Last active
January 5, 2019 07:15
-
-
Save staybuzz/125de3574d0426e7046115aaa5ace4d1 to your computer and use it in GitHub Desktop.
List of Cuckoo Sandbox signature's name and categories. Signatures from https://github.com/cuckoosandbox/community/tree/master/modules/signatures are as of January 4, 2019.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name | categories | |
---|---|---|
adds_user | ['commands'] | |
adds_user_admin | ['commands'] | |
alina_pos_file | ['pos'] | |
alina_pos_url | ['pos'] | |
allocates_execute_remote_process | ['injection', 'shellcode'] | |
allocates_rwx | ['unpacking'] | |
amsi_bypass | ['script', 'malware', 'powershell', 'amsi'] | |
android_antivirus_virustotal | ['antivirus'] | |
android_dangerous_permissions | ['android'] | |
android_dynamic_code | ['android'] | |
android_embedded_apk | ['android'] | |
android_google_play_diff | ['android'] | |
android_native_code | ['android'] | |
android_reflection_code | ['android'] | |
andromeda | ['rat'] | |
antianalysis_detectfile | ['anti-analysis'] | |
antiav_avast_libs | ['anti-av'] | |
antiav_bitdefender_libs | ['anti-av'] | |
antiav_detectfile | ['anti-av'] | |
antiav_detectreg | ['anti-av'] | |
antiav_servicestop | ['anti-av'] | |
antiav_srp | ['anti-av'] | |
antidbg_devices | ['anti-debug'] | |
antidbg_windows | ['anti-debug'] | |
antiemu_wine | ['anti-emulation'] | |
antisandbox_clipboard | ['anti-sandbox'] | |
antisandbox_cuckoo_files | ['anti-sandbox'] | |
antisandbox_file | ['anti-sandbox'] | |
antisandbox_foregroundwindows | ['anti-sandbox'] | |
antisandbox_fortinet_files | ['anti-sandbox'] | |
antisandbox_idletime | ['anti-sandbox'] | |
antisandbox_joe_anubis_files | ['anti-sandbox'] | |
antisandbox_mouse_hook | ['hooking', 'anti-sandbox'] | |
antisandbox_restart | ['anti-sandbox'] | |
antisandbox_sleep | ['anti-sandbox'] | |
antisandbox_sunbelt | ['anti-vm'] | |
antisandbox_sunbelt_files | ['anti-sandbox'] | |
antisandbox_threattrack_files | ['anti-sandbox'] | |
antisandbox_unhook | ['anti-sandbox'] | |
antivirus_irma | ['antivirus'] | |
antivirus_virustotal | ['antivirus'] | |
antivm_disk_size | ['anti-vm'] | |
antivm_firmware | ['anti-vm'] | |
antivm_generic_bios | ['anti-vm'] | |
antivm_generic_cpu | ['anti-vm'] | |
antivm_generic_disk | ['anti-vm'] | |
antivm_generic_ide | ['anti-vm'] | |
antivm_generic_scsi | ['anti-vm'] | |
antivm_generic_services | ['anti-vm'] | |
antivm_hyperv_keys | ['anti-vm'] | |
antivm_memory_available | ['anti-vm'] | |
antivm_network_adapters | ['anti-vm'] | |
antivm_parallels_keys | ['anti-vm'] | |
antivm_parallels_window | ['anti-vm'] | |
antivm_queries_computername | ['AntiVM'] | |
antivm_sandboxie | ['anti-vm'] | |
antivm_shared_device | ['anti-vm'] | |
antivm_vbox_acpi | ['anti-vm'] | |
antivm_vbox_devices | ['anti-vm'] | |
antivm_vbox_files | ['anti-vm'] | |
antivm_vbox_keys | ['anti-vm'] | |
antivm_vbox_provname | ['anti-vm'] | |
antivm_vbox_window | ['anti-vm'] | |
antivm_virtualpc | ['anti-vm'] | |
antivm_virtualpc_illegal_instruction | ['anti-vm'] | |
antivm_virtualpc_window | ['anti-vm'] | |
antivm_vmware_files | ['anti-vm'] | |
antivm_vmware_in_instruction | ['anti-vm'] | |
antivm_vmware_keys | ['anti-vm'] | |
antivm_vmware_window | ['anti-vm'] | |
antivm_vpc_keys | ['anti-vm'] | |
antivm_xen_keys | ['anti-vm'] | |
antivm_xen_keys | ['anti-vm'] | |
applcation_raises_exception | ['exploit', 'crash'] | |
application_aborted_broadcast_receiver | ['android'] | |
application_deleted_app | ['android'] | |
application_executed_shell_command | ['android'] | |
application_installed_app | ['android'] | |
application_queried_account_info | ['android'] | |
application_queried_installed_apps | ['android'] | |
application_queried_phone_number | ['android'] | |
application_queried_private_information | ['android'] | |
application_recording_audio | ['android'] | |
application_registered_receiver_runtime | ['android'] | |
application_sent_sms_messages | ['android'] | |
application_stopped_processes | ['android'] | |
application_uses_location | ['android'] | |
application_using_the_camera | ['android'] | |
applocker_bypass | ['applocker', 'bypass'] | |
apt_carbunak | ['apt'] | |
apt_cloudatlas | ['apt'] | |
apt_inception | ['apt'] | |
apt_sandworm_ip | ['apt'] | |
apt_sandworm_url | ['apt'] | |
apt_turlacarbon | ['apt'] | |
ardamax_mutexes | ['keylogger'] | |
athena_url | ['athena'] | |
av_detect_china_key | ['avdetect'] | |
backdoor_tdss | ['backdoor'] | |
backdoor_vanbot | ['backdoor'] | |
backdoor_whimoo | ['backdoor'] | |
bad_certificate | [''] | |
bagle | ['worm'] | |
bandook | ['rat'] | |
banker_bancos | ['trojan'] | |
banker_cridex | ['Banking', 'Trojan'] | |
banker_prinimalka | ['banker'] | |
banker_spyeye_mutexes | ['banker'] | |
banker_spyeye_url | ['banker'] | |
banker_tinba_mutexes | ['rat'] | |
banker_zeus_mutex | ['banker'] | |
banker_zeus_p2p | ['banker'] | |
banker_zeus_url | ['banker'] | |
banking_mutexes | ['banking'] | |
banload | ['trojan'] | |
begseabugtd_mutexes | ['trojandl'] | |
betabot_url | ['betabot'] | |
bitcoin_opencl | ['bitcoin'] | |
blackenergy_mutexes | ['rootkit'] | |
blackpos_url | ['blackpos'] | |
bladabindi_mutexes | ['rat'] | |
bootkit | ['rootkit'] | |
bot_athenahttp | ['bot', 'ddos'] | |
bot_dirtjumper | ['bot', 'ddos'] | |
bot_drive | ['bot', 'ddos'] | |
bot_drive2 | ['bot', 'ddos'] | |
bot_kelihos | ['http'] | |
bot_kovter | ['http'] | |
bot_madness | ['bot', 'ddos'] | |
bot_russkill | ['bot', 'ddos'] | |
bot_vnloader_url | ['bot'] | |
bozok_key | ['rat'] | |
browser_security | ['browser', 'clickfraud', 'banker'] | |
browser_startpage | ['browser', 'adware'] | |
btc | ['rat'] | |
bypass_firewall | ['bypass'] | |
c24_url | ['C24 Stealer'] | |
carberp_mutex | ['banker', 'trojan', 'rootkit'] | |
chanitor_mutexes | ['ransom'] | |
checks_debugger | ['anti-debug'] | |
checks_kernel_debugger | ['anti-debug'] | |
clear_permission_event_logs | ['commands', 'stealth'] | |
clears_event_logs | ['commands', 'stealth'] | |
clickfraud_cookies | ['clickfraud'] | |
cloud_dropbox | ['cloud'] | |
cloud_google | ['cloud'] | |
cloud_mediafire | ['cloud'] | |
cloud_mega | ['cloud'] | |
cloud_rapidshare | ['recon'] | |
cloud_wetransfer | ['cloud'] | |
Cloudflare | ['Cloudflare'] | |
coinminer_mutexes | ['trojan'] | |
console_output | ['command'] | |
creates_doc | ['generic'] | |
creates_exe | ['generic'] | |
creates_hidden_file | ['stealth'] | |
creates_largekey | ['stealth'] | |
creates_null_reg_entry | ['stealth'] | |
creates_service | ['service', 'persistence'] | |
creates_shortcut | ['persistance'] | |
creates_user_folder_exe | [''] | |
credential_dumping_lsass | ['persistence', 'lateral_movement'] | |
credential_dumping_lsass_access | ['persistence', 'lateral_movement'] | |
cryptlocker | ['rat'] | |
cryptomining_stratum_command | ['mining', 'cryptocurrency'] | |
cybergate | ['rat'] | |
darkcloud | ['rat'] | |
darwin_code_injection | ['injection'] | |
ddos_blackrev_mutexes | ['ddos'] | |
ddos_darkddos_mutexes | ['ddos'] | |
ddos_eclipse_mutexes | ['ddos'] | |
ddos_ipkiller_mutexes | ['ddos'] | |
ddos556 | ['rat'] | |
dead_host | ['network'] | |
decay | ['rat'] | |
decebal_mutexes | ['pos'] | |
deepfreeze_mutex | ['anti-sandbox'] | |
deletes_executed_files | ['persistence', 'stealth'] | |
dep_heap_bypass | ['exploit'] | |
dep_stack_bypass | ['exploit'] | |
detect_putty | ['ssh'] | |
dexter | ['pos'] | |
disables_app_launch | ['stealth'] | |
disables_browser_warn | ['generic', 'banker', 'clickfraud'] | |
disables_ie_http2 | ['infostealer', 'banker'] | |
disables_proxy | ['infostealer'] | |
disables_security | ['anti-av'] | |
disables_spdy_chrome | ['infostealer', 'banker'] | |
disables_spdy_firefox | ['infostealer', 'banker'] | |
disables_spdy_ie | ['infostealer', 'banker'] | |
disables_system_restore | ['ransomware', 'persistance'] | |
disables_wer | ['stealth'] | |
disables_windowsupdate | ['generic'] | |
dns_freehosting_domain | ['freehosting'] | |
dnsserver_dynamic | ['dns'] | |
document_close | ['office'] | |
document_open | ['office'] | |
dofoil | ['virus'] | |
downloader_cabby | ['downloader'] | |
dridex_behavior | ['banker', 'trojan'] | |
dropper | ['dropper'] | |
dumped_buffer | [''] | |
dumped_buffer2 | [''] | |
dyreza | ['banking'] | |
emotet_behavior | ['infostealer', 'banker'] | |
encryption_keys | [''] | |
evilbot | ['rat'] | |
excel_datalink | ['generic'] | |
exe_appdata | ['dropper', 'persistence'] | |
exec_bits_admin | ['script', 'dropper'] | |
exec_crash | ['execution', 'crash'] | |
exec_waitfor | ['script', 'bypass'] | |
exp_3322_dom | ['expdom'] | |
expiro | ['rat'] | |
exploit_blackhole_url | ['exploit'] | |
exploit_heapspray | ['exploit'] | |
exploitkit_mutexes | ['exploit'] | |
fakeav_mutexes | ['rat'] | |
fakeav_mutexes | ['rat'] | |
farfli | ['rat'] | |
fesber_mutexes | ['worm'] | |
fraudtool_fakerean | ['fraudtool'] | |
gaelicum | ['worm'] | |
generates_crypto_key | [''] | |
ghostbot | ['rat'] | |
has_authenticode | [''] | |
has_office_eps | ['office'] | |
has_pdb | [''] | |
has_wmi | ['wmi'] | |
hesperbot | ['rat'] | |
html_flash | ['exploit'] | |
icepoint | ['rat'] | |
im_btb | ['im'] | |
im_qq | ['im'] | |
infinity | ['rat'] | |
infostealer_bitcoin | ['infostealer'] | |
infostealer_browser | ['infostealer'] | |
infostealer_clipboard | ['infostealer'] | |
infostealer_derusbi_files | ['infostealer'] | |
infostealer_ftp | ['infostealer'] | |
infostealer_im | ['infostealer'] | |
infostealer_keylogger | ['generic'] | |
infostealer_mail | ['infostealer'] | |
injection_createremotethread | ['injection'] | |
injection_explorer | ['injection'] | |
injection_modifies_memory | ['injection'] | |
injection_network_trafic | ['injection', 'cnc', 'stealth'] | |
injection_ntsetcontextthread | ['injection', 'shellcode'] | |
injection_process_search | ['generic'] | |
injection_queueapcthread | ['injection'] | |
injection_resumethread | ['injection'] | |
injection_runpe | ['injection'] | |
injection_write_memory | ['injection'] | |
injection_write_memory_exe | ['injection', 'unpacking'] | |
installs_appinit | ['persistence'] | |
installs_bho | ['browser'] | |
ircbrute | ['rat'] | |
isrstealer_url | ['isrstealer'] | |
istealer_url | ['istealer'] | |
jackpos_file | ['pos'] | |
jackpos_url | ['jackpos'] | |
javascript_commandline | ['javascript', 'persistence', 'downloader'] | |
jeefo_mutexes | ['virus'] | |
jintor_mutexes | ['keylogger'] | |
js_anti_analysis | ['anti-analysis'] | |
js_eval | ['unpacking'] | |
js_iframe | ['obfuscation'] | |
js_suspicious | ['unpacking'] | |
karagany | ['rat'] | |
karakum | ['rat'] | |
katusha | ['rat'] | |
killdisk | ['trojan'] | |
koobface | ['rat'] | |
krepper_mutexes | ['worm'] | |
kuluoz_mutexes | ['rat'] | |
locates_browser | [''] | |
locates_sniffer | [''] | |
locker_cmd | ['locker'] | |
locker_regedit | ['locker'] | |
locker_taskmgr | ['locker'] | |
luder | ['rat'] | |
madness_url | ['madness'] | |
magania_mutexes | ['rat'] | |
malicious_document_urls | ['downloader'] | |
martian_command_process | ['martian', 'exploit', 'dropper'] | |
memdump_ip_urls | ['unpacking', 'c2'] | |
memdump_tor_urls | ['unpacking', 'ransomware', 'c2'] | |
memdump_urls | ['unpacking'] | |
memdump_yara | ['generic'] | |
metasploit_shellcode | ['shellcode'] | |
minerbot | ['rat'] | |
miningpool | ['mining'] | |
mirc_file | ['tool'] | |
modifies_boot_config | ['persistance', 'ransomware'] | |
modifies_certificates | ['infostealer', 'banker'] | |
modifies_desktop_wallpaper | ['ransomware'] | |
modifies_firefox_configuration | ['infostealer', 'banker'] | |
modifies_proxy_autoconfig | ['infostealer'] | |
modifies_proxy_override | ['infostealer'] | |
modifies_proxy_wpad | ['infostealer'] | |
modifies_security_center_warnings | ['stealth'] | |
modifies_zoneid | [''] | |
modify_uac_prompt | ['stealth'] | |
moves_self | ['stealth'] | |
multiple_useragents | ['network'] | |
mutex_winscp | ['filetransfer'] | |
nakbot | ['rat'] | |
netshadow | ['rat'] | |
netwire | ['rat'] | |
network_bind | ['bind'] | |
network_cnc_http | ['http', 'cnc'] | |
network_dns_txt_lookup | ['dns', 'cnc'] | |
network_document_file | ['exploit', 'downloader'] | |
network_downloader_exe | ['exploit', 'downloader'] | |
network_http | ['http'] | |
network_http_post | ['http', 'cnc'] | |
network_icmp | ['icmp'] | |
network_irc | ['irc'] | |
network_smtp | ['smtp', 'spam'] | |
network_tor | ['network', 'anonimity', 'tor'] | |
network_tor_service | ['network', 'anonimity', 'tor'] | |
network_torgateway | ['network'] | |
network_wscript_downloader | ['downloader'] | |
networkdyndns_checkip | ['dyndns'] | |
nitol | ['rat'] | |
njrat | ['rat'] | |
nolookup_communication | ['network'] | |
nymaim_behavior | ['trojan', 'ransomware'] | |
obfus_mutexes | ['trojan'] | |
office_appinfo_version | ['vba'] | |
office_check_doc_name | ['office'] | |
office_check_project_name | ['vba'] | |
office_check_window | ['vba'] | |
office_count_dirs | ['vba'] | |
office_create_object | ['vba'] | |
office_dde | ['dropper'] | |
office_eps_strings | ['office'] | |
office_http_request | ['vba'] | |
office_indirect_call | ['office'] | |
office_packager | ['dropper', 'office'] | |
office_platform_detect | ['office'] | |
office_recent_files | ['vba'] | |
office_vuln_guid | ['office'] | |
office_vuln_modules | ['office'] | |
oldrea | ['rat'] | |
origin_langid | ['origin'] | |
p2p_cnc | ['p2p', 'cnc'] | |
packer_entropy | ['packer'] | |
packer_polymorphic | ['packer'] | |
packer_upx | ['packer'] | |
packer_vmprotect | ['packer'] | |
pdf_attachments | ['static'] | |
pdf_javascript | ['static'] | |
pdf_openaction | ['static'] | |
pdf_openaction_js | ['static'] | |
pe_features | ['packer'] | |
pe_unknown_resource_name | ['packer'] | |
peid_packer | ['packer'] | |
perflogger | ['keylogger'] | |
persistence_ads | ['persistence', 'ads'] | |
persistence_autorun | ['persistence'] | |
persistence_bootexecute | ['persistence'] | |
persistence_registry_exe | ['persistence'] | |
persistence_registry_javascript | ['persistence'] | |
persistence_registry_powershell | ['persistence'] | |
pidief | ['trojan'] | |
poebot | ['rat'] | |
poisonivy | ['rat'] | |
ponfoy | ['rat'] | |
ponybot_url | ['ponybot'] | |
pos_poscardstealer_url | ['pos'] | |
powerfun | ['script', 'malware', 'injector'] | |
powershell_bitstransfer | ['script', 'dropper', 'downloader', 'malware', 'powershell'] | |
powershell_c2dns | ['script', 'bot', 'dns', 'malware'] | |
powershell_ddi_rc4 | ['script', 'dropper', 'downloader', 'malware', 'powershell'] | |
powershell_dfsp | ['script', 'dropper', 'downloader', 'malware'] | |
powershell_di | ['script', 'dropper', 'downloader', 'malware', 'powershell'] | |
powershell_download | ['downloader'] | |
powershell_empire | ['script', 'dropper', 'downloader', 'malware'] | |
powershell_meterpreter | ['script', 'meterpreter', 'powershell', 'malware'] | |
powershell_reg_add | ['script', 'powershell'] | |
powershell_request | ['downloader'] | |
powershell_unicorn | ['script', 'dropper', 'downloader', 'malware'] | |
powerworm | ['script', 'malware', 'powershell', 'worm'] | |
privilege_luid_check | ['privileges'] | |
process_interest | ['generic'] | |
process_martian | ['martian', 'exploit', 'dropper'] | |
process_needed | ['generic'] | |
protection_rx | ['unpacking'] | |
puce_mutexes | ['worm'] | |
putterpanda_mutexes | ['rat'] | |
pwdump_file | ['hacktool'] | |
qakbot | ['rat'] | |
queries_programs | ['recon'] | |
ragebot | ['rat'] | |
raises_exception | [''] | |
ramnit | ['rat'] | |
ransomware_appends_extensions | ['ransomware'] | |
ransomware_bcdedit | ['ransomware'] | |
ransomware_dropped_files | ['ransomware'] | |
ransomware_extensions | ['ransomware'] | |
ransomware_file_moves | ['ransomware'] | |
ransomware_files | ['ransomware'] | |
ransomware_mass_file_delete | ['ransomware', 'wiper'] | |
ransomware_message | ['ransomware'] | |
ransomware_message_ocr | ['ransomware', 'ocr'] | |
ransomware_recyclebin | ['ransomware'] | |
ransomware_shadowcopy | ['ransomware'] | |
ransomware_viruscoder | ['Ransomware'] | |
ransomware_wbadmin | ['ransomware'] | |
rat_adzok | ['rat'] | |
rat_beastdoor | ['rat'] | |
rat_beebus_mutexes | ['rat'] | |
rat_bifrose | ['rat'] | |
rat_blackhole | ['rat'] | |
rat_blackice | ['rat'] | |
rat_blackshades | ['rat'] | |
rat_bottilda | ['rat'] | |
rat_buzus_mutexes | ['rat'] | |
rat_comRAT | ['APT', 'RAT'] | |
rat_darkshell | ['rat'] | |
rat_delf | ['trojan'] | |
rat_dibik | ['rat'] | |
rat_fexel_ip | ['rat'] | |
rat_flystudio | ['rat'] | |
rat_fynloski | ['rat'] | |
rat_hikit | ['rat'] | |
rat_hupigon | ['rat'] | |
rat_jewdo | ['rat'] | |
rat_koutodoor | ['rat'] | |
rat_likseput | ['rat'] | |
rat_lolbot | ['backdoor'] | |
rat_madness | ['rat'] | |
rat_mybot | ['rat'] | |
rat_naid_ip | ['rat'] | |
rat_netobserve | ['rat'] | |
rat_pasta | ['rat'] | |
rat_pcclient | ['rat'] | |
rat_plugx | ['rat'] | |
rat_rbot | ['rat'] | |
rat_sdbot | ['backdoor'] | |
rat_shadowbot | ['rat'] | |
rat_siggenflystudio | ['rat'] | |
rat_spynet | ['rat'] | |
rat_swrort | ['rat'] | |
rat_teamviewer | ['rat'] | |
rat_travnet | ['rat'] | |
rat_trogbot | ['rat'] | |
rat_turkojan | ['rat'] | |
rat_urxbot | ['rat'] | |
rat_vertex | ['rat'] | |
rat_xtreme | ['rat'] | |
rat_zegost | ['rat'] | |
rdp_mutexes | ['rat'] | |
reads_user_agent | ['stealth'] | |
recon_beacon | ['network', 'recon'] | |
recon_checkip | ['recon'] | |
recon_fingerprint | ['recon'] | |
recon_programs | ['recon'] | |
recon_systeminfo | ['recon'] | |
removes_zoneid_ads | ['generic'] | |
renostrojan | ['trojan'] | |
rovnix | ['banker', 'trojan'] | |
rtf_unknown_character_set | ['office'] | |
rtf_unknown_version | ['office'] | |
runouce_mutexes | ['worm'] | |
sadbot | ['rat'] | |
self_delete_bat | ['trojan'] | |
senna | ['rat'] | |
sharing_rghost | ['filesharing'] | |
sharpstealer_url | ['sharpstealer'] | |
shellcode_writeprocessmemory | ['exploit', 'shellcode'] | |
shiza | ['rat'] | |
shutdown_system | ['stealth'] | |
shylock | ['rat'] | |
SipStun | [''] | |
smtp_gmail | ['smtp'] | |
smtp_live | ['smtp'] | |
smtp_mail_ru | ['smtp'] | |
smtp_yahoo | ['smtp'] | |
sniffer_winpcap | ['sniffer'] | |
snort_alert | ['network'] | |
solarbot_url | ['solarbot'] | |
spreading_autoruninf | ['spreading'] | |
spyrecorder | ['rat'] | |
stack_pivot | ['exploit', 'rop'] | |
stack_pivot_shellcode_apis | ['exploit', 'rop', 'shellcode'] | |
stackpivot_shellcode_createprocess | ['exploit', 'rop', 'shellcode'] | |
staser | ['rat'] | |
stealth_childproc | ['stealth'] | |
stealth_hidden_extension | ['stealth'] | |
stealth_hidden_icons | ['stealth'] | |
stealth_hiddenfile | ['stealth'] | |
stealth_hide_notifications | ['stealth'] | |
stealth_system_procname | ['stealth'] | |
stealth_window | ['stealth'] | |
stops_service | ['anti-av'] | |
suricata_alert | ['network'] | |
suspicious_command_tools | ['commands', 'lateral'] | |
suspicious_powershell | ['script', 'dropper', 'downloader', 'packer'] | |
suspicious_process | ['packer'] | |
suspicious_tld | ['tldwatch', 'network'] | |
suspicious_write_exe | ['exploit', 'downloader', 'virus'] | |
sweetorange_mutexes | ['exploit'] | |
sysinternals_tools_usage | ['commands', 'lateral'] | |
TAPI_DP_mutex | ['fraud'] | |
targeted_flame | ['targeted'] | |
task_for_pid | ['injection'] | |
terminates_remote_process | ['persistence', 'stealth'] | |
tnega_mutexes | ['trojan'] | |
trojan_bublik | ['rat'] | |
trojan_ceatrg | ['trojan'] | |
trojan_dapato | ['trojan'] | |
trojan_emotet | ['trojan'] | |
trojan_jorik | ['trojan'] | |
trojan_jorik | ['trojan'] | |
trojan_kilim | ['trojan'] | |
trojan_lethic | ['trojan'] | |
trojan_lockscreen | ['trojan'] | |
trojan_mrblack | ['trojan'] | |
trojan_pincav | ['trojan'] | |
trojan_redosru | ['trojan'] | |
trojan_sysn | ['trojan'] | |
trojan_vbinject | ['trojan'] | |
trojan_yoddos | ['trojan'] | |
tufik_mutexes | ['virus'] | |
UFR_Stealer | ['rat'] | |
upatre | ['rat'] | |
upatretd_mutexes | ['trojandl'] | |
url_file | ['generic'] | |
urlshortcn_checkip | ['urlshort'] | |
urlspy | ['rat'] | |
uroburos_file | ['rat'] | |
uroburos_mutexes | ['rat'] | |
uses_windows_utilities | ['commands', 'lateral'] | |
vertex_url | ['vertex'] | |
vir_napolar | ['vir'] | |
vir_nebuler | ['trojan'] | |
vir_pykse | ['worm'] | |
virut | ['rat'] | |
vnc_mutexes | ['rat'] | |
volatility_devicetree_1 | ['generic'] | |
volatility_handles_1 | ['generic'] | |
volatility_ldrmodules_1 | ['generic'] | |
volatility_ldrmodules_2 | ['generic'] | |
volatility_malfind_2 | ['generic'] | |
volatility_modscan_1 | ['generic'] | |
volatility_svcscan_1 | ['generic'] | |
volatility_svcscan_2 | ['generic'] | |
volatility_svcscan_3 | ['generic'] | |
wakbot | ['rat'] | |
warbot_url | ['warbot'] | |
win32_process_create | ['wmi'] | |
winsxsbot | ['work'] | |
wmi_antivm | ['wmi', 'anti-vm'] | |
wmi_persistance | ['persistance'] | |
wmi_service | ['persistance'] | |
worm_allaple | ['worm'] | |
worm_kolabc | ['worm'] | |
worm_palevo | ['worm'] | |
worm_phorpiex | ['worm'] | |
worm_psyokym | ['worm'] | |
worm_renocide | ['worm'] | |
worm_rungbu | ['worm'] | |
worm_xworm | ['worm'] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment