forked from Yara-Rules/rules
-
Notifications
You must be signed in to change notification settings - Fork 0
/
malware_index.yar
306 lines (306 loc) · 12.2 KB
/
malware_index.yar
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
/*
Generated by Yara-Rules
On 04-02-2017
*/
include "./malware/APT_APT1.yar"
include "./malware/APT_APT17.yar"
include "./malware/APT_APT29_Grizzly_Steppe.yar"
include "./malware/APT_APT3102.yar"
include "./malware/APT_APT9002.yar"
include "./malware/APT_Backspace.yar"
include "./malware/APT_Bestia.yar"
include "./malware/APT_Blackenergy.yar"
include "./malware/APT_Bluetermite_Emdivi.yar"
include "./malware/APT_C16.yar"
include "./malware/APT_Carbanak.yar"
include "./malware/APT_Careto.yar"
include "./malware/APT_Casper.yar"
include "./malware/APT_CheshireCat.yar"
include "./malware/APT_Cloudduke.yar"
include "./malware/APT_Codoso.yar"
include "./malware/APT_DeepPanda_Anthem.yar"
include "./malware/APT_DeputyDog.yar"
include "./malware/APT_Derusbi.yar"
include "./malware/APT_Dubnium.yar"
include "./malware/APT_Duqu2.yar"
include "./malware/APT_Emissary.yar"
include "./malware/APT_Equation.yar"
include "./malware/APT_EQUATIONGRP.yar"
include "./malware/APT_fancybear_dnc.yar"
include "./malware/APT_FiveEyes.yar"
include "./malware/APT_furtim.yar"
include "./malware/APT_FVEY_ShadowBrokers_Jan17_Screen_Strings.yar"
include "./malware/APT_HackingTeam.yar"
include "./malware/APT_Hellsing.yar"
include "./malware/APT_Hikit.yar"
include "./malware/APT_Irontiger.yar"
include "./malware/APT_Kaba.yar"
include "./malware/APT_Ke3Chang_TidePool.yar"
include "./malware/APT_KeyBoy.yar"
include "./malware/APT_LotusBlossom.yar"
include "./malware/APT_Minidionis.yar"
include "./malware/APT_Mirage.yar"
include "./malware/APT_Molerats.yar"
include "./malware/APT_Mongall.yar"
include "./malware/APT_NGO.yar"
include "./malware/APT_Oilrig.yar"
include "./malware/APT_OpClandestineWolf.yar"
include "./malware/APT_OPCleaver.yar"
include "./malware/APT_OpDustStorm.yar"
include "./malware/APT_OpPotao.yar"
include "./malware/APT_Passcv.yar"
include "./malware/APT_PCclient.yar"
include "./malware/APT_Pipcreat.yar"
include "./malware/APT_Platinum.yar"
include "./malware/APT_Poseidon_Group.yar"
include "./malware/APT_Prikormka.yar"
include "./malware/APT_PutterPanda.yar"
include "./malware/APT_Regin.yar"
include "./malware/APT_Scarab_Scieron.yar"
include "./malware/APT_Seaduke.yar"
include "./malware/APT_Snowglobe_Babar.yar"
include "./malware/APT_Sofacy_Bundestag.yar"
include "./malware/APT_Sofacy_Fysbis.yar"
include "./malware/APT_Sofacy_Jun16.yar"
include "./malware/APT_Sphinx_Moth.yar"
include "./malware/APT_Stuxnet.yar"
include "./malware/APT_Terracota.yar"
include "./malware/APT_ThreatGroup3390.yar"
include "./malware/APT_Turla_RUAG.yar"
include "./malware/APT_Unit78020.yar"
include "./malware/APT_UP007_SLServer.yar"
include "./malware/APT_Waterbug.yar"
include "./malware/APT_WildNeutron.yar"
include "./malware/APT_Windigo_Onimiki.yar"
include "./malware/APT_Winnti.yar"
include "./malware/APT_WoolenGoldfish.yar"
include "./malware/EXPERIMENTAL_Beef.yar"
include "./malware/GEN_PowerShell.yar"
include "./malware/MALW_AdGholas.yar"
include "./malware/MALW_Alina.yar"
include "./malware/MALW_Andromeda.yar"
include "./malware/MALW_Athena.yar"
include "./malware/MALW_Atmos.yar"
include "./malware/MALW_BackdoorSSH.yar"
include "./malware/MALW_Backoff.yar"
include "./malware/MALW_Bangat.yar"
include "./malware/MALW_Batel.yar"
include "./malware/MALW_BlackRev.yar"
include "./malware/MALW_BlackWorm.yar"
include "./malware/MALW_Boouset.yar"
include "./malware/MALW_Bublik.yar"
include "./malware/MALW_Buzus_Softpulse.yar"
include "./malware/MALW_CAP_HookExKeylogger.yar"
include "./malware/MALW_CAP_Win32Inet.yara"
include "./malware/MALW_Chicken.yar"
include "./malware/MALW_Citadel.yar"
include "./malware/MALW_Cloaking.yar"
include "./malware/MALW_Cookies.yar"
include "./malware/MALW_Corkow.yar"
include "./malware/MALW_Cxpid.yar"
include "./malware/MALW_Cythosia.yar"
include "./malware/MALW_DDoSTf.yar"
include "./malware/MALW_Derkziel.yar"
include "./malware/MALW_Dexter.yar"
include "./malware/MALW_DiamondFox.yar"
include "./malware/MALW_DirtJumper.yar"
include "./malware/MALW_Elex.yar"
include "./malware/MALW_Elknot.yar"
include "./malware/MALW_Empire.yar"
include "./malware/MALW_Enfal.yar"
include "./malware/MALW_Exploit_UAC_Elevators.yar"
include "./malware/MALW_Ezcob.yar"
include "./malware/MALW_F0xy.yar"
include "./malware/MALW_FakeM.yar"
include "./malware/MALW_Fareit.yar"
include "./malware/MALW_Favorite.yar"
include "./malware/MALW_Furtim.yar"
include "./malware/MALW_Genome.yar"
include "./malware/MALW_Glasses.yar"
include "./malware/MALW_Gozi.yar"
include "./malware/MALW_Grozlex.yar"
include "./malware/MALW_Hsdfihdf_banking.yar"
include "./malware/MALW_Iexpl0ree.yar"
include "./malware/MALW_IMuler.yar"
include "./malware/MALW_Install11.yar"
include "./malware/MALW_Intel_Virtualization.yar"
include "./malware/MALW_Jolob_Backdoor.yar"
include "./malware/MALW_Kelihos.yar"
include "./malware/MALW_KINS.yar"
include "./malware/MALW_Korlia.yar"
include "./malware/MALW_Korplug.yar"
include "./malware/MALW_Kovter.yar"
include "./malware/MALW_Kraken.yar"
include "./malware/MALW_Lateral_Movement.yar"
include "./malware/MALW_Lenovo_Superfish.yar"
include "./malware/MALW_LinuxMoose.yar"
include "./malware/MALW_LostDoor.yar"
include "./malware/MALW_LuckyCat.yar"
include "./malware/MALW_LURK0.yar"
include "./malware/MALW_MacControl.yar"
include "./malware/MALW_Madness.yar"
include "./malware/MALW_Magento_backend.yar"
include "./malware/MALW_Magento_frontend.yar"
include "./malware/MALW_Magento_suspicious.yar"
include "./malware/MALW_Mailers.yar"
include "./malware/MALW_Miancha.yar"
include "./malware/MALW_MiniAsp3_mem.yar"
include "./malware/MALW_Mirai.yar"
include "./malware/MALW_Miscelanea.yar"
include "./malware/MALW_Miscelanea_Linux.yar"
include "./malware/MALW_Naikon.yar"
include "./malware/MALW_Naspyupdate.yar"
include "./malware/MALW_NetTraveler.yar"
include "./malware/MALW_NionSpy.yar"
include "./malware/MALW_Notepad.yar"
include "./malware/MALW_NSFree.yar"
include "./malware/MALW_Odinaff.yar"
include "./malware/MALW_Olyx.yar"
include "./malware/MALW_OSX_Leverage.yar"
include "./malware/MALW_PE_sections.yar"
include "./malware/MALW_PittyTiger.yar"
include "./malware/MALW_Ponmocup.yar"
include "./malware/MALW_Pony.yar"
include "./malware/MALW_PubSab.yar"
include "./malware/MALW_Pyinstaller.yar"
include "./malware/MALW_Quarian.yar"
include "./malware/MALW_Regsubdat.yar"
include "./malware/MALW_Retefe.yar"
include "./malware/MALW_Rockloader.yar"
include "./malware/MALW_Rooter.yar"
include "./malware/MALW_Rovnix.yar"
include "./malware/MALW_Safenet.yar"
include "./malware/MALW_Sakurel.yar"
include "./malware/MALW_Sayad.yar"
include "./malware/MALW_Scarhikn.yar"
include "./malware/MALW_Sendsafe.yar"
include "./malware/MALW_Shamoon.yar"
include "./malware/MALW_Shifu.yar"
include "./malware/MALW_Skeleton.yar"
include "./malware/MALW_Sqlite.yar"
include "./malware/MALW_Stealer.yar"
include "./malware/MALW_Surtr.yar"
include "./malware/MALW_T5000.yar"
include "./malware/MALW_Tedroo.yar"
include "./malware/MALW_Tinba.yar"
include "./malware/MALW_Torte_ELF.yar"
include "./malware/MALW_TreasureHunt.yar"
include "./malware/MALW_Upatre.yar"
include "./malware/MALW_Urausy.yar"
include "./malware/MALW_Vidgrab.yar"
include "./malware/MALW_viotto_keylogger.yar"
include "./malware/MALW_Wabot.yar"
include "./malware/MALW_Warp.yar"
include "./malware/MALW_Wimmie.yar"
include "./malware/MALW_xDedic_marketplace.yar"
include "./malware/MALW_XOR_DDos.yar"
include "./malware/MALW_Yayih.yar"
include "./malware/MALW_Zegost.yar"
include "./malware/MALW_Zeus.yar"
include "./malware/Operation_Blockbuster/cert_wiper.yara"
include "./malware/Operation_Blockbuster/DeltaCharlie.yara"
include "./malware/Operation_Blockbuster/general.yara"
include "./malware/Operation_Blockbuster/HotelAlfa.yara"
include "./malware/Operation_Blockbuster/IndiaAlfa.yara"
include "./malware/Operation_Blockbuster/IndiaBravo.yara"
include "./malware/Operation_Blockbuster/IndiaCharlie.yara"
include "./malware/Operation_Blockbuster/IndiaDelta.yara"
include "./malware/Operation_Blockbuster/IndiaEcho.yara"
include "./malware/Operation_Blockbuster/IndiaGolf.yara"
include "./malware/Operation_Blockbuster/IndiaHotel.yara"
include "./malware/Operation_Blockbuster/IndiaJuliett.yara"
include "./malware/Operation_Blockbuster/IndiaWhiskey.yara"
include "./malware/Operation_Blockbuster/KiloAlfa.yara"
include "./malware/Operation_Blockbuster/LimaAlfa.yara"
include "./malware/Operation_Blockbuster/LimaBravo.yara"
include "./malware/Operation_Blockbuster/LimaCharlie.yara"
include "./malware/Operation_Blockbuster/LimaDelta.yara"
include "./malware/Operation_Blockbuster/PapaAlfa.yara"
include "./malware/Operation_Blockbuster/RomeoAlfa.yara"
include "./malware/Operation_Blockbuster/RomeoBravo.yara"
include "./malware/Operation_Blockbuster/RomeoCharlie.yara"
include "./malware/Operation_Blockbuster/RomeoDelta.yara"
include "./malware/Operation_Blockbuster/RomeoEcho.yara"
include "./malware/Operation_Blockbuster/RomeoGolf_mod.yara"
include "./malware/Operation_Blockbuster/RomeoHotel.yara"
include "./malware/Operation_Blockbuster/RomeoWhiskey.yara"
include "./malware/Operation_Blockbuster/sharedcode.yara"
include "./malware/Operation_Blockbuster/SierraAlfa.yara"
include "./malware/Operation_Blockbuster/SierraBravo.yara"
include "./malware/Operation_Blockbuster/SierraCharlie.yara"
include "./malware/Operation_Blockbuster/SierraJuliettMikeOne.yara"
include "./malware/Operation_Blockbuster/SierraJuliettMikeTwo.yara"
include "./malware/Operation_Blockbuster/suicidescripts.yara"
include "./malware/Operation_Blockbuster/TangoAlfa.yara"
include "./malware/Operation_Blockbuster/TangoBravo.yara"
include "./malware/Operation_Blockbuster/UniformAlfa.yara"
include "./malware/Operation_Blockbuster/UniformJuliett.yara"
include "./malware/Operation_Blockbuster/WhiskeyAlfa.yara"
include "./malware/Operation_Blockbuster/WhiskeyBravo_mod.yara"
include "./malware/Operation_Blockbuster/WhiskeyCharlie.yara"
include "./malware/Operation_Blockbuster/WhiskeyDelta.yara"
include "./malware/POS.yar"
include "./malware/POS_Bernhard.yar"
include "./malware/POS_BruteforcingBot.yar"
include "./malware/POS_Easterjack.yar"
include "./malware/POS_FastPOS.yar"
include "./malware/POS_LogPOS.yar"
include "./malware/POS_MalumPOS.yar"
include "./malware/POS_Mozart.yar"
include "./malware/RANSOM_.CRYPTXXX.yar"
include "./malware/RANSOM_777.yar"
include "./malware/RANSOM_Alpha.yar"
include "./malware/RANSOM_Cerber.yar"
include "./malware/RANSOM_Comodosec.yar"
include "./malware/RANSOM_Crypren.yar"
include "./malware/RANSOM_Cryptolocker.yar"
include "./malware/RANSOM_DMALocker.yar"
include "./malware/RANSOM_GoldenEye.yar"
include "./malware/RANSOM_Locky.yar"
include "./malware/RANSOM_Petya.yar"
include "./malware/RANSOM_Satana.yar"
include "./malware/RANSOM_Stampado.yar"
include "./malware/RANSOM_TeslaCrypt.yar"
include "./malware/RANSOM_Tox.yar"
include "./malware/RAT_Adwind.yar"
include "./malware/RAT_Adzok.yar"
include "./malware/RAT_BlackShades.yar"
include "./malware/RAT_Bolonyokte.yar"
include "./malware/RAT_Bozok.yar"
include "./malware/RAT_Cerberus.yar"
include "./malware/RAT_Crimson.yar"
include "./malware/RAT_CyberGate.yar"
include "./malware/RAT_DarkComet.yar"
include "./malware/RAT_FlyingKitten.yar"
include "./malware/RAT_Gh0st.yar"
include "./malware/RAT_Gholee.yar"
include "./malware/RAT_Glass.yar"
include "./malware/RAT_Havex.yar"
include "./malware/RAT_Hizor.yar"
include "./malware/RAT_Indetectables.yar"
include "./malware/RAT_Inocnation.yar"
include "./malware/RAT_jRAT.yar"
include "./malware/RAT_Meterpreter_Reverse_Tcp.yar"
include "./malware/RAT_Nanocore.yar"
include "./malware/RAT_NetwiredRC.yar"
include "./malware/RAT_Njrat.yar"
include "./malware/RAT_PlugX.yar"
include "./malware/RAT_PoisonIvy.yar"
include "./malware/RAT_Ratdecoders.yar"
include "./malware/RAT_Sakula.yar"
include "./malware/RAT_ShadowTech.yar"
include "./malware/RAT_Shim.yar"
include "./malware/RAT_Terminator.yar"
include "./malware/RAT_xRAT.yar"
include "./malware/RAT_xRAT20.yar"
include "./malware/RAT_Xtreme.yar"
include "./malware/RAT_ZoxPNG.yar"
include "./malware/TOOLKIT_Chinese_Hacktools.yar"
include "./malware/TOOLKIT_Dubrute.yar"
include "./malware/TOOLKIT_exe2hex_payload.yar"
include "./malware/TOOLKIT_FinFisher_.yar"
include "./malware/TOOLKIT_Gen_powerkatz.yar"
include "./malware/TOOLKIT_PassTheHash.yar"
include "./malware/TOOLKIT_Pwdump.yar"
include "./malware/TOOLKIT_THOR_HackTools.yar"
include "./malware/TOOLKIT_Wineggdrop.yar"