File search engine

hospitaldeolhosvilanova.com.br · wp-content.zip

/

Brazil · VirtuaServer Informatica Ltda

Yara webshell_iMHaPFtp_2 From Florian Roth by Florian Roth (Nextron Systems)

Yara webshell_itsec_itsecteam_shell_jHn From Florian Roth by Florian Roth (Nextron Systems)

Yara SUSP_shellpop_Bash From Florian Roth by Tobias Michalski

Yara SUSP_Base64_Encoded_Hex_Encoded_Code From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

SHA1: 1f22dc7a5fd8dea27843fbf4a233bef0ee55553d
SHA256: 0d5a03004f41b612e556f7ed3e3f7596d5b4d350944c39d19e8786c087463f81
application/zip
56.19MB
2024-08-12 12:23:03 +0000 UTC

hospitaldeolhosvilanova.com.br · wp-content.zip

/

Brazil · VirtuaServer Informatica Ltda

Yara webshell_iMHaPFtp_2 From Florian Roth by Florian Roth (Nextron Systems)

Yara webshell_itsec_itsecteam_shell_jHn From Florian Roth by Florian Roth (Nextron Systems)

Yara SUSP_shellpop_Bash From Florian Roth by Tobias Michalski

Yara SUSP_Base64_Encoded_Hex_Encoded_Code From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

SHA1: 1bd96e5b7469e754eeb814119ebc285e8d78e1d3
SHA256: 77317d0520ee8834224baadc8e8dee3da042f302d7a1a24c52882fc92c831d0f
application/zip
56.19MB
2024-08-12 12:23:03 +0000 UTC

hospitaldeolhosvilanova.com.br · wp-content.zip

/

Brazil · VirtuaServer Informatica Ltda

Yara webshell_iMHaPFtp_2 From Florian Roth by Florian Roth (Nextron Systems)

Yara webshell_itsec_itsecteam_shell_jHn From Florian Roth by Florian Roth (Nextron Systems)

Yara SUSP_shellpop_Bash From Florian Roth by Tobias Michalski

Yara SUSP_Base64_Encoded_Hex_Encoded_Code From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

SHA1: 1f22dc7a5fd8dea27843fbf4a233bef0ee55553d
SHA256: 0d5a03004f41b612e556f7ed3e3f7596d5b4d350944c39d19e8786c087463f81
application/zip
56.19MB
2024-08-12 12:23:03 +0000 UTC

mirror.lc · beef-xss_0.5.4.0+git20250422.orig.tar.gz

/kali/pool/main/b/beef-xss/

· CLOUDFLARENET

Yara SUSP_shellpop_Bash From Florian Roth by Tobias Michalski

Yara Cobaltbaltstrike_Payload_Encoded From Florian Roth by Avast Threat Intel Team

Yara SUSP_PowerShell_IEX_Download_Combo From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

SHA1: ee987d9fa05fbbbb687a45e86e7ca5e799a9f623
SHA256: 303f672421b08b4bfa59d926f9425343d8fd861b4eeeb6f8b4eaecb8b15f75a9
application/octet-stream
4.35MB
2025-04-30 13:22:28 +0000 UTC

mirror.lc · beef-xss_0.5.4.0+git20250422.orig.tar.gz

/kali/pool/main/b/beef-xss/

· CLOUDFLARENET

Yara SUSP_shellpop_Bash From Florian Roth by Tobias Michalski

Yara Cobaltbaltstrike_Payload_Encoded From Florian Roth by Avast Threat Intel Team

Yara SUSP_PowerShell_IEX_Download_Combo From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

SHA1: ee987d9fa05fbbbb687a45e86e7ca5e799a9f623
SHA256: 303f672421b08b4bfa59d926f9425343d8fd861b4eeeb6f8b4eaecb8b15f75a9
application/octet-stream
4.35MB
2025-04-30 13:22:28 +0000 UTC

sysged.com.br · public_html.zip

/

Germany · Hetzner Online GmbH

Yara webshell_iMHaPFtp_2 From Florian Roth by Florian Roth (Nextron Systems)

Yara SUSP_shellpop_Bash From Florian Roth by Tobias Michalski

Yara webshell_itsec_itsecteam_shell_jHn From Florian Roth by Florian Roth (Nextron Systems)

Yara php_alfa_team From AlienVault by Michael Taggart https://github.com/mednet-mtaggart

SHA1: 79b1068328b78c7a8145b618828f64edef4705b9
SHA256: 807a5be514ad605b38d9e39bf796b3b4a82e66203f031c10d5cb908f894a864a
application/zip
1.75GB
2024-09-24 22:45:37 +0000 UTC

www.getcedar.brightlightventures.com · api.zip

/

United States · INMOTION

Yara SUSP_shellpop_Bash From Florian Roth by Tobias Michalski

Download archived sample

The password is "infected"

SHA1: fd702e0824a044069327b7fa395140e4ec78c102
SHA256: f5cafb5c004da5d41a7c7a14a30bc66e624f2b845527989dd20ce86f0b56247a
application/zip
21.72MB
2017-08-10 09:19:28 +0000 UTC

www.getcedar.brightlightventures.com · api.zip

/

United States · INMOTION

Yara SUSP_shellpop_Bash From Florian Roth by Tobias Michalski

Download archived sample

The password is "infected"

SHA1: 6780c4ff0803243bec49e795ccc0437e404ac1cd
SHA256: bd747ce87419599caa5bb581f46dea168ac4d96771f9a533e4a96d673b49fc9d
application/zip
21.72MB
2017-08-10 09:19:28 +0000 UTC

archive-4.kali.org · beef-xss_0.5.4.0+git20250422.orig.tar.gz

/kali/pool/main/b/beef-xss/

France · OVH SAS

Yara SUSP_shellpop_Bash From Florian Roth by Tobias Michalski

Yara Cobaltbaltstrike_Payload_Encoded From Florian Roth by Avast Threat Intel Team

Yara SUSP_PowerShell_IEX_Download_Combo From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

SHA1: ee987d9fa05fbbbb687a45e86e7ca5e799a9f623
SHA256: 303f672421b08b4bfa59d926f9425343d8fd861b4eeeb6f8b4eaecb8b15f75a9
application/gzip
4.35MB
2025-04-30 13:22:28 +0000 UTC

archive-4.kali.org · beef-xss_0.5.4.0+git20250422.orig.tar.gz

/kali/pool/main/b/beef-xss/

France · OVH SAS

Yara SUSP_shellpop_Bash From Florian Roth by Tobias Michalski

Yara Cobaltbaltstrike_Payload_Encoded From Florian Roth by Avast Threat Intel Team

Yara SUSP_PowerShell_IEX_Download_Combo From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

SHA1: ee987d9fa05fbbbb687a45e86e7ca5e799a9f623
SHA256: 303f672421b08b4bfa59d926f9425343d8fd861b4eeeb6f8b4eaecb8b15f75a9
application/gzip
4.35MB
2025-04-30 13:22:28 +0000 UTC

inventivaclick.com · 1667793607.zip

/

France · Host Europe GmbH

Yara SUSP_shellpop_Bash From Florian Roth by Tobias Michalski

SHA1: 3dd835a34609f306430a606b6cecd1f4c7bdcf28
SHA256: ebb3455887c0e6d10ee519049684a28141d3be2569ba33523ea4855a82b854a3
application/zip
1.26GB
2022-11-09 23:40:48 +0000 UTC

mail.inventivaclick.com · 1667793607.zip

/

France · Host Europe GmbH

Yara SUSP_shellpop_Bash From Florian Roth by Tobias Michalski

SHA1: ac052d7785917215934e873317f0ee1dae934598
SHA256: 2fa98db4793c713c095cb06042c9ec1253b3209461c2073a1ab11ed4454c582b
application/zip
1.26GB
2022-11-09 23:40:48 +0000 UTC

mail.inventivaclick.com · 1667793607.zip

/

France · Host Europe GmbH

Yara SUSP_shellpop_Bash From Florian Roth by Tobias Michalski

SHA1: f30173b6542a303eff9ff86369d692a96a1300c4
SHA256: ff9c2b0e64355a9c3b130ed5e3349a7953d8a617c9aa5ba00377b792657fa5d1
application/zip
1.26GB
2022-11-09 23:40:48 +0000 UTC

inventivaclick.com · 1667793607.zip

/

France · Host Europe GmbH

Yara SUSP_shellpop_Bash From Florian Roth by Tobias Michalski

SHA1: 07dded5cdd4cb072bc3754fba705cd4d92b8ec08
SHA256: 53f342f358817e5cb5080da9ff7379f59d9865fb565223303452dc03192f2052
application/zip
1.26GB
2022-11-09 23:40:48 +0000 UTC

www.inventivaclick.com · 1667793607.zip

/

France · Host Europe GmbH

Yara SUSP_shellpop_Bash From Florian Roth by Tobias Michalski

SHA1: 27742145d9031962264385944fea42b23b15d489
SHA256: 2aeb722f0d9064aaa40335f7374aa21683352c5451eca975cf51905020057d7b
application/zip
1.26GB
2022-11-09 23:40:48 +0000 UTC

www.inventivaclick.com · 1667793607.zip

/

France · Host Europe GmbH

Yara SUSP_shellpop_Bash From Florian Roth by Tobias Michalski

SHA1: e8e9a4aaf99034d1e1b2d0ba4d9500d714951ad1
SHA256: edf31de315be5a8a5e8b4f94ed75282931d6bbc99e66ade18568eafd801c1cf3
application/zip
1.26GB
2022-11-09 23:40:48 +0000 UTC

dllcodacker.ir · TheFatRat.zip

//tools/

Iran · NOAVARAN SHABAKEH SABZ MEHREGAN (Ltd.)

Yara Suspicious_PowerShell_WebDownload_1 From Florian Roth by Florian Roth (Nextron Systems)

Yara SUSP_PowerShell_IEX_Download_Combo From Florian Roth by Florian Roth (Nextron Systems)

Yara Cobaltbaltstrike_Payload_Encoded From Florian Roth by Avast Threat Intel Team

Yara Empire_PowerShell_Framework_Gen4 From Florian Roth by Florian Roth (Nextron Systems)

Yara SUSP_shellpop_Bash From Florian Roth by Tobias Michalski

Yara Empire_PowerShell_Framework_Gen1 From Florian Roth by Florian Roth (Nextron Systems)

Yara APT_APT29_Win_FlipFlop_LDR From Florian Roth by threatintel@volexity.com

Yara CobaltStrike_Unmodifed_Beacon From Florian Roth by yara@s3c.za.net

Yara Empire_Invoke_MetasploitPayload From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_ShellcodeMSIL From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_DllInjection From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Install_SSP From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Get_SecurityPackages From Florian Roth by Florian Roth (Nextron Systems)

Yara Mimikatz_Memory_Rule_1 From Florian Roth by Florian Roth

Yara Empire_Invoke_Portscan_Gen From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_SMBAutoBrute From Florian Roth by Florian Roth (Nextron Systems)

Yara Invoke_SMBExec_Invoke_WMIExec_1 From Florian Roth by Florian Roth (Nextron Systems)

Yara TA17_293A_malware_1 From Florian Roth by US-CERT Code Analysis Team (modified by Florian Roth)

Yara Empire_Invoke_SSHCommand From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_PsExec From Florian Roth by Florian Roth (Nextron Systems)

Yara Base64_encoded_Executable From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Get_GPPPassword From Florian Roth by Florian Roth (Nextron Systems)

Yara p0wnedPotato From Florian Roth by Florian Roth (Nextron Systems)

Yara NTLM_Dump_Output From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_dumpCredStore From Florian Roth by Florian Roth (Nextron Systems)

Yara HKTL_PS1_PowerCat_Mar21 From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_KeePassConfig From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Get_Keystrokes From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Out_Minidump From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Exploit_JBoss From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Exploit_Jenkins From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_PostExfil From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_Invoke_EgressCheck From Florian Roth by Florian Roth (Nextron Systems)

Yara HKTL_NET_GUID_UnmanagedPowerShell From Florian Roth by Arnim Rupp (https://github.com/ruppde)

Yara SUSP_NET_NAME_ConfuserEx From Florian Roth by Arnim Rupp

Yara Disable_Defender From AbuseCH by iam-py-test

Yara mimikatz From Florian Roth by Benjamin DELPY (gentilkiwi)

SHA1: b6232e9e30b76932e1d4e88f40889b040f19d5b8
SHA256: d1c3f8766bf523a6e0ffa23c663b2bd486e27d85abd02a1d410ad603eb6683c7
application/zip
1.35GB
2025-10-09 10:30:36 +0000 UTC

kali.itsec.am · beef-xss_0.5.4.0+git20250422.orig.tar.gz

/kali/pool/main/b/beef-xss/

Armenia · GNC-Alfa CJSC

Yara SUSP_shellpop_Bash From Florian Roth by Tobias Michalski

Yara Cobaltbaltstrike_Payload_Encoded From Florian Roth by Avast Threat Intel Team

Yara SUSP_PowerShell_IEX_Download_Combo From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

SHA1: ee987d9fa05fbbbb687a45e86e7ca5e799a9f623
SHA256: 303f672421b08b4bfa59d926f9425343d8fd861b4eeeb6f8b4eaecb8b15f75a9
application/x-gzip
4.35MB
2025-04-30 13:22:28 +0000 UTC

kar3.name · htdocs.zip

/

· CLOUDFLARENET

Yara SUSP_shellpop_Bash From Florian Roth by Tobias Michalski

Download archived sample

The password is "infected"

SHA1: 2c5a6b8b93b68f6f4baac845eb57b774497d22d1
SHA256: e62af08689ef0010ad299625eb53e86e54b9bc1c0b7ff89ea035815d2322e30e
application/zip
20.76MB
2025-10-26 06:16:06 +0000 UTC

138.68.155.142 · svtgbi.org.access.log.zip

/logs/

United Kingdom · DIGITALOCEAN-ASN

Yara SUSP_shellpop_Bash From Florian Roth by Tobias Michalski

SHA1: 0cbaa9d5f7bdc6074ee8d5eb6601ddaf26b2d31e
SHA256: 16d4e8d3ba0dd70c957f5dc76fb9eeeb1d5fb9cb1060b66dc0677812524aa7d3
application/zip
204.57MB
2024-07-23 17:14:03 +0000 UTC