Malware Indicators of Compromise

 .-------------.
(  E  S | E  T  )  R e s e a r c h
 `-------------'

Here are indicators of compromise (IOCs) of our various investigations. We are doing this to help the broader security community fight malware wherever it might be.

.yar files are Yara rules
.rules files are Snort rules
samples.md5, samples.sha1 and samples.sha256 files are newline separated list of hexadecimal digests of malware samples

If you would like to contribute improved versions please send us a pull request.

If you’ve found false positives give us the details in an issue report and we’ll try to improve our IOCs.

These are licensed under the permissive BSD two-clause license. You are allowed to modify these and keep the changes to yourself even though it would be rude to do so.

Name		Name	Last commit message	Last commit date
Latest commit History 268 Commits
GhostRedirector		GhostRedirector
PlushDaemon		PlushDaemon
ace_cryptor		ace_cryptor
agrius		agrius
amavaldo		amavaldo
animalfarm		animalfarm
apt_c_60		apt_c_60
aridspy		aridspy
asylum_ambuscade		asylum_ambuscade
asyncrat		asyncrat
attor		attor
backdoordiplomacy		backdoordiplomacy
badiis		badiis
ballisticbobcat		ballisticbobcat
bandook		bandook
blacklotus		blacklotus
blackwood		blackwood
bootkitty		bootkitty
buhtrap		buhtrap
casbaneiro		casbaneiro
cdrthief		cdrthief
ceranakeeper		ceranakeeper
cloudmensis		cloudmensis
cosmicbeetle		cosmicbeetle
danabot		danabot
dark_iot		dark_iot
dazzlespy		dazzlespy
deceptivedevelopment		deceptivedevelopment
deprimon		deprimon
dnsbirthday		dnsbirthday
donot		donot
dukes		dukes
embargo		embargo
emotet		emotet
especter		especter
evasive_panda		evasive_panda
evilnum		evilnum
evilvideo		evilvideo
exchange_exploitation		exchange_exploitation
famoussparrow		famoussparrow
fishmonger		fishmonger
gamaredon		gamaredon
gamarue		gamarue
gelsemium		gelsemium
glupteba		glupteba
gmera		gmera
goldenjackal		goldenjackal
grandoreiro		grandoreiro
gravityrat		gravityrat
gref		gref
greyenergy		greyenergy
groundbait		groundbait
guildma		guildma
hamkombat		hamkombat
hotpage		hotpage
hybridpetya		hybridpetya
industroyer		industroyer
interception		interception
invisimole		invisimole
janeleiro		janeleiro
kamran		kamran
kasidet		kasidet
keydnap		keydnap
kimsuky/hotdoge_donutcat_case		kimsuky/hotdoge_donutcat_case
king_tut		king_tut
kobalos		kobalos
krachulka		krachulka
kryptocibule		kryptocibule
lokorrito		lokorrito
longnosedgoblin		longnosedgoblin
lummastealer		lummastealer
machete		machete
mekotio		mekotio
mikroceen		mikroceen
mirrorface		mirrorface
mispadu		mispadu
modiloader		modiloader
moose		moose
moustachedbouncer		moustachedbouncer
mozi		mozi
muddywater		muddywater
mumblehard		mumblehard
mustang_panda		mustang_panda
ngate		ngate
nightscout		nightscout
nukesped_lazarus		nukesped_lazarus
numando		numando
oceanlotus		oceanlotus
oilrig		oilrig
okrum_ke3chang		okrum_ke3chang
operation_jacana		operation_jacana
operation_roundpress		operation_roundpress
operation_texonto		operation_texonto
ousaban		ousaban
polonium		polonium
potao		potao
powerpool		powerpool
prospytospy		prospytospy
pwa_phishing		pwa_phishing
pypi_backdoor		pypi_backdoor

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Malware Indicators of Compromise

About

Uh oh!

Uh oh!

Contributors 14

Uh oh!

Languages

License

eset/malware-ioc

Folders and files

Latest commit

History

Repository files navigation

Malware Indicators of Compromise

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Uh oh!

Contributors 14

Uh oh!

Languages