Skip to content

Improve results scanning for Linux malware (#608)

VirusTotal YARA-CI / False Negatives failed Nov 10, 2024 in 1m 8s

False negatives found

  • 582 hashes mentioned in 702 rules
  • 494 hashes found in VirusTotal
  • 153 false negatives found

Details

Non matching file Rule YARA file
f1612924814ac73339f777b48b0de28b716d606e142d4d3f4308ec648e3f56c8 echo_decode_bash_probable rules/anti-static/base64/eval.yara
7ea112aadebb46399a05b2f7cc258fea02f55cf2ae5257b331031448f15beb8f echo_decode_bash_probable rules/anti-static/base64/eval.yara
50057362c139184abb74a6c4ec10700477dcefc8530cf356607737539845ca54 base64_php_functions_multiple rules/anti-static/base64/function_names.yara
17a1219bf38d953ed22bbddd5aaf1811b9380ad0535089e6721d755a00bddbd0 base64_php_functions_multiple rules/anti-static/base64/function_names.yara
50057362c139184abb74a6c4ec10700477dcefc8530cf356607737539845ca54 base64_python_functions rules/anti-static/base64/function_names.yara
17a1219bf38d953ed22bbddd5aaf1811b9380ad0535089e6721d755a00bddbd0 base64_python_functions rules/anti-static/base64/function_names.yara
1d60edb577641ce47dc2a8299f8b7f878e37120b192655aaf80d1cde5ee482d2 obfuscated_elf rules/anti-static/elf/content.yara
1ae62dbec330695d2eddc7cb9a65d47bad5f45af95e6c8a803f0780e0749a3ad obfuscated_elf rules/anti-static/elf/content.yara
99b1563adea48f05ff6dfffa17f320f12f0d0026c6b94769537a1b0b1d286c13 hex_parse_base64 rules/anti-static/obfuscation/hex.yara
99b1563adea48f05ff6dfffa17f320f12f0d0026c6b94769537a1b0b1d286c13 hex_parse_base64_high rules/anti-static/obfuscation/hex.yara
205f5052dc900fc4010392a96574aed5638acf51b7ec792033998e4043efdf6c generic_obfuscated_perl rules/anti-static/obfuscation/perl.yara
bbbf73741078d1e74ab7281189b13f13b50308cf03d3df34bc9f6a90065a4a55 generic_obfuscated_perl rules/anti-static/obfuscation/perl.yara
3eb6ea176cee1e92ab3c684d16a5f820131a518478016643b454a53eaf123e63 php_obfuscated_concat rules/anti-static/obfuscation/php.yara
1a1c97594340ede77bc814670eaf35eaba861f1f9519038582416c704796da0a php_obfuscated_concat rules/anti-static/obfuscation/php.yara
3eb6ea176cee1e92ab3c684d16a5f820131a518478016643b454a53eaf123e63 php_obfuscated_concat_long rules/anti-static/obfuscation/php.yara
1a1c97594340ede77bc814670eaf35eaba861f1f9519038582416c704796da0a php_obfuscated_concat_long rules/anti-static/obfuscation/php.yara
236cff4506f94c8c1059c8545631fa2dcd15b086c1ade4660b947b59bdf2afbd obfuscated_concat_multiple rules/anti-static/obfuscation/php.yara
3eb6ea176cee1e92ab3c684d16a5f820131a518478016643b454a53eaf123e63 obfuscated_concat_multiple rules/anti-static/obfuscation/php.yara
1a1c97594340ede77bc814670eaf35eaba861f1f9519038582416c704796da0a obfuscated_concat_multiple rules/anti-static/obfuscation/php.yara
7b2a27e5d0559625fe7f6a4e0776130880130e414c851901bbfe0cdb892dadfe python_exec_near_enough_decrypt rules/anti-static/obfuscation/python.yara
7b2a27e5d0559625fe7f6a4e0776130880130e414c851901bbfe0cdb892dadfe python_exec_near_enough_fernet rules/anti-static/obfuscation/python.yara
66a4a39a3c79a24bdf150cb87106920442a3db20a59810eb3e06149b028c7bff rename_zlib rules/anti-static/obfuscation/python.yara
5c0db191458fe648d6799d1461d20e79e65986ba6db522db3737ebbf99c577cb rename_zlib rules/anti-static/obfuscation/python.yara
87a23edfa8fbcc13d1a25b9ac808dbc36c417fda508f98186455a7991a52b6c0 rename_zlib rules/anti-static/obfuscation/python.yara
298220bc98a9174700d2e081843fbf3e34be1ad838cea93e0a2a94b9109a04b7 py_marshal rules/anti-static/unmarshal/marshal.yara
016a1a4fe3e9d57ab0b2a11e37ad94cc922290d2499b8d96957c3ddbdc516d74 hardcoded_ip rules/c2/addr/ip.yara
016a1a4fe3e9d57ab0b2a11e37ad94cc922290d2499b8d96957c3ddbdc516d74 elf_hardcoded_ip rules/c2/addr/ip.yara
016a1a4fe3e9d57ab0b2a11e37ad94cc922290d2499b8d96957c3ddbdc516d74 dropper_for rules/c2/tool_transfer/dropper.yara
016a1a4fe3e9d57ab0b2a11e37ad94cc922290d2499b8d96957c3ddbdc516d74 dropper_for rules/c2/tool_transfer/dropper.yara
fd3e21b8e2d8acf196cb63a23fc336d7078e72c2c3e168ee7851ea2bef713588 curl_chmod_relative_run rules/c2/tool_transfer/shell.yara
df3b41b28d5e7679cddb68f92ec98bce090af0b24484b4636d7d84f579658c52 curl_chmod_relative_run rules/c2/tool_transfer/shell.yara
fd3e21b8e2d8acf196cb63a23fc336d7078e72c2c3e168ee7851ea2bef713588 curl_chmod_relative_run_tiny rules/c2/tool_transfer/shell.yara
6e35b5670953b6ab15e3eb062b8a594d58936dd93ca382bbb3ebdbf076a1f83b curl_chmod_relative_run_tiny rules/c2/tool_transfer/shell.yara
df3b41b28d5e7679cddb68f92ec98bce090af0b24484b4636d7d84f579658c52 curl_chmod_relative_run_tiny rules/c2/tool_transfer/shell.yara
fd3e21b8e2d8acf196cb63a23fc336d7078e72c2c3e168ee7851ea2bef713588 curl_tor_chmod_relative_run rules/c2/tool_transfer/shell.yara
6e35b5670953b6ab15e3eb062b8a594d58936dd93ca382bbb3ebdbf076a1f83b curl_tor_chmod_relative_run rules/c2/tool_transfer/shell.yara
df3b41b28d5e7679cddb68f92ec98bce090af0b24484b4636d7d84f579658c52 curl_tor_chmod_relative_run rules/c2/tool_transfer/shell.yara
fd3e21b8e2d8acf196cb63a23fc336d7078e72c2c3e168ee7851ea2bef713588 wget_chmod_relative_run rules/c2/tool_transfer/shell.yara
6e35b5670953b6ab15e3eb062b8a594d58936dd93ca382bbb3ebdbf076a1f83b wget_chmod_relative_run rules/c2/tool_transfer/shell.yara
305901aa920493695729132cfd20cbddc9db2cf861071450a646c6a07b4a50f3 wget_chmod_relative_run rules/c2/tool_transfer/shell.yara
29c2f559a9494bce3d879aff8731a5d70a3789028055fd170c90965ce9cf0ea4 fetch_pipe_shell_value rules/c2/tool_transfer/shell.yara
cd784dc1f7bd95cac84dc696d63d8c807129ef47b3ce08cd08afb7b7456a8cd3 fetch_pipe_shell_value rules/c2/tool_transfer/shell.yara
e100be934f676c64528b5e8a609c3fb5122b2db43b9aee3b2cf30052799a82da ssh_folder rules/credential/ssh/ssh.yara
f864922f947a6bb7d894245b53795b54b9378c0f7633c521240488e86f60c2c5 sys_net_recon rules/discover/multiple.yara
2c98b196a51f737f29689d16abeea620b0acfa6380bdc8e94a7a927477d81e3a sys_net_recon rules/discover/multiple.yara
329255e33f43e6e9ae5d5efd6f5c5745c35a30d42fb5099beb51a6e40fe9bd76 sys_net_recon rules/discover/multiple.yara
6e35b5670953b6ab15e3eb062b8a594d58936dd93ca382bbb3ebdbf076a1f83b nftables rules/evasion/bypass_security/linux/iptables.yara
89073097e72070cc7cc73c178447b70e07b603ccecfe406fe92fe9eafaae830f nftables rules/evasion/bypass_security/linux/iptables.yara
82f509473dbacadaeb2373b309566e7e1a46a67ae9d9c74159aa65bf6424ded8 ufw rules/evasion/bypass_security/linux/ufw.yara
03bb1cfd9e45844701aabc549f530d56f162150494b629ca19d83c1c696710d7 ufw rules/evasion/bypass_security/linux/ufw.yara
8b84336e73c6a6d154e685d3729dfa4e08e4a3f136f0b2e7c6e5970df9145e95 dev_shm_file rules/evasion/file/location/dev-shm.yara
8b9db0bc9152628bdacc32dab01590211bee9f27d58e0f66f6a1e26aea7552a6 dev_shm_file rules/evasion/file/location/dev-shm.yara
f1612924814ac73339f777b48b0de28b716d606e142d4d3f4308ec648e3f56c8 etc_ld_preload_not_ld rules/evasion/hijack_execution/etc-ld.so.preload.yara
228ec858509a928b21e88d582cb5cfaabc03f72d30f2179ef6fb232b6abdce97 fake_kworker rules/evasion/mimicry/fake-process.yara
2f642efdf56b30c1909c44a65ec559e1643858aaea9d5f18926ee208ec6625ed fake_kworker rules/evasion/mimicry/fake-process.yara
fd3e21b8e2d8acf196cb63a23fc336d7078e72c2c3e168ee7851ea2bef713588 run_sleep_delete rules/evasion/self_deletion/run_sleep_delete.yara
6e35b5670953b6ab15e3eb062b8a594d58936dd93ca382bbb3ebdbf076a1f83b run_sleep_delete rules/evasion/self_deletion/run_sleep_delete.yara
df3b41b28d5e7679cddb68f92ec98bce090af0b24484b4636d7d84f579658c52 run_sleep_delete rules/evasion/self_deletion/run_sleep_delete.yara
15507092967fbd28ccb833d98c2ee49da09e7c79fd41759cd6f783672fe1c5cc pip_installer_variable rules/exec/install_additional/pip_install.yara
975cd3986ba59ffab8df71227293dbf2534ffb572e028e3bd492d8d08ec1f090 pip_installer_variable rules/exec/install_additional/pip_install.yara
5b0f7b30b411d7e404786ab2266426db471a2c9d0d9cae593eb187a58a28bc4f pip_installer_variable rules/exec/install_additional/pip_install.yara
210cbe49df69a83462a7451ee46e591c755cfbbef320174dc0ff3f633597b092 bash_dev_udp_high rules/exec/shell/bash_dev_udp.yara
48a70bd18a23fce3208195f4ad2e92fce78d37eeaa672f83af782656a4b2d07f elf_nohup rules/exec/shell/nohup.yara
cd784dc1f7bd95cac84dc696d63d8c807129ef47b3ce08cd08afb7b7456a8cd3 elf_nohup rules/exec/shell/nohup.yara
7ea112aadebb46399a05b2f7cc258fea02f55cf2ae5257b331031448f15beb8f semicolon_short_var_tmp rules/exec/shell/tmp_semicolon.yara
0e91c06bb84630aba38e9c575576b46240aba40f36e6142c713c9d63a11ab4bb semicolon_short_var_tmp rules/exec/shell/tmp_semicolon.yara
4d50bee796cda760b949bb8918881b517f4af932406307014eaf77d8a9a342d0 semicolon_short_var_tmp rules/exec/shell/tmp_semicolon.yara
228ec858509a928b21e88d582cb5cfaabc03f72d30f2179ef6fb232b6abdce97 apparmor_stop rules/exec/system_controls/apparmor.yara
2f642efdf56b30c1909c44a65ec559e1643858aaea9d5f18926ee208ec6625ed apparmor_stop rules/exec/system_controls/apparmor.yara
19dc05db0219df84f303bde62d37dbf7ece4e2825daa98e27ba087cc3594431d nodejs_phone_hom_obscure rules/exfil/nodejs.yara
19dc05db0219df84f303bde62d37dbf7ece4e2825daa98e27ba087cc3594431d nodejs_phone_hom_obscure rules/exfil/nodejs.yara
19dc05db0219df84f303bde62d37dbf7ece4e2825daa98e27ba087cc3594431d nodejs_phone_hom_obscure rules/exfil/nodejs.yara
31054fb826b57c362cc0f0dbc8af15b22c029c6b9abeeee9ba8d752f3ee17d7d userdata_browser_archiver rules/exfil/stealer/browser.yara
016a1a4fe3e9d57ab0b2a11e37ad94cc922290d2499b8d96957c3ddbdc516d74 smaller_userdata_browser_archiver rules/exfil/stealer/browser.yara
31054fb826b57c362cc0f0dbc8af15b22c029c6b9abeeee9ba8d752f3ee17d7d smaller_userdata_browser_archiver rules/exfil/stealer/browser.yara
589dbb3f678511825c310447b6aece312a4471394b3bc40dde6c75623fc108c0 smaller_userdata_browser_archiver rules/exfil/stealer/browser.yara
589dbb3f678511825c310447b6aece312a4471394b3bc40dde6c75623fc108c0 ditto_crypto_stealer rules/exfil/stealer/ditto.yara
ce3c57e6c025911a916a61a716ff32f2699f3e3a84eb0ebbe892a5d4b8fb9c7a ditto_crypto_stealer rules/exfil/stealer/ditto.yara
eed1859b90b8832281786b74dc428a01dbf226ad24b182d09650c6e7895007ea ditto_crypto_stealer rules/exfil/stealer/ditto.yara
59c3ab81ea192e439bc39c5edbbc56518a80a0393e16d55fd5638a567dd96123 linux_server_stealer rules/exfil/stealer/linux_server.yara
fe617c77d66f0954d22d6488e4a481b0f8fdc9e3033fa23475dcd24e53561ec7 linux_server_stealer rules/exfil/stealer/linux_server.yara
f60c1214b5091e6e4e5e7db0c16bf18a062d096c6d69fe1eb3cbd4c50c3a3ed6 pam_passwords rules/exfil/stealer/pam.yara
f1612924814ac73339f777b48b0de28b716d606e142d4d3f4308ec648e3f56c8 pam_passwords rules/exfil/stealer/pam.yara
210cbe49df69a83462a7451ee46e591c755cfbbef320174dc0ff3f633597b092 password_finder_mimipenguin rules/exfil/stealer/password.yara
e6b6cf40d605fc7a5e8ba168a8a5d8699b0879e965d2b803e29b87926cba861f py_crypto_urllib_multiprocessing rules/exfil/stealer/python.yara
4259f2da90bf344092abc071f376753adaf077e13aeed684a7a3c2950ec82f69 py_crypto_urllib_multiprocessing rules/exfil/stealer/python.yara
7c5c84eb86a72395bf75510d5a1a51553a025668d6477dbef86ad12da7bc6b8a py_crypto_urllib_multiprocessing rules/exfil/stealer/python.yara
6e35b5670953b6ab15e3eb062b8a594d58936dd93ca382bbb3ebdbf076a1f83b tar_ssh_net rules/exfil/stealer/ssh.yara
0a76c55fa88d4c134012a5136c09fb938b4be88a382f88bf2804043253b0559f sysinfo_http_uname rules/exfil/sysinfo_http.yara
5e9d356cdfc85a66f8fbab29bf43e95f19489c66d2a970e33d031f267298b482 proc_fd_high rules/fs/proc/pid-fd.yara
f60c1214b5091e6e4e5e7db0c16bf18a062d096c6d69fe1eb3cbd4c50c3a3ed6 proc_fd_high rules/fs/proc/pid-fd.yara
265e8236da27a35306cde4e57d73077c94c35e7a73da086273af09179f78f37a proc_fd_high rules/fs/proc/pid-fd.yara
58c54ded0af2fffb8cea743d8ec3538cecfe1afe88d5f7818591fb5d4d2bd4e1 pid_inspector_high rules/fs/proc/pid-inspector.yara
12330634ae5c2ac7da6d8d00f3d680630d596df154f74e03ff37e6942f90639e pid_inspector_high rules/fs/proc/pid-inspector.yara
cd784dc1f7bd95cac84dc696d63d8c807129ef47b3ce08cd08afb7b7456a8cd3 probably_a_miner rules/impact/cryptojacking/argon2d_numa_self.yara
818b80a08418f3bb4628edd4d766e4de138a58f409a89a5fdba527bab8808dd2 exploiter rules/impact/exploit/exploit.yara
98e7808bd5bfd72c08429ffe0ffb52ae54bce7e6389f17ae523e8ae0099489ab c_router_malware rules/impact/infection/router.yara
abf0f87cc7eb6028add2e2bda31ede09709a948e8f7e56390a3f18d1eae58aa6 c_router_malware rules/impact/infection/router.yara
c91c6dbfa746e3c49a6c93f92b4d6c925668e620d4effc5b2bf59cf9100fe87d c_router_malware rules/impact/infection/router.yara
df3b41b28d5e7679cddb68f92ec98bce090af0b24484b4636d7d84f579658c52 curl_base64_aes rules/impact/ransom/curl_aes_base64.yara
94f4de1bd8c85b8f820bab936ec16cdb7f7bc19fa60d46ea8106cada4acc79a2 lvt_locker rules/impact/ransom/lvt_locker.yara
818b80a08418f3bb4628edd4d766e4de138a58f409a89a5fdba527bab8808dd2 backdoor_caps rules/impact/remote_access/backdoor.yara
d7ad1bff4c0e6d094af27b4d892b3398b48eab96b64a8f8a2392e26658c63f30 backdoor_caps rules/impact/remote_access/backdoor.yara
f60c1214b5091e6e4e5e7db0c16bf18a062d096c6d69fe1eb3cbd4c50c3a3ed6 backdoor_caps rules/impact/remote_access/backdoor.yara
818b80a08418f3bb4628edd4d766e4de138a58f409a89a5fdba527bab8808dd2 backdoor_leet rules/impact/remote_access/backdoor.yara
d7ad1bff4c0e6d094af27b4d892b3398b48eab96b64a8f8a2392e26658c63f30 backdoor_leet rules/impact/remote_access/backdoor.yara
f60c1214b5091e6e4e5e7db0c16bf18a062d096c6d69fe1eb3cbd4c50c3a3ed6 backdoor_leet rules/impact/remote_access/backdoor.yara
99b1563adea48f05ff6dfffa17f320f12f0d0026c6b94769537a1b0b1d286c13 hex_parse_base64 rules/impact/remote_access/base64_exec.yara
8cad755bcf420135c0f406fb92138dcb0c1602bf72c15ed725bd3b76062dafe5 listens_and_executes_shell rules/impact/remote_access/listen_shell.yara
0afd9f52ddada582d5f907e0a8620cbdbe74ea31cf775987a5675226c1b228c2 listens_and_executes_shell rules/impact/remote_access/listen_shell.yara
3668b167f5c9083a9738cfc4bd863a07379a5b02ee14f48a10fb1240f3e421a6 listens_and_executes_shell rules/impact/remote_access/listen_shell.yara
ad69e198905a8d4a4e5c31ca8a3298a0a5d761740a5392d2abb5d6d2e966822f pseudoterminal_tunnel rules/impact/remote_access/net_term.yara
d36b8cfef77149c64cb203e139657d5219527c7cf4fee45ca302d89b7ef851e6 pseudoterminal_tunnel rules/impact/remote_access/net_term.yara
240fe01d9fcce5aae311e906b8311a1975f8c1431b83618f3d11aeaff10aede3 miner_kvryr_stak_alike rules/impact/remote_access/net_term.yara
de1ef827bcd3100a259f29730cb06f7878220a7c02cee0ebfc9090753d2237a8 php_possible_backdoor rules/impact/remote_access/php.yara
94f4de1bd8c85b8f820bab936ec16cdb7f7bc19fa60d46ea8106cada4acc79a2 php_bin_hashbang rules/impact/remote_access/php.yara
cd784dc1f7bd95cac84dc696d63d8c807129ef47b3ce08cd08afb7b7456a8cd3 php_urlvar_recon_exec rules/impact/remote_access/php.yara
de1ef827bcd3100a259f29730cb06f7878220a7c02cee0ebfc9090753d2237a8 php_base64_eval_uname rules/impact/remote_access/php.yara
cd784dc1f7bd95cac84dc696d63d8c807129ef47b3ce08cd08afb7b7456a8cd3 php_post_system rules/impact/remote_access/php.yara
94f4de1bd8c85b8f820bab936ec16cdb7f7bc19fa60d46ea8106cada4acc79a2 php_post_system rules/impact/remote_access/php.yara
43411e7e750ebfe589cc4004da7b67e907c6f2cfe868a00962ff6b08b515e4c2 php_eval_get_contents rules/impact/remote_access/php.yara
1a13a6c6bb6815ba352b43971e4e961615367aec714e0a0005c28b3ebbc544c6 php_copy_files rules/impact/remote_access/php.yara
6896b02503c15ffa68e17404f1c97fd53ea7b53c336a7b8b34e7767f156a9cf2 php_base64_encoded rules/impact/remote_access/php.yara
73ed0b692fda696efd5f8e33dc05210e54b17e4e4a39183c8462bcc5a3ba06cc php_base64_encoded rules/impact/remote_access/php.yara
99ed2445553e490c912ee8493073cc4340e7c6310b0b7fc425ffe8340c551473 php_base64_encoded rules/impact/remote_access/php.yara
0afd9f52ddada582d5f907e0a8620cbdbe74ea31cf775987a5675226c1b228c2 trojan_ref_leet rules/impact/remote_access/trojan.yara
206ad8fec64661c1fed8f20f71523466d0ca4ed9c01d20bea128bfe317f4395a trojan_ref_leet rules/impact/remote_access/trojan.yara
341a49940749d5f07d32d1c8dfddf6388a11e45244cc54bc8768a8cd7f00b46a trojan_ref_leet rules/impact/remote_access/trojan.yara
0afd9f52ddada582d5f907e0a8620cbdbe74ea31cf775987a5675226c1b228c2 trojan_ref_loaded rules/impact/remote_access/trojan.yara
206ad8fec64661c1fed8f20f71523466d0ca4ed9c01d20bea128bfe317f4395a trojan_ref_loaded rules/impact/remote_access/trojan.yara
341a49940749d5f07d32d1c8dfddf6388a11e45244cc54bc8768a8cd7f00b46a trojan_ref_loaded rules/impact/remote_access/trojan.yara
9491fa95f40a69f27ce99229be636030fdc49f315cb9c897db3b602c34a8ceda ssh_shell_worm rules/lateral/ssh/worm.yara
b0a2bf48e29c6dfac64f112ac1cb181d184093f582615e54d5fad4c9403408be ssh_shell_worm rules/lateral/ssh/worm.yara
da3bb9669fb983ad8d2ffc01aab9d56198bd9cedf2cc4387f19f4604a070a9b5 conti_phrases rules/malware/family/conti.yara
1d36f4bebd21a01c12fde522defee4c6b4d3d574c825ecc20a2b7a8baa122819 high_fetch_command_val rules/net/download/fetch.yara
1fc412b47b736f8405992e3744690b58ec4d611c550a1b4f92f08dfdad5f7a30 high_fetch_command_val rules/net/download/fetch.yara
27cdb8d8f64ce395795fdbde10cf3a08e7b217c92b7af89cde22abbf951b9e99 high_fetch_command_val rules/net/download/fetch.yara
384ec732200ab95c94c202f42b51e870f51735768888aaabc4e370de74e825e3 http_server rules/net/http/http-server.yara
955e9bbcdf1cb230c5f079a08995f510a3b96224545e04c1b1f9889d57dd33c1 http_server rules/net/http/http-server.yara
48a70bd18a23fce3208195f4ad2e92fce78d37eeaa672f83af782656a4b2d07f http_server rules/net/http/http-server.yara
1d2800352e15175ae5fa916b48a96b26f0199d9f8a9036648b3e44aa60ed2897 vnc_elf_subtle rules/net/remote_control/vnc.yara
5a628dc26dae0309941d70021cfbb4281189f85b074bf3e696058d73c4609101 vnc_elf_subtle rules/net/remote_control/vnc.yara
d13fd21514f7ee5e58343aa99bf551c6a56486731c50daefcce233fdb162def8 vnc_elf_subtle rules/net/remote_control/vnc.yara
4465bbf91efedb996c80c773494295ae3bff27c0fff139c6aefdb9efbdf7d078 http_url_with_asp rules/net/url/embedded.yara
5deef153a6095cd263d5abb2739a7b18aa9acb7fb0d542a2b7ff75b3506877ac http_url_with_asp rules/net/url/embedded.yara
26ba215bcd5d8a9003a904b0eac7dc10054dba7bea9a708668a5f6106fd73ced crontab_writer rules/persist/cron/tab.yara
5d637915abc98b21f94b0648c552899af67321ab06fb34e33339ae38401734cf lkm_embedded_in_elf rules/persist/kernel_module/module.yara
0e77291955664d2c25d5bfe617cec12a388e5389f82dee5ae4fd5c5d1f1bdefe type_forking_not_in_dep_tree rules/persist/systemd/out_of_dependency_tree.yara
3e68118ad46b9eb64063b259fca5f6682c5c2cb18fd9a4e7d97969226b2e6fb4 type_forking_not_in_dep_tree rules/persist/systemd/out_of_dependency_tree.yara
f4a64ab3ffc0b4a94fd07a55565f24915b7a1aaec58454df5e47d8f8a2eec22a type_forking_not_in_dep_tree rules/persist/systemd/out_of_dependency_tree.yara
1d2800352e15175ae5fa916b48a96b26f0199d9f8a9036648b3e44aa60ed2897 masscan_elf rules/sec-tool/net/masscan.yara
5a628dc26dae0309941d70021cfbb4281189f85b074bf3e696058d73c4609101 masscan_elf rules/sec-tool/net/masscan.yara
d13fd21514f7ee5e58343aa99bf551c6a56486731c50daefcce233fdb162def8 masscan_elf rules/sec-tool/net/masscan.yara
Files not found in VirusTotal
36831e715a152658bab9efbd4c2c75be50ee501b3dffdb5798d846a2259154a2
fd2f0e9cf4288d2be6b22bd0c6e8a5eb99777939c9b2278ecf89f5b8ad536719
26f98a78fbb198aec50dc425f53145cc47d031bd4e56fc77fcf22605875f094c
64771788a20856c7b2a29067f41be9cb7138c11a2cf2a8d17ab4afe73516f1ed
6c50a21a69f2bcb27a55e909f9fecd4a7bd7fc0898730d1c76e65b2a7172710b
11974b1de679d7058d897765e7923ab6058d980c49f52ca333f13e528b3396e5
6876fe8c752aae93650ac914735b21361b01aafb19a2a9ed5a7c736174d3ddbe
f6d9de8c96e3a9b24287eff608ba6ae59aed653e465112f31e679ae50b8172f3
41967393b2c1e645456d59dabb3837f605dd30b9c4a72aaebaf51ecc572d24bd
e9f89885876c1958bc6eede3373e4f3c4d76a5bc35a247fb7531b757798cb032
9b073472cac7f3f8274165a575e96cfb4f4eb38471f6a8e57bb9789f3f307495
ca4a74ebf4a5eb00d7d5b668b5e702161ed30160d88cfed2d249aa5523b30d86
acf556b26bb0eb193e68a3863662d9707cbf827d84c34fbc8c19d09b8ea811a1
900c0453212babd82baa5151bba3d8e6fa56694aff33053de8171a38ff1bef09
d7c34b9d711260c1cd001ca761f5df37cbe40b492f198b228916b6647b660119
a7f45d75612e95b091e35550c0bde2ba50a2a867d68eb43296b2fc4622198f74
c54bfacc63cd61c7d66e7282f17402c851b2b4cfdc9af7c1a81ad6a7838df19a
9ca4a18bce328b79720fd18bee56f1f4778f492c70f14dd0d3fdf2148c3e3998
8243cab8a268a8489387d12bde031e9476118eb8eb7923208ab18e802b1f1ace
4d4d52eed849554e1c31d56239bcf8ddc7e27fd387330f5ab1ce7d118589e5f3
503fcf8b03f89483c0335c2a7637670c8dea59e21c209ab8e12a6c74f70c7f38
ba46608e52a24b7583774ba259cf997c6f654a398686028aad56855a2b9d6757
9ce3da0322ee42e9119abb140b829efc3c94ea802df7a6f3968829645e1a5330
dd8a8a9dde32a14a7222a28e878d13c4f0bccd5eb54d0575fa6332d001226715
b5fa20b9c699995990ca3af5bd4a5d76da12c125c541f33ac2b61990b16d353c
c7ffb802c0e2813e2b0edba2efe8fa660740806b902cd1f1aea01c998812206d
bab1040a9e569d7bf693ac907948a09323c5f7e7005012f7b75b5c1b2ced10ad
bb6ca6bfd157c39f4ec27589499d3baaa9d1b570e622722cb9bddfff25127ac9
b52dd01d1f1416820108af0be32067e8990e076bf8f917a40a61c919e89e5551
9a5f6318a395600637bd98e83d2aea787353207ed7792ec9911b775b79443dcd
270c76aeebb271754a8cc344e8a06ed39749f55bbe10577e227eccfae6ee01b8
912dc3aee7d5c397225f77e3ddbe3f0f4cf080de53ccdb09c537749148c1cc08
ed706eb208f271abdbbe1cd7cd94cd8c8603f811018d5207a120c718f59652e9
7e9492e670d5b0552b62c9bccbd5325609ebaa31bbeaa56953c692b4d970a777
a6f1f9c9180cb77952398e719e4ef083ccac1e54c5242ea2bc6fe63e6ab4bb29
fa8d2c01cf81a052ea46650418afa358252ce6f9ce2eb65df3b3e3c7165f8d92
e394d87045c800a63bd4d295e635ff8a03624255c3fd85fe8e6957807f1cb569
b87023e546bcbde77dae065ad3634e7a6bd4cc6056167a6ed348eee6f2a168ae
663b75b098890a9b8b02ee4ec568636eeb7f53414a71e2dbfbb9af477a4c7c3d
657bd1f3e53993cb7d600bfcd1a616c12ed3e69fa71a451061b562e5b9316649
106eef08f3bfcced3e221ee6f789792650386d7794d30c80eae19e42ef893682
b4e65c01ab90442cb5deda26660a3f81bd400c205e12605536483f979023aa15
8c227f67a16162ffd5b453a478ced2950eba4cbe3b004c5cc935fb9551dc2289
e3a457ec75e3a042fb34fa6d49e0e833265d21d26c4e0119aaa1b6ec8a9460ec
7a4e6a21ac07f3d42091e3ff3345747ff68d06657d8fbd7fc783f89da99db20c
76b0bcdf0ea0b62cee1c42537ff00d2100c54e40223bbcb8a4135a71582dfa5d
710368bd25889cb1d61ce82ac59c4cc076ea8021f9d3c47bb6ae79ca2901bdc2
f8feafb93e55e75e9e52c5db3835e646e182b7910afa9152b112ff9d5a29a197
8c914dfa5cb7fd25d87ee802a48e8e63c090ceb400f0fd3cd0bf605bba36a4bd
e96f6ca8ecc00fcfac88679e475022091ce47f75c54f47570d66a56d77cd5ea6
62e08e4967da57e037255d2e533b7c5d7d1f1773af2a06113470c29058b5fcd0
ebcd4d091dad0cbd946df2f0fe79d67ccd2aa7c315994b2a1e92c8de08e7a9b9
156ee05a1c1c1c68441fb8eedc034c50293ff0a643a8a1c132363e612a08fa6d
f6b7984c76d92390f5530daeacf4f77047b176ffb8eaf5c79c74d6dd4d514b2b
a34a36ec6b7b209aaa2092cc28bc65917e310b3181e98ab54d440565871168cb
63acea4dcef0084a9b6ccc17c56f712f32cfd3a5d752c7509fd0553177812a94
d9c819b4e14a64033d0188a83dab05771a1914f00a14e8cc12f96e5d0c4f924a
4573af129e3e1a197050e2fd066f846c92de64d8d14a81a13d975a2cbc6d391e
c68e907642a8462c6b82a50bf4fde82bbf71245ab4edace246dd341dc72e5867
61075056b46d001e2e08f7e5de3fb9bfa2aabf8fb948c41c62666fd4fab1040f
d83f43f47c1438d900143891e7a542d1d24f9adcbd649b7698d8ee7585068039
dcee481328f711fa39566942f2c1b70b9a9c9cfc736f42094c4f734bdae6a5f5
506e12e4ce1359ffab46038c4bf83d3ab443b7c5db0d5c8f3ad05340cb09c38e
fd74f0eecebb47178ef98ac9a744daaf982a16287c78fd9cb2fe9713f542f8c5
cbe882505708c72bc468264af4ef5ae5de1b75de1f83bba4073f91568d9d20a1
1a80591019dea60785fff842da5f7347248e8ddf6a8a121d077210a06ba45e42
c347d9501f782d13983a6c7228791c96241311fd7677233b443b25fa053c18d6
630bbcf0643d9fc9840f2f54ea4ae1ea34dc94b91ee011779c8e8c91f733c9f5
171288619486905a2fdf581f24a98f4e19ae928bd31a7fc8bd9d035cb2b8368b
7c8d783c489337251125204c4b7f9222d83058ed6872f55db1319a0be7337f05
d7f012d3985cb0666de172e158e3d0e0b516e2fffd5da942e027fe437c8af1c7
5dbab6891fefb2ba4e3983ddb0d95989cf5611ab85ae643afbcc5ca47c304a4a
9a85e7aee672b1258b3d4606f700497d351dd1e1117ceb0e818bfea7922b9a96
50aea94a6e503d0d3f7c5aa0284746262a3d1afe092b369992070af94a4c1997
7664e04586d294092c86b7203f0651d071a993c5d62875988c2c5474e554c0e8
5e774902d99c93cf4e7441a8a7d5674966ee6ca72760779639bbf3a9a9a3e065
8d4daa082c46bfdef3d85a6b5e29a53ae4f45197028452de38b729d76d3714d1
4613cd16ce84ce12dcb87bc63da999daededd11a31eda471673dd28a6a844c31
f39b16ebb3809944722d4d7674dedf627210f1fa13ca0969337b1c0dcb388603
1b92cb3d4b562d0eb05c3b2f998e334273ce9b491bc534d73bcd0b4952ce58d2
58829e93da60b0934d7739d1a6aba92d665ac72bab9efc0571c0fc9751d40f3e
6acfc6f82f0fea6cc2484021e87fec5e47be1459e71201fbec09372236f8fc5a
86493d2b4f47ea277c2997aa723dcd6c99f75a829ac4d3b93e0b7870bfcc404c
1a6f8d758c6e569109a021c01cc4a5e787a9c876866c0ce5a15f07f266ec8059
ab531d7eb4160bdf1ef5c3e745ad92601f66afa13c150b2547cbe788db84d7d1
e93e524797907d57cb37effc8ebe14e6968f6bca899600561971e39dfd49831d
c72f0194a61dcf25779370a6c8dd0257848789ef59d0108a21f08301569d4441
aa7a7ad320421cdbeb2f488318849c3494b8ecba4e0f9c3623c3c16287cdd55a