167.71.178.92 · Get-System.ps1

/tradecraftlabs/fhlbc/PowerSploit/Privesc/

·

Yara Empire_PowerShell_Framework_Gen4 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

167.71.178.92 · Invoke-TokenManipulation.ps1

/tradecraftlabs/fhlbc/PowerSploit/Exfiltration/

·

Yara Empire_PowerShell_Framework_Gen4 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

167.71.178.92 · Get-MicrophoneAudio.ps1

/tradecraftlabs/fhlbc/PowerSploit/Exfiltration/

·

Yara Empire_PowerShell_Framework_Gen4 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

167.71.178.92 · Get-System.ps1

/fhlbc/PowerSploit/Privesc/

·

Yara Empire_PowerShell_Framework_Gen4 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

167.71.178.92 · Invoke-TokenManipulation.ps1

/fhlbc/PowerSploit/Exfiltration/

·

Yara Empire_PowerShell_Framework_Gen4 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

167.71.178.92 · Get-MicrophoneAudio.ps1

/fhlbc/PowerSploit/Exfiltration/

·

Yara Empire_PowerShell_Framework_Gen4 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

167.71.178.92 · Get-System.ps1

/tradecraftlabs/fhlbc/PowerSploit/Privesc/

·

Yara Empire_PowerShell_Framework_Gen4 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

167.71.178.92 · Invoke-TokenManipulation.ps1

/tradecraftlabs/fhlbc/PowerSploit/Exfiltration/

·

Yara Empire_PowerShell_Framework_Gen4 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

167.71.178.92 · Get-MicrophoneAudio.ps1

/tradecraftlabs/fhlbc/PowerSploit/Exfiltration/

·

Yara Empire_PowerShell_Framework_Gen4 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

167.71.178.92 · Get-System.ps1

/fhlbc/PowerSploit/Privesc/

·

Yara Empire_PowerShell_Framework_Gen4 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

167.71.178.92 · Invoke-TokenManipulation.ps1

/fhlbc/PowerSploit/Exfiltration/

·

Yara Empire_PowerShell_Framework_Gen4 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

167.71.178.92 · Get-MicrophoneAudio.ps1

/fhlbc/PowerSploit/Exfiltration/

·

Yara Empire_PowerShell_Framework_Gen4 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

dllcodacker.ir · TheFatRat.zip

//tools/

Iran · NOAVARAN SHABAKEH SABZ MEHREGAN (Ltd.)

Yara Suspicious_PowerShell_WebDownload_1 From Florian Roth by Florian Roth (Nextron Systems)

Yara SUSP_PowerShell_IEX_Download_Combo From Florian Roth by Florian Roth (Nextron Systems)

Yara Cobaltbaltstrike_Payload_Encoded From Florian Roth by Avast Threat Intel Team

Yara Empire_PowerShell_Framework_Gen4 From Florian Roth by Florian Roth (Nextron Systems)

Yara SUSP_shellpop_Bash From Florian Roth by Tobias Michalski

Yara Empire_PowerShell_Framework_Gen1 From Florian Roth by Florian Roth (Nextron Systems)

Yara APT_APT29_Win_FlipFlop_LDR From Florian Roth by threatintel@volexity.com

Yara CobaltStrike_Unmodifed_Beacon From Florian Roth by yara@s3c.za.net

Yara Empire_Invoke_MetasploitPayload From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_ShellcodeMSIL From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_DllInjection From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Install_SSP From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Get_SecurityPackages From Florian Roth by Florian Roth (Nextron Systems)

Yara Mimikatz_Memory_Rule_1 From Florian Roth by Florian Roth

Yara Empire_Invoke_Portscan_Gen From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_SMBAutoBrute From Florian Roth by Florian Roth (Nextron Systems)

Yara Invoke_SMBExec_Invoke_WMIExec_1 From Florian Roth by Florian Roth (Nextron Systems)

Yara TA17_293A_malware_1 From Florian Roth by US-CERT Code Analysis Team (modified by Florian Roth)

Yara Empire_Invoke_SSHCommand From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_PsExec From Florian Roth by Florian Roth (Nextron Systems)

Yara Base64_encoded_Executable From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Get_GPPPassword From Florian Roth by Florian Roth (Nextron Systems)

Yara p0wnedPotato From Florian Roth by Florian Roth (Nextron Systems)

Yara NTLM_Dump_Output From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_dumpCredStore From Florian Roth by Florian Roth (Nextron Systems)

Yara HKTL_PS1_PowerCat_Mar21 From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_KeePassConfig From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Get_Keystrokes From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Out_Minidump From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Exploit_JBoss From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Exploit_Jenkins From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_PostExfil From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_EgressCheck From Florian Roth by Florian Roth (Nextron Systems)

Yara HKTL_NET_GUID_UnmanagedPowerShell From Florian Roth by Arnim Rupp (https://github.com/ruppde)

Yara SUSP_NET_NAME_ConfuserEx From Florian Roth by Arnim Rupp

Yara Disable_Defender From AbuseCH by iam-py-test

Yara mimikatz From Florian Roth by Benjamin DELPY (gentilkiwi)

filestore.fes.org.ua · 6.1 09-shellcode-reflective-dll-injection.zip

/video_docs/Udemy - Malware Development 2 Advanced Injection and API Hooking 2021-10/9. Reflective Loading Trojans/

Ukraine · Cosmonova LLC

Yara Empire_PowerShell_Framework_Gen4 From Florian Roth by Florian Roth (Nextron Systems)

Yara Cobaltbaltstrike_Payload_Encoded From Florian Roth by Avast Threat Intel Team

Download archived sample

The password is "infected"

files.cavite.eu · PowerUpSQL.ps1

/

United States · MICROSOFT-CORP-MSN-AS-BLOCK

Yara Empire_PowerShell_Framework_Gen4 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

teste.office-m66.info · PowerUpSQL.ps1

/

United States · MICROSOFT-CORP-MSN-AS-BLOCK

Yara Empire_PowerShell_Framework_Gen4 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

files.bfa.ae · PowerUpSQL.ps1

/

United States · MICROSOFT-CORP-MSN-AS-BLOCK

Yara Empire_PowerShell_Framework_Gen4 From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

de.freedif.org · veil_3.1.14.orig.tar.gz

/kali/pool/main/v/veil/

Singapore · MyRepublic Ltd.

Yara Empire_PowerShell_Framework_Gen4 From Florian Roth by Florian Roth (Nextron Systems)

Yara Cobaltbaltstrike_Payload_Encoded From Florian Roth by Avast Threat Intel Team

Download archived sample

The password is "infected"

kali.mirror.gtcomm.net · beef-xss_0.4.7.1.orig.tar.gz

/kali/pool/main/b/beef-xss/

Canada · GTCOMM

Yara CobaltStrike_C2_Host_Indicator From Florian Roth by yara@s3c.za.net

Yara SUSP_PowerShell_IEX_Download_Combo From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_PowerShell_Framework_Gen4 From Florian Roth by Florian Roth (Nextron Systems)

Yara Cobaltbaltstrike_Payload_Encoded From Florian Roth by Avast Threat Intel Team

Yara SUSP_shellpop_Bash From Florian Roth by Tobias Michalski

Yara WebShell__findsock_php_findsock_shell_php_reverse_shell From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

kali.mirror.globo.tech · beef-xss_0.4.7.1.orig.tar.gz

/kali/pool/main/b/beef-xss/

Canada · GTCOMM

Yara CobaltStrike_C2_Host_Indicator From Florian Roth by yara@s3c.za.net

Yara SUSP_PowerShell_IEX_Download_Combo From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_PowerShell_Framework_Gen4 From Florian Roth by Florian Roth (Nextron Systems)

Yara Cobaltbaltstrike_Payload_Encoded From Florian Roth by Avast Threat Intel Team

Yara SUSP_shellpop_Bash From Florian Roth by Tobias Michalski

Yara WebShell__findsock_php_findsock_shell_php_reverse_shell From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"