File Search Engine
  • Search
  • Syntax
  • Fields
  • API
  • dllcodacker.ir · TheFatRat.zip

    //tools/

    Iran · NOAVARAN SHABAKEH SABZ MEHREGAN (Ltd.)

    Yara Suspicious_PowerShell_WebDownload_1 From Florian Roth by Florian Roth (Nextron Systems)
    Yara SUSP_PowerShell_IEX_Download_Combo From Florian Roth by Florian Roth (Nextron Systems)
    Yara Cobaltbaltstrike_Payload_Encoded From Florian Roth by Avast Threat Intel Team
    Yara Empire_PowerShell_Framework_Gen4 From Florian Roth by Florian Roth (Nextron Systems)
    Yara SUSP_shellpop_Bash From Florian Roth by Tobias Michalski
    Yara Empire_PowerShell_Framework_Gen1 From Florian Roth by Florian Roth (Nextron Systems)
    Yara APT_APT29_Win_FlipFlop_LDR From Florian Roth by threatintel@volexity.com
    Yara CobaltStrike_Unmodifed_Beacon From Florian Roth by yara@s3c.za.net
    Yara Empire_Invoke_MetasploitPayload From Florian Roth by Florian Roth (Nextron Systems)
    Yara Empire_Invoke_ShellcodeMSIL From Florian Roth by Florian Roth (Nextron Systems)
    Yara Empire_Invoke_DllInjection From Florian Roth by Florian Roth (Nextron Systems)
    Yara Empire_Install_SSP From Florian Roth by Florian Roth (Nextron Systems)
    Yara Empire_Get_SecurityPackages From Florian Roth by Florian Roth (Nextron Systems)
    Yara Mimikatz_Memory_Rule_1 From Florian Roth by Florian Roth
    Yara Empire_Invoke_Portscan_Gen From Florian Roth by Florian Roth (Nextron Systems)
    Yara Empire_Invoke_SMBAutoBrute From Florian Roth by Florian Roth (Nextron Systems)
    Yara Invoke_SMBExec_Invoke_WMIExec_1 From Florian Roth by Florian Roth (Nextron Systems)
    Yara TA17_293A_malware_1 From Florian Roth by US-CERT Code Analysis Team (modified by Florian Roth)
    Yara Empire_Invoke_SSHCommand From Florian Roth by Florian Roth (Nextron Systems)
    Yara Empire_Invoke_PsExec From Florian Roth by Florian Roth (Nextron Systems)
    Yara Base64_encoded_Executable From Florian Roth by Florian Roth (Nextron Systems)
    Yara Empire_Get_GPPPassword From Florian Roth by Florian Roth (Nextron Systems)
    Yara p0wnedPotato From Florian Roth by Florian Roth (Nextron Systems)
    Yara NTLM_Dump_Output From Florian Roth by Florian Roth (Nextron Systems)
    Yara Empire_dumpCredStore From Florian Roth by Florian Roth (Nextron Systems)
    Yara HKTL_PS1_PowerCat_Mar21 From Florian Roth by Florian Roth (Nextron Systems)
    Yara Empire_KeePassConfig From Florian Roth by Florian Roth (Nextron Systems)
    Yara Empire_Get_Keystrokes From Florian Roth by Florian Roth (Nextron Systems)
    Yara Empire_Out_Minidump From Florian Roth by Florian Roth (Nextron Systems)
    Yara Empire_Exploit_JBoss From Florian Roth by Florian Roth (Nextron Systems)
    Yara Empire_Exploit_Jenkins From Florian Roth by Florian Roth (Nextron Systems)
    Yara Empire_Invoke_PostExfil From Florian Roth by Florian Roth (Nextron Systems)
    Yara Empire_Invoke_EgressCheck From Florian Roth by Florian Roth (Nextron Systems)
    Yara HKTL_NET_GUID_UnmanagedPowerShell From Florian Roth by Arnim Rupp (https://github.com/ruppde)
    Yara SUSP_NET_NAME_ConfuserEx From Florian Roth by Arnim Rupp
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara mimikatz From Florian Roth by Benjamin DELPY (gentilkiwi)

    SHA1: b6232e9e30b76932e1d4e88f40889b040f19d5b8
    SHA256: d1c3f8766bf523a6e0ffa23c663b2bd486e27d85abd02a1d410ad603eb6683c7
    application/zip
    1.35GB
    2025-10-09 10:30:36 +0000 UTC

  • mail.reveantivirus.com · Malware Samples.zip

    /reveantivirus.com/linux/Builds/Abhishek_Samples/

    United States · IO

    Yara INDICATOR_EXE_Packed_Dotfuscator From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth
    Yara INDICATOR_EXE_Packed_ConfuserEx From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_Fody From AlienVault by ditekSHen
    Yara Base64_encoded_Executable From Florian Roth by Florian Roth (Nextron Systems)
    Yara detect_Redline_Stealer From AbuseCH by Varp0s
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara INDICATOR_EXE_Packed_RLPack From AlienVault by ditekSHen
    Yara Win32_Ransomware_WannaCry From ReversingLabs by ReversingLabs
    Yara INDICATOR_EXE_Packed_SmartAssembly From AlienVault by ditekSHen
    Yara Nanocore_RAT_Gen_2 From Florian Roth by Florian Roth (Nextron Systems)
    Yara IronTiger_Gh0stRAT_variant From Florian Roth by Cyber Safety Solutions, Trend Micro
    Yara INDICATOR_EXE_DotNET_Encrypted From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_VMProtect From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_AgileDotNet From AlienVault by ditekSHen
    Yara SUSP_NET_NAME_ConfuserEx From Florian Roth by Arnim Rupp
    Yara IMPLANT_4_v7 From Florian Roth by US CERT

    SHA1: 69188e4f172b3f3c332eea54c019a716aec9c346
    SHA256: 77dadbf119ac92a53db287e86e3bd4e631b1acebe6b6cd17ba5720ec04906a46
    application/zip
    1.29GB
    2018-06-21 08:03:32 +0000 UTC

  • mail.reveantivirus.com · Malware Samples.zip

    /reveantivirus.com/linux/Builds/Abhishek_Samples/

    United States · IO

    Yara INDICATOR_EXE_Packed_Dotfuscator From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth
    Yara INDICATOR_EXE_Packed_ConfuserEx From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_Fody From AlienVault by ditekSHen
    Yara Base64_encoded_Executable From Florian Roth by Florian Roth (Nextron Systems)
    Yara detect_Redline_Stealer From AbuseCH by Varp0s
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara INDICATOR_EXE_Packed_RLPack From AlienVault by ditekSHen
    Yara Win32_Ransomware_WannaCry From ReversingLabs by ReversingLabs
    Yara INDICATOR_EXE_Packed_SmartAssembly From AlienVault by ditekSHen
    Yara Nanocore_RAT_Gen_2 From Florian Roth by Florian Roth (Nextron Systems)
    Yara IronTiger_Gh0stRAT_variant From Florian Roth by Cyber Safety Solutions, Trend Micro
    Yara INDICATOR_EXE_DotNET_Encrypted From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_VMProtect From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_AgileDotNet From AlienVault by ditekSHen
    Yara SUSP_NET_NAME_ConfuserEx From Florian Roth by Arnim Rupp

    SHA1: 37b106e7d498595ddb23f2a5fefcfe66c1c8618b
    SHA256: 5a2f84890cf15016a4af129c86dfceae804229208f398f8556029136162ac0a2
    application/zip
    1.29GB
    2018-06-21 08:03:32 +0000 UTC

  • ftp.04d.co · ExecTI.exe

    /dl/software/exe/

    Romania · Orange Romania S.A.

    Yara SUSP_NET_NAME_ConfuserEx From Florian Roth by Arnim Rupp
    Download archived sample
    The password is "infected"

    SHA1: 98133fc33be6b934b3a85151c1f4373f016c6cfd
    SHA256: 67c5441495be3642e3fc1eecc6448b8c0ba1bd8fa72625dd6b9e2321f508144e
    application/x-msdownload
    279.50KB
    2022-02-24 12:26:20 +0000 UTC

  • mail.reveantivirus.com · Malware Samples.zip

    /reveantivirus.com/linux/Builds/Abhishek_Samples/

    United States · IO

    Yara INDICATOR_EXE_Packed_Dotfuscator From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth
    Yara INDICATOR_EXE_Packed_ConfuserEx From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_Fody From AlienVault by ditekSHen
    Yara Base64_encoded_Executable From Florian Roth by Florian Roth (Nextron Systems)
    Yara detect_Redline_Stealer From AbuseCH by Varp0s
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara INDICATOR_EXE_Packed_RLPack From AlienVault by ditekSHen
    Yara Win32_Ransomware_WannaCry From ReversingLabs by ReversingLabs
    Yara INDICATOR_EXE_Packed_SmartAssembly From AlienVault by ditekSHen
    Yara Nanocore_RAT_Gen_2 From Florian Roth by Florian Roth (Nextron Systems)
    Yara IronTiger_Gh0stRAT_variant From Florian Roth by Cyber Safety Solutions, Trend Micro
    Yara INDICATOR_EXE_DotNET_Encrypted From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_VMProtect From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_AgileDotNet From AlienVault by ditekSHen
    Yara SUSP_NET_NAME_ConfuserEx From Florian Roth by Arnim Rupp
    Yara IMPLANT_4_v7 From Florian Roth by US CERT
    Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_Goliath From AlienVault by ditekSHen
    Yara Typical_Malware_String_Transforms From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_aPLib From AlienVault by ditekSHen
    Yara Win32_Ransomware_CryptoJoker From ReversingLabs by ReversingLabs
    Yara SUSP_XORed_Mozilla From Florian Roth by Florian Roth (Nextron Systems)
    Yara Cloaked_RAR_File From Florian Roth by Florian Roth (Nextron Systems)
    Yara Office_as_MHTML From Florian Roth by Florian Roth (Nextron Systems)
    Yara EXE_extension_cloaking From Florian Roth by Florian Roth (Nextron Systems)
    Yara SUSP_Base64_Encoded_Hex_Encoded_Code From Florian Roth by Florian Roth (Nextron Systems)
    Yara FeliksPack3___PHP_Shells_ssh From Florian Roth by Florian Roth (Nextron Systems)
    Yara connectback2_pl From Florian Roth by Neo23x0 Yara BRG + customization by Stefan -dfate- Molls

    SHA1: 19b89b7658bf4ffc2c0faa55edf7f026c3ab98e9
    SHA256: 779e608c575356ac6ff1c216abdcb8fa25250580b5b85a2e94ff5ff9f0cf77d6
    application/zip
    1.29GB
    2018-06-21 08:03:32 +0000 UTC

  • dl.04d.co · ExecTI.exe

    /software/exe/

    Romania · Orange Romania S.A.

    Yara SUSP_NET_NAME_ConfuserEx From Florian Roth by Arnim Rupp
    Download archived sample
    The password is "infected"

    SHA1: 98133fc33be6b934b3a85151c1f4373f016c6cfd
    SHA256: 67c5441495be3642e3fc1eecc6448b8c0ba1bd8fa72625dd6b9e2321f508144e
    application/x-msdownload
    279.50KB
    2022-02-24 12:26:20 +0000 UTC

  • 114.227.13.211 · ConfuserEx.zip

    /软件/ConfuserEx/

    China · Chinanet

    Yara SUSP_NET_NAME_ConfuserEx From Florian Roth by Arnim Rupp
    Download archived sample
    The password is "infected"

    SHA1: 89caa6a7645b8ab129b6c9b9d1d37cfa021c3523
    SHA256: c1d1b6d359fed0da7c2d42d63452cca7a9a1849d32aca780050cd0ee80a778d3
    application/zip
    2.07MB
    2021-06-17 02:37:11 +0000 UTC

  • 114.227.13.211 · ConfuserEx-GUI.zip

    /软件/ConfuserEx/

    China · Chinanet

    Yara SUSP_NET_NAME_ConfuserEx From Florian Roth by Arnim Rupp
    Download archived sample
    The password is "infected"

    SHA1: 4df2644ff14d49e648eb6c1c6a28db1c06a311bb
    SHA256: 885bd53bff0c01bed6353852bbeb0fafe65a88db443e4cb0d54eceae1424ae8b
    application/zip
    2.05MB
    2021-06-17 02:37:08 +0000 UTC

  • 114.227.13.211 · ConfuserEx-CLI.zip

    /软件/ConfuserEx/

    China · Chinanet

    Yara SUSP_NET_NAME_ConfuserEx From Florian Roth by Arnim Rupp
    Download archived sample
    The password is "infected"

    SHA1: 09527161ca553e85e1589b1e145888acbefff16e
    SHA256: 627354ebe48a3ea342b765561915542aeccac405d472b578364097677b2ddb6a
    application/zip
    1.86MB
    2021-06-17 02:37:05 +0000 UTC