
↗ EXE_Unknown_Backdoor_March2024.yar
↗ BruteRatelConfig.yar
↗ GHISLER_Stealer_1.yar
↗ pe_no_import_table.yar
↗ lnk_from_chinese.yar
↗ Ransomware_SLug.yar
↗ Sus_AnyDesk_Attempts_Feb2024.yar
↗ SUSP_ZIP_LNK_PhishAttachment.yar
↗ ScareCrow_Malware.yar
↗ win_aurora_stealer_a_706a.yar
↗ tofsee_yhub.yar
↗ win_xfiles_stealer_a8b373fb.yar
↗ EXE_Stealer_RisePro_Jan2024.yar
↗ AppLaunch.yar
↗ PassProtected_ZIP_ISO_file.yar
↗ Win_DarkGate.yar
↗ LATAMHotel_Obfuscated_BAT.yar
↗ DLL_PyPi_Loader_Lazarus_March2024.yar
↗ Disable_Defender.yar
↗ sfx_pdb_winrar_restrict.yar
↗ Detect_SliverFox_String.yar
↗ EXE_Stealer_CryptBot_March2024.yar
↗ DLL_TinyTurla_PE_Properties_Feb2024.yar
↗ EXE_Loader_WikiLoader_Feb2024.yar
↗ DLL_Banking_Trojan_Chavecloak_March2024.yar
↗ IcedID_ISO.yar
↗ ELF_Implant_COATHANGER_Feb2024.yar
↗ malware_bumblebee_packed.yar
↗ LockbitBlack_Loader.yar
↗ Python_MasePie.yar
↗ MALWARE_Emotet_OneNote_Delivery_wsf_Mar23.yar
↗ QakBot_OneNote_Loader.yar
↗ Old_Code__Signature_AnyDesk_Feb2024.yar
↗ SUSP_Doc_WordXMLRels_May22.yar
↗ vulnerablity_driver2_PhysicalMemory.yar
↗ win_colibriloader_unpacked.yar
↗ win_vidar_a_a901.yar
↗ DLL_RAT_Xeno_Feb2024.yar
↗ RANSOM_Magniber_LNK_Jan23.yar
↗ win_xwormmm_s1_6f74.yar
↗ WIN32_MALWR_POSSIBLE_EMOTET_07_20.yar
↗ AgentTesla_DIFF_Common_Strings_01.yar
↗ anyburn_iso_with_date.yar
↗ avemaria_rat_yhub.yar
↗ DanaBot_12_2023.yar
↗ detect_Redline_Stealer_V2.yar
↗ ELF_RANSOMWARE_BLACKCAT.yar
↗ DLL_Loader_BlackWood_APT_Jan2024.yar
↗ EXE_Stealer_WhiteSnake_Jan2024.yar
↗ DLL_Stealer_Ov3rStealer_Feb2024.yar
↗ win_modern_loader_v1_01_1edf.yar
↗ Icedid_Unpacked_in_Memory.yar
↗ meth_stackstrings.yar
↗ Play_Ransomware.yar
↗ EXE_RAT_vxRAT_March2024.yar
↗ EXE_Stealer_Strela_March2024.yar
↗ sqlcmd_loader.yar
↗ EXE_Stealer_Phemedrone_Feb2024.yar
↗ StrelaStealer.yar
↗ win_erbium_stealer_a1_2622.yar
↗ UNKNOWN_News_Penguin_Feb2024.yar
↗ win_amadey_bytecodes_oct_2023.yar
↗ APT_Bitter_PDB_Paths.yar
↗ binaryObfuscation.yar
↗ detect_RWS_pe_rule.yar
↗ DLL_PyPi_Comebacker_Lazarus_March2024.yar
↗ Erbium_Stealer_Obfuscated.yar
↗ ZPAQ.yar
↗ SUSP_HxD_Icon_Anomaly_May23_1.yar
↗ ItsSoEasy_Ransomware_Go_Var.yar
↗ ItsSoEasy_Ransomware_Py_Var.yar
↗ RANSOM_Magniber_ISO_Jan23.yar
↗ MALWARE_OneNote_Delivery_Jan23.yar
↗ SocGholish_Custom_Base64.yar
↗ SocGholish_Obfuscated.yar
↗ SUS_Unsigned_APPX_MSIX_Manifest_Feb23.yar
↗ Qakbot_WSF_loader.yar
↗ win_agent_tesla_ab4444e9.yar
↗ win_danabot_cdf38827.yar
↗ win_limerat_j1_00cfd931.yar
↗ win_lu0bot_loader_1d53.yar
↗ agenttesla_win_generic.yar
↗ APT_Bitter_Almond_RAT.yar
↗ unk_phishkit.yar
↗ cobalt_strike_tmp01925d3f.yar
↗ detect_Redline_Stealer.yar
↗ hunt_redline_stealer.yar
↗ RANSOM_ESXiArgs_Ransomware_Python_Feb23.yar
↗ ELF_Loader_KrustyLoader_Feb2024.yar
↗ yarahub_win_remcos_rat_unpacked_aug_2023.yar
↗ EXE_Stealer_44Caliber_Feb2024.yar
↗ MALWARE_Emotet_OneNote_Delivery_js_Mar23.yar
↗ EXE_Ransomware_Nevada_Feb2024.yar
↗ EXE_Stealer_StealC_Feb2024.yar
↗ win_imminentrat_j1_7e208e97.yar
↗ recordbreaker_win_generic.yar
↗ yarahub_win_mystic_stealer_bytecodes_sep_2023.yar
↗ win_qakbot_malped.yar
↗ PaaS_SpearPhishing_Feb23.yar
↗ Erbium_Loader.yar
↗ win_Eternity.yar
↗ QBOT_HTMLSmuggling_a.yar