BlackSnufkin
688 lines
40 KiB
Plaintext
688 lines
40 KiB
Plaintext
include ".\rules\elastic-yara\Linux_Backdoor_Bash.yar"
|
|
include ".\rules\elastic-yara\Linux_Backdoor_Fontonlake.yar"
|
|
include ".\rules\elastic-yara\Linux_Backdoor_Generic.yar"
|
|
include ".\rules\elastic-yara\Linux_Backdoor_Python.yar"
|
|
include ".\rules\elastic-yara\Linux_Backdoor_Tinyshell.yar"
|
|
include ".\rules\elastic-yara\Linux_Cryptominer_Attribute.yar"
|
|
include ".\rules\elastic-yara\Linux_Cryptominer_Bscope.yar"
|
|
include ".\rules\elastic-yara\Linux_Cryptominer_Bulz.yar"
|
|
include ".\rules\elastic-yara\Linux_Cryptominer_Camelot.yar"
|
|
include ".\rules\elastic-yara\Linux_Cryptominer_Casdet.yar"
|
|
include ".\rules\elastic-yara\Linux_Cryptominer_Ccminer.yar"
|
|
include ".\rules\elastic-yara\Linux_Cryptominer_Flystudio.yar"
|
|
include ".\rules\elastic-yara\Linux_Cryptominer_Generic.yar"
|
|
include ".\rules\elastic-yara\Linux_Cryptominer_Ksmdbot.yar"
|
|
include ".\rules\elastic-yara\Linux_Cryptominer_Loudminer.yar"
|
|
include ".\rules\elastic-yara\Linux_Cryptominer_Malxmr.yar"
|
|
include ".\rules\elastic-yara\Linux_Cryptominer_Miancha.yar"
|
|
include ".\rules\elastic-yara\Linux_Cryptominer_Minertr.yar"
|
|
include ".\rules\elastic-yara\Linux_Cryptominer_Pgminer.yar"
|
|
include ".\rules\elastic-yara\Linux_Cryptominer_Presenoker.yar"
|
|
include ".\rules\elastic-yara\Linux_Cryptominer_Roboto.yar"
|
|
include ".\rules\elastic-yara\Linux_Cryptominer_Stak.yar"
|
|
include ".\rules\elastic-yara\Linux_Cryptominer_Ursu.yar"
|
|
include ".\rules\elastic-yara\Linux_Cryptominer_Uwamson.yar"
|
|
include ".\rules\elastic-yara\Linux_Cryptominer_Xmrig.yar"
|
|
include ".\rules\elastic-yara\Linux_Cryptominer_Xmrminer.yar"
|
|
include ".\rules\elastic-yara\Linux_Cryptominer_Xpaj.yar"
|
|
include ".\rules\elastic-yara\Linux_Cryptominer_Zexaf.yar"
|
|
include ".\rules\elastic-yara\Linux_Downloader_Generic.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_Abrox.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_Alie.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_CVE_2009_1897.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_CVE_2009_2698.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_CVE_2009_2908.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_CVE_2010_3301.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_CVE_2012_0056.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_CVE_2014_3153.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_CVE_2016_4557.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_CVE_2016_5195.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_CVE_2017_100011.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_CVE_2017_16995.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_CVE_2018_10561.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_CVE_2019_13272.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_CVE_2021_3156.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_CVE_2021_3490.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_CVE_2021_4034.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_CVE_2022_0847.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_Cornelgen.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_Courier.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_Criscras.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_Dirtycow.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_Enoket.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_Foda.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_IOUring.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_Intfour.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_Local.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_Log4j.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_Lotoor.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_Moogrey.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_Openssl.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_Perl.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_Pulse.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_Race.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_Ramen.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_Sorso.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_Vmsplice.yar"
|
|
include ".\rules\elastic-yara\Linux_Exploit_Wuftpd.yar"
|
|
include ".\rules\elastic-yara\Linux_Generic_Threat.yar"
|
|
include ".\rules\elastic-yara\Linux_Hacktool_Aduh.yar"
|
|
include ".\rules\elastic-yara\Linux_Hacktool_Bruteforce.yar"
|
|
include ".\rules\elastic-yara\Linux_Hacktool_Cleanlog.yar"
|
|
include ".\rules\elastic-yara\Linux_Hacktool_Earthworm.yar"
|
|
include ".\rules\elastic-yara\Linux_Hacktool_Exploitscan.yar"
|
|
include ".\rules\elastic-yara\Linux_Hacktool_Flooder.yar"
|
|
include ".\rules\elastic-yara\Linux_Hacktool_Fontonlake.yar"
|
|
include ".\rules\elastic-yara\Linux_Hacktool_Infectionmonkey.yar"
|
|
include ".\rules\elastic-yara\Linux_Hacktool_Lightning.yar"
|
|
include ".\rules\elastic-yara\Linux_Hacktool_LigoloNG.yar"
|
|
include ".\rules\elastic-yara\Linux_Hacktool_Outlaw.yar"
|
|
include ".\rules\elastic-yara\Linux_Hacktool_Portscan.yar"
|
|
include ".\rules\elastic-yara\Linux_Hacktool_Prochide.yar"
|
|
include ".\rules\elastic-yara\Linux_Hacktool_Tcpscan.yar"
|
|
include ".\rules\elastic-yara\Linux_Hacktool_Wipelog.yar"
|
|
include ".\rules\elastic-yara\Linux_Packer_Patched_UPX.yar"
|
|
include ".\rules\elastic-yara\Linux_Proxy_Frp.yar"
|
|
include ".\rules\elastic-yara\Linux_Ransomware_Agenda.yar"
|
|
include ".\rules\elastic-yara\Linux_Ransomware_Akira.yar"
|
|
include ".\rules\elastic-yara\Linux_Ransomware_Babuk.yar"
|
|
include ".\rules\elastic-yara\Linux_Ransomware_BlackBasta.yar"
|
|
include ".\rules\elastic-yara\Linux_Ransomware_BlackSuit.yar"
|
|
include ".\rules\elastic-yara\Linux_Ransomware_Clop.yar"
|
|
include ".\rules\elastic-yara\Linux_Ransomware_Conti.yar"
|
|
include ".\rules\elastic-yara\Linux_Ransomware_EchoRaix.yar"
|
|
include ".\rules\elastic-yara\Linux_Ransomware_Erebus.yar"
|
|
include ".\rules\elastic-yara\Linux_Ransomware_Esxiargs.yar"
|
|
include ".\rules\elastic-yara\Linux_Ransomware_Gonnacry.yar"
|
|
include ".\rules\elastic-yara\Linux_Ransomware_Hellokitty.yar"
|
|
include ".\rules\elastic-yara\Linux_Ransomware_Hive.yar"
|
|
include ".\rules\elastic-yara\Linux_Ransomware_ItsSoEasy.yar"
|
|
include ".\rules\elastic-yara\Linux_Ransomware_LimpDemon.yar"
|
|
include ".\rules\elastic-yara\Linux_Ransomware_Lockbit.yar"
|
|
include ".\rules\elastic-yara\Linux_Ransomware_Monti.yar"
|
|
include ".\rules\elastic-yara\Linux_Ransomware_NoEscape.yar"
|
|
include ".\rules\elastic-yara\Linux_Ransomware_Quantum.yar"
|
|
include ".\rules\elastic-yara\Linux_Ransomware_RagnarLocker.yar"
|
|
include ".\rules\elastic-yara\Linux_Ransomware_RedAlert.yar"
|
|
include ".\rules\elastic-yara\Linux_Ransomware_RoyalPest.yar"
|
|
include ".\rules\elastic-yara\Linux_Ransomware_SFile.yar"
|
|
include ".\rules\elastic-yara\Linux_Ransomware_Sodinokibi.yar"
|
|
include ".\rules\elastic-yara\Linux_Rootkit_Adore.yar"
|
|
include ".\rules\elastic-yara\Linux_Rootkit_Arkd.yar"
|
|
include ".\rules\elastic-yara\Linux_Rootkit_Bedevil.yar"
|
|
include ".\rules\elastic-yara\Linux_Rootkit_BrokePKG.yar"
|
|
include ".\rules\elastic-yara\Linux_Rootkit_Dakkatoni.yar"
|
|
include ".\rules\elastic-yara\Linux_Rootkit_Diamorphine.yar"
|
|
include ".\rules\elastic-yara\Linux_Rootkit_Flipswitch.yar"
|
|
include ".\rules\elastic-yara\Linux_Rootkit_Fontonlake.yar"
|
|
include ".\rules\elastic-yara\Linux_Rootkit_Generic.yar"
|
|
include ".\rules\elastic-yara\Linux_Rootkit_HiddenWasp.yar"
|
|
include ".\rules\elastic-yara\Linux_Rootkit_Jynx.yar"
|
|
include ".\rules\elastic-yara\Linux_Rootkit_Kovid.yar"
|
|
include ".\rules\elastic-yara\Linux_Rootkit_Melofee.yar"
|
|
include ".\rules\elastic-yara\Linux_Rootkit_Mobkit.yar"
|
|
include ".\rules\elastic-yara\Linux_Rootkit_Perfctl.yar"
|
|
include ".\rules\elastic-yara\Linux_Rootkit_Reptile.yar"
|
|
include ".\rules\elastic-yara\Linux_Rootkit_Snapekit.yar"
|
|
include ".\rules\elastic-yara\Linux_Rootkit_Suterusu.yar"
|
|
include ".\rules\elastic-yara\Linux_Shellcode_Generic.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Adlibrary.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Asacub.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Autocolor.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Azeela.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_BPFDoor.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Backconnect.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Backegmm.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Badbee.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Banload.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Bedevil.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Bish.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Bluez.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Cerbu.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Chinaz.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Connectback.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Ddostf.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_DinodasRAT.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Dnsamp.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Dofloo.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Dropperl.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Ebury.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_FinalDraft.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Gafgyt.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Ganiw.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Generic.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Getshell.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Godlua.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Godropper.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Gognt.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Hiddad.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Ipstorm.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Ircbot.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Iroffer.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Kaiji.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Kinsing.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Ladvix.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Lady.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Lala.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Malxmr.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Marut.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Masan.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Mech.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Mechbot.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Melofee.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Merlin.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Metasploit.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Meterpreter.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Mettle.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Mirai.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Mobidash.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Morpes.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Mumblehard.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Ngioweb.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Nuker.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Orbit.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Patpooty.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Pnscan.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Pornoasset.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Psybnc.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Pumakit.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Rbot.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Rekoobe.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Roopre.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Rooter.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Rotajakiro.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Rozena.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Sambashell.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Sckit.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Sdbot.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Setag.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Sfloost.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Shark.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Shellbot.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Skidmap.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Snessik.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Snowlight.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Springtail.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Sqlexp.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Sshdkit.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Sshdoor.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Subsevux.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Swrort.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Sysrv.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Torii.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Truncpx.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Tsunami.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Winnti.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_XZBackdoor.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Xhide.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Xorddos.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Xpmmap.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Zerobot.yar"
|
|
include ".\rules\elastic-yara\Linux_Trojan_Zpevdo.yar"
|
|
include ".\rules\elastic-yara\Linux_Virus_Gmon.yar"
|
|
include ".\rules\elastic-yara\Linux_Virus_Rst.yar"
|
|
include ".\rules\elastic-yara\Linux_Virus_Staffcounter.yar"
|
|
include ".\rules\elastic-yara\Linux_Virus_Thebe.yar"
|
|
include ".\rules\elastic-yara\Linux_Webshell_Generic.yar"
|
|
include ".\rules\elastic-yara\Linux_Worm_Generic.yar"
|
|
include ".\rules\elastic-yara\MacOS_Backdoor_Applejeus.yar"
|
|
include ".\rules\elastic-yara\MacOS_Backdoor_Fakeflashlxk.yar"
|
|
include ".\rules\elastic-yara\MacOS_Backdoor_Kagent.yar"
|
|
include ".\rules\elastic-yara\MacOS_Backdoor_Keyboardrecord.yar"
|
|
include ".\rules\elastic-yara\MacOS_Backdoor_Useragent.yar"
|
|
include ".\rules\elastic-yara\MacOS_Creddump_KeychainAccess.yar"
|
|
include ".\rules\elastic-yara\MacOS_Cryptominer_Generic.yar"
|
|
include ".\rules\elastic-yara\MacOS_Cryptominer_Xmrig.yar"
|
|
include ".\rules\elastic-yara\MacOS_Exploit_Log4j.yar"
|
|
include ".\rules\elastic-yara\MacOS_Hacktool_Bifrost.yar"
|
|
include ".\rules\elastic-yara\MacOS_Hacktool_Swiftbelt.yar"
|
|
include ".\rules\elastic-yara\MacOS_Infostealer_MdQueryPassw.yar"
|
|
include ".\rules\elastic-yara\MacOS_Infostealer_MdQuerySecret.yar"
|
|
include ".\rules\elastic-yara\MacOS_Infostealer_MdQueryTCC.yar"
|
|
include ".\rules\elastic-yara\MacOS_Infostealer_MdQueryToken.yar"
|
|
include ".\rules\elastic-yara\MacOS_Trojan_Adload.yar"
|
|
include ".\rules\elastic-yara\MacOS_Trojan_Amcleaner.yar"
|
|
include ".\rules\elastic-yara\MacOS_Trojan_Aobokeylogger.yar"
|
|
include ".\rules\elastic-yara\MacOS_Trojan_BeaverTail.yar"
|
|
include ".\rules\elastic-yara\MacOS_Trojan_Bundlore.yar"
|
|
include ".\rules\elastic-yara\MacOS_Trojan_CryptoBot.yar"
|
|
include ".\rules\elastic-yara\MacOS_Trojan_Eggshell.yar"
|
|
include ".\rules\elastic-yara\MacOS_Trojan_Electrorat.yar"
|
|
include ".\rules\elastic-yara\MacOS_Trojan_Fplayer.yar"
|
|
include ".\rules\elastic-yara\MacOS_Trojan_Generic.yar"
|
|
include ".\rules\elastic-yara\MacOS_Trojan_Genieo.yar"
|
|
include ".\rules\elastic-yara\MacOS_Trojan_Getshell.yar"
|
|
include ".\rules\elastic-yara\MacOS_Trojan_HLoader.yar"
|
|
include ".\rules\elastic-yara\MacOS_Trojan_KandyKorn.yar"
|
|
include ".\rules\elastic-yara\MacOS_Trojan_Metasploit.yar"
|
|
include ".\rules\elastic-yara\MacOS_Trojan_Odyssey.yar"
|
|
include ".\rules\elastic-yara\MacOS_Trojan_Paradox.yar"
|
|
include ".\rules\elastic-yara\MacOS_Trojan_RootTroy.yar"
|
|
include ".\rules\elastic-yara\MacOS_Trojan_RustBucket.yar"
|
|
include ".\rules\elastic-yara\MacOS_Trojan_Stratofear.yar"
|
|
include ".\rules\elastic-yara\MacOS_Trojan_SugarLoader.yar"
|
|
include ".\rules\elastic-yara\MacOS_Trojan_Telegram2.yar"
|
|
include ".\rules\elastic-yara\MacOS_Trojan_Thiefquest.yar"
|
|
include ".\rules\elastic-yara\MacOS_Trojan_XScreen.yar"
|
|
include ".\rules\elastic-yara\MacOS_Virus_Maxofferdeal.yar"
|
|
include ".\rules\elastic-yara\MacOS_Virus_Pirrit.yar"
|
|
include ".\rules\elastic-yara\MacOS_Virus_Vsearch.yar"
|
|
include ".\rules\elastic-yara\Macos_Hacktool_JokerSpy.yar"
|
|
include ".\rules\elastic-yara\Macos_Infostealer_Atomic.yar"
|
|
include ".\rules\elastic-yara\Macos_Infostealer_Banshee.yar"
|
|
include ".\rules\elastic-yara\Macos_Infostealer_EncodedOsascript.yar"
|
|
include ".\rules\elastic-yara\Macos_Infostealer_Wallets.yar"
|
|
include ".\rules\elastic-yara\Macos_Trojan_NukeSped.yar"
|
|
include ".\rules\elastic-yara\Multi_AttackSimulation_Blindspot.yar"
|
|
include ".\rules\elastic-yara\Multi_Cryptominer_Xmrig.yar"
|
|
include ".\rules\elastic-yara\Multi_EICAR.yar"
|
|
include ".\rules\elastic-yara\Multi_Generic_Threat.yar"
|
|
include ".\rules\elastic-yara\Multi_Hacktool_Gsocket.yar"
|
|
include ".\rules\elastic-yara\Multi_Hacktool_Nps.yar"
|
|
include ".\rules\elastic-yara\Multi_Hacktool_Rakshasa.yar"
|
|
include ".\rules\elastic-yara\Multi_Hacktool_Stowaway.yar"
|
|
include ".\rules\elastic-yara\Multi_Hacktool_SuperShell.yar"
|
|
include ".\rules\elastic-yara\Multi_Ransomware_Akira.yar"
|
|
include ".\rules\elastic-yara\Multi_Ransomware_BlackCat.yar"
|
|
include ".\rules\elastic-yara\Multi_Ransomware_Luna.yar"
|
|
include ".\rules\elastic-yara\Multi_Ransomware_RansomHub.yar"
|
|
include ".\rules\elastic-yara\Multi_Trojan_Coreimpact.yar"
|
|
include ".\rules\elastic-yara\Multi_Trojan_EmpirGo.yar"
|
|
include ".\rules\elastic-yara\Multi_Trojan_FinalDraft.yar"
|
|
include ".\rules\elastic-yara\Multi_Trojan_Goffloader.yar"
|
|
include ".\rules\elastic-yara\Multi_Trojan_Gosar.yar"
|
|
include ".\rules\elastic-yara\Multi_Trojan_Merlin.yar"
|
|
include ".\rules\elastic-yara\Multi_Trojan_Mythic.yar"
|
|
include ".\rules\elastic-yara\Multi_Trojan_Sliver.yar"
|
|
include ".\rules\elastic-yara\Multi_Trojan_SparkRat.yar"
|
|
include ".\rules\elastic-yara\Windows_AttackSimulation_Hovercraft.yar"
|
|
include ".\rules\elastic-yara\Windows_Backdoor_DragonCastling.yar"
|
|
include ".\rules\elastic-yara\Windows_Backdoor_Goldbackdoor.yar"
|
|
include ".\rules\elastic-yara\Windows_Backdoor_TeamViewer.yar"
|
|
include ".\rules\elastic-yara\Windows_Clickfraud_LuckySlots.yar"
|
|
include ".\rules\elastic-yara\Windows_Cryptominer_Generic.yar"
|
|
include ".\rules\elastic-yara\Windows_Exploit_CVE_2022_38028.yar"
|
|
include ".\rules\elastic-yara\Windows_Exploit_Dcom.yar"
|
|
include ".\rules\elastic-yara\Windows_Exploit_Eternalblue.yar"
|
|
include ".\rules\elastic-yara\Windows_Exploit_FakePipe.yar"
|
|
include ".\rules\elastic-yara\Windows_Exploit_Generic.yar"
|
|
include ".\rules\elastic-yara\Windows_Exploit_IoRing.yar"
|
|
include ".\rules\elastic-yara\Windows_Exploit_Log4j.yar"
|
|
include ".\rules\elastic-yara\Windows_Exploit_Perfusion.yar"
|
|
include ".\rules\elastic-yara\Windows_Exploit_RpcJunction.yar"
|
|
include ".\rules\elastic-yara\Windows_Generic_MalCert.yar"
|
|
include ".\rules\elastic-yara\Windows_Generic_Threat.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_AskCreds.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_BlackBone.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_COFFLoader.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_Capcom.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_Certify.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_CheatEngine.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_ChromeKatz.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_ClrOxide.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_CpuLocker.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_DarkLoadLibrary.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_Dcsyncer.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_DinvokeRust.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_EDRWFP.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_EDRrecon.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_ExecuteAssembly.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_Gmer.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_GodPotato.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_Iox.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_LeiGod.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_Mimikatz.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_NetFilter.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_Nimhawk.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_Phant0m.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_PhysMem.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_ProcessHacker.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_RingQ.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_Rubeus.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_SafetyKatz.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_Seatbelt.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_SharPersist.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_SharpAppLocker.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_SharpChromium.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_SharpDump.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_SharpGPOAbuse.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_SharpHound.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_SharpLAPS.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_SharpMove.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_SharpRDP.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_SharpSCCM.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_SharpShares.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_SharpStay.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_SharpUp.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_SharpView.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_SharpWMI.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_SleepObfLoader.yar"
|
|
include ".\rules\elastic-yara\Windows_Hacktool_WinPEAS_ng.yar"
|
|
include ".\rules\elastic-yara\Windows_Infostealer_EddieStealer.yar"
|
|
include ".\rules\elastic-yara\Windows_Infostealer_Generic.yar"
|
|
include ".\rules\elastic-yara\Windows_Infostealer_NovaBlight.yar"
|
|
include ".\rules\elastic-yara\Windows_Infostealer_PhemedroneStealer.yar"
|
|
include ".\rules\elastic-yara\Windows_Infostealer_Strela.yar"
|
|
include ".\rules\elastic-yara\Windows_PUP_Generic.yar"
|
|
include ".\rules\elastic-yara\Windows_PUP_MediaArena.yar"
|
|
include ".\rules\elastic-yara\Windows_PUP_Veriato.yar"
|
|
include ".\rules\elastic-yara\Windows_Packer_ScrubCrypt.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Agenda.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Akira.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Avoslocker.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Azov.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Bitpaymer.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_BlackBasta.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_BlackHunt.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Blackmatter.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Cicada3301.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Clop.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Conti.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Crytox.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Cuba.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Darkside.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Dharma.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Doppelpaymer.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_DragonForce.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Egregor.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_GandCrab.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Generic.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Grief.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Haron.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Hellokitty.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Helloxd.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Hive.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Lockbit.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Lockfile.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Magniber.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Makop.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Maui.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Maze.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Medusa.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Mespinoza.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Mountlocker.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Nightsky.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Pandora.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Phobos.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Ragnarok.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Ransomexx.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Rook.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Royal.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Ryuk.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Snake.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Sodinokibi.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Stop.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Thanos.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Vgod.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_Vhd.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_WannaCry.yar"
|
|
include ".\rules\elastic-yara\Windows_Ransomware_WhisperGate.yar"
|
|
include ".\rules\elastic-yara\Windows_RemoteAdmin_UltraVNC.yar"
|
|
include ".\rules\elastic-yara\Windows_Rootkit_AbyssWorker.yar"
|
|
include ".\rules\elastic-yara\Windows_Rootkit_R77.yar"
|
|
include ".\rules\elastic-yara\Windows_Shellcode_Generic.yar"
|
|
include ".\rules\elastic-yara\Windows_Shellcode_Rdi.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_A310logger.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_ACRStealer.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Adaptix.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Afdk.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_AgentTesla.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Amadey.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Arechclient2.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_ArkeiStealer.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Asyncrat.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_AveMaria.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Azorult.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_BITSloth.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Babble.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Babylonrat.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Backoff.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_BadIIS.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Bandook.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Bazar.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Beam.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Behinder.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Bitrat.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_BlackShades.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Blackwood.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Blister.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_BloodAlchemy.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_BruteRatel.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Buerloader.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Bughatch.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Bumblebee.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_CaesarKbd.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Carberp.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_CastleLoader.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Clipbanker.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_CobaltStrike.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Cryptbot.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_CyberGate.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_DBatLoader.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_DCRat.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_DTrack.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Danabot.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Dante.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_DarkCloud.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_DarkGate.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_DarkVNC.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Darkcomet.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_DeerStealer.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Deimos.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_DiamondFox.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Diceloader.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_DodgeBox.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Donutloader.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_DoorMe.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_DoubleBack.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_DoubleLoader.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_DownTown.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_DragonBreath.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_DreamJob.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Dridex.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_DustyWarehouse.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_EagerBee.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Emotet.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Fabookie.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_FalseFont.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Farfli.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Fickerstealer.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_FinalDraft.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_FlawedGrace.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Formbook.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Garble.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Generic.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Gh0st.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_GhostEngine.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_GhostPulse.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Glupteba.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Gozi.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Grandoreiro.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_GuidLoader.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Guloader.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Hancitor.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Havoc.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Hawkeye.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_HazelCobra.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_HiddenCli.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_HiddenDriver.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_HijackLoader.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_HotPage.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_IcedID.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_JesterStealer.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Jupyter.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_KoiLoader.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Kronos.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Latrodectus.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_LegionLoader.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Limerat.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Lobshot.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Lokibot.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Lumma.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Lurker.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_M0yv.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_MagicRat.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_MassLogger.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Mata.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Matanbuchus.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Merlin.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_MetaStealer.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Metasploit.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_MicroBackdoor.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_MimicRat.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_ModPipe.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_MonsterV2.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_MyloBot.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_NanoRemote.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Nanocore.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_NapListener.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Netwire.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Nighthawk.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_NightshadeC2.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Nimplant.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Njrat.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_NukeSped.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Octopus.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_OnlyLogger.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_OskiStealer.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Oyster.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_P8Loader.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Pandastealer.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Parallax.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_PathLoader.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Phoreal.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_PikaBot.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Pingpull.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_PipeDance.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_PizzaPotion.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_PlugX.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Pony.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_PoshC2.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_PowerSeal.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_PrivateLoader.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_ProtectS.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Qbot.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Quasarrat.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Raccoon.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_RaspberryRobin.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_RedLineStealer.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Remcos.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Revcoderat.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Revengerat.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Rhadamanthys.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_RoningLoader.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_RudeBird.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_STRRAT.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_SVCReady.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_SadBridge.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_SalatStealer.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_ServHelper.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_ShadowPad.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_ShelbyC2.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_ShelbyLoader.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Shellter.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_SiestaGraph.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_SilentConnect.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Sliver.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Smokeloader.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_SnakeKeylogger.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_SolarMarker.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_SomniRecord.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_SourShark.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_SpectralViper.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Squirrelwaffle.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Stealc.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_StormKitty.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_StumpZarus.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_SuddenIcon.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Supper.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_SysJoker.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_SystemBC.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Sythe.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Tofsee.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Tollbooth.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Trickbot.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Tuoni.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_TwistedTinsel.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Vidar.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_WMLoader.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_WarmCookie.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_WhisperGate.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_WikiLoader.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_WineLoader.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Winos.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_XWorm.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Xeno.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Xpertrat.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_XtremeRAT.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Zeus.yar"
|
|
include ".\rules\elastic-yara\Windows_Trojan_Zloader.yar"
|
|
include ".\rules\elastic-yara\Windows_Virus_Expiro.yar"
|
|
include ".\rules\elastic-yara\Windows_Virus_Floxif.yar"
|
|
include ".\rules\elastic-yara\Windows_Virus_Neshta.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_ATSZIO.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_Agent64.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_Amifldrv.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_ArPot.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_AsIo.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_Asrock.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_Atillk.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_BSMI.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_Biostar.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_CCProtect.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_Cpuz.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_DBUtil.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_DirectIo.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_EchoDrv.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_ElRawDisk.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_Elby.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_EneIo.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_FidDrv.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_Fidpci.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_Fileseclab.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_GDrv.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_GlckIo.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_Gvci.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_HpPortIo.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_HrSword.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_IoBitUnlocker.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_Iqvw.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_LLAccess.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_Lha.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_MarvinHW.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_Mhyprot.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_MicroStar.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_MsIo.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_MtcBsv.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_PowerProfiler.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_PowerTool.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_ProcExp.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_ProcId.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_RWEverything.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_RentDrv.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_RtCore.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_Rtkio.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_Ryzen.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_Sandra.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_Segwin.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_Speedfan.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_ThreatFire.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_ThrottleStop.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_TmComm.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_TopazOFD.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_ToshibaBios.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_TrueSight.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_VBox.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_Viragt.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_Vmdrv.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_WinDivert.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_WinFlash.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_WinIo.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_XTier.yar"
|
|
include ".\rules\elastic-yara\Windows_VulnDriver_Zam.yar"
|
|
include ".\rules\elastic-yara\Windows_Wiper_CaddyWiper.yar"
|
|
include ".\rules\elastic-yara\Windows_Wiper_DoubleZero.yar"
|
|
include ".\rules\elastic-yara\Windows_Wiper_HermeticWiper.yar"
|
|
include ".\rules\elastic-yara\Windows_Wiper_IsaacWiper.yar"
|
|
include ".\rules\YARAForge\YARAForge_Extended.yar"
|