Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0 |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0 |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000002.711210574.0000000004691000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000000.393171200.0000000000F12000.00000002.00000001.01000000.00000006.sdmp | String found in binary or memory: http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r |
Source: Pluto Panel.exe, 00000005.00000002.712709095.0000000008430000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp, 22.exe, 0000000B.00000000.422804028.000000000042B000.00000008.00000001.01000000.0000000B.sdmp | String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08 |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05 |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: Pluto Panel.exe, 00000005.00000002.712090794.0000000006EE2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://fontfabrik.com |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000002.711210574.0000000004691000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000000.393171200.0000000000F12000.00000002.00000001.01000000.00000006.sdmp | String found in binary or memory: http://ocsp.comodoca.com0 |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0A |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0C |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0N |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0O |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp, 22.exe, 0000000B.00000000.422804028.000000000042B000.00000008.00000001.01000000.0000000B.sdmp | String found in binary or memory: http://ocsp.thawte.com0 |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp, 22.exe, 0000000B.00000000.422804028.000000000042B000.00000008.00000001.01000000.0000000B.sdmp | String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0 |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp, 22.exe, 0000000B.00000000.422804028.000000000042B000.00000008.00000001.01000000.0000000B.sdmp | String found in binary or memory: http://s2.symcb.com0 |
Source: healastounding.exe | String found in binary or memory: http://schemas.microsof |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp, 22.exe, 0000000B.00000000.422804028.000000000042B000.00000008.00000001.01000000.0000000B.sdmp | String found in binary or memory: http://sv.symcb.com/sv.crl0a |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp, 22.exe, 0000000B.00000000.422804028.000000000042B000.00000008.00000001.01000000.0000000B.sdmp | String found in binary or memory: http://sv.symcb.com/sv.crt0 |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp, 22.exe, 0000000B.00000000.422804028.000000000042B000.00000008.00000001.01000000.0000000B.sdmp | String found in binary or memory: http://sv.symcd.com0& |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp, 22.exe, 0000000B.00000000.422804028.000000000042B000.00000008.00000001.01000000.0000000B.sdmp | String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp, 22.exe, 0000000B.00000000.422804028.000000000042B000.00000008.00000001.01000000.0000000B.sdmp | String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp, 22.exe, 0000000B.00000000.422804028.000000000042B000.00000008.00000001.01000000.0000000B.sdmp | String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: Pluto Panel.exe, 00000005.00000002.705753147.0000000003691000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://whatismyipaddress.com |
Source: Pluto Panel.exe, Pluto Panel.exe, 00000005.00000002.705753147.0000000003691000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://whatismyipaddress.com/ |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000000.393171200.0000000000F12000.00000002.00000001.01000000.00000006.sdmp | String found in binary or memory: http://whatismyipaddress.com/- |
Source: Pluto Panel.exe, 00000005.00000002.712090794.0000000006EE2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
Source: Pluto Panel.exe, 00000005.00000003.462837238.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.463380932.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.461983546.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.460984251.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.ascendercorp.com/typedesigners.html |
Source: Pluto Panel.exe, 00000005.00000003.445443819.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.437487558.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.439099390.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.437239432.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.436798009.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.437773657.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.437023378.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.440045453.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.441297022.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.439790741.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.442021245.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.438069908.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.445694166.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.445564416.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.441503544.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.441818008.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.445818252.0000000005C80000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.carterandcone.com |
Source: Pluto Panel.exe, 00000005.00000003.436798009.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.437023378.0000000005C80000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.carterandcone.com. |
Source: Pluto Panel.exe, 00000005.00000003.437487558.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.437239432.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.437023378.0000000005C80000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.carterandcone.comTC |
Source: Pluto Panel.exe, 00000005.00000003.440045453.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.441297022.0000000005C80000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.carterandcone.comY |
Source: Pluto Panel.exe, 00000005.00000003.442021245.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.441503544.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.441818008.0000000005C80000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.carterandcone.comkC |
Source: Pluto Panel.exe, 00000005.00000002.712090794.0000000006EE2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.carterandcone.coml |
Source: Pluto Panel.exe, 00000005.00000003.439099390.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.439790741.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.438069908.0000000005C80000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.carterandcone.como.W |
Source: Pluto Panel.exe, 00000005.00000003.437023378.0000000005C80000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.carterandcone.comt |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0 |
Source: Pluto Panel.exe, 00000005.00000003.620876949.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.645268957.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.630356431.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.585753311.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.593605825.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.539432667.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.561809650.0000000005C54000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.570284939.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.578609523.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000002.712090794.0000000006EE2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com |
Source: Pluto Panel.exe, 00000005.00000003.620876949.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.645268957.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.630356431.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.585753311.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.593605825.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/C |
Source: Pluto Panel.exe, 00000005.00000002.712090794.0000000006EE2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers |
Source: Pluto Panel.exe, 00000005.00000002.712090794.0000000006EE2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/? |
Source: Pluto Panel.exe, 00000005.00000003.569553799.0000000005C80000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/cabarga.html |
Source: Pluto Panel.exe, 00000005.00000002.712090794.0000000006EE2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN |
Source: Pluto Panel.exe, 00000005.00000003.569553799.0000000005C80000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlf |
Source: Pluto Panel.exe, 00000005.00000003.546333465.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.537131070.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.588600543.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.556315402.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.580567393.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.570425092.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.541181738.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.551450060.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.573427389.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.569553799.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000002.712090794.0000000006EE2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html |
Source: Pluto Panel.exe, 00000005.00000002.712090794.0000000006EE2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers8 |
Source: Pluto Panel.exe, 00000005.00000002.712090794.0000000006EE2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers? |
Source: Pluto Panel.exe, 00000005.00000002.712090794.0000000006EE2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designersG |
Source: Pluto Panel.exe, 00000005.00000003.585753311.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designersh |
Source: Pluto Panel.exe, 00000005.00000003.645268957.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.539432667.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.561809650.0000000005C54000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.comF |
Source: Pluto Panel.exe, 00000005.00000003.539432667.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.561809650.0000000005C54000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.570284939.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.comFX |
Source: Pluto Panel.exe, 00000005.00000002.711887980.0000000005C50000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.coma |
Source: Pluto Panel.exe, 00000005.00000003.539432667.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.comd |
Source: Pluto Panel.exe, 00000005.00000003.539432667.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.561809650.0000000005C54000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.comd& |
Source: Pluto Panel.exe, 00000005.00000003.585753311.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.593605825.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.578609523.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.comitu |
Source: Pluto Panel.exe, 00000005.00000003.620876949.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.645268957.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.630356431.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.585753311.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.593605825.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.comlicd |
Source: Pluto Panel.exe, 00000005.00000003.570284939.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.comn |
Source: Pluto Panel.exe, 00000005.00000002.711887980.0000000005C50000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.comoX |
Source: Pluto Panel.exe, 00000005.00000003.539432667.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.comonyn |
Source: Pluto Panel.exe, 00000005.00000003.645268957.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.comrsiv |
Source: Pluto Panel.exe, 00000005.00000003.539432667.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.561809650.0000000005C54000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.570284939.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.comsiv/C |
Source: Pluto Panel.exe, 00000005.00000003.570284939.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.comtu |
Source: Pluto Panel.exe, 00000005.00000003.413764911.0000000005C85000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.413943860.0000000005C85000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.413057625.0000000005C85000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.413330512.0000000005C85000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000002.712090794.0000000006EE2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fonts.com |
Source: Pluto Panel.exe, 00000005.00000003.413330512.0000000005C85000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fonts.comC |
Source: Pluto Panel.exe, 00000005.00000003.431908494.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.432587858.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.433071734.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000002.712090794.0000000006EE2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cn |
Source: Pluto Panel.exe, 00000005.00000003.431908494.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cn$ |
Source: Pluto Panel.exe, 00000005.00000003.434083509.0000000005C7E000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.433444494.0000000005C7E000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.432944886.0000000005C7F000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/ |
Source: Pluto Panel.exe, 00000005.00000003.434083509.0000000005C7E000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.434485944.0000000005C7E000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.433444494.0000000005C7E000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.434712918.0000000005C7F000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.432944886.0000000005C7F000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/) |
Source: Pluto Panel.exe, 00000005.00000002.712090794.0000000006EE2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/bThe |
Source: Pluto Panel.exe, 00000005.00000002.712090794.0000000006EE2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/cThe |
Source: Pluto Panel.exe, 00000005.00000003.433444494.0000000005C7E000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.432459781.0000000005C7F000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.432944886.0000000005C7F000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cnT |
Source: Pluto Panel.exe, 00000005.00000003.431908494.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cncz |
Source: Pluto Panel.exe, 00000005.00000003.431908494.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cncz$ |
Source: Pluto Panel.exe, 00000005.00000003.431908494.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cnv |
Source: Pluto Panel.exe, 00000005.00000003.431908494.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cp |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.367521899.0000000000E31000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000002.696610265.00000000057AD000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.freeeim.com/D |
Source: Pluto Panel.exe, 00000005.00000002.712090794.0000000006EE2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.galapagosdesign.com/DPlease |
Source: Pluto Panel.exe, 00000005.00000002.712090794.0000000006EE2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm |
Source: Pluto Panel.exe, 00000005.00000002.712090794.0000000006EE2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.goodfont.co.kr |
Source: Pluto Panel.exe, 00000005.00000003.423909901.0000000005C85000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.425696650.0000000005C85000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.i. |
Source: Pluto Panel.exe, 00000005.00000003.462837238.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.466345951.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.459485550.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.469643417.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.457715522.0000000005C56000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.463380932.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.466752175.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.460010944.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.464082407.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.452001254.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.457092303.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.465692163.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.467819425.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.461983546.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.464883846.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.460984251.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000002.712090794.0000000006EE2000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.467392892.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/ |
Source: Pluto Panel.exe, 00000005.00000003.448193641.0000000005C53000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.457715522.0000000005C56000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.452001254.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.457092303.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/) |
Source: Pluto Panel.exe, 00000005.00000003.448193641.0000000005C53000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/J |
Source: Pluto Panel.exe, 00000005.00000003.459485550.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.457715522.0000000005C56000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.460010944.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.452001254.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.457092303.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.461983546.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.460984251.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/Q |
Source: Pluto Panel.exe, 00000005.00000003.448193641.0000000005C53000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.459485550.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.460010944.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.452001254.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.461983546.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.460984251.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/X |
Source: Pluto Panel.exe, 00000005.00000003.452001254.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/eu-e |
Source: Pluto Panel.exe, 00000005.00000003.459485550.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.457715522.0000000005C56000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.460010944.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.457092303.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.461983546.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.460984251.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/g |
Source: Pluto Panel.exe, 00000005.00000003.448193641.0000000005C53000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.452001254.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/i |
Source: Pluto Panel.exe, 00000005.00000003.462837238.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.459485550.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.457715522.0000000005C56000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.463380932.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.460010944.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.464082407.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.457092303.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.461983546.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.464883846.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.460984251.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/ |
Source: Pluto Panel.exe, 00000005.00000003.459485550.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.460010944.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.461983546.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.460984251.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/) |
Source: Pluto Panel.exe, 00000005.00000003.459485550.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.457715522.0000000005C56000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.452001254.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.457092303.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/C |
Source: Pluto Panel.exe, 00000005.00000003.459485550.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.457715522.0000000005C56000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.452001254.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.457092303.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/J |
Source: Pluto Panel.exe, 00000005.00000003.457715522.0000000005C56000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.457092303.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/X |
Source: Pluto Panel.exe, 00000005.00000003.448193641.0000000005C53000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/ls |
Source: Pluto Panel.exe, 00000005.00000003.448193641.0000000005C53000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.462837238.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.459485550.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.457715522.0000000005C56000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.463380932.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.460010944.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.464082407.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.452001254.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.457092303.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.461983546.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.464883846.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.460984251.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/n |
Source: Pluto Panel.exe, 00000005.00000000.393171200.0000000000F12000.00000002.00000001.01000000.00000006.sdmp | String found in binary or memory: http://www.nirsoft.net/ |
Source: Pluto Panel.exe, 00000005.00000002.712090794.0000000006EE2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.sajatypeworks.com |
Source: Pluto Panel.exe, 00000005.00000003.461983546.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000002.712090794.0000000006EE2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.sakkal.com |
Source: Pluto Panel.exe, 00000005.00000003.461535327.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.462539198.0000000005C80000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.sakkal.comm |
Source: Pluto Panel.exe, 00000005.00000002.712090794.0000000006EE2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.sandoll.co.kr |
Source: Pluto Panel.exe, 00000005.00000002.705753147.0000000003691000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.site.com/logs.php |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp, 22.exe, 0000000B.00000000.422804028.000000000042B000.00000008.00000001.01000000.0000000B.sdmp | String found in binary or memory: http://www.symauth.com/cps0( |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp, 22.exe, 0000000B.00000000.422804028.000000000042B000.00000008.00000001.01000000.0000000B.sdmp | String found in binary or memory: http://www.symauth.com/rpa00 |
Source: Pluto Panel.exe, 00000005.00000002.712090794.0000000006EE2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.tiro.com |
Source: Pluto Panel.exe, 00000005.00000003.434485944.0000000005C7E000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.434712918.0000000005C7F000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.tiro.com& |
Source: Pluto Panel.exe, 00000005.00000003.445903668.0000000005C80000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.tiro.com= |
Source: Pluto Panel.exe, 00000005.00000003.445903668.0000000005C80000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.tiro.comic |
Source: Pluto Panel.exe, 00000005.00000002.712090794.0000000006EE2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.typography.netD |
Source: Pluto Panel.exe, 00000005.00000003.646787103.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.494373371.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.493190429.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.497114575.0000000005C80000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.urwpp.de |
Source: Pluto Panel.exe, 00000005.00000002.712090794.0000000006EE2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.urwpp.deDPlease |
Source: Pluto Panel.exe, 00000005.00000003.646787103.0000000005C80000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.urwpp.deMTq |
Source: Pluto Panel.exe, 00000005.00000003.494373371.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.493190429.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.497114575.0000000005C80000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.urwpp.deR |
Source: Pluto Panel.exe, 00000005.00000003.646787103.0000000005C80000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.urwpp.deg |
Source: Pluto Panel.exe, 00000005.00000003.494373371.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.493190429.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.497114575.0000000005C80000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.urwpp.derasg |
Source: Pluto Panel.exe, 00000005.00000003.437773657.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.438069908.0000000005C80000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.zhongyicts.co |
Source: Pluto Panel.exe, 00000005.00000003.437487558.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.437239432.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.436798009.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.436695339.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.437023378.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000002.712090794.0000000006EE2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.zhongyicts.com.cn |
Source: Pluto Panel.exe, 00000005.00000003.437487558.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.439099390.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.437239432.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.436798009.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.436695339.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.437773657.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.437023378.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.439790741.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.438069908.0000000005C80000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.zhongyicts.com.cnY |
Source: Pluto Panel.exe, 00000005.00000003.436695339.0000000005C80000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.zhongyicts.com.cnm |
Source: Pluto Panel.exe, 00000005.00000003.437487558.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.437239432.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.436798009.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.436695339.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.437023378.0000000005C80000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.zhongyicts.com.cno. |
Source: Pluto Panel.exe, 00000005.00000003.437487558.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.437239432.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.436798009.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.436695339.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.437773657.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.437023378.0000000005C80000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.zhongyicts.com.cno.W |
Source: Pluto Panel.exe, 00000005.00000003.437487558.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.437239432.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.436798009.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.436695339.0000000005C80000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000003.437023378.0000000005C80000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.zhongyicts.com.cnts |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp, 22.exe, 0000000B.00000000.422804028.000000000042B000.00000008.00000001.01000000.0000000B.sdmp | String found in binary or memory: https://d.symcb.com/cps0% |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp, 22.exe, 0000000B.00000000.422804028.000000000042B000.00000008.00000001.01000000.0000000B.sdmp | String found in binary or memory: https://d.symcb.com/rpa0 |
Source: healastounding.exe, healastounding.exe, 00000004.00000000.385235005.0000000000902000.00000002.00000001.01000000.00000005.sdmp, healastounding.exe, 00000004.00000002.538356356.0000000003471000.00000004.00000800.00020000.00000000.sdmp, gay.exe, gay.exe, 00000008.00000000.411478373.00000000000D2000.00000002.00000001.01000000.00000009.sdmp, mediaget.exe, 00000011.00000000.445953483.0000000000AB2000.00000002.00000001.01000000.0000000F.sdmp, mediaget.exe, 00000011.00000003.646152049.0000000001338000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0 |
Source: Pluto Panel.exe | String found in binary or memory: https://login.yahoo.com/config/login |
Source: Pluto Panel.exe, 00000005.00000002.705753147.0000000003691000.00000004.00000800.00020000.00000000.sdmp, Pluto Panel.exe, 00000005.00000002.706003291.00000000036CE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://whatismyipaddress.com/ |
Source: Pluto Panel.exe, 00000005.00000002.706003291.00000000036CE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://whatismyipaddress.comx& |
Source: Pluto Panel.exe, 00000005.00000002.706003291.00000000036CE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.cloudflare.com/5xx-error-landing |
Source: RIP_YOUR_PC_LOL.exe, 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, RIP_YOUR_PC_LOL.exe, 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.digicert.com/CPS0 |
Source: Pluto Panel.exe | String found in binary or memory: https://www.google.com/accounts/servicelogin |
Source: RIP_YOUR_PC_LOL.exe, type: SAMPLE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: RIP_YOUR_PC_LOL.exe, type: SAMPLE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: RIP_YOUR_PC_LOL.exe, type: SAMPLE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: RIP_YOUR_PC_LOL.exe, type: SAMPLE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: RIP_YOUR_PC_LOL.exe, type: SAMPLE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: RIP_YOUR_PC_LOL.exe, type: SAMPLE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: RIP_YOUR_PC_LOL.exe, type: SAMPLE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: RIP_YOUR_PC_LOL.exe, type: SAMPLE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 0.0.RIP_YOUR_PC_LOL.exe.206ac1d.13.raw.unpack, type: UNPACKEDPE | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 0.2.RIP_YOUR_PC_LOL.exe.d4dd52.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.3.RIP_YOUR_PC_LOL.exe.5a556c1.5.unpack, type: UNPACKEDPE | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 9.2.Opus.exe.840000.0.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 9.2.Opus.exe.840000.0.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 9.2.Opus.exe.840000.0.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 9.0.Opus.exe.840000.0.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 9.0.Opus.exe.840000.0.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 9.0.Opus.exe.840000.0.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 4.2.healastounding.exe.34865dc.7.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.2.healastounding.exe.34865dc.7.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 8.0.gay.exe.d0000.2.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 8.0.gay.exe.d0000.2.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.0.RIP_YOUR_PC_LOL.exe.c8867b.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 11.0.22.exe.5f65b6.17.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 5.0.Pluto Panel.exe.f10000.8.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 5.0.Pluto Panel.exe.f10000.8.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 5.2.Pluto Panel.exe.f6fa72.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 5.2.Pluto Panel.exe.f6fa72.1.raw.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 5.2.Pluto Panel.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 5.2.Pluto Panel.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 9.2.Opus.exe.5b00000.7.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 9.2.Opus.exe.5b00000.7.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 5.2.Pluto Panel.exe.f18208.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 5.2.Pluto Panel.exe.f18208.3.raw.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 6.2.test.exe.da0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: Detects Ficker infostealer Author: ditekSHen |
Source: 8.2.gay.exe.d0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 8.2.gay.exe.d0000.0.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 7.2.0fd7de5367376231a788872005d7ed4f.exe.24f15a0.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Ficker infostealer Author: ditekSHen |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1f6c52e.15.raw.unpack, type: UNPACKEDPE | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 5.2.Pluto Panel.exe.f19c0d.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 5.2.Pluto Panel.exe.f19c0d.2.raw.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 4.2.healastounding.exe.4474268.10.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 4.2.healastounding.exe.4474268.10.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 4.2.healastounding.exe.4474268.10.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1f6c52e.15.raw.unpack, type: UNPACKEDPE | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 0.1.RIP_YOUR_PC_LOL.exe.9f22de.1.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.1.RIP_YOUR_PC_LOL.exe.9f22de.1.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1d1caed.10.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1d1caed.10.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 9.2.Opus.exe.5b00000.7.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 9.2.Opus.exe.5b00000.7.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 4.2.healastounding.exe.3479694.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 4.2.healastounding.exe.3479694.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.2.healastounding.exe.3479694.5.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.5.unpack, type: UNPACKEDPE | Matched rule: Detects Ficker infostealer Author: ditekSHen |
Source: 4.0.healastounding.exe.902324.11.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 4.0.healastounding.exe.902324.11.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 4.0.healastounding.exe.902324.11.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 11.0.22.exe.5f65b6.23.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 11.0.22.exe.530edf.22.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 11.0.22.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 11.0.22.exe.400000.12.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 5.0.Pluto Panel.exe.f18208.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 5.0.Pluto Panel.exe.f18208.5.raw.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 4.2.healastounding.exe.95312e.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.2.healastounding.exe.95312e.2.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: Detects Ficker infostealer Author: ditekSHen |
Source: 6.0.test.exe.da0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 17.0.mediaget.exe.ab0000.3.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 17.0.mediaget.exe.ab0000.3.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce97c4.11.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce97c4.11.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce97c4.11.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce97c4.11.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce97c4.11.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 4.0.healastounding.exe.95312e.10.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.0.healastounding.exe.95312e.10.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 9.2.Opus.exe.2ea1844.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 9.2.Opus.exe.2ea1844.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 4.0.healastounding.exe.95312e.10.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.0.healastounding.exe.95312e.10.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 17.0.mediaget.exe.ab0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 17.0.mediaget.exe.ab0000.0.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1fdd5e1.14.raw.unpack, type: UNPACKEDPE | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.17.unpack, type: UNPACKEDPE | Matched rule: Detects Ficker infostealer Author: ditekSHen |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: Detects Ficker infostealer Author: ditekSHen |
Source: 0.2.RIP_YOUR_PC_LOL.exe.9f22de.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.RIP_YOUR_PC_LOL.exe.9f22de.3.raw.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 11.0.22.exe.5f65b6.10.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.0.RIP_YOUR_PC_LOL.exe.9f22de.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.0.RIP_YOUR_PC_LOL.exe.9f22de.1.raw.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 4.0.healastounding.exe.900000.4.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 4.0.healastounding.exe.900000.4.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.0.healastounding.exe.900000.4.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 4.0.healastounding.exe.900000.4.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 4.0.healastounding.exe.900000.4.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 4.2.healastounding.exe.4474268.10.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 4.2.healastounding.exe.4474268.10.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 4.2.healastounding.exe.4474268.10.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.3.RIP_YOUR_PC_LOL.exe.5a556c1.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 9.0.Opus.exe.840000.3.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 9.0.Opus.exe.840000.3.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 9.0.Opus.exe.840000.3.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 5.0.Pluto Panel.exe.f19c0d.15.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 5.0.Pluto Panel.exe.f19c0d.15.raw.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.15.unpack, type: UNPACKEDPE | Matched rule: Detects Ficker infostealer Author: ditekSHen |
Source: 0.3.RIP_YOUR_PC_LOL.exe.596a627.9.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 11.0.22.exe.43de6f.19.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 11.0.22.exe.530edf.16.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 4.2.healastounding.exe.95312e.2.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.2.healastounding.exe.95312e.2.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 11.0.22.exe.43de6f.2.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 4.2.healastounding.exe.3474284.6.raw.unpack, type: UNPACKEDPE | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 4.2.healastounding.exe.3474284.6.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.2.healastounding.exe.3474284.6.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 4.0.healastounding.exe.902324.6.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 4.0.healastounding.exe.902324.14.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 4.0.healastounding.exe.902324.6.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.0.healastounding.exe.902324.6.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 4.0.healastounding.exe.902324.6.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 4.0.healastounding.exe.902324.6.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 4.0.healastounding.exe.902324.14.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.0.healastounding.exe.902324.14.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 4.0.healastounding.exe.902324.14.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 4.0.healastounding.exe.902324.14.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 17.2.mediaget.exe.ab0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 17.2.mediaget.exe.ab0000.0.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 11.0.22.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.0.RIP_YOUR_PC_LOL.exe.9fa0eb.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.0.RIP_YOUR_PC_LOL.exe.9fa0eb.2.raw.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 9.2.Opus.exe.3edeacc.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 9.2.Opus.exe.3edeacc.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 0.2.RIP_YOUR_PC_LOL.exe.c8867b.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 4.0.healastounding.exe.935129.15.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.0.healastounding.exe.935129.15.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.0.RIP_YOUR_PC_LOL.exe.9f22de.1.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.0.RIP_YOUR_PC_LOL.exe.9f22de.1.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.9.unpack, type: UNPACKEDPE | Matched rule: Detects Ficker infostealer Author: ditekSHen |
Source: 11.0.22.exe.43de6f.13.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 4.0.healastounding.exe.902324.3.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 4.0.healastounding.exe.902324.3.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 4.0.healastounding.exe.902324.3.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 8.0.gay.exe.d0000.1.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 8.0.gay.exe.d0000.1.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 8.0.gay.exe.d0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 8.0.gay.exe.d0000.0.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 9.0.Opus.exe.840000.1.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 9.0.Opus.exe.840000.1.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 9.0.Opus.exe.840000.1.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 11.0.22.exe.530edf.11.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 5.0.Pluto Panel.exe.f19c0d.11.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 5.0.Pluto Panel.exe.f19c0d.11.raw.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 4.2.healastounding.exe.935129.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.2.healastounding.exe.935129.1.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 4.2.healastounding.exe.34865dc.7.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.2.healastounding.exe.34865dc.7.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 9.2.Opus.exe.5870000.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 9.2.Opus.exe.5870000.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 4.2.healastounding.exe.900000.0.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 4.2.healastounding.exe.900000.0.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.2.healastounding.exe.900000.0.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 4.2.healastounding.exe.900000.0.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 4.2.healastounding.exe.900000.0.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 5.0.Pluto Panel.exe.f6fa72.13.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 5.0.Pluto Panel.exe.f6fa72.13.raw.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 5.0.Pluto Panel.exe.f18208.10.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 5.0.Pluto Panel.exe.f18208.10.raw.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1d1caed.10.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1d1caed.10.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 4.0.healastounding.exe.902324.11.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 4.0.healastounding.exe.902324.11.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.0.healastounding.exe.902324.11.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 4.0.healastounding.exe.902324.11.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 4.0.healastounding.exe.902324.11.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 11.0.22.exe.5f65b6.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.7.unpack, type: UNPACKEDPE | Matched rule: Detects Ficker infostealer Author: ditekSHen |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.16.unpack, type: UNPACKEDPE | Matched rule: Detects Ficker infostealer Author: ditekSHen |
Source: 0.1.RIP_YOUR_PC_LOL.exe.d4dd52.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 4.0.healastounding.exe.900000.0.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 4.0.healastounding.exe.900000.0.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.0.healastounding.exe.900000.0.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 4.0.healastounding.exe.900000.0.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 4.0.healastounding.exe.900000.0.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 4.0.healastounding.exe.95312e.7.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.0.healastounding.exe.95312e.7.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.11.unpack, type: UNPACKEDPE | Matched rule: Detects Ficker infostealer Author: ditekSHen |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.12.unpack, type: UNPACKEDPE | Matched rule: Detects Ficker infostealer Author: ditekSHen |
Source: 9.2.Opus.exe.3ed9c96.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 9.2.Opus.exe.3ed9c96.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 9.2.Opus.exe.3ed9c96.2.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.0.RIP_YOUR_PC_LOL.exe.c8867b.4.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.1.RIP_YOUR_PC_LOL.exe.c8867b.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.1.RIP_YOUR_PC_LOL.exe.9fa0eb.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.1.RIP_YOUR_PC_LOL.exe.9fa0eb.2.raw.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 4.0.healastounding.exe.95312e.2.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.0.healastounding.exe.95312e.2.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 9.2.Opus.exe.3edeacc.3.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 9.2.Opus.exe.3edeacc.3.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 9.2.Opus.exe.3ee30f5.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 9.2.Opus.exe.3ee30f5.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 4.0.healastounding.exe.95312e.7.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.0.healastounding.exe.95312e.7.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 4.2.healastounding.exe.902324.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 4.2.healastounding.exe.902324.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.2.healastounding.exe.902324.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 4.2.healastounding.exe.902324.3.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 4.2.healastounding.exe.902324.3.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 5.0.Pluto Panel.exe.f18208.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 5.0.Pluto Panel.exe.f18208.2.raw.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 5.0.Pluto Panel.exe.f6fa72.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 5.0.Pluto Panel.exe.f6fa72.1.raw.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 5.0.Pluto Panel.exe.f6fa72.9.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 5.0.Pluto Panel.exe.f6fa72.9.raw.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 17.0.mediaget.exe.ab0000.1.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 17.0.mediaget.exe.ab0000.1.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 11.0.22.exe.43de6f.7.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 4.0.healastounding.exe.95312e.13.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.0.healastounding.exe.95312e.13.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.18.unpack, type: UNPACKEDPE | Matched rule: Detects Ficker infostealer Author: ditekSHen |
Source: 11.0.22.exe.400000.18.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.2.RIP_YOUR_PC_LOL.exe.9fa0eb.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.RIP_YOUR_PC_LOL.exe.9fa0eb.2.raw.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 5.0.Pluto Panel.exe.f6fa72.7.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 5.0.Pluto Panel.exe.f6fa72.7.raw.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 11.0.22.exe.530edf.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.3.RIP_YOUR_PC_LOL.exe.5839748.8.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 6.0.test.exe.da0000.2.unpack, type: UNPACKEDPE | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 0.2.RIP_YOUR_PC_LOL.exe.206ac1d.13.raw.unpack, type: UNPACKEDPE | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 11.0.22.exe.530edf.22.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1fdd5e1.14.raw.unpack, type: UNPACKEDPE | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 4.2.healastounding.exe.902324.3.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 4.2.healastounding.exe.902324.3.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 4.2.healastounding.exe.902324.3.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.0.RIP_YOUR_PC_LOL.exe.d4dd52.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.13.unpack, type: UNPACKEDPE | Matched rule: Detects Ficker infostealer Author: ditekSHen |
Source: 0.2.RIP_YOUR_PC_LOL.exe.c8867b.4.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 11.0.22.exe.530edf.16.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 5.0.Pluto Panel.exe.f10000.4.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 5.0.Pluto Panel.exe.f10000.4.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 6.0.test.exe.da0000.3.unpack, type: UNPACKEDPE | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 0.3.RIP_YOUR_PC_LOL.exe.5731eca.7.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.3.RIP_YOUR_PC_LOL.exe.5731eca.7.raw.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 0.3.RIP_YOUR_PC_LOL.exe.5707591.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 0.3.RIP_YOUR_PC_LOL.exe.5707591.1.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 4.0.healastounding.exe.935129.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.0.healastounding.exe.935129.5.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 5.0.Pluto Panel.exe.f10000.12.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 5.0.Pluto Panel.exe.f10000.12.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.RIP_YOUR_PC_LOL.exe.206ac1d.13.unpack, type: UNPACKEDPE | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.10.unpack, type: UNPACKEDPE | Matched rule: Detects Ficker infostealer Author: ditekSHen |
Source: 5.0.Pluto Panel.exe.f19c0d.6.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 5.0.Pluto Panel.exe.f19c0d.6.raw.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 0.3.RIP_YOUR_PC_LOL.exe.5a2fcfe.10.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.1.RIP_YOUR_PC_LOL.exe.9f22de.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.1.RIP_YOUR_PC_LOL.exe.9f22de.1.raw.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 5.0.Pluto Panel.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 5.0.Pluto Panel.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 4.0.healastounding.exe.935129.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.0.healastounding.exe.935129.1.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.0.RIP_YOUR_PC_LOL.exe.206ac1d.13.unpack, type: UNPACKEDPE | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 5.0.Pluto Panel.exe.f19c0d.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 5.0.Pluto Panel.exe.f19c0d.3.raw.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 11.0.22.exe.530edf.11.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.19.unpack, type: UNPACKEDPE | Matched rule: Detects Ficker infostealer Author: ditekSHen |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.14.unpack, type: UNPACKEDPE | Matched rule: Detects Ficker infostealer Author: ditekSHen |
Source: 9.2.Opus.exe.5b04629.6.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 9.2.Opus.exe.5b04629.6.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 15.2.0fd7de5367376231a788872005d7ed4f.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Ficker infostealer Author: ditekSHen |
Source: 0.0.RIP_YOUR_PC_LOL.exe.9f86e6.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.0.RIP_YOUR_PC_LOL.exe.9f86e6.3.raw.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 0.3.RIP_YOUR_PC_LOL.exe.59c8085.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 7.2.0fd7de5367376231a788872005d7ed4f.exe.24f15a0.1.unpack, type: UNPACKEDPE | Matched rule: Detects Ficker infostealer Author: ditekSHen |
Source: 0.2.RIP_YOUR_PC_LOL.exe.9f22de.3.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.RIP_YOUR_PC_LOL.exe.9f22de.3.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 17.0.mediaget.exe.ab0000.2.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 17.0.mediaget.exe.ab0000.2.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 8.0.gay.exe.d0000.3.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 8.0.gay.exe.d0000.3.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 4.0.healastounding.exe.902324.6.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 4.0.healastounding.exe.902324.6.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 4.0.healastounding.exe.902324.6.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 9.0.Opus.exe.840000.2.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 9.0.Opus.exe.840000.2.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 9.0.Opus.exe.840000.2.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 4.2.healastounding.exe.3479694.5.unpack, type: UNPACKEDPE | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 5.0.Pluto Panel.exe.f18208.14.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 5.0.Pluto Panel.exe.f18208.14.raw.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 4.0.healastounding.exe.902324.14.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 4.0.healastounding.exe.902324.14.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 4.0.healastounding.exe.902324.14.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 6.0.test.exe.da0000.1.unpack, type: UNPACKEDPE | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 4.0.healastounding.exe.95312e.13.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.0.healastounding.exe.95312e.13.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.2.RIP_YOUR_PC_LOL.exe.9f86e6.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.RIP_YOUR_PC_LOL.exe.9f86e6.1.raw.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 0.3.RIP_YOUR_PC_LOL.exe.5725596.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 0.3.RIP_YOUR_PC_LOL.exe.5725596.2.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 4.0.healastounding.exe.900000.12.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 4.0.healastounding.exe.900000.12.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.0.healastounding.exe.900000.12.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 4.0.healastounding.exe.900000.12.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 4.0.healastounding.exe.900000.12.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 4.0.healastounding.exe.935129.9.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.0.healastounding.exe.935129.9.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.3.RIP_YOUR_PC_LOL.exe.596a627.9.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce97c4.11.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce97c4.11.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce97c4.11.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce97c4.11.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce97c4.11.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.1.RIP_YOUR_PC_LOL.exe.c8867b.3.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.1.RIP_YOUR_PC_LOL.exe.9f86e6.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.1.RIP_YOUR_PC_LOL.exe.9f86e6.0.raw.unpack, type: UNPACKEDPE | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce97c4.11.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce97c4.11.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce97c4.11.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce97c4.11.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce97c4.11.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 4.0.healastounding.exe.902324.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 4.0.healastounding.exe.902324.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.0.healastounding.exe.902324.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 4.0.healastounding.exe.902324.3.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 4.0.healastounding.exe.902324.3.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce97c4.11.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce97c4.11.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce97c4.11.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce97c4.11.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce97c4.11.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 11.0.22.exe.530edf.4.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 4.0.healastounding.exe.95312e.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.0.healastounding.exe.95312e.2.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 4.0.healastounding.exe.900000.8.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 4.0.healastounding.exe.900000.8.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.0.healastounding.exe.900000.8.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 4.0.healastounding.exe.900000.8.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 4.0.healastounding.exe.900000.8.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.0.RIP_YOUR_PC_LOL.exe.ea57bf.9.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.0.RIP_YOUR_PC_LOL.exe.ea57bf.9.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 0.0.RIP_YOUR_PC_LOL.exe.ea57bf.9.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 0.0.RIP_YOUR_PC_LOL.exe.ea57bf.9.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.0.RIP_YOUR_PC_LOL.exe.ea57bf.9.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.2.RIP_YOUR_PC_LOL.exe.ea57bf.9.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.RIP_YOUR_PC_LOL.exe.ea57bf.9.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 0.2.RIP_YOUR_PC_LOL.exe.ea57bf.9.unpack, type: UNPACKEDPE | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 0.2.RIP_YOUR_PC_LOL.exe.ea57bf.9.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.RIP_YOUR_PC_LOL.exe.ea57bf.9.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000009.00000000.414257385.0000000000842000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000009.00000000.414257385.0000000000842000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000006.00000000.397644420.0000000000DA2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 00000009.00000002.707363158.0000000003ECB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000008.00000000.411478373.00000000000D2000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000009.00000000.414807841.0000000000842000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000009.00000000.414807841.0000000000842000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000009.00000000.416456851.0000000000842000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000009.00000000.416456851.0000000000842000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000009.00000002.700831183.0000000000842000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000009.00000002.700831183.0000000000842000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000008.00000002.449565052.00000000000D2000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000000.00000003.388952115.00000000059C7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 0000002A.00000000.507357595.0000000000FB2000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000011.00000000.445953483.0000000000AB2000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000011.00000002.701265514.0000000000AB2000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0000003B.00000000.627731740.00000000007A2000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000000.00000000.374606826.0000000001F6B000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth |
Source: 00000000.00000000.374606826.0000000001F6B000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 00000011.00000003.646152049.0000000001338000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000024.00000000.475797127.0000000000572000.00000002.00000001.01000000.00000015.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000024.00000000.475797127.0000000000572000.00000002.00000001.01000000.00000015.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000006.00000002.701971433.0000000001354000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 0000001C.00000002.567040014.0000000003081000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000019.00000003.459495184.0000000000673000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group |
Source: 0000002E.00000000.548907669.0000000000722000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000011.00000000.445251023.0000000000AB2000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000004.00000000.385235005.0000000000902000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000004.00000000.385235005.0000000000902000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000004.00000000.385235005.0000000000902000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0000002E.00000002.610238464.0000000000722000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000005.00000000.393171200.0000000000F12000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000005.00000000.393171200.0000000000F12000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 0000002A.00000002.552899490.0000000000FB2000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000004.00000002.538356356.0000000003471000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 00000004.00000002.538356356.0000000003471000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000005.00000002.706080641.00000000036DB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 00000000.00000002.693319449.0000000001F6B000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth |
Source: 00000000.00000002.693319449.0000000001F6B000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 00000006.00000000.405813841.0000000000DA2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 00000008.00000000.410285813.00000000000D2000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000004.00000002.463698979.0000000000902000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000004.00000002.463698979.0000000000902000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000004.00000002.463698979.0000000000902000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000005.00000000.394040229.0000000000F12000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000005.00000000.394040229.0000000000F12000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 00000008.00000000.408615715.00000000000D2000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 00000011.00000000.447375879.0000000000AB2000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000006.00000000.394727625.0000000000DA2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 00000005.00000000.394636472.0000000000F12000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000005.00000000.394636472.0000000000F12000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 00000026.00000000.491059532.0000000000272000.00000002.00000001.01000000.00000015.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000026.00000000.491059532.0000000000272000.00000002.00000001.01000000.00000015.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000006.00000000.399704980.0000000000DA2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 00000024.00000002.629223400.0000000000572000.00000002.00000001.01000000.00000015.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000024.00000002.629223400.0000000000572000.00000002.00000001.01000000.00000015.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000006.00000002.703770994.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 00000009.00000000.415266906.0000000000842000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000009.00000000.415266906.0000000000842000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000019.00000003.459275166.0000000000698000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group |
Source: 00000005.00000002.701277187.0000000000F12000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000005.00000002.701277187.0000000000F12000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 00000019.00000003.458681148.000000000067C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group |
Source: 00000000.00000002.502131214.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000002.502131214.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 0000001C.00000002.579383399.0000000004081000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000003.386628983.00000000056F5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000000.00000000.371829021.0000000001893000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000000.00000000.371829021.0000000001893000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000000.371829021.0000000001893000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0000001C.00000002.514866763.0000000000922000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0000001C.00000002.514866763.0000000000922000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 00000000.00000001.375725825.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000001.375725825.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 00000004.00000002.546334194.0000000004474000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000004.00000002.546334194.0000000004474000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth |
Source: 00000004.00000002.546334194.0000000004474000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000011.00000000.446671445.0000000000AB2000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000009.00000002.708577022.0000000005870000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000009.00000002.708577022.0000000005870000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 00000008.00000000.409570794.00000000000D2000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000019.00000003.458183685.0000000000660000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group |
Source: 00000004.00000000.381351381.0000000000902000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000004.00000000.381351381.0000000000902000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000004.00000000.381351381.0000000000902000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000006.00000002.701012196.0000000000DA2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: 00000025.00000000.491609227.00000000002A2000.00000002.00000001.01000000.00000016.sdmp, type: MEMORY | Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 0000001C.00000000.461250332.0000000000922000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0000001C.00000000.461250332.0000000000922000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000002.679442760.0000000001893000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000000.00000002.679442760.0000000001893000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000002.679442760.0000000001893000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000009.00000002.708751563.0000000005B00000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000009.00000002.708751563.0000000005B00000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Detects NanoCore Author: ditekSHen |
Source: 00000024.00000002.674377761.0000000003CF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000024.00000002.673042782.0000000002CF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000005.00000000.397247474.0000000000F12000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000005.00000000.397247474.0000000000F12000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: 00000004.00000000.382829254.0000000000902000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000004.00000000.382829254.0000000000902000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000004.00000000.382829254.0000000000902000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000004.00000000.383946223.0000000000902000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000004.00000000.383946223.0000000000902000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000004.00000000.383946223.0000000000902000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: Process Memory Space: RIP_YOUR_PC_LOL.exe PID: 6880, type: MEMORYSTR | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: Process Memory Space: healastounding.exe PID: 3572, type: MEMORYSTR | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: Process Memory Space: healastounding.exe PID: 3572, type: MEMORYSTR | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: Process Memory Space: healastounding.exe PID: 3572, type: MEMORYSTR | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: test.exe PID: 6236, type: MEMORYSTR | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: Process Memory Space: test.exe PID: 6236, type: MEMORYSTR | Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: Process Memory Space: Opus.exe PID: 3244, type: MEMORYSTR | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: Process Memory Space: Opus.exe PID: 3244, type: MEMORYSTR | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: C:\Users\user\AppData\Roaming\gay.exe, type: DROPPED | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: C:\Users\user\AppData\Roaming\gay.exe, type: DROPPED | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: C:\Users\user\AppData\Roaming\Opus.exe, type: DROPPED | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: C:\Users\user\AppData\Roaming\Opus.exe, type: DROPPED | Matched rule: Detects NanoCore Author: ditekSHen |
Source: C:\Users\user\AppData\Roaming\Opus.exe, type: DROPPED | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a797c6ca3f5e7aff8fa1149c47fe9466.exe, type: DROPPED | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a797c6ca3f5e7aff8fa1149c47fe9466.exe, type: DROPPED | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: C:\Users\user\AppData\Roaming\mediaget.exe, type: DROPPED | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: C:\Users\user\AppData\Roaming\mediaget.exe, type: DROPPED | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, type: DROPPED | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, type: DROPPED | Matched rule: Detects NanoCore Author: ditekSHen |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, type: DROPPED | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: C:\Users\user\AppData\Roaming\test.exe, type: DROPPED | Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen |
Source: C:\Windows\Help\active_desktop_render.dll, type: DROPPED | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: C:\Users\user\AppData\Roaming\Pluto Panel.exe, type: DROPPED | Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: C:\Users\user\AppData\Roaming\Pluto Panel.exe, type: DROPPED | Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group |
Source: C:\Users\user\AppData\Roaming\3.exe, type: DROPPED | Matched rule: DCRat payload Author: ditekSHen |
Source: C:\Users\user\AppData\Roaming\3.exe, type: DROPPED | Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: C:\Users\user\AppData\Roaming\22.exe, type: DROPPED | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: C:\Users\user\AppData\Roaming\healastounding.exe, type: DROPPED | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: C:\Users\user\AppData\Roaming\healastounding.exe, type: DROPPED | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: C:\Users\user\AppData\Roaming\healastounding.exe, type: DROPPED | Matched rule: Detects NanoCore Author: ditekSHen |
Source: RIP_YOUR_PC_LOL.exe, type: SAMPLE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: RIP_YOUR_PC_LOL.exe, type: SAMPLE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: RIP_YOUR_PC_LOL.exe, type: SAMPLE | Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: RIP_YOUR_PC_LOL.exe, type: SAMPLE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: RIP_YOUR_PC_LOL.exe, type: SAMPLE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: RIP_YOUR_PC_LOL.exe, type: SAMPLE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: RIP_YOUR_PC_LOL.exe, type: SAMPLE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: RIP_YOUR_PC_LOL.exe, type: SAMPLE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: RIP_YOUR_PC_LOL.exe, type: SAMPLE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 0.0.RIP_YOUR_PC_LOL.exe.206ac1d.13.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 0.2.RIP_YOUR_PC_LOL.exe.d4dd52.5.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 0.3.RIP_YOUR_PC_LOL.exe.5a556c1.5.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 9.2.Opus.exe.840000.0.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 9.2.Opus.exe.840000.0.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 9.2.Opus.exe.840000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 9.2.Opus.exe.840000.0.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 9.0.Opus.exe.840000.0.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 9.0.Opus.exe.840000.0.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 9.0.Opus.exe.840000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 9.0.Opus.exe.840000.0.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 4.2.healastounding.exe.34865dc.7.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.2.healastounding.exe.34865dc.7.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 8.0.gay.exe.d0000.2.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 8.0.gay.exe.d0000.2.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0.0.RIP_YOUR_PC_LOL.exe.c8867b.4.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 11.0.22.exe.5f65b6.17.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 5.2.Pluto Panel.exe.36b9cb4.4.raw.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 5.0.Pluto Panel.exe.f10000.8.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 5.0.Pluto Panel.exe.f10000.8.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 5.0.Pluto Panel.exe.f10000.8.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 5.2.Pluto Panel.exe.f6fa72.1.raw.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 5.2.Pluto Panel.exe.f6fa72.1.raw.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 5.2.Pluto Panel.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 5.2.Pluto Panel.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 5.2.Pluto Panel.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 9.2.Opus.exe.5b00000.7.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 9.2.Opus.exe.5b00000.7.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 9.2.Opus.exe.5b00000.7.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 5.2.Pluto Panel.exe.f18208.3.raw.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 5.2.Pluto Panel.exe.f18208.3.raw.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 5.2.Pluto Panel.exe.f18208.3.raw.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 6.2.test.exe.da0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Ficker author = ditekSHen, description = Detects Ficker infostealer, clamav_sig = MALWARE.Win.Trojan.Ficker |
Source: 8.2.gay.exe.d0000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 8.2.gay.exe.d0000.0.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 7.2.0fd7de5367376231a788872005d7ed4f.exe.24f15a0.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Ficker author = ditekSHen, description = Detects Ficker infostealer, clamav_sig = MALWARE.Win.Trojan.Ficker |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1f6c52e.15.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 5.2.Pluto Panel.exe.f19c0d.2.raw.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 5.2.Pluto Panel.exe.f19c0d.2.raw.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 4.2.healastounding.exe.4474268.10.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 4.2.healastounding.exe.4474268.10.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 4.2.healastounding.exe.4474268.10.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 4.2.healastounding.exe.4474268.10.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1f6c52e.15.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 0.1.RIP_YOUR_PC_LOL.exe.9f22de.1.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 0.1.RIP_YOUR_PC_LOL.exe.9f22de.1.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.1.RIP_YOUR_PC_LOL.exe.9f22de.1.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1d1caed.10.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1d1caed.10.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 9.2.Opus.exe.5b00000.7.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 9.2.Opus.exe.5b00000.7.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 9.2.Opus.exe.5b00000.7.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 5.2.Pluto Panel.exe.3b3a1c4.6.raw.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 4.2.healastounding.exe.3479694.5.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 4.2.healastounding.exe.3479694.5.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.2.healastounding.exe.3479694.5.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.5.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Ficker author = ditekSHen, description = Detects Ficker infostealer, clamav_sig = MALWARE.Win.Trojan.Ficker |
Source: 5.2.Pluto Panel.exe.7700000.9.raw.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 4.0.healastounding.exe.902324.11.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 4.0.healastounding.exe.902324.11.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 4.0.healastounding.exe.902324.11.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 4.0.healastounding.exe.902324.11.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 11.0.22.exe.5f65b6.23.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 11.0.22.exe.530edf.22.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 11.0.22.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 11.0.22.exe.400000.12.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 5.0.Pluto Panel.exe.f18208.5.raw.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 5.0.Pluto Panel.exe.f18208.5.raw.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 5.0.Pluto Panel.exe.f18208.5.raw.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 4.2.healastounding.exe.95312e.2.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.2.healastounding.exe.95312e.2.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Ficker author = ditekSHen, description = Detects Ficker infostealer, clamav_sig = MALWARE.Win.Trojan.Ficker |
Source: 6.0.test.exe.da0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 17.0.mediaget.exe.ab0000.3.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 17.0.mediaget.exe.ab0000.3.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce97c4.11.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce97c4.11.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce97c4.11.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce97c4.11.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce97c4.11.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 4.0.healastounding.exe.95312e.10.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.0.healastounding.exe.95312e.10.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 9.2.Opus.exe.2ea1844.1.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 9.2.Opus.exe.2ea1844.1.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 9.2.Opus.exe.2ea1844.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 4.0.healastounding.exe.95312e.10.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.0.healastounding.exe.95312e.10.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 17.0.mediaget.exe.ab0000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 17.0.mediaget.exe.ab0000.0.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1fdd5e1.14.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.17.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Ficker author = ditekSHen, description = Detects Ficker infostealer, clamav_sig = MALWARE.Win.Trojan.Ficker |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Ficker author = ditekSHen, description = Detects Ficker infostealer, clamav_sig = MALWARE.Win.Trojan.Ficker |
Source: 0.2.RIP_YOUR_PC_LOL.exe.9f22de.3.raw.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 0.2.RIP_YOUR_PC_LOL.exe.9f22de.3.raw.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.RIP_YOUR_PC_LOL.exe.9f22de.3.raw.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 11.0.22.exe.5f65b6.10.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 0.0.RIP_YOUR_PC_LOL.exe.9f22de.1.raw.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 0.0.RIP_YOUR_PC_LOL.exe.9f22de.1.raw.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.0.RIP_YOUR_PC_LOL.exe.9f22de.1.raw.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 4.0.healastounding.exe.900000.4.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 4.0.healastounding.exe.900000.4.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.0.healastounding.exe.900000.4.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 4.0.healastounding.exe.900000.4.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 4.0.healastounding.exe.900000.4.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 4.2.healastounding.exe.4474268.10.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 4.2.healastounding.exe.4474268.10.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 4.2.healastounding.exe.4474268.10.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.3.RIP_YOUR_PC_LOL.exe.5a556c1.5.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 9.0.Opus.exe.840000.3.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 9.0.Opus.exe.840000.3.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 9.0.Opus.exe.840000.3.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 9.0.Opus.exe.840000.3.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 5.0.Pluto Panel.exe.f19c0d.15.raw.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 5.0.Pluto Panel.exe.f19c0d.15.raw.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.15.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Ficker author = ditekSHen, description = Detects Ficker infostealer, clamav_sig = MALWARE.Win.Trojan.Ficker |
Source: 0.3.RIP_YOUR_PC_LOL.exe.596a627.9.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 11.0.22.exe.43de6f.19.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 11.0.22.exe.530edf.16.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 4.2.healastounding.exe.95312e.2.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.2.healastounding.exe.95312e.2.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 11.0.22.exe.43de6f.2.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 4.2.healastounding.exe.3474284.6.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 4.2.healastounding.exe.3474284.6.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.2.healastounding.exe.3474284.6.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 4.0.healastounding.exe.902324.6.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 4.0.healastounding.exe.902324.14.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 4.0.healastounding.exe.902324.6.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.0.healastounding.exe.902324.6.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 4.0.healastounding.exe.902324.6.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 4.0.healastounding.exe.902324.6.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 4.0.healastounding.exe.902324.14.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.0.healastounding.exe.902324.14.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 4.0.healastounding.exe.902324.14.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 4.0.healastounding.exe.902324.14.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 17.2.mediaget.exe.ab0000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 17.2.mediaget.exe.ab0000.0.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 11.0.22.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 0.0.RIP_YOUR_PC_LOL.exe.9fa0eb.2.raw.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 0.0.RIP_YOUR_PC_LOL.exe.9fa0eb.2.raw.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 9.2.Opus.exe.3edeacc.3.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 9.2.Opus.exe.3edeacc.3.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 9.2.Opus.exe.3edeacc.3.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 0.2.RIP_YOUR_PC_LOL.exe.c8867b.4.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 4.0.healastounding.exe.935129.15.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.0.healastounding.exe.935129.15.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0.0.RIP_YOUR_PC_LOL.exe.9f22de.1.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 0.0.RIP_YOUR_PC_LOL.exe.9f22de.1.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.0.RIP_YOUR_PC_LOL.exe.9f22de.1.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.9.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Ficker author = ditekSHen, description = Detects Ficker infostealer, clamav_sig = MALWARE.Win.Trojan.Ficker |
Source: 11.0.22.exe.43de6f.13.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 4.0.healastounding.exe.902324.3.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 4.0.healastounding.exe.902324.3.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 4.0.healastounding.exe.902324.3.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 4.0.healastounding.exe.902324.3.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 8.0.gay.exe.d0000.1.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 8.0.gay.exe.d0000.1.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 8.0.gay.exe.d0000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 8.0.gay.exe.d0000.0.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 9.0.Opus.exe.840000.1.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 9.0.Opus.exe.840000.1.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 9.0.Opus.exe.840000.1.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 9.0.Opus.exe.840000.1.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 11.0.22.exe.530edf.11.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 5.0.Pluto Panel.exe.f19c0d.11.raw.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 5.0.Pluto Panel.exe.f19c0d.11.raw.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 4.2.healastounding.exe.935129.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.2.healastounding.exe.935129.1.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 4.2.healastounding.exe.34865dc.7.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.2.healastounding.exe.34865dc.7.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 9.2.Opus.exe.5870000.5.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 9.2.Opus.exe.5870000.5.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 9.2.Opus.exe.5870000.5.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 4.2.healastounding.exe.900000.0.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 4.2.healastounding.exe.900000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.2.healastounding.exe.900000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 4.2.healastounding.exe.900000.0.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 4.2.healastounding.exe.900000.0.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 5.0.Pluto Panel.exe.f6fa72.13.raw.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 5.0.Pluto Panel.exe.f6fa72.13.raw.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 5.0.Pluto Panel.exe.f18208.10.raw.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 5.0.Pluto Panel.exe.f18208.10.raw.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 5.0.Pluto Panel.exe.f18208.10.raw.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1d1caed.10.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1d1caed.10.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 4.0.healastounding.exe.902324.11.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 4.0.healastounding.exe.902324.11.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.0.healastounding.exe.902324.11.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 4.0.healastounding.exe.902324.11.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 4.0.healastounding.exe.902324.11.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 11.0.22.exe.5f65b6.5.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.7.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Ficker author = ditekSHen, description = Detects Ficker infostealer, clamav_sig = MALWARE.Win.Trojan.Ficker |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.16.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Ficker author = ditekSHen, description = Detects Ficker infostealer, clamav_sig = MALWARE.Win.Trojan.Ficker |
Source: 0.1.RIP_YOUR_PC_LOL.exe.d4dd52.4.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 4.0.healastounding.exe.900000.0.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 4.0.healastounding.exe.900000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.0.healastounding.exe.900000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 4.0.healastounding.exe.900000.0.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 4.0.healastounding.exe.900000.0.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 4.0.healastounding.exe.95312e.7.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.0.healastounding.exe.95312e.7.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.11.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Ficker author = ditekSHen, description = Detects Ficker infostealer, clamav_sig = MALWARE.Win.Trojan.Ficker |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.12.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Ficker author = ditekSHen, description = Detects Ficker infostealer, clamav_sig = MALWARE.Win.Trojan.Ficker |
Source: 9.2.Opus.exe.3ed9c96.2.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 9.2.Opus.exe.3ed9c96.2.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 9.2.Opus.exe.3ed9c96.2.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 9.2.Opus.exe.3ed9c96.2.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.0.RIP_YOUR_PC_LOL.exe.c8867b.4.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 5.2.Pluto Panel.exe.7710000.10.raw.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.1.RIP_YOUR_PC_LOL.exe.c8867b.3.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 0.1.RIP_YOUR_PC_LOL.exe.9fa0eb.2.raw.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 0.1.RIP_YOUR_PC_LOL.exe.9fa0eb.2.raw.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 4.0.healastounding.exe.95312e.2.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.0.healastounding.exe.95312e.2.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 9.2.Opus.exe.3edeacc.3.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 9.2.Opus.exe.3edeacc.3.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 9.2.Opus.exe.3edeacc.3.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 9.2.Opus.exe.3ee30f5.4.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 9.2.Opus.exe.3ee30f5.4.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 9.2.Opus.exe.3ee30f5.4.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 4.0.healastounding.exe.95312e.7.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.0.healastounding.exe.95312e.7.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 4.2.healastounding.exe.902324.3.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 4.2.healastounding.exe.902324.3.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.2.healastounding.exe.902324.3.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 4.2.healastounding.exe.902324.3.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 4.2.healastounding.exe.902324.3.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 5.0.Pluto Panel.exe.f18208.2.raw.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 5.0.Pluto Panel.exe.f18208.2.raw.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 5.0.Pluto Panel.exe.f18208.2.raw.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 5.0.Pluto Panel.exe.f6fa72.1.raw.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 5.0.Pluto Panel.exe.f6fa72.1.raw.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 5.0.Pluto Panel.exe.f6fa72.9.raw.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 5.0.Pluto Panel.exe.f6fa72.9.raw.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 17.0.mediaget.exe.ab0000.1.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 17.0.mediaget.exe.ab0000.1.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 11.0.22.exe.43de6f.7.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 4.0.healastounding.exe.95312e.13.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.0.healastounding.exe.95312e.13.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.18.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Ficker author = ditekSHen, description = Detects Ficker infostealer, clamav_sig = MALWARE.Win.Trojan.Ficker |
Source: 11.0.22.exe.400000.18.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 0.2.RIP_YOUR_PC_LOL.exe.9fa0eb.2.raw.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 0.2.RIP_YOUR_PC_LOL.exe.9fa0eb.2.raw.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 5.0.Pluto Panel.exe.f6fa72.7.raw.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 5.0.Pluto Panel.exe.f6fa72.7.raw.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 11.0.22.exe.530edf.4.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 0.3.RIP_YOUR_PC_LOL.exe.5839748.8.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 6.0.test.exe.da0000.2.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 0.2.RIP_YOUR_PC_LOL.exe.206ac1d.13.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 11.0.22.exe.530edf.22.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1fdd5e1.14.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 4.2.healastounding.exe.902324.3.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 4.2.healastounding.exe.902324.3.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 4.2.healastounding.exe.902324.3.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 4.2.healastounding.exe.902324.3.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.0.RIP_YOUR_PC_LOL.exe.d4dd52.5.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.13.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Ficker author = ditekSHen, description = Detects Ficker infostealer, clamav_sig = MALWARE.Win.Trojan.Ficker |
Source: 0.2.RIP_YOUR_PC_LOL.exe.c8867b.4.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 11.0.22.exe.530edf.16.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 5.0.Pluto Panel.exe.f10000.4.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 5.0.Pluto Panel.exe.f10000.4.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 5.0.Pluto Panel.exe.f10000.4.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 6.0.test.exe.da0000.3.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 0.3.RIP_YOUR_PC_LOL.exe.5731eca.7.raw.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 0.3.RIP_YOUR_PC_LOL.exe.5731eca.7.raw.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 0.3.RIP_YOUR_PC_LOL.exe.5707591.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 0.3.RIP_YOUR_PC_LOL.exe.5707591.1.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 4.0.healastounding.exe.935129.5.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.0.healastounding.exe.935129.5.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce9ce8.12.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 5.0.Pluto Panel.exe.f10000.12.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 5.0.Pluto Panel.exe.f10000.12.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 5.0.Pluto Panel.exe.f10000.12.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 0.2.RIP_YOUR_PC_LOL.exe.206ac1d.13.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.10.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Ficker author = ditekSHen, description = Detects Ficker infostealer, clamav_sig = MALWARE.Win.Trojan.Ficker |
Source: 5.0.Pluto Panel.exe.f19c0d.6.raw.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 5.0.Pluto Panel.exe.f19c0d.6.raw.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 0.3.RIP_YOUR_PC_LOL.exe.5a2fcfe.10.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 0.1.RIP_YOUR_PC_LOL.exe.9f22de.1.raw.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 0.1.RIP_YOUR_PC_LOL.exe.9f22de.1.raw.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.1.RIP_YOUR_PC_LOL.exe.9f22de.1.raw.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 5.0.Pluto Panel.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 5.0.Pluto Panel.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 5.0.Pluto Panel.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 4.0.healastounding.exe.935129.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.0.healastounding.exe.935129.1.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0.0.RIP_YOUR_PC_LOL.exe.206ac1d.13.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 5.0.Pluto Panel.exe.f19c0d.3.raw.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 5.0.Pluto Panel.exe.f19c0d.3.raw.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 11.0.22.exe.530edf.11.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.19.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Ficker author = ditekSHen, description = Detects Ficker infostealer, clamav_sig = MALWARE.Win.Trojan.Ficker |
Source: 15.0.0fd7de5367376231a788872005d7ed4f.exe.400000.14.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Ficker author = ditekSHen, description = Detects Ficker infostealer, clamav_sig = MALWARE.Win.Trojan.Ficker |
Source: 9.2.Opus.exe.5b04629.6.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 9.2.Opus.exe.5b04629.6.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 9.2.Opus.exe.5b04629.6.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 15.2.0fd7de5367376231a788872005d7ed4f.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Ficker author = ditekSHen, description = Detects Ficker infostealer, clamav_sig = MALWARE.Win.Trojan.Ficker |
Source: 0.0.RIP_YOUR_PC_LOL.exe.9f86e6.3.raw.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 0.0.RIP_YOUR_PC_LOL.exe.9f86e6.3.raw.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.0.RIP_YOUR_PC_LOL.exe.9f86e6.3.raw.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 0.3.RIP_YOUR_PC_LOL.exe.59c8085.4.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 7.2.0fd7de5367376231a788872005d7ed4f.exe.24f15a0.1.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Ficker author = ditekSHen, description = Detects Ficker infostealer, clamav_sig = MALWARE.Win.Trojan.Ficker |
Source: 0.2.RIP_YOUR_PC_LOL.exe.9f22de.3.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 0.2.RIP_YOUR_PC_LOL.exe.9f22de.3.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.RIP_YOUR_PC_LOL.exe.9f22de.3.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 17.0.mediaget.exe.ab0000.2.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 17.0.mediaget.exe.ab0000.2.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 8.0.gay.exe.d0000.3.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 8.0.gay.exe.d0000.3.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 4.0.healastounding.exe.902324.6.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 4.0.healastounding.exe.902324.6.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 4.0.healastounding.exe.902324.6.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 4.0.healastounding.exe.902324.6.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 9.0.Opus.exe.840000.2.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 9.0.Opus.exe.840000.2.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 9.0.Opus.exe.840000.2.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 9.0.Opus.exe.840000.2.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 4.2.healastounding.exe.3479694.5.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 5.0.Pluto Panel.exe.f18208.14.raw.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 5.0.Pluto Panel.exe.f18208.14.raw.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 5.0.Pluto Panel.exe.f18208.14.raw.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 4.0.healastounding.exe.902324.14.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 4.0.healastounding.exe.902324.14.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 4.0.healastounding.exe.902324.14.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 4.0.healastounding.exe.902324.14.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 6.0.test.exe.da0000.1.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 4.0.healastounding.exe.95312e.13.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.0.healastounding.exe.95312e.13.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0.2.RIP_YOUR_PC_LOL.exe.9f86e6.1.raw.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 0.2.RIP_YOUR_PC_LOL.exe.9f86e6.1.raw.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.RIP_YOUR_PC_LOL.exe.9f86e6.1.raw.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 0.3.RIP_YOUR_PC_LOL.exe.5725596.2.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 0.3.RIP_YOUR_PC_LOL.exe.5725596.2.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 4.0.healastounding.exe.900000.12.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 4.0.healastounding.exe.900000.12.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.0.healastounding.exe.900000.12.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 4.0.healastounding.exe.900000.12.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 4.0.healastounding.exe.900000.12.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 4.0.healastounding.exe.935129.9.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.0.healastounding.exe.935129.9.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0.3.RIP_YOUR_PC_LOL.exe.596a627.9.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce97c4.11.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce97c4.11.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce97c4.11.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce97c4.11.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce97c4.11.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0.1.RIP_YOUR_PC_LOL.exe.c8867b.3.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 0.1.RIP_YOUR_PC_LOL.exe.9f86e6.0.raw.unpack, type: UNPACKEDPE | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 0.1.RIP_YOUR_PC_LOL.exe.9f86e6.0.raw.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.1.RIP_YOUR_PC_LOL.exe.9f86e6.0.raw.unpack, type: UNPACKEDPE | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce97c4.11.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce97c4.11.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce97c4.11.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce97c4.11.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.2.RIP_YOUR_PC_LOL.exe.1ce97c4.11.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 4.0.healastounding.exe.902324.3.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 4.0.healastounding.exe.902324.3.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.0.healastounding.exe.902324.3.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 4.0.healastounding.exe.902324.3.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 4.0.healastounding.exe.902324.3.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce97c4.11.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce97c4.11.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce97c4.11.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce97c4.11.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.0.RIP_YOUR_PC_LOL.exe.1ce97c4.11.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 11.0.22.exe.530edf.4.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 4.0.healastounding.exe.95312e.2.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.0.healastounding.exe.95312e.2.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 4.0.healastounding.exe.900000.8.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 4.0.healastounding.exe.900000.8.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.0.healastounding.exe.900000.8.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 4.0.healastounding.exe.900000.8.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 4.0.healastounding.exe.900000.8.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 5.2.Pluto Panel.exe.3706aac.5.raw.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.0.RIP_YOUR_PC_LOL.exe.ea57bf.9.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.0.RIP_YOUR_PC_LOL.exe.ea57bf.9.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 0.0.RIP_YOUR_PC_LOL.exe.ea57bf.9.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 0.0.RIP_YOUR_PC_LOL.exe.ea57bf.9.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.0.RIP_YOUR_PC_LOL.exe.ea57bf.9.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0.2.RIP_YOUR_PC_LOL.exe.ea57bf.9.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.RIP_YOUR_PC_LOL.exe.ea57bf.9.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 0.2.RIP_YOUR_PC_LOL.exe.ea57bf.9.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 0.2.RIP_YOUR_PC_LOL.exe.ea57bf.9.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.2.RIP_YOUR_PC_LOL.exe.ea57bf.9.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000009.00000000.414257385.0000000000842000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000009.00000000.414257385.0000000000842000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000006.00000000.397644420.0000000000DA2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 00000009.00000002.707363158.0000000003ECB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000008.00000000.411478373.00000000000D2000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000009.00000000.414807841.0000000000842000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000009.00000000.414807841.0000000000842000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000009.00000000.416456851.0000000000842000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000009.00000000.416456851.0000000000842000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000009.00000002.700831183.0000000000842000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000009.00000002.700831183.0000000000842000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000008.00000002.449565052.00000000000D2000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000000.00000003.388952115.00000000059C7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 0000002A.00000000.507357595.0000000000FB2000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000011.00000000.445953483.0000000000AB2000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000011.00000002.701265514.0000000000AB2000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0000003B.00000000.627731740.00000000007A2000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000000.00000000.374606826.0000000001F6B000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000000.00000000.374606826.0000000001F6B000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 00000011.00000003.646152049.0000000001338000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000024.00000000.475797127.0000000000572000.00000002.00000001.01000000.00000015.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000024.00000000.475797127.0000000000572000.00000002.00000001.01000000.00000015.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000006.00000002.701971433.0000000001354000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 0000001C.00000002.567040014.0000000003081000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000019.00000003.459495184.0000000000673000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research |
Source: 0000002E.00000000.548907669.0000000000722000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000011.00000000.445251023.0000000000AB2000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000004.00000000.385235005.0000000000902000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000004.00000000.385235005.0000000000902000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000004.00000000.385235005.0000000000902000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0000002E.00000002.610238464.0000000000722000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000005.00000000.393171200.0000000000F12000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 00000005.00000000.393171200.0000000000F12000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 0000002A.00000002.552899490.0000000000FB2000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000004.00000002.538356356.0000000003471000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 00000004.00000002.538356356.0000000003471000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000005.00000002.706080641.00000000036DB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 00000000.00000002.693319449.0000000001F6B000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000000.00000002.693319449.0000000001F6B000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 00000006.00000000.405813841.0000000000DA2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 00000008.00000000.410285813.00000000000D2000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000004.00000002.463698979.0000000000902000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000004.00000002.463698979.0000000000902000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000004.00000002.463698979.0000000000902000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000005.00000002.712472379.0000000007710000.00000004.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000005.00000000.394040229.0000000000F12000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 00000005.00000000.394040229.0000000000F12000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 00000008.00000000.408615715.00000000000D2000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 00000000.00000000.366341482.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 00000011.00000000.447375879.0000000000AB2000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000006.00000000.394727625.0000000000DA2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 00000005.00000000.394636472.0000000000F12000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 00000005.00000000.394636472.0000000000F12000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 00000026.00000000.491059532.0000000000272000.00000002.00000001.01000000.00000015.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000026.00000000.491059532.0000000000272000.00000002.00000001.01000000.00000015.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000006.00000000.399704980.0000000000DA2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys |
Source: 00000024.00000002.629223400.0000000000572000.00000002.00000001.01000000.00000015.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000024.00000002.629223400.0000000000572000.00000002.00000001.01000000.00000015.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000006.00000002.703770994.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 00000009.00000000.415266906.0000000000842000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000009.00000000.415266906.0000000000842000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000019.00000003.459275166.0000000000698000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research |
Source: 00000005.00000002.701277187.0000000000F12000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 00000005.00000002.701277187.0000000000F12000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 00000019.00000003.458681148.000000000067C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research |
Source: 00000000.00000002.502131214.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 00000000.00000002.502131214.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 0000001C.00000002.579383399.0000000004081000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000000.00000003.386628983.00000000056F5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000000.00000000.371829021.0000000001893000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000000.00000000.371829021.0000000001893000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000000.00000000.371829021.0000000001893000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0000001C.00000002.514866763.0000000000922000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0000001C.00000002.514866763.0000000000922000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 00000000.00000003.437188672.00000000056F5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 00000000.00000001.375725825.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye |
Source: 00000000.00000001.375725825.00000000009F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research |
Source: 00000004.00000002.546334194.0000000004474000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000004.00000002.546334194.0000000004474000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000004.00000002.546334194.0000000004474000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000011.00000000.446671445.0000000000AB2000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000009.00000002.708577022.0000000005870000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000009.00000002.708577022.0000000005870000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000009.00000002.708577022.0000000005870000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 00000008.00000000.409570794.00000000000D2000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000019.00000003.458183685.0000000000660000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research |
Source: 00000004.00000000.381351381.0000000000902000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000004.00000000.381351381.0000000000902000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000004.00000000.381351381.0000000000902000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |