Malware Indicators of Compromise

 .-------------.
(  E  S | E  T  )  R e s e a r c h
 `-------------'

Here are indicators of compromise (IOCs) of our various investigations. We are doing this to help the broader security community fight malware wherever it might be.

.yar files are Yara rules
.rules files are Snort rules
samples.md5, samples.sha1 and samples.sha256 files are newline separated list of hexadecimal digests of malware samples

If you would like to contribute improved versions please send us a pull request.

If you’ve found false positives give us the details in an issue report and we’ll try to improve our IOCs.

These are licensed under the permissive BSD two-clause license. You are allowed to modify these and keep the changes to yourself even though it would be rude to do so.

Name		Name	Last commit message	Last commit date
Latest commit History 232 Commits
ace_cryptor		ace_cryptor
agrius		agrius
amavaldo		amavaldo
animalfarm		animalfarm
apt_c_60		apt_c_60
aridspy		aridspy
asylum_ambuscade		asylum_ambuscade
attor		attor
backdoordiplomacy		backdoordiplomacy
badiis		badiis
ballisticbobcat		ballisticbobcat
bandook		bandook
blacklotus		blacklotus
blackwood		blackwood
buhtrap		buhtrap
casbaneiro		casbaneiro
cdrthief		cdrthief
ceranakeeper		ceranakeeper
cloudmensis		cloudmensis
cosmicbeetle		cosmicbeetle
danabot		danabot
dark_iot		dark_iot
dazzlespy		dazzlespy
deprimon		deprimon
dnsbirthday		dnsbirthday
donot		donot
dukes		dukes
emotet		emotet
especter		especter
evasive_panda		evasive_panda
evilnum		evilnum
evilvideo		evilvideo
exchange_exploitation		exchange_exploitation
famoussparrow		famoussparrow
gamaredon		gamaredon
gamarue		gamarue
gelsemium		gelsemium
glupteba		glupteba
gmera		gmera
goldenjackal		goldenjackal
grandoreiro		grandoreiro
gravityrat		gravityrat
gref		gref
greyenergy		greyenergy
groundbait		groundbait
guildma		guildma
hamkombat		hamkombat
hotpage		hotpage
industroyer		industroyer
interception		interception
invisimole		invisimole
janeleiro		janeleiro
kamran		kamran
kasidet		kasidet
keydnap		keydnap
kimsuky/hotdoge_donutcat_case		kimsuky/hotdoge_donutcat_case
king_tut		king_tut
kobalos		kobalos
krachulka		krachulka
kryptocibule		kryptocibule
lokorrito		lokorrito
machete		machete
mekotio		mekotio
mikroceen		mikroceen
mirrorface		mirrorface
mispadu		mispadu
modiloader		modiloader
moose		moose
moustachedbouncer		moustachedbouncer
mozi		mozi
mumblehard		mumblehard
mustang_panda		mustang_panda
ngate		ngate
nightscout		nightscout
nukesped_lazarus		nukesped_lazarus
numando		numando
oceanlotus		oceanlotus
oilrig		oilrig
okrum_ke3chang		okrum_ke3chang
operation_jacana		operation_jacana
operation_texonto		operation_texonto
ousaban		ousaban
polonium		polonium
potao		potao
powerpool		powerpool
pwa_phishing		pwa_phishing
pypi_backdoor		pypi_backdoor
quarterly_reports		quarterly_reports
rakos		rakos
ramsay		ramsay
rtm		rtm
scarcruft		scarcruft
sednit		sednit
signsight		signsight
spalax		spalax
sparklinggoblin		sparklinggoblin
spyloan		spyloan
sshdoor		sshdoor
stantinko		stantinko
stealthfalcon		stealthfalcon

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Malware Indicators of Compromise

About

Releases

Packages

Languages

License

sec-js/malware-ioc

Folders and files

Latest commit

History

Repository files navigation

Malware Indicators of Compromise

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages