f1612924814ac73339f777b48b0de28b716d606e142d4d3f4308ec648e3f56c8 |
echo_decode_bash_probable |
rules/anti-static/base64/eval.yara |
7ea112aadebb46399a05b2f7cc258fea02f55cf2ae5257b331031448f15beb8f |
echo_decode_bash_probable |
rules/anti-static/base64/eval.yara |
50057362c139184abb74a6c4ec10700477dcefc8530cf356607737539845ca54 |
base64_php_functions_multiple |
rules/anti-static/base64/function_names.yara |
17a1219bf38d953ed22bbddd5aaf1811b9380ad0535089e6721d755a00bddbd0 |
base64_php_functions_multiple |
rules/anti-static/base64/function_names.yara |
50057362c139184abb74a6c4ec10700477dcefc8530cf356607737539845ca54 |
base64_python_functions |
rules/anti-static/base64/function_names.yara |
17a1219bf38d953ed22bbddd5aaf1811b9380ad0535089e6721d755a00bddbd0 |
base64_python_functions |
rules/anti-static/base64/function_names.yara |
1d60edb577641ce47dc2a8299f8b7f878e37120b192655aaf80d1cde5ee482d2 |
obfuscated_elf |
rules/anti-static/elf/content.yara |
1ae62dbec330695d2eddc7cb9a65d47bad5f45af95e6c8a803f0780e0749a3ad |
obfuscated_elf |
rules/anti-static/elf/content.yara |
99b1563adea48f05ff6dfffa17f320f12f0d0026c6b94769537a1b0b1d286c13 |
hex_parse_base64 |
rules/anti-static/obfuscation/hex.yara |
99b1563adea48f05ff6dfffa17f320f12f0d0026c6b94769537a1b0b1d286c13 |
hex_parse_base64_high |
rules/anti-static/obfuscation/hex.yara |
205f5052dc900fc4010392a96574aed5638acf51b7ec792033998e4043efdf6c |
generic_obfuscated_perl |
rules/anti-static/obfuscation/perl.yara |
bbbf73741078d1e74ab7281189b13f13b50308cf03d3df34bc9f6a90065a4a55 |
generic_obfuscated_perl |
rules/anti-static/obfuscation/perl.yara |
3eb6ea176cee1e92ab3c684d16a5f820131a518478016643b454a53eaf123e63 |
php_obfuscated_concat |
rules/anti-static/obfuscation/php.yara |
1a1c97594340ede77bc814670eaf35eaba861f1f9519038582416c704796da0a |
php_obfuscated_concat |
rules/anti-static/obfuscation/php.yara |
3eb6ea176cee1e92ab3c684d16a5f820131a518478016643b454a53eaf123e63 |
php_obfuscated_concat_long |
rules/anti-static/obfuscation/php.yara |
1a1c97594340ede77bc814670eaf35eaba861f1f9519038582416c704796da0a |
php_obfuscated_concat_long |
rules/anti-static/obfuscation/php.yara |
236cff4506f94c8c1059c8545631fa2dcd15b086c1ade4660b947b59bdf2afbd |
obfuscated_concat_multiple |
rules/anti-static/obfuscation/php.yara |
3eb6ea176cee1e92ab3c684d16a5f820131a518478016643b454a53eaf123e63 |
obfuscated_concat_multiple |
rules/anti-static/obfuscation/php.yara |
1a1c97594340ede77bc814670eaf35eaba861f1f9519038582416c704796da0a |
obfuscated_concat_multiple |
rules/anti-static/obfuscation/php.yara |
7b2a27e5d0559625fe7f6a4e0776130880130e414c851901bbfe0cdb892dadfe |
python_exec_near_enough_decrypt |
rules/anti-static/obfuscation/python.yara |
7b2a27e5d0559625fe7f6a4e0776130880130e414c851901bbfe0cdb892dadfe |
python_exec_near_enough_fernet |
rules/anti-static/obfuscation/python.yara |
66a4a39a3c79a24bdf150cb87106920442a3db20a59810eb3e06149b028c7bff |
rename_zlib |
rules/anti-static/obfuscation/python.yara |
5c0db191458fe648d6799d1461d20e79e65986ba6db522db3737ebbf99c577cb |
rename_zlib |
rules/anti-static/obfuscation/python.yara |
87a23edfa8fbcc13d1a25b9ac808dbc36c417fda508f98186455a7991a52b6c0 |
rename_zlib |
rules/anti-static/obfuscation/python.yara |
298220bc98a9174700d2e081843fbf3e34be1ad838cea93e0a2a94b9109a04b7 |
py_marshal |
rules/anti-static/unmarshal/marshal.yara |
016a1a4fe3e9d57ab0b2a11e37ad94cc922290d2499b8d96957c3ddbdc516d74 |
hardcoded_ip |
rules/c2/addr/ip.yara |
016a1a4fe3e9d57ab0b2a11e37ad94cc922290d2499b8d96957c3ddbdc516d74 |
elf_hardcoded_ip |
rules/c2/addr/ip.yara |
016a1a4fe3e9d57ab0b2a11e37ad94cc922290d2499b8d96957c3ddbdc516d74 |
dropper_for |
rules/c2/tool_transfer/dropper.yara |
016a1a4fe3e9d57ab0b2a11e37ad94cc922290d2499b8d96957c3ddbdc516d74 |
dropper_for |
rules/c2/tool_transfer/dropper.yara |
fd3e21b8e2d8acf196cb63a23fc336d7078e72c2c3e168ee7851ea2bef713588 |
curl_chmod_relative_run |
rules/c2/tool_transfer/shell.yara |
df3b41b28d5e7679cddb68f92ec98bce090af0b24484b4636d7d84f579658c52 |
curl_chmod_relative_run |
rules/c2/tool_transfer/shell.yara |
fd3e21b8e2d8acf196cb63a23fc336d7078e72c2c3e168ee7851ea2bef713588 |
curl_chmod_relative_run_tiny |
rules/c2/tool_transfer/shell.yara |
6e35b5670953b6ab15e3eb062b8a594d58936dd93ca382bbb3ebdbf076a1f83b |
curl_chmod_relative_run_tiny |
rules/c2/tool_transfer/shell.yara |
df3b41b28d5e7679cddb68f92ec98bce090af0b24484b4636d7d84f579658c52 |
curl_chmod_relative_run_tiny |
rules/c2/tool_transfer/shell.yara |
fd3e21b8e2d8acf196cb63a23fc336d7078e72c2c3e168ee7851ea2bef713588 |
curl_tor_chmod_relative_run |
rules/c2/tool_transfer/shell.yara |
6e35b5670953b6ab15e3eb062b8a594d58936dd93ca382bbb3ebdbf076a1f83b |
curl_tor_chmod_relative_run |
rules/c2/tool_transfer/shell.yara |
df3b41b28d5e7679cddb68f92ec98bce090af0b24484b4636d7d84f579658c52 |
curl_tor_chmod_relative_run |
rules/c2/tool_transfer/shell.yara |
fd3e21b8e2d8acf196cb63a23fc336d7078e72c2c3e168ee7851ea2bef713588 |
wget_chmod_relative_run |
rules/c2/tool_transfer/shell.yara |
6e35b5670953b6ab15e3eb062b8a594d58936dd93ca382bbb3ebdbf076a1f83b |
wget_chmod_relative_run |
rules/c2/tool_transfer/shell.yara |
305901aa920493695729132cfd20cbddc9db2cf861071450a646c6a07b4a50f3 |
wget_chmod_relative_run |
rules/c2/tool_transfer/shell.yara |
29c2f559a9494bce3d879aff8731a5d70a3789028055fd170c90965ce9cf0ea4 |
fetch_pipe_shell_value |
rules/c2/tool_transfer/shell.yara |
cd784dc1f7bd95cac84dc696d63d8c807129ef47b3ce08cd08afb7b7456a8cd3 |
fetch_pipe_shell_value |
rules/c2/tool_transfer/shell.yara |
e100be934f676c64528b5e8a609c3fb5122b2db43b9aee3b2cf30052799a82da |
ssh_folder |
rules/credential/ssh/ssh.yara |
f864922f947a6bb7d894245b53795b54b9378c0f7633c521240488e86f60c2c5 |
sys_net_recon |
rules/discover/multiple.yara |
2c98b196a51f737f29689d16abeea620b0acfa6380bdc8e94a7a927477d81e3a |
sys_net_recon |
rules/discover/multiple.yara |
329255e33f43e6e9ae5d5efd6f5c5745c35a30d42fb5099beb51a6e40fe9bd76 |
sys_net_recon |
rules/discover/multiple.yara |
6e35b5670953b6ab15e3eb062b8a594d58936dd93ca382bbb3ebdbf076a1f83b |
nftables |
rules/evasion/bypass_security/linux/iptables.yara |
89073097e72070cc7cc73c178447b70e07b603ccecfe406fe92fe9eafaae830f |
nftables |
rules/evasion/bypass_security/linux/iptables.yara |
82f509473dbacadaeb2373b309566e7e1a46a67ae9d9c74159aa65bf6424ded8 |
ufw |
rules/evasion/bypass_security/linux/ufw.yara |
03bb1cfd9e45844701aabc549f530d56f162150494b629ca19d83c1c696710d7 |
ufw |
rules/evasion/bypass_security/linux/ufw.yara |
8b84336e73c6a6d154e685d3729dfa4e08e4a3f136f0b2e7c6e5970df9145e95 |
dev_shm_file |
rules/evasion/file/location/dev-shm.yara |
8b9db0bc9152628bdacc32dab01590211bee9f27d58e0f66f6a1e26aea7552a6 |
dev_shm_file |
rules/evasion/file/location/dev-shm.yara |
f1612924814ac73339f777b48b0de28b716d606e142d4d3f4308ec648e3f56c8 |
etc_ld_preload_not_ld |
rules/evasion/hijack_execution/etc-ld.so.preload.yara |
228ec858509a928b21e88d582cb5cfaabc03f72d30f2179ef6fb232b6abdce97 |
fake_kworker |
rules/evasion/mimicry/fake-process.yara |
2f642efdf56b30c1909c44a65ec559e1643858aaea9d5f18926ee208ec6625ed |
fake_kworker |
rules/evasion/mimicry/fake-process.yara |
fd3e21b8e2d8acf196cb63a23fc336d7078e72c2c3e168ee7851ea2bef713588 |
run_sleep_delete |
rules/evasion/self_deletion/run_sleep_delete.yara |
6e35b5670953b6ab15e3eb062b8a594d58936dd93ca382bbb3ebdbf076a1f83b |
run_sleep_delete |
rules/evasion/self_deletion/run_sleep_delete.yara |
df3b41b28d5e7679cddb68f92ec98bce090af0b24484b4636d7d84f579658c52 |
run_sleep_delete |
rules/evasion/self_deletion/run_sleep_delete.yara |
15507092967fbd28ccb833d98c2ee49da09e7c79fd41759cd6f783672fe1c5cc |
pip_installer_variable |
rules/exec/install_additional/pip_install.yara |
975cd3986ba59ffab8df71227293dbf2534ffb572e028e3bd492d8d08ec1f090 |
pip_installer_variable |
rules/exec/install_additional/pip_install.yara |
5b0f7b30b411d7e404786ab2266426db471a2c9d0d9cae593eb187a58a28bc4f |
pip_installer_variable |
rules/exec/install_additional/pip_install.yara |
210cbe49df69a83462a7451ee46e591c755cfbbef320174dc0ff3f633597b092 |
bash_dev_udp_high |
rules/exec/shell/bash_dev_udp.yara |
48a70bd18a23fce3208195f4ad2e92fce78d37eeaa672f83af782656a4b2d07f |
elf_nohup |
rules/exec/shell/nohup.yara |
cd784dc1f7bd95cac84dc696d63d8c807129ef47b3ce08cd08afb7b7456a8cd3 |
elf_nohup |
rules/exec/shell/nohup.yara |
7ea112aadebb46399a05b2f7cc258fea02f55cf2ae5257b331031448f15beb8f |
semicolon_short_var_tmp |
rules/exec/shell/tmp_semicolon.yara |
0e91c06bb84630aba38e9c575576b46240aba40f36e6142c713c9d63a11ab4bb |
semicolon_short_var_tmp |
rules/exec/shell/tmp_semicolon.yara |
4d50bee796cda760b949bb8918881b517f4af932406307014eaf77d8a9a342d0 |
semicolon_short_var_tmp |
rules/exec/shell/tmp_semicolon.yara |
228ec858509a928b21e88d582cb5cfaabc03f72d30f2179ef6fb232b6abdce97 |
apparmor_stop |
rules/exec/system_controls/apparmor.yara |
2f642efdf56b30c1909c44a65ec559e1643858aaea9d5f18926ee208ec6625ed |
apparmor_stop |
rules/exec/system_controls/apparmor.yara |
19dc05db0219df84f303bde62d37dbf7ece4e2825daa98e27ba087cc3594431d |
nodejs_phone_hom_obscure |
rules/exfil/nodejs.yara |
19dc05db0219df84f303bde62d37dbf7ece4e2825daa98e27ba087cc3594431d |
nodejs_phone_hom_obscure |
rules/exfil/nodejs.yara |
19dc05db0219df84f303bde62d37dbf7ece4e2825daa98e27ba087cc3594431d |
nodejs_phone_hom_obscure |
rules/exfil/nodejs.yara |
31054fb826b57c362cc0f0dbc8af15b22c029c6b9abeeee9ba8d752f3ee17d7d |
userdata_browser_archiver |
rules/exfil/stealer/browser.yara |
016a1a4fe3e9d57ab0b2a11e37ad94cc922290d2499b8d96957c3ddbdc516d74 |
smaller_userdata_browser_archiver |
rules/exfil/stealer/browser.yara |
31054fb826b57c362cc0f0dbc8af15b22c029c6b9abeeee9ba8d752f3ee17d7d |
smaller_userdata_browser_archiver |
rules/exfil/stealer/browser.yara |
589dbb3f678511825c310447b6aece312a4471394b3bc40dde6c75623fc108c0 |
smaller_userdata_browser_archiver |
rules/exfil/stealer/browser.yara |
589dbb3f678511825c310447b6aece312a4471394b3bc40dde6c75623fc108c0 |
ditto_crypto_stealer |
rules/exfil/stealer/ditto.yara |
ce3c57e6c025911a916a61a716ff32f2699f3e3a84eb0ebbe892a5d4b8fb9c7a |
ditto_crypto_stealer |
rules/exfil/stealer/ditto.yara |
eed1859b90b8832281786b74dc428a01dbf226ad24b182d09650c6e7895007ea |
ditto_crypto_stealer |
rules/exfil/stealer/ditto.yara |
59c3ab81ea192e439bc39c5edbbc56518a80a0393e16d55fd5638a567dd96123 |
linux_server_stealer |
rules/exfil/stealer/linux_server.yara |
fe617c77d66f0954d22d6488e4a481b0f8fdc9e3033fa23475dcd24e53561ec7 |
linux_server_stealer |
rules/exfil/stealer/linux_server.yara |
f60c1214b5091e6e4e5e7db0c16bf18a062d096c6d69fe1eb3cbd4c50c3a3ed6 |
pam_passwords |
rules/exfil/stealer/pam.yara |
f1612924814ac73339f777b48b0de28b716d606e142d4d3f4308ec648e3f56c8 |
pam_passwords |
rules/exfil/stealer/pam.yara |
210cbe49df69a83462a7451ee46e591c755cfbbef320174dc0ff3f633597b092 |
password_finder_mimipenguin |
rules/exfil/stealer/password.yara |
e6b6cf40d605fc7a5e8ba168a8a5d8699b0879e965d2b803e29b87926cba861f |
py_crypto_urllib_multiprocessing |
rules/exfil/stealer/python.yara |
4259f2da90bf344092abc071f376753adaf077e13aeed684a7a3c2950ec82f69 |
py_crypto_urllib_multiprocessing |
rules/exfil/stealer/python.yara |
7c5c84eb86a72395bf75510d5a1a51553a025668d6477dbef86ad12da7bc6b8a |
py_crypto_urllib_multiprocessing |
rules/exfil/stealer/python.yara |
6e35b5670953b6ab15e3eb062b8a594d58936dd93ca382bbb3ebdbf076a1f83b |
tar_ssh_net |
rules/exfil/stealer/ssh.yara |
0a76c55fa88d4c134012a5136c09fb938b4be88a382f88bf2804043253b0559f |
sysinfo_http_uname |
rules/exfil/sysinfo_http.yara |
5e9d356cdfc85a66f8fbab29bf43e95f19489c66d2a970e33d031f267298b482 |
proc_fd_high |
rules/fs/proc/pid-fd.yara |
f60c1214b5091e6e4e5e7db0c16bf18a062d096c6d69fe1eb3cbd4c50c3a3ed6 |
proc_fd_high |
rules/fs/proc/pid-fd.yara |
265e8236da27a35306cde4e57d73077c94c35e7a73da086273af09179f78f37a |
proc_fd_high |
rules/fs/proc/pid-fd.yara |
58c54ded0af2fffb8cea743d8ec3538cecfe1afe88d5f7818591fb5d4d2bd4e1 |
pid_inspector_high |
rules/fs/proc/pid-inspector.yara |
12330634ae5c2ac7da6d8d00f3d680630d596df154f74e03ff37e6942f90639e |
pid_inspector_high |
rules/fs/proc/pid-inspector.yara |
cd784dc1f7bd95cac84dc696d63d8c807129ef47b3ce08cd08afb7b7456a8cd3 |
probably_a_miner |
rules/impact/cryptojacking/argon2d_numa_self.yara |
818b80a08418f3bb4628edd4d766e4de138a58f409a89a5fdba527bab8808dd2 |
exploiter |
rules/impact/exploit/exploit.yara |
98e7808bd5bfd72c08429ffe0ffb52ae54bce7e6389f17ae523e8ae0099489ab |
c_router_malware |
rules/impact/infection/router.yara |
abf0f87cc7eb6028add2e2bda31ede09709a948e8f7e56390a3f18d1eae58aa6 |
c_router_malware |
rules/impact/infection/router.yara |
c91c6dbfa746e3c49a6c93f92b4d6c925668e620d4effc5b2bf59cf9100fe87d |
c_router_malware |
rules/impact/infection/router.yara |
df3b41b28d5e7679cddb68f92ec98bce090af0b24484b4636d7d84f579658c52 |
curl_base64_aes |
rules/impact/ransom/curl_aes_base64.yara |
94f4de1bd8c85b8f820bab936ec16cdb7f7bc19fa60d46ea8106cada4acc79a2 |
lvt_locker |
rules/impact/ransom/lvt_locker.yara |
818b80a08418f3bb4628edd4d766e4de138a58f409a89a5fdba527bab8808dd2 |
backdoor_caps |
rules/impact/remote_access/backdoor.yara |
d7ad1bff4c0e6d094af27b4d892b3398b48eab96b64a8f8a2392e26658c63f30 |
backdoor_caps |
rules/impact/remote_access/backdoor.yara |
f60c1214b5091e6e4e5e7db0c16bf18a062d096c6d69fe1eb3cbd4c50c3a3ed6 |
backdoor_caps |
rules/impact/remote_access/backdoor.yara |
818b80a08418f3bb4628edd4d766e4de138a58f409a89a5fdba527bab8808dd2 |
backdoor_leet |
rules/impact/remote_access/backdoor.yara |
d7ad1bff4c0e6d094af27b4d892b3398b48eab96b64a8f8a2392e26658c63f30 |
backdoor_leet |
rules/impact/remote_access/backdoor.yara |
f60c1214b5091e6e4e5e7db0c16bf18a062d096c6d69fe1eb3cbd4c50c3a3ed6 |
backdoor_leet |
rules/impact/remote_access/backdoor.yara |
99b1563adea48f05ff6dfffa17f320f12f0d0026c6b94769537a1b0b1d286c13 |
hex_parse_base64 |
rules/impact/remote_access/base64_exec.yara |
8cad755bcf420135c0f406fb92138dcb0c1602bf72c15ed725bd3b76062dafe5 |
listens_and_executes_shell |
rules/impact/remote_access/listen_shell.yara |
0afd9f52ddada582d5f907e0a8620cbdbe74ea31cf775987a5675226c1b228c2 |
listens_and_executes_shell |
rules/impact/remote_access/listen_shell.yara |
3668b167f5c9083a9738cfc4bd863a07379a5b02ee14f48a10fb1240f3e421a6 |
listens_and_executes_shell |
rules/impact/remote_access/listen_shell.yara |
ad69e198905a8d4a4e5c31ca8a3298a0a5d761740a5392d2abb5d6d2e966822f |
pseudoterminal_tunnel |
rules/impact/remote_access/net_term.yara |
d36b8cfef77149c64cb203e139657d5219527c7cf4fee45ca302d89b7ef851e6 |
pseudoterminal_tunnel |
rules/impact/remote_access/net_term.yara |
240fe01d9fcce5aae311e906b8311a1975f8c1431b83618f3d11aeaff10aede3 |
miner_kvryr_stak_alike |
rules/impact/remote_access/net_term.yara |
de1ef827bcd3100a259f29730cb06f7878220a7c02cee0ebfc9090753d2237a8 |
php_possible_backdoor |
rules/impact/remote_access/php.yara |
94f4de1bd8c85b8f820bab936ec16cdb7f7bc19fa60d46ea8106cada4acc79a2 |
php_bin_hashbang |
rules/impact/remote_access/php.yara |
cd784dc1f7bd95cac84dc696d63d8c807129ef47b3ce08cd08afb7b7456a8cd3 |
php_urlvar_recon_exec |
rules/impact/remote_access/php.yara |
de1ef827bcd3100a259f29730cb06f7878220a7c02cee0ebfc9090753d2237a8 |
php_base64_eval_uname |
rules/impact/remote_access/php.yara |
cd784dc1f7bd95cac84dc696d63d8c807129ef47b3ce08cd08afb7b7456a8cd3 |
php_post_system |
rules/impact/remote_access/php.yara |
94f4de1bd8c85b8f820bab936ec16cdb7f7bc19fa60d46ea8106cada4acc79a2 |
php_post_system |
rules/impact/remote_access/php.yara |
43411e7e750ebfe589cc4004da7b67e907c6f2cfe868a00962ff6b08b515e4c2 |
php_eval_get_contents |
rules/impact/remote_access/php.yara |
1a13a6c6bb6815ba352b43971e4e961615367aec714e0a0005c28b3ebbc544c6 |
php_copy_files |
rules/impact/remote_access/php.yara |
6896b02503c15ffa68e17404f1c97fd53ea7b53c336a7b8b34e7767f156a9cf2 |
php_base64_encoded |
rules/impact/remote_access/php.yara |
73ed0b692fda696efd5f8e33dc05210e54b17e4e4a39183c8462bcc5a3ba06cc |
php_base64_encoded |
rules/impact/remote_access/php.yara |
99ed2445553e490c912ee8493073cc4340e7c6310b0b7fc425ffe8340c551473 |
php_base64_encoded |
rules/impact/remote_access/php.yara |
0afd9f52ddada582d5f907e0a8620cbdbe74ea31cf775987a5675226c1b228c2 |
trojan_ref_leet |
rules/impact/remote_access/trojan.yara |
206ad8fec64661c1fed8f20f71523466d0ca4ed9c01d20bea128bfe317f4395a |
trojan_ref_leet |
rules/impact/remote_access/trojan.yara |
341a49940749d5f07d32d1c8dfddf6388a11e45244cc54bc8768a8cd7f00b46a |
trojan_ref_leet |
rules/impact/remote_access/trojan.yara |
0afd9f52ddada582d5f907e0a8620cbdbe74ea31cf775987a5675226c1b228c2 |
trojan_ref_loaded |
rules/impact/remote_access/trojan.yara |
206ad8fec64661c1fed8f20f71523466d0ca4ed9c01d20bea128bfe317f4395a |
trojan_ref_loaded |
rules/impact/remote_access/trojan.yara |
341a49940749d5f07d32d1c8dfddf6388a11e45244cc54bc8768a8cd7f00b46a |
trojan_ref_loaded |
rules/impact/remote_access/trojan.yara |
9491fa95f40a69f27ce99229be636030fdc49f315cb9c897db3b602c34a8ceda |
ssh_shell_worm |
rules/lateral/ssh/worm.yara |
b0a2bf48e29c6dfac64f112ac1cb181d184093f582615e54d5fad4c9403408be |
ssh_shell_worm |
rules/lateral/ssh/worm.yara |
da3bb9669fb983ad8d2ffc01aab9d56198bd9cedf2cc4387f19f4604a070a9b5 |
conti_phrases |
rules/malware/family/conti.yara |
1d36f4bebd21a01c12fde522defee4c6b4d3d574c825ecc20a2b7a8baa122819 |
high_fetch_command_val |
rules/net/download/fetch.yara |
1fc412b47b736f8405992e3744690b58ec4d611c550a1b4f92f08dfdad5f7a30 |
high_fetch_command_val |
rules/net/download/fetch.yara |
27cdb8d8f64ce395795fdbde10cf3a08e7b217c92b7af89cde22abbf951b9e99 |
high_fetch_command_val |
rules/net/download/fetch.yara |
384ec732200ab95c94c202f42b51e870f51735768888aaabc4e370de74e825e3 |
http_server |
rules/net/http/http-server.yara |
955e9bbcdf1cb230c5f079a08995f510a3b96224545e04c1b1f9889d57dd33c1 |
http_server |
rules/net/http/http-server.yara |
48a70bd18a23fce3208195f4ad2e92fce78d37eeaa672f83af782656a4b2d07f |
http_server |
rules/net/http/http-server.yara |
1d2800352e15175ae5fa916b48a96b26f0199d9f8a9036648b3e44aa60ed2897 |
vnc_elf_subtle |
rules/net/remote_control/vnc.yara |
5a628dc26dae0309941d70021cfbb4281189f85b074bf3e696058d73c4609101 |
vnc_elf_subtle |
rules/net/remote_control/vnc.yara |
d13fd21514f7ee5e58343aa99bf551c6a56486731c50daefcce233fdb162def8 |
vnc_elf_subtle |
rules/net/remote_control/vnc.yara |
4465bbf91efedb996c80c773494295ae3bff27c0fff139c6aefdb9efbdf7d078 |
http_url_with_asp |
rules/net/url/embedded.yara |
5deef153a6095cd263d5abb2739a7b18aa9acb7fb0d542a2b7ff75b3506877ac |
http_url_with_asp |
rules/net/url/embedded.yara |
26ba215bcd5d8a9003a904b0eac7dc10054dba7bea9a708668a5f6106fd73ced |
crontab_writer |
rules/persist/cron/tab.yara |
5d637915abc98b21f94b0648c552899af67321ab06fb34e33339ae38401734cf |
lkm_embedded_in_elf |
rules/persist/kernel_module/module.yara |
0e77291955664d2c25d5bfe617cec12a388e5389f82dee5ae4fd5c5d1f1bdefe |
type_forking_not_in_dep_tree |
rules/persist/systemd/out_of_dependency_tree.yara |
3e68118ad46b9eb64063b259fca5f6682c5c2cb18fd9a4e7d97969226b2e6fb4 |
type_forking_not_in_dep_tree |
rules/persist/systemd/out_of_dependency_tree.yara |
f4a64ab3ffc0b4a94fd07a55565f24915b7a1aaec58454df5e47d8f8a2eec22a |
type_forking_not_in_dep_tree |
rules/persist/systemd/out_of_dependency_tree.yara |
1d2800352e15175ae5fa916b48a96b26f0199d9f8a9036648b3e44aa60ed2897 |
masscan_elf |
rules/sec-tool/net/masscan.yara |
5a628dc26dae0309941d70021cfbb4281189f85b074bf3e696058d73c4609101 |
masscan_elf |
rules/sec-tool/net/masscan.yara |
d13fd21514f7ee5e58343aa99bf551c6a56486731c50daefcce233fdb162def8 |
masscan_elf |
rules/sec-tool/net/masscan.yara |