Malware-Sample

PASS is: infected

Xdr33

SHA256: f78075951f0272020ca33fee78c3cf9007a0db1842af5cd0eeab518ccc915b16
POST

dellux.exe

SHA256: 67c911510e257b341be77bc2a88cedc99ace2af852f7825d9710016619875e80
POST

TrickGate

SHA256: fddea1265c29e98f5b679ff034f27124b688f03f2d4c72442ce5f358ddd3eff0
SHA256: 81adbb94cf5758852ad9d3e7ba4d958b1943715c3837074c7fcaeeee22aadb7b
SHA256: 6c0f5a9bf9bfd84be91f3d84335b63ac95ac2b227fedc5de439971577328ac30
POST

ESXiArgs / .args

encrypt + encrypt.sh + ESXi-backdoor + infected file
POST

NewsPenguin

Important Document.doc + test.dotx
POST

ILOVEYOU - Love Bug

LOVE-LETTER-FOR-YOU.TXT.VBS
POST

Beep Malware

big.dll + AphroniaHaimavati.dll
POST

Gobruteforcer (old version)

sha256:acc705210814ff5156957c028a8d6544deaca0555156504087fdc61f015d6834
POST

APERETIF(f39b260a9209013d9559173f12fbc2bd5332c52a) (winter vivern APT)

sha256:a5115118908268569db2b1187b5b13b2cec9480585728d7da0abff38ecd771a6
POST

3cxdesktopapp_supply-chain

3CXDesktopApp-18.11.1213.dmg : 92005051ae314d61074ed94a52e76b1c3e21e7f0e8c1d1fdd497a006ce45fa61
d3dcompiler_47.dll : 11be1803e2e307b647a8a7e02d128335c448ff741bf06bf52b332e0bbf423b03
ffmpeg.dll : c485674ee63ec8d4e8fde9800788175a8b02d3f9416d0e763360fff7f8eb4e02
POST

Bitter APT

chm1_06b4c1f46845cee123b2200324a3ebb7fdbea8e2c6ef4135e3f943bd546a2431
chm2_ded0635c5ef9c3d63543abc36a69b1176875dba84ca005999986bd655da3a446
excel_b2566755235c1df3371a7650d94339e839efaa85279656aa9ab4dc4f2d94bbfa
excel_07504fcef717e6b74ed381e94eab5a9140171572b5572cda87b275e3873c8a88
POST

Fake Chrome upadte (update.exe)

update.bin_2afdcf74d9dbc5575de919e8d041fc06c15044da0844fe9326b8f1b4bedad291
POST

Aukill malware

Aukill v1_1934b4641ca540ac4fd39c37e6f8b6878ddf111b5c8eb2de26c842cb6bd7b9b8
Aukill v4_08a248de098e0f9edec425ce37d13c827eaf4c54c93182f4ddf1c5b3801cf540
WK64.Bin_79357c9248aea61fa25f0641f2eeb13bb259da645ab2e8dd696b702ed4fa976b
WKE32.bin_52b9a7b44154bbb9d81a581a7de4902b1c661559ea87803d9cb85339805bd6ca
PROCEXP.sys - version 16.32
POST

PsiphonAndroid.s.apk (Daam Android Botnet)

184356d900a545a2d545ab96fa6dd7b46f881a1a80ed134db1c65225e8fa902b
POST

JackalControl (GoldenJackal APT trojan)

02E359D6FAA49F85D21F73F28000F3194ADC03EB3262BE58528E124C58AAE704
2D09A6D46DC12CAA55F91CB09EAEE7E8BF5AF3FECAF857C71AA17279AAAF0E7D
POST

zamguard64.sys_543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91

543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91
POST

TriangleDB

fd9e97cfb55f9cfb5d3e1388f712edd952d902f23a583826ebe55e9e322f730f
POST

RomCom-NATO-sample

afchunk.rtf : e7cfeb023c3160a7366f209a16a6f6ea5a0bc9a3ddc16c6cba758114dfe6b539
File001-url : 07377209fe68a98e9bca310d9749daa4eb79558e9fc419cf0b02a9e37679038d
Letter_NATO_Summit_Vilnius_2023_ENG(1).docx : 3a3138c5add59d2172ad33bc6761f2f82ba344f3d03a2269c623f22c1a35df97
Overview_of_UWCs_UkraineInNATO_campaign.docx : a61b2eafcf39715031357df6b01e85e0d1ea2e8ee1dfec241b114e18f7a1163f
POST

aclocal.m4_caa69b10b0bfca561dec90cbd1132b6dcb2c8a44d76a272a0b70b5c64776ff6c

aclocal.m4 : caa69b10b0bfca561dec90cbd1132b6dcb2c8a44d76a272a0b70b5c64776ff6c
POST

MalDoc in PDF

0723Request2.pdf : 098796e1b82c199ad226bff056b6310262b132f6d06930d3c254c57bdf548187
POST

GetSymbol

GetSymbol : 50869d2a713acf406e160d6cde3b442fafe7cfe1221f936f3f28c4b9650a66e9
POST

Sponsor Backdoor

Sponsor v1 : e5ee874bd59bb2a6dec700686544e7914312abff166a7390b34f7cb29993267a
Sponsor v2 : e2b74ed355d68bed2e7242baecccd7eb6eb480212d6cc54526bc4ff7e6f57629
Sponsor v3 : 2a99cf7d73d453f3554e24bf3efa49d8109da9e8543db815a8f813559d083f8f
Sponsor v4 : c4dbda41c726af9ba3d9224f2e38fc433d2b60f4a23512437adeae8ef8986c57
POST

HelloKitty ransomware source code leaked (2020 version)

POST

PowerExchange Script

POST

WinterVivern - checkupdate.js

05ae4c495c10835af57430ca2dfed387aad221ff0651bbe17fc75bbd1f96369a
POST

Persian Remote World

Persian Builder: 4d978a6f806a95c5ee89f8a394ad2a2e4336ad6554922fcde38c46311ac17874
Persian Loader: 464851b14b01e9ca6ff2f6fbc12c3368e3e89bc6f37174742f6a58e20b881d6e
Persian RAT: 43403eeb7b8ea5705c727a0fff8d714ea3e27449b6b9ba0edd12c666848e2492
PersianXloader (telegram): 318E28641358A1E21A0FB8FFAF000E547043B575B80C193E59C224A9B9C8F55C
POST

Iranian Mobile Banking Malware Campaign APK

3fb5b163faeaf29c245f787cde1f661334065e41fa6b8dc23160deef5b1f47a0
d9b92a5a90d426579d184e01f6975bb9d247d095c6bf61298391d62eeee27ef0
c868724e1812769940c03b7e66772f9f06cd357645bdd85671a0b05979ff25c3
534bdae8cbeef8c6e63a6483cf175ba82d8e80e20c5c91d72e57f9cb6ba54915
910492afba030fcdafb83bed18983a73da129c8b091521b3899e13b7e51913da
344fd789d634945935aa6e4e31d7e70fc44fa9dc30ab71ee71e29702dbdf827d
f7528dc3ca8c565f6ea4fa9fe125b4f36a1bcc60b9187f851bf74f155858916a
6fac639f5170aca4babb16787de9cb3f99f3d3a1f11ef6b1d2535b68dac995d5
31eb2c667594f4fd4de2f66a8786c75a275108121902a062c19a5a0cb6c53fb2
d050f783039acdf95d725c2589f338e6a3739d51c2dc6fedac8f84606eaa1f60
ac8075e94d38640b4873d4d722a0e1abccb122b12fcf99d36f6fadae169d6f50
2be1d1eac9e1cd13267f8df69be532b5b068294ebe388ef2ffde73a5650ec7f3
a2ea37838a7a61845570c429a5a7afd0d64fadeef06e34e74101ec60037a29c1
0dc5effcb3ed91d177ae7958919319c73e288c439863922ad98c2750b3ba477b
4aaf79e803a1fa102dc65c31cd7bae59c10cc87c431ee8fe47bb06d9c7c86220
POST

Operation HamsaUpdate

F5UPDATER: fe07dca68f288a4f6d7cbd34d79bb70bc309635876298d4fde33c25277e30bd2
Handala: 454e6d3782f23455875a5db64e1a8cd8eb743400d8c6dadb1cd8fd2ffc2f9567
Naples.pif: f58d3a4b2f3f7f10815c24586fae91964eeed830369e7e0701b43895b0cefbd3
Decoded update.sh script – Linux Wiper Version
POST

phemedrone-CVE-2023-36025

c6765d92e540af845b3cbc4caa4f9e9d00d5003a36c9cb548ea79bb14c7e8f66
DATA2_2.zip_e326c1b9e61cca6823300158e55381c6951b09d2327a89a8d841539cad3b4df3
DATA3.txt_4da33c7fe62f71962913d7b40ff76aff9f1586e57db707b3d6b88162c051f402
image_reported.url_22236e50b5f700f5606788dcd5ab1fb69ee092e8dffdd783ac3cab47f1f445ab
POST

PlugX USB worm botnet

432a07eb49473fa8c71d50ccaf2bc980b692d458ec4aaedd52d739cb377f3428
e8f55d0f327fd1d5f26428b890ef7fe878e135d494acda24ef01c695a2e9136d
3a53bd36b24bc40bdce289d26f1b6965c0a5e71f26b05d19c7aa73d9e3cfa6ff
2304891f176a92c62f43d9fd30cae943f1521394dce792c6de0e097d10103d45
6bb959c33fdfc0086ac48586a73273a0a1331f1c4f0053ef021eebe7f377a292
b9f3cf9d63d2e3ce1821f2e3eb5acd6e374ea801f9c212eebfa734bd649bec7a
POST

Name		Name	Last commit message	Last commit date
Latest commit History 67 Commits
098796e1b82c199ad226bff056b6310262b132f6d06930d3c254c57bdf548187.zip		098796e1b82c199ad226bff056b6310262b132f6d06930d3c254c57bdf548187.zip
3cxdesktopapp_supply-chain.zip		3cxdesktopapp_supply-chain.zip
67c911510e257b341be77bc2a88cedc99ace2af852f7825d9710016619875e80.zip		67c911510e257b341be77bc2a88cedc99ace2af852f7825d9710016619875e80.zip
Aukill.zip		Aukill.zip
Bitter APT.zip		Bitter APT.zip
ESXiArgs.zip		ESXiArgs.zip
FormBook_fddea1265c29e98f5b679ff034f27124b688f03f2d4c72442ce5f358ddd3eff0.zip		FormBook_fddea1265c29e98f5b679ff034f27124b688f03f2d4c72442ce5f358ddd3eff0.zip
GetSymbol_50869d2a713acf406e160d6cde3b442fafe7cfe1221f936f3f28c4b9650a66e9.zip		GetSymbol_50869d2a713acf406e160d6cde3b442fafe7cfe1221f936f3f28c4b9650a66e9.zip
ILOVEYOU.zip		ILOVEYOU.zip
Iranian Mobile Banking Malware Campaign APK.zip		Iranian Mobile Banking Malware Campaign APK.zip
JackalControl.zip		JackalControl.zip
NewsPenguin.zip		NewsPenguin.zip
Operation HamsaUpdate.zip		Operation HamsaUpdate.zip
Persian Remote World.7z		Persian Remote World.7z
PlugX.7z		PlugX.7z
PowerExchange Script.zip		PowerExchange Script.zip
PsiphonAndroid.s.apk_184356d900a545a2d545ab96fa6dd7b46f881a1a80ed134db1c65225e8fa902b.zip		PsiphonAndroid.s.apk_184356d900a545a2d545ab96fa6dd7b46f881a1a80ed134db1c65225e8fa902b.zip
README.md		README.md
RemcosRAT _81adbb94cf5758852ad9d3e7ba4d958b1943715c3837074c7fcaeeee22aadb7b.zip		RemcosRAT _81adbb94cf5758852ad9d3e7ba4d958b1943715c3837074c7fcaeeee22aadb7b.zip
RemcosRAT_6c0f5a9bf9bfd84be91f3d84335b63ac95ac2b227fedc5de439971577328ac30.zip		RemcosRAT_6c0f5a9bf9bfd84be91f3d84335b63ac95ac2b227fedc5de439971577328ac30.zip
RomCom-NATO-sample.zip		RomCom-NATO-sample.zip
Sponsor_backdoor_v1-v4.zip		Sponsor_backdoor_v1-v4.zip
TriangleDB.zip		TriangleDB.zip
WinterVivern_checkupdate.js.zip		WinterVivern_checkupdate.js.zip
aclocal.m4_caa69b10b0bfca561dec90cbd1132b6dcb2c8a44d76a272a0b70b5c64776ff6c.zip		aclocal.m4_caa69b10b0bfca561dec90cbd1132b6dcb2c8a44d76a272a0b70b5c64776ff6c.zip
beep.zip		beep.zip
f39b260a9209013d9559173f12fbc2bd5332c52a.zip		f39b260a9209013d9559173f12fbc2bd5332c52a.zip
f78075951f0272020ca33fee78c3cf9007a0db1842af5cd0eeab518ccc915b16.zip		f78075951f0272020ca33fee78c3cf9007a0db1842af5cd0eeab518ccc915b16.zip
gobruteforcer_old.zip		gobruteforcer_old.zip
hellokitty.zip		hellokitty.zip
phemedrone-CVE-2023-36025.zip		phemedrone-CVE-2023-36025.zip
update.bin_2afdcf74d9dbc5575de919e8d041fc06c15044da0844fe9326b8f1b4bedad291.zip		update.bin_2afdcf74d9dbc5575de919e8d041fc06c15044da0844fe9326b8f1b4bedad291.zip
zamguard64.sys_543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91.zip		zamguard64.sys_543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91.zip

onhexgroup/Malware-Sample

Folders and files

Latest commit

History

Repository files navigation

Malware-Sample

PASS is: infected

Xdr33

dellux.exe

TrickGate

ESXiArgs / .args

NewsPenguin

ILOVEYOU - Love Bug

Beep Malware

Gobruteforcer (old version)

APERETIF(f39b260a9209013d9559173f12fbc2bd5332c52a) (winter vivern APT)

3cxdesktopapp_supply-chain

Bitter APT

Fake Chrome upadte (update.exe)

Aukill malware

PsiphonAndroid.s.apk (Daam Android Botnet)

JackalControl (GoldenJackal APT trojan)

zamguard64.sys_543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91

TriangleDB

RomCom-NATO-sample

aclocal.m4_caa69b10b0bfca561dec90cbd1132b6dcb2c8a44d76a272a0b70b5c64776ff6c

MalDoc in PDF

GetSymbol

Sponsor Backdoor

HelloKitty ransomware source code leaked (2020 version)

PowerExchange Script

WinterVivern - checkupdate.js

Persian Remote World

Iranian Mobile Banking Malware Campaign APK

Operation HamsaUpdate

phemedrone-CVE-2023-36025

PlugX USB worm botnet

About

Resources

Stars

Watchers

Forks