Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
__init__.py
allocates_rwx.py
antianalysis_detectfile.py
antiav_avast_libs.py
antiav_bitdefender_libs.py
antiav_detectfile.py Adding ttp codes 1/2 Apr 2, 2019
antiav_detectreg.py Adding ttp codes 1/2 Apr 2, 2019
antiav_servicestop.py Adding ttp codes 1/2 Apr 2, 2019
antiav_srp.py
antidbg_debuggercheck.py
antidbg_devices.py
antidbg_windows.py Adding ttp codes 1/2 Apr 2, 2019
antiemu_wine.py
antisandbox_clipboard.py Adding ttp codes 1/2 Apr 2, 2019
antisandbox_cuckoo_files.py
antisandbox_file.py
antisandbox_forehwnd.py
antisandbox_fortinet_files.py
antisandbox_idletime.py
antisandbox_joe_anubis_files.py
antisandbox_mouse_hook.py
antisandbox_restart.py code cleanup Apr 26, 2018
antisandbox_sleep.py
antisandbox_sunbelt.py
antisandbox_sunbelt_files.py Adding ttp codes 1/2 Apr 2, 2019
antisandbox_threattrack_files.py Adding ttp codes 1/2 Apr 2, 2019
antisandbox_unhook.py
antivirus_detection_cn.py
antivirus_irma.py Merge branch 'kevrosssigs' of RicoVZ/community into master Apr 26, 2018
antivirus_virustotal.py Simplify virustotal signature Aug 9, 2016
antivm_bochs_keys.py
antivm_computername.py
antivm_disksize.py
antivm_generic_bios.py
antivm_generic_cpu.py
antivm_generic_disk.py
antivm_generic_firmware.py
antivm_generic_ide.py
antivm_generic_scsi.py
antivm_generic_services.py
antivm_hyperv_keys.py Adding ttp codes 1/2 Apr 2, 2019
antivm_memory_available.py
antivm_network_adapter.py code cleanup Sep 7, 2016
antivm_parallels_keys.py Adding ttp codes 1/2 Apr 2, 2019
antivm_parallels_window.py
antivm_psuedo_device.py
antivm_sandboxie.py
antivm_vbox_acpi.py
antivm_vbox_devices.py
antivm_vbox_files.py
antivm_vbox_keys.py
antivm_vbox_provname.py
antivm_vbox_window.py Adding ttp codes 1/2 Apr 2, 2019
antivm_virtualpc.py
antivm_virtualpc_magic.py
antivm_virtualpc_window.py
antivm_vmware_files.py
antivm_vmware_in_insn.py
antivm_vmware_keys.py Adding ttp codes 1/2 Apr 2, 2019
antivm_vmware_window.py
antivm_vpc_keys.py
antivm_xen_keys.py
appinit.py
applocker_bypass.py Adding ttp codes 1/2 Apr 2, 2019
apt_carbunak.py
apt_cloudatlas.py
apt_flame.py
apt_inception.py
apt_putter_panda.py
apt_sandworm_ip.py
apt_sandworm_url.py
apt_turlacarbon.py
apt_uroburos_file.py
apt_uroburos_mutex.py
backdoor_lolbot.py 218 signatures contributed by redsocks.nl Oct 15, 2015
backdoor_sdbot.py
backdoor_tdss.py
backdoor_vanbot.py Add missing `regex=True` for older signatures Apr 12, 2018
backdoor_whimoo.py
bad_certs.py
banker_bancos.py
banker_cridex.py signature additions courtesy of redsocks Oct 9, 2015
banker_prinimalka.py
banker_spyeye_mutex.py
banker_spyeye_url.py
banker_tinba_mutex.py
banker_zeus_mutex.py
banker_zeus_p2p.py
banker_zeus_url.py
banking_mutex.py Add missing `regex=True` for older signatures Apr 12, 2018
bitcoin_opencl.py
bootconfig_modify.py
bootkit.py
bot_athena_url.py
bot_athenahttp.py fixup athenahttp signature Oct 6, 2015
bot_betabot_url.py
bot_dirtjumper.py
bot_drive.py
bot_drive2.py
bot_kelihos.py
bot_kovter.py
bot_madness.py
bot_pony_url.py 218 signatures contributed by redsocks.nl Oct 15, 2015
bot_russkill.py
bot_solar_url.py
bot_vnloader.py 218 signatures contributed by redsocks.nl Oct 15, 2015
bot_warbot_url.py
browser_bho.py
browser_security.py Adding ttp codes 1/2 Apr 2, 2019
browser_startpage.py
bypass_firewall.py
carberp_mutex.py
clears_logs.py
clickfraud.py
cloud_dropbox.py
cloud_google.py
cloud_mediafire.py
cloud_mega.py
cloud_rapidshare.py
cloud_wetransfer.py
cloudflare.py 218 signatures contributed by redsocks.nl Oct 15, 2015
creates_doc.py
creates_exe.py
creates_hidden_file.py
creates_largekey.py
creates_null_reg_entry.py
creates_service.py
creates_shortcut.py
credential_dump.py Update credential_dump.py Apr 25, 2018
crypto_apis.py
cryptomining.py
dde.py
ddos_blackrev_mutex.py
ddos_darkddos_mutex.py
ddos_eclipse_mutex.py
ddos_ipkiller_mutex.py
deepfreeze_mutex.py
deletes_executed.py Adding ttp codes 1/2 Apr 2, 2019
detect_putty.py
detect_winscp.py
disables_app.py
disables_browserwarn.py
disables_security.py
disables_sysrestore.py
disables_wer.py
disables_windowsupdate.py Adding ttp codes 1/2 Apr 2, 2019
dns_dyndns_provider.py 218 signatures contributed by redsocks.nl Oct 15, 2015
dns_exp3322.py
dns_freehosting_domain.py
downloader_cabby.py
dridex_apis.py
driver_load.py
dropper.py
emotet_apis.py
emoves_zoneid_ads.py
excel_datalink_files.py
exec_bitsadmin.py Adding ttp codes 1/2 Apr 2, 2019
exec_crash.py
exec_waitfor.py
exploit_blackhole_url.py
exploit_mutex.py
exploit_sweetorange_mutex.py
exploitation.py
fraud_fakerean.py
hacktool_pwdump_file.py
has_authenticode.py
has_pdb.py
im_bittorrent_bleep.py
im_qq.py 218 signatures contributed by redsocks.nl Oct 15, 2015
infostealer_bitcoin.py
infostealer_browser.py
infostealer_browser_modifications.py
infostealer_clipboard.py
infostealer_derusbi_file.py 218 signatures contributed by redsocks.nl Oct 15, 2015
infostealer_ftp.py
infostealer_im.py
infostealer_keylogger.py various signature improvements and bugfixes Aug 23, 2015
infostealer_mail.py
injection_explorer.py
injection_memorymodify.py
injection_network_traffic.py
injection_runpe.py
injection_thread.py
injection_writememory.py
javascript_commandline.py
keylogger_ardamax_mutex.py 218 signatures contributed by redsocks.nl Oct 15, 2015
keylogger_jintor_mutex.py Add missing `regex=True` for older signatures Apr 12, 2018
locates_browser.py
locates_sniffer.py
locker_cmd.py
locker_regedit.py
locker_taskmgr.py
maldoc.py mark wscript-based droppers as a family Jun 20, 2018
martians.py
memdump_urls.py
memdump_yara.py
mining.py
modifies_certs.py
modifies_proxies.py
modifies_seccenter.py
modifies_uac_notify.py
modifies_wallpaper.py
modifies_zoneid.py
moves_self.py
multiple_ua.py
network_rdp_mutex.py
network_service_mirc.py
network_tor.py
network_tor_service.py
network_urlshort_cn.py
network_vnc_mutex.py
nymaim_apis.py
office.py
office_packager.py
office_rtf.py
origin_langid.py
packer_entropy.py
packer_polymorphic.py
packer_upx.py
packer_vmprotect.py
payload_download.py Adding ttp codes 1/2 Apr 2, 2019
pe_features.py Adding ttp codes 2/2 Apr 2, 2019
persistence_ads.py
persistence_autorun.py
persistence_bootexecute.py
persistence_registry_fileless.py
pos_alina_file.py
pos_alina_url.py
pos_blackpos_url.py
pos_decebal_mutex.py
pos_dexter.py Add missing `regex=True` for older signatures Apr 12, 2018
pos_jackpos_file.py
pos_jackpos_url.py
pos_poscardstealer_url.py
powerfun.py
powershell.py
powershell_reg.py
powerworm.py
privileges.py Merge branch 'kevrosssigs' of RicoVZ/community into master Apr 26, 2018
process_interest.py
process_needed.py
protection_rx.py
raises_exception.py
ransom_mutex.py 218 signatures contributed by redsocks.nl Oct 15, 2015
ransomware_bcdedit.py
ransomware_fileextensions.py
ransomware_filemodications.py
ransomware_files.py
ransomware_message.py
ransomware_recyclebin.py
ransomware_shadowcopy.py
ransomware_viruscoder.py
ransomware_wbadmin.py
rat_adzok.py
rat_bandook.py
rat_beastdoor.py Add missing `regex=True` for older signatures Apr 12, 2018
rat_beebus_mutex.py
rat_bifrose.py
rat_blackhole.py
rat_blackice.py
rat_blackshades.py Add missing `regex=True` for older signatures Apr 12, 2018
rat_bladabindi.py
rat_bottilda.py
rat_bozok.py
rat_buzus.py
rat_comRAT.py
rat_cybergate.py
rat_darkcloud.py
rat_darkshell.py
rat_delf.py
rat_dibik.py Add missing `regex=True` for older signatures Apr 12, 2018
rat_evilbot.py
rat_farfli.py
rat_fexel_ip.py
rat_flystudio.py 218 signatures contributed by redsocks.nl Oct 15, 2015
rat_fynloski.py
rat_ghostbot.py Add missing `regex=True` for older signatures Apr 12, 2018
rat_hesperbot.py
rat_hikit.py
rat_hupigon.py
rat_icepoint.py
rat_jewdo.py 218 signatures contributed by redsocks.nl Oct 15, 2015
rat_jorik.py
rat_karakum.py
rat_koutodoor.py
rat_kuluoz.py
rat_likseput.py
rat_madness.py
rat_madness_url.py
rat_magania_mutex.py Add missing `regex=True` for older signatures Apr 12, 2018
rat_minerbot.py
rat_mybot.py
rat_naid_ip.py
rat_nakbot.py
rat_netobserve.py Add missing `regex=True` for older signatures Apr 12, 2018
rat_netshadow.py
rat_netwire.py
rat_nitol.py
rat_njrat.py
rat_pasta.py
rat_pcclient.py
rat_plugx.py
rat_poebot.py
rat_poisonivy.py
rat_qakbot.py Add missing `regex=True` for older signatures Apr 12, 2018
rat_rbot.py
rat_renos.py Add missing `regex=True` for older signatures Apr 12, 2018
rat_sadbot.py
rat_senna.py
rat_shadowbot.py
rat_siggen.py
rat_spynet.py various regex improvements and other small tweaks Oct 9, 2015
rat_spyrecorder.py
rat_staser.py
rat_swrort.py
rat_teamviewer.py
rat_travnet.py
rat_trogbot.py
rat_turkojan.py
rat_urlspy.py
rat_urxbot.py
rat_vertexnet.py
rat_vertexnet_url.py 218 signatures contributed by redsocks.nl Oct 15, 2015
rat_wakbot.py
rat_xtreme.py
rat_zegost.py
reads_user_agent.py Adding ttp codes 1/2 Apr 2, 2019
recon_beacon.py
recon_checkip.py
recon_fingerprint.py
recon_programs.py
recon_systeminfo.py
rootkit_blackenergy_mutex.py
self_delete_bat.py
sharing_rghost.py
shellcode.py
sipstun.py
smtp_gmail.py
smtp_live.py
smtp_mailru.py
smtp_yahoo.py
sniffer_winpcap.py various regex improvements and other small tweaks Oct 9, 2015
spreading_autoruninf.py
stealth_childproc.py Add CreateProcessInternalW into ChildProc sig Dec 20, 2016
stealth_hiddenextension.py Adding ttp codes 2/2 Apr 2, 2019
stealth_hiddenfile.py
stealth_hiddenicons.py
stealth_hidenotifications.py
stealth_systemprocname.py
stealth_window.py
stops_service.py
suspicious_process.py
tapi_mutex.py
terminates_process.py Add signature for termination of another process Apr 10, 2018
trojan_bublik.py
trojan_ceatrg.py 218 signatures contributed by redsocks.nl Oct 15, 2015
trojan_coinminer.py
trojan_dapato.py
trojan_emotet.py
trojan_jorik.py
trojan_kilim.py
trojan_lethic.py
trojan_lockscreen.py
trojan_mrblack.py
trojan_obfus_mutex.py
trojan_pincav.py
trojan_redosru.py
trojan_rovnix.py
trojan_sysn.py
trojan_tnega_mutex.py 218 signatures contributed by redsocks.nl Oct 15, 2015
trojan_vbinject.py
trojan_yoddos.py
trojandl_begseabug_mutex.py 218 signatures contributed by redsocks.nl Oct 15, 2015
trojandl_upatre_mutex.py 218 signatures contributed by redsocks.nl Oct 15, 2015
url_file.py
vir_andromeda.py 218 signatures contributed by redsocks.nl Oct 15, 2015
vir_bagle.py
vir_banload.py
vir_btc.py
vir_c24_url.py
vir_cryptolocker.py 218 signatures contributed by redsocks.nl Oct 15, 2015
vir_ddos556.py
vir_decay.py
vir_dofoil.py
vir_dyreza.py
vir_expiro.py
vir_fakeav2_mutex.py
vir_fakeav_mutex.py
vir_gaelicum.py
vir_infinity.py 218 signatures contributed by redsocks.nl Oct 15, 2015
vir_ircbrute.py 218 signatures contributed by redsocks.nl Oct 15, 2015
vir_isrstealer.py 218 signatures contributed by redsocks.nl Oct 15, 2015
vir_istealer_url.py
vir_karagany.py
vir_katusha.py
vir_killdisk.py 218 signatures contributed by redsocks.nl Oct 15, 2015
vir_koobface.py Add missing `regex=True` for older signatures Apr 12, 2018
vir_luder.py
vir_napolar.py
vir_nebuler.py
vir_oldrea.py
vir_perflogger.py
vir_pidief.py
vir_ponfoy.py
vir_pykse.py
vir_ragebot.py
vir_ramnit.py
vir_sharpstealer.py 218 signatures contributed by redsocks.nl Oct 15, 2015
vir_shiz.py 218 signatures contributed by redsocks.nl Oct 15, 2015
vir_shylock.py 218 signatures contributed by redsocks.nl Oct 15, 2015
vir_ufr3.py
vir_upatre.py 218 signatures contributed by redsocks.nl Oct 15, 2015
vir_virut.py
virus_jeefo_mutex.py
virus_tufik_mutex.py 218 signatures contributed by redsocks.nl Oct 15, 2015
volatility_sig.py
windows_console.py
windows_utilities.py
wmi.py
worm_allaple.py
worm_fesber_mutex.py
worm_kolabc.py
worm_krepper_mutex.py
worm_palevo.py 218 signatures contributed by redsocks.nl Oct 15, 2015
worm_phorpiex.py
worm_psyokym.py 218 signatures contributed by redsocks.nl Oct 15, 2015
worm_puce_mutex.py
worm_renocide.py
worm_rungbu.py
worm_runouce_mutex.py
worm_winsxsbot.py 218 signatures contributed by redsocks.nl Oct 15, 2015
worm_xworm.py
You can’t perform that action at this time.