apt-mirror.firehawk-systems.com · nishang_0.7.6+git20210724.414ee11.orig.tar.gz

/kali.download/kali/pool/main/n/nishang/

Australia · Aussie Broadband

Yara SUSP_PowerShell_IEX_Download_Combo From Florian Roth by Florian Roth (Nextron Systems)

Yara PS_AMSI_Bypass From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_PowerShell_Framework_Gen1 From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_Mimikatz_Gen From Florian Roth by Florian Roth (Nextron Systems)

Yara Invoke_mimikittenz From Florian Roth by Florian Roth (Nextron Systems)

Yara SUSP_Netsh_PortProxy_Command From Florian Roth by Florian Roth (Nextron Systems)

Yara HKTL_Nishang_PS1_Invoke_PowerShellTcpOneLine From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

apt-mirror.firehawk-systems.com · nishang_0.7.6+git20210724.414ee11.orig.tar.gz

/kali.download/kali/pool/main/n/nishang/

Australia · Aussie Broadband

Yara SUSP_PowerShell_IEX_Download_Combo From Florian Roth by Florian Roth (Nextron Systems)

Yara PS_AMSI_Bypass From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_PowerShell_Framework_Gen1 From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_Mimikatz_Gen From Florian Roth by Florian Roth (Nextron Systems)

Yara Invoke_mimikittenz From Florian Roth by Florian Roth (Nextron Systems)

Yara SUSP_Netsh_PortProxy_Command From Florian Roth by Florian Roth (Nextron Systems)

Yara HKTL_Nishang_PS1_Invoke_PowerShellTcpOneLine From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

185.25.60.133 · autoLombApps_1.1.3.exe

/autoLombard/

Russia · Optibit LLC

Yara SUSP_Netsh_PortProxy_Command From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

ftp.fr.openbsd.org · libssh2-sys-0.3.0.tar.gz

/pub/OpenBSD/distfiles/by_cipher/sha256/Lc/LcigMLeH4hGacx8ZUdanc+IoDGYPjsSw9eFQWjhuce4=/

France · Renater

Yara SUSP_Netsh_PortProxy_Command From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

ftp.fr.openbsd.org · libssh2-sys-0.3.0.tar.gz

/pub/OpenBSD/distfiles/by_cipher/sha256/Lc/LcigMLeH4hGacx8ZUdanc+IoDGYPjsSw9eFQWjhuce4=/

France · Renater

Yara SUSP_Netsh_PortProxy_Command From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

185.25.60.133 · autoLombApps_1.1.3.exe

/autoLombard/

Russia · Optibit LLC

Yara SUSP_Netsh_PortProxy_Command From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

ftp.fr.openbsd.org · libssh2-sys-0.3.0.tar.gz

/pub/OpenBSD/distfiles/by_cipher/sha256/Lc/LcigMLeH4hGacx8ZUdanc+IoDGYPjsSw9eFQWjhuce4=/

France · Renater

Yara SUSP_Netsh_PortProxy_Command From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

ftp.fr.openbsd.org · libssh2-sys-0.3.0.tar.gz

/pub/OpenBSD/distfiles/by_cipher/sha256/Lc/LcigMLeH4hGacx8ZUdanc+IoDGYPjsSw9eFQWjhuce4=/

France · Renater

Yara SUSP_Netsh_PortProxy_Command From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

185.25.60.133 · autoLombApps_1.1.3.exe

/autoLombard/

Russia · Optibit LLC

Yara SUSP_Netsh_PortProxy_Command From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

185.25.60.133 · autoLombApps_1.1.3.exe

/autoLombard/

Russia · Optibit LLC

Yara SUSP_Netsh_PortProxy_Command From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

89.197.154.115 · Empire-3.8.2.zip

/

United Kingdom · Virtual1 Limited

Yara SUSP_Netsh_PortProxy_Command From Florian Roth by Florian Roth (Nextron Systems)

Yara Suspicious_PowerShell_WebDownload_1 From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Get_SecurityPackages From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Install_SSP From Florian Roth by Florian Roth (Nextron Systems)

Yara Base64_encoded_Executable From Florian Roth by Florian Roth (Nextron Systems)

Yara p0wnedPotato From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_MetasploitPayload From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_DllInjection From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_ShellcodeMSIL From Florian Roth by Florian Roth (Nextron Systems)

Yara Cobaltbaltstrike_Payload_Encoded From Florian Roth by Avast Threat Intel Team

Yara Invoke_SMBExec_Invoke_WMIExec_1 From Florian Roth by Florian Roth (Nextron Systems)

Yara TA17_293A_malware_1 From Florian Roth by US-CERT Code Analysis Team (modified by Florian Roth)

Yara Empire_Invoke_SSHCommand From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_PsExec From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_SmbScanner From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_SMBAutoBrute From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_Portscan_Gen From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Exploit_Jenkins From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Exploit_JBoss From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_PowerShell_Framework_Gen1 From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_PowerDump From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_dumpCredStore From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_PowerShell_Framework_Gen4 From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Out_Minidump From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_KeePassConfig From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Get_Keystrokes From Florian Roth by Florian Roth (Nextron Systems)

Yara HKTL_PS1_PowerCat_Mar21 From Florian Roth by Florian Roth (Nextron Systems)

Yara ps1_toolkit_PowerUp From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Get_GPPPassword From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_EgressCheck From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_PostExfil From Florian Roth by Florian Roth (Nextron Systems)

Yara HKTL_NET_GUID_UnmanagedPowerShell From Florian Roth by Arnim Rupp (https://github.com/ruppde)

www.download.mql5.business · xclusivefx5setup.msi

/cdn/web/3500/mt5/

Ukraine · Virtual Systems LLC

Yara SUSP_Netsh_PortProxy_Command From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

www.download.mql5.business · xclusivefx5setup.msi

/cdn/web/3500/mt5/

Ukraine · Virtual Systems LLC

Yara SUSP_Netsh_PortProxy_Command From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

www.download.mql5.business · xclusivefx5setup(old).msi

/cdn/web/3500/mt5/

Ukraine · Virtual Systems LLC

Yara SUSP_Netsh_PortProxy_Command From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

www.download.mql5.business · xclusivefx5setup(old).msi

/cdn/web/3500/mt5/

Ukraine · Virtual Systems LLC

Yara SUSP_Netsh_PortProxy_Command From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

www.download.mql5.business · fxtradeo5setup.msi

/cdn/web/3500/mt5/

Ukraine · Virtual Systems LLC

Yara SUSP_Netsh_PortProxy_Command From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

www.download.mql5.business · fxtradeo5setup.msi

/cdn/web/3500/mt5/

Ukraine · Virtual Systems LLC

Yara SUSP_Netsh_PortProxy_Command From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

www.download.mql5.business · financegrowth5setup.msi

/cdn/web/3500/mt5/

Ukraine · Virtual Systems LLC

Yara SUSP_Netsh_PortProxy_Command From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

www.download.mql5.business · financegrowth5setup.msi

/cdn/web/3500/mt5/

Ukraine · Virtual Systems LLC

Yara SUSP_Netsh_PortProxy_Command From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

www.download.mql5.business · coldrate5setup.msi

/cdn/web/3500/mt5/

Ukraine · Virtual Systems LLC

Yara SUSP_Netsh_PortProxy_Command From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"