Miroslav Stampar stamparm

## mac-vendor.txt
000000	Xerox
000001	Xerox
000002	Xerox
000003	Xerox
000004	Xerox
000005	Xerox
000006	Xerox
000007	Xerox
000008	Xerox
000009	Xerox

## drupalgeddon2.rules
alert http $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Drupalgeddon2 (CVE-2018-7600)"; flow: to_server,established; content:"POST"; http_method; content:"markup"; fast_pattern; content: "/user/register"; http_uri; pcre:"/(access_callback|pre_render|lazy_builder|post_render)/i"; classtype:web-application-attack; sid:9000110; rev:1;)

## sha256sum.txt
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b  ./installed.ete
0439628816cabe113315751e7113a9e9f720d7e499ffdd78acbac1ed8ba35887  ./bins/coli-0.dll
52e88433f2106cc9a3a961cd8c3d0a8939d8de28f2ef3ee8ea648534a8b036a4  ./bins/tibe-1.dll
d3db1e56360b25e7f36abb822e03c18d23a19a9b5f198e16c16e06785fc8c5fa  ./bins/cnli-0.dll
13ce3731db5b926f980855e923e1c754c4a15a5cdad47b7ef27e6dd54cf5293d  ./bins/Eternalsynergy-1.0.1.0.xml
96edea8d08ab10eee86776cfb9e32b4701096d21c39dbffeb49bd638f09d726a  ./bins/trfo.dll
8a5cce25f1bf60e716709c724b96630b95e55cc0e488d74d60ea50ffba7d6946  ./bins/etebCore-2.x64.dll
5f30aa2fe338191b972705412b8043b0a134cdb287d754771fc225f2309e82ee  ./bins/libeay32.dll
47e16f7db53d9adf24d193ff4d523b1bc7ae59ff8520cfa012365bdb947c96f9  ./bins/posh.dll
36107f74be98f15a45ff716e37dad70f1ff9515bc72a0a1ec583b803c220aa92  ./bins/tucl.dll

## 2017-5638.rules
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"WEB_SERVER Apache Struts Remote Code Execution (2017-5638)"; flow:established,to_server; content:"opensymphony"; fast_pattern:only; content:"Content-Type|3a 20|"; http_header; pcre:"/Content-Type: [ ]*[%$]{[^\r\n]*#\w+/Hi"; reference:cve,2017-5638; classtype:web-application-attack; sid:9000101; rev:2;)

## sinkhole_emails.txt
botsmustdie@gmail.com
jgou.veia@gmail.com
malicious-domains@shadowserver.org
the.malware.cabal@gmail.com
bdomaincontrol@gmail.com
malsinkhole@gmail.com
cyd-dns@ic.fbi.gov
s1nkh0l3@yahoo.com
info@fitsec.com
ctu-sinkhole@secureworks.com

## disable_wsh.reg
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script Host\Settings]
"Enabled"="0"

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                stamparm
                / keybase.md
            
            
              Created
              November 17, 2015 10:05
            
          
    Keybase proof

I hereby claim:

I am stamparm on github.
I am stamparm (https://keybase.io/stamparm) on keybase.
I have a public key whose fingerprint is 93D8 F2DD 0948 7028 EAB1  D51E DF02 F6DE B539 7B1B

To claim this, I am signing this object:

  
## creds.txt
666666:666666
888888:888888
admin:1111
admin:1111111
admin:1234
admin:12345
admin:123456
admin1:password
admin:4321
admin:7ujMko0admin

## gist:e4cf68f422d5c4f612db
sons.console.cf
advisory.terranovaroofingandsiding.com
alberta.croftonliving.com
corn.liziarossi.com
dave.ddhowdoyoulikemenow.com
do.liziarossi.com
doug.liziarossi.com
electronics.reelhighmedia.com
embassy.ddhowdoyoulikemenow.com
emphasis.croftonliving.com

## gist:df9a0dcdd18f36662363
<?php

/*
+---------------------------------------------------------------------------+
| OpenX v${RELEASE_MAJOR_MINOR}                                                                |
| =======${RELEASE_MAJOR_MINOR_DOUBLE_UNDERLINE}                                                                |
|                                                                           |
| Copyright (c) 2003-2009 OpenX Limited                                     |
| For contact details, see: http://www.openx.org/                           |
|                                                                           |
	000000 Xerox
	000001 Xerox
	000002 Xerox
	000003 Xerox
	000004 Xerox
	000005 Xerox
	000006 Xerox
	000007 Xerox
	000008 Xerox
	000009 Xerox
	b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b ./installed.ete
	0439628816cabe113315751e7113a9e9f720d7e499ffdd78acbac1ed8ba35887 ./bins/coli-0.dll
	52e88433f2106cc9a3a961cd8c3d0a8939d8de28f2ef3ee8ea648534a8b036a4 ./bins/tibe-1.dll
	d3db1e56360b25e7f36abb822e03c18d23a19a9b5f198e16c16e06785fc8c5fa ./bins/cnli-0.dll
	13ce3731db5b926f980855e923e1c754c4a15a5cdad47b7ef27e6dd54cf5293d ./bins/Eternalsynergy-1.0.1.0.xml
	96edea8d08ab10eee86776cfb9e32b4701096d21c39dbffeb49bd638f09d726a ./bins/trfo.dll
	8a5cce25f1bf60e716709c724b96630b95e55cc0e488d74d60ea50ffba7d6946 ./bins/etebCore-2.x64.dll
	5f30aa2fe338191b972705412b8043b0a134cdb287d754771fc225f2309e82ee ./bins/libeay32.dll
	47e16f7db53d9adf24d193ff4d523b1bc7ae59ff8520cfa012365bdb947c96f9 ./bins/posh.dll
	36107f74be98f15a45ff716e37dad70f1ff9515bc72a0a1ec583b803c220aa92 ./bins/tucl.dll
	botsmustdie@gmail.com
	jgou.veia@gmail.com
	malicious-domains@shadowserver.org
	the.malware.cabal@gmail.com
	bdomaincontrol@gmail.com
	malsinkhole@gmail.com
	cyd-dns@ic.fbi.gov
	s1nkh0l3@yahoo.com
	info@fitsec.com
	ctu-sinkhole@secureworks.com
	Windows Registry Editor Version 5.00

	[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script Host\Settings]
	"Enabled"="0"
	666666:666666
	888888:888888
	admin:1111
	admin:1111111
	admin:1234
	admin:12345
	admin:123456
	admin1:password
	admin:4321
	admin:7ujMko0admin
	sons.console.cf
	advisory.terranovaroofingandsiding.com
	alberta.croftonliving.com
	corn.liziarossi.com
	dave.ddhowdoyoulikemenow.com
	do.liziarossi.com
	doug.liziarossi.com
	electronics.reelhighmedia.com
	embassy.ddhowdoyoulikemenow.com
	emphasis.croftonliving.com
	<?php

	/*
	+---------------------------------------------------------------------------+
	\| OpenX v${RELEASE_MAJOR_MINOR} \|
	\| =======${RELEASE_MAJOR_MINOR_DOUBLE_UNDERLINE} \|
	\| \|
	\| Copyright (c) 2003-2009 OpenX Limited \|
	\| For contact details, see: http://www.openx.org/ \|
	\| \|