167.71.178.92 · Invoke-NinjaCopy.ps1

/tradecraftlabs/fhlbc/PowerSploit/Exfiltration/

·

Yara Empire_PowerShell_Framework_Gen1 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

167.71.178.92 · Invoke-Mimikatz.ps1

/tradecraftlabs/fhlbc/PowerSploit/Exfiltration/

·

Yara Empire_PowerShell_Framework_Gen1 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

167.71.178.92 · Invoke-CredentialInjection.ps1

/tradecraftlabs/fhlbc/PowerSploit/Exfiltration/

·

Yara Empire_PowerShell_Framework_Gen1 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

167.71.178.92 · Invoke-ReflectivePEInjection.ps1

/tradecraftlabs/fhlbc/PowerSploit/CodeExecution/

·

Yara Empire_PowerShell_Framework_Gen1 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

167.71.178.92 · Invoke-NinjaCopy.ps1

/fhlbc/PowerSploit/Exfiltration/

·

Yara Empire_PowerShell_Framework_Gen1 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

167.71.178.92 · Invoke-Mimikatz.ps1

/fhlbc/PowerSploit/Exfiltration/

·

Yara Empire_PowerShell_Framework_Gen1 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

167.71.178.92 · Invoke-CredentialInjection.ps1

/fhlbc/PowerSploit/Exfiltration/

·

Yara Empire_PowerShell_Framework_Gen1 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

167.71.178.92 · Invoke-ReflectivePEInjection.ps1

/fhlbc/PowerSploit/CodeExecution/

·

Yara Empire_PowerShell_Framework_Gen1 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

167.71.178.92 · Invoke-Mimikatz.ps1

/tradecraftlabs/fhlbc/PowerSploit/Exfiltration/

·

Yara Empire_PowerShell_Framework_Gen1 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

167.71.178.92 · Invoke-CredentialInjection.ps1

/tradecraftlabs/fhlbc/PowerSploit/Exfiltration/

·

Yara Empire_PowerShell_Framework_Gen1 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

167.71.178.92 · Invoke-ReflectivePEInjection.ps1

/tradecraftlabs/fhlbc/PowerSploit/CodeExecution/

·

Yara Empire_PowerShell_Framework_Gen1 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

167.71.178.92 · Invoke-NinjaCopy.ps1

/fhlbc/PowerSploit/Exfiltration/

·

Yara Empire_PowerShell_Framework_Gen1 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

167.71.178.92 · Invoke-Mimikatz.ps1

/fhlbc/PowerSploit/Exfiltration/

·

Yara Empire_PowerShell_Framework_Gen1 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

167.71.178.92 · Invoke-CredentialInjection.ps1

/fhlbc/PowerSploit/Exfiltration/

·

Yara Empire_PowerShell_Framework_Gen1 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

167.71.178.92 · Invoke-ReflectivePEInjection.ps1

/fhlbc/PowerSploit/CodeExecution/

·

Yara Empire_PowerShell_Framework_Gen1 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

mirrors.gobler.net · crackmapexec-3.1.4-r1.apk

/pub/alpine/v3.5/community/x86_64/

Denmark · MH HOLDING AF 1. JUNI 2009 ApS

Yara Empire_PowerShell_Framework_Gen1 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

mirrors.gobler.net · crackmapexec-3.1.4-r1.apk

/pub/alpine/v3.5/community/x86_64/

Denmark · MH HOLDING AF 1. JUNI 2009 ApS

Yara Empire_PowerShell_Framework_Gen1 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

dllcodacker.ir · TheFatRat.zip

//tools/

Iran · NOAVARAN SHABAKEH SABZ MEHREGAN (Ltd.)

Yara Suspicious_PowerShell_WebDownload_1 From Florian Roth by Florian Roth (Nextron Systems)

Yara SUSP_PowerShell_IEX_Download_Combo From Florian Roth by Florian Roth (Nextron Systems)

Yara Cobaltbaltstrike_Payload_Encoded From Florian Roth by Avast Threat Intel Team

Yara Empire_PowerShell_Framework_Gen4 From Florian Roth by Florian Roth (Nextron Systems)

Yara SUSP_shellpop_Bash From Florian Roth by Tobias Michalski

Yara Empire_PowerShell_Framework_Gen1 From Florian Roth by Florian Roth (Nextron Systems)

Yara APT_APT29_Win_FlipFlop_LDR From Florian Roth by threatintel@volexity.com

Yara CobaltStrike_Unmodifed_Beacon From Florian Roth by yara@s3c.za.net

Yara Empire_Invoke_MetasploitPayload From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_ShellcodeMSIL From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_DllInjection From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Install_SSP From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Get_SecurityPackages From Florian Roth by Florian Roth (Nextron Systems)

Yara Mimikatz_Memory_Rule_1 From Florian Roth by Florian Roth

Yara Empire_Invoke_Portscan_Gen From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_SMBAutoBrute From Florian Roth by Florian Roth (Nextron Systems)

Yara Invoke_SMBExec_Invoke_WMIExec_1 From Florian Roth by Florian Roth (Nextron Systems)

Yara TA17_293A_malware_1 From Florian Roth by US-CERT Code Analysis Team (modified by Florian Roth)

Yara Empire_Invoke_SSHCommand From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_PsExec From Florian Roth by Florian Roth (Nextron Systems)

Yara Base64_encoded_Executable From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Get_GPPPassword From Florian Roth by Florian Roth (Nextron Systems)

Yara p0wnedPotato From Florian Roth by Florian Roth (Nextron Systems)

Yara NTLM_Dump_Output From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_dumpCredStore From Florian Roth by Florian Roth (Nextron Systems)

Yara HKTL_PS1_PowerCat_Mar21 From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_KeePassConfig From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Get_Keystrokes From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Out_Minidump From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Exploit_JBoss From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Exploit_Jenkins From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_PostExfil From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_EgressCheck From Florian Roth by Florian Roth (Nextron Systems)

Yara HKTL_NET_GUID_UnmanagedPowerShell From Florian Roth by Arnim Rupp (https://github.com/ruppde)

Yara SUSP_NET_NAME_ConfuserEx From Florian Roth by Arnim Rupp

Yara Disable_Defender From AbuseCH by iam-py-test

Yara mimikatz From Florian Roth by Benjamin DELPY (gentilkiwi)

mirrors.gobler.net · crackmapexec-3.1.4-r1.apk

/pub/alpine/v3.5/community/x86_64/

Denmark · MH HOLDING AF 1. JUNI 2009 ApS

Yara Empire_PowerShell_Framework_Gen1 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

mirrors.gobler.net · crackmapexec-3.1.4-r1.apk

/pub/alpine/v3.5/community/x86_64/

Denmark · MH HOLDING AF 1. JUNI 2009 ApS

Yara Empire_PowerShell_Framework_Gen1 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"