R yan R obinson aslefhewqiwbepqwefbpqsciwueh
aslefhewqiwbepqwefbpqsciwueh
/ obfuscated_autoit_injectors.txt
Created
January 9, 2024 21:40
A non exhaustive list of obfuscated AutoIt scripts (SHA256)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| aae989743dddc84adef90622c657e45e23386488fa79d7fe7cf0863043b8acd4 | |
| 87463dde87dd763f39c67cf255964dc9d9cdbaa1138a2ee2fd6e636f91a3fde8 | |
| c82a8e637365d708e5420cddbb4e9ccdecd82578bcaddf4ff9a59231fb27a690 | |
| df565c55d17cd4b099ba871f6b7dd9b813ec8620d0d3541c009a26a8fcc9847d | |
| f8671ff3f867737ae82bf98899c459ac3c735f81e502d72b1a2a999014de9bfa | |
| 5db4acc8901e4dd1db65cc58720e00548c742a01e8f70f0b7663044670f11b8f | |
| 01148a35f3033f573130015ec4d43a912f45fd1b650e3f27aa648ecb0e984d47 | |
| 977f464859b7222b37b32fbe7f6eae4a8d010e84528dd8d1681f42775c7faaa8 | |
| 86a5d8d34c89a8fbd3ed3afdde52507c24ec05a361fbe4f6f3627ca1572eacab | |
| dcfadf0620bb02b1c0f053c677dd2021399c8efe0e6e99f3a860a035eab35141 |
aslefhewqiwbepqwefbpqsciwueh
/ obfuscated_autoit_injector.yar
Created
January 9, 2024 21:28
A Yara rule that detects an obfuscated Autoit script, usually used for injection.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule obfuscated_autoit_injector | |
| { | |
| meta: | |
| author = "MhicRoibin" | |
| date = "2024-01-09" | |
| description = "Detects Obfuscated Autoit script, usually used for injection" | |
| sample = "aae989743dddc84adef90622c657e45e23386488fa79d7fe7cf0863043b8acd4" | |
| strings: | |
| $a = "FileExists" | |
| $b = "ACos(" |
aslefhewqiwbepqwefbpqsciwueh
/ example.txt
Last active
August 16, 2021 14:00
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cGhwIC1yICckc29jaz1mc29ja29wZW4oIjMuMTIzLjE0Mi4xODAiLDkwMDEpOyRwcm9jPXByb2Nfb3Blbigic2giLCBhcnJheSgwPT4kc29jaywgMT0+JHNvY2ssIDI9PiRzb2NrKSwkcGlwZXMpOyc= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cHl0aG9uMyAtYyAiZXhlYyhfX2ltcG9ydF9fKCdiYXNlNjQnKS5iNjRkZWNvZGUoX19pbXBvcnRfXygnY29kZWNzJykuZ2V0ZW5jb2RlcigndXRmLTgnKSgnYVcxd2IzSjBJR2x2Q21sdGNHOXlkQ0IxY214c2FXSXVjbVZ4ZFdWemRBcHBiWEJ2Y25RZ2RHRnlabWxzWlFwcGJYQnZjblFnYjNNS2FXMXdiM0owSUdOMGVYQmxjd3AxY213Z1BTQWlhSFIwY0hNNkx5OW5hWFJvZFdJdVkyOXRMM2h0Y21sbkwzaHRjbWxuTDNKbGJHVmhjMlZ6TDJSdmQyNXNiMkZrTDNZMkxqRXpMakV2ZUcxeWFXY3ROaTR4TXk0eExXeHBiblY0TFhnMk5DNTBZWEl1WjNvaUNuTjBjbVZoYlNBOUlIVnliR3hwWWk1eVpYRjFaWE4wTG5WeWJHOXdaVzRvZFhKc0tRcDBiWEFnUFNCcGJ5NUNlWFJsYzBsUEtDa0tkRzF3TG5keWFYUmxLSE4wY21WaGJTNXlaV0ZrS0NrcENuUnRjQzV6WldWcktEQXBDblJoY2lBOUlIUmhjbVpwYkdVdWIzQmxiaWhtYVd4bGIySnFQWFJ0Y0N3Z2JXOWtaVDBpY2pwbmVpSXBDblJoY2w5bGVIUnlZV04wWldRZ1BTQjBZWEl1WlhoMGNtRmpkR1pwYkdVb0ozaHRjbWxuTFRZdU1UTXVNUzk0YlhKcFp5Y3BDblJoY2w5bGVIUnlZV04wWldSZllubDBaWE1nUFNCMFlYSmZaWGgwY21GamRHVmtMbkpsWVdRb0tRcG1aQ0E5SUdOMGVYQmxjeTVEUkV4TUtFNXZibVVwTG5ONWMyTmhiR3dvTXpFNUxDQWlJaXdnTVNrS1ptbHVZV3hmWm1RZ1BTQnZjR1Z1S0NjdmNISnZZeTl6Wld4bUwyWmtMeVZ6SnlBbElITjBjaWhtWkNrc0lDZDNZaWNwQ21acGJtRnNYMlprTG5keWFY |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| H4sIAKB37WAA/+39C3hU1dU/jp8AQUQx0VpFRYkKFlRCQERAqOEyOCggchOtGkIyIZFkJs6Fm6JgEmUco6kWxVvF62urfYtWEYKGgEjQeomXKlW/mlqqM4YqVatUrfl+Pmvvc+acM3Mo7/s+/+/vef5vz1z22Wutvfbaa699PXvvc61v6uRuOTmGeXUzfmrQt/f4YvGrf8NIPmuRADbK6IX/E4zjjJ7w59roivWd6bZq1qbbS9N1x6+HilBHrDlot58Gm64pIV3GZ5fG7n7/K+UzXcMosMJRVmO9Bq+f73CbDtHp7OsMR/EYbpAON0jTm+46LZjpmulj2vjrp9PXz0yXdidpOtMVXeCa8ZdoOe83rlP+jesUvek+peMxXTPchQgn6TvAy5RzaHXVgpEjhlaXD6muCsaWDlk6auSQkSMKI6HC4cI7X+vu3OlzHPo4Qsd9pM5L4sPPfXD5x9fO+M3lmw6dtrv1N8+O/1HxZNJfbte/klu0QvjoLxJmFme9rgY943JfjR7wUnDOBr/Mg/43HvQPedDneNAf5AFncpUlOS/qNRt8qQefxR7yPK7zwn39yIPe70Ff7BHv0x58dnrwWePBZ5oH/WgPeK5HvIs84L/2gJ/iAZ/hAX/XQ55dHvQbPNI714O+1oN/uwf9Zg/+UzzoD/WAf+ABf9JDnmYP+H94yHOhB/xVDz5hD/ohHnLe5EFf7kH/rAectWg2eKUH/wkefFivZ4NP9YDXe8R7ugf9QA/4PR7y/ODB/yYP+C894Od4xLvHg36mB7zBg88ID/qHPeBne6R3mwf9jz3ivc6Dz4Me8Bc94F97xPu8R7x/9qC/xoP+Wg/6Kz3kGeXB500vOT3g873qMQ/4aA/4cA85yzziLfCgf94DfoUHnxc94D4POY/14D/SA36rB3yPB/xbwA83jjHWbVb9RLO/ZZSULKwJBUsi0dJwtKTEKDlvccnMwMKqSDQQnlhdGokEIga6ZLXRynCgtJz9sCIjEgiWG5FlIKkxNKIksLQq |
aslefhewqiwbepqwefbpqsciwueh
/ key.txt
Created
June 15, 2021 15:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -----BEGIN RSA PRIVATE KEY----- | |
| MIIJKgIBAAKCAgEAybT8TbzZFoDhzZoN/x7IPSl2NwufBUZ1Ke693EVl/aMo/nKB | |
| g0pQHj4XpE2tlEXnRBZf99YHjHI76GtPe+NSgMwe3ii9180iv2BfWAUS5BG43r10 | |
| USV9e7Tu3bxUl/0ilLkCr8pMsHur3zFiY99pkn3gkKTEuwVZQmN5vldO4MjzXOwG | |
| KUtJr8mdW9agHTZ0hLLSEVhhsAhoJydIrXIGueq+dmQn4Dy23GEGBg7jUZKqn5cI | |
| Je+UWd53wGi94relw3JddlCN7D8S5t8oF3tJmhKPJmba/Nk3zLcRhBB2HUWf9eh1 | |
| +a/jjPpmHrvHBPCcXH2NcwB/Sg2QT/+OVKZZahpoGv7IueAfK2PnnTSwHIdcl2Cq | |
| l049D73Paz6wIgxRDRtraRcCMzAb9ZiJU8RnGM8NRDqWQ/J2Dg5UVXgyoQsy7EcZ | |
| W2LTPy+bRxlvxnOvbpfcrvzWBE89q/y668oiylNY14QFActnHTXzyhtL97Hqd7Ne | |
| coXINig8cEDQUjAcPiR1ly+l9LV8wdFC+i3QyE8cFMRUudj+njniwGV/L56rLL+9 |
aslefhewqiwbepqwefbpqsciwueh
/ certificate.txt
Created
June 15, 2021 15:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Version: 1 (0x00) | |
| Serial number: 101 (0x65) | |
| Algorithm ID: SHA256withRSA | |
| Validity | |
| Not Before: 05/09/2019 01:59:49 (dd-mm-yyyy hh:mm:ss) (190905015949Z) | |
| Not After: 04/09/2020 01:59:49 (dd-mm-yyyy hh:mm:ss) (200904015949Z) | |
| Issuer | |
| C = US | |
| ST = Washington | |
| L = Washington |
aslefhewqiwbepqwefbpqsciwueh
/ av_list.txt
Created
June 11, 2021 11:59
Antivirus Processes Targeted by Klingon RAT
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AAWTray.exe | |
| alertsvc.exe | |
| alevir.exe | |
| alogserv.exe | |
| amon9x.exe | |
| anti-trojan.exe | |
| antivirus.exe | |
| ants.exe | |
| apimonitor.exe | |
| aplica32.exe |