YRP/Misc_Suspicious_Strings YRP/anti_dbgtools YRP/Big_Numbers3 YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen2 YRP/Turla_APT_Malware_Gen3 FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen2 FlorianRoth/Turla_APT_Malware_Gen3

FlorianRoth/Empire_Invoke_PowerDump FlorianRoth/Empire_Invoke_ShellcodeMSIL FlorianRoth/Empire_Invoke_SmbScanner FlorianRoth/Empire_Invoke_EgressCheck FlorianRoth/Empire_Invoke_PostExfil FlorianRoth/Empire_Invoke_SMBAutoBrute FlorianRoth/Empire_Get_Keystrokes FlorianRoth/Empire_Invoke_DllInjection FlorianRoth/Empire_KeePassConfig FlorianRoth/Empire_PowerShell_Framework_Gen1 FlorianRoth/Empire_PowerUp_Gen FlorianRoth/Empire_PowerShell_Framework_Gen2 FlorianRoth/Empire_KeePassConfig_Gen FlorianRoth/Empire_Invoke_Portscan_Gen FlorianRoth/Empire_Invoke_CredentialInjection_Invoke_Mimikatz_Gen FlorianRoth/Empire_Invoke_Gen FlorianRoth/Mal_http_EXE FlorianRoth/Mal_PotPlayer_DLL FlorianRoth/ScanBox_Malware_Generic FlorianRoth/EQGRP_create_dns_injection FlorianRoth/EQGRP_screamingplow FlorianRoth/EQGRP_MixText FlorianRoth/EQGRP_tunnel_state_reader FlorianRoth/EQGRP_payload FlorianRoth/EQGRP_eligiblecandidate FlorianRoth/EQGRP_BUSURPER_2211_724 FlorianRoth/EQGRP_networkProfiler_orderScans FlorianRoth/EQGRP_epicbanana_2_1_0_1 FlorianRoth/EQGRP_sniffer_xml2pcap FlorianRoth/EQGRP_BananaAid FlorianRoth/EQGRP_config_jp1_UA FlorianRoth/EQGRP_userscript FlorianRoth/EQGRP_BUSURPER_3001_724 FlorianRoth/EQGRP_workit FlorianRoth/EQGRP_tinyhttp_setup FlorianRoth/EQGRP_EPBA FlorianRoth/EQGRP_jetplow_SH FlorianRoth/EQGRP_extrabacon FlorianRoth/EQGRP_sploit_py FlorianRoth/EQGRP_uninstallPBD FlorianRoth/EQGRP_BICECREAM FlorianRoth/EQGRP_BFLEA_2201 FlorianRoth/EQGRP_StoreFc FlorianRoth/EQGRP_BBALL FlorianRoth/EQGRP_BARPUNCH_BPICKER FlorianRoth/EQGRP_Implants_Gen5 FlorianRoth/EQGRP_pandarock FlorianRoth/EQGRP_BananaUsurper_writeJetPlow FlorianRoth/EQGRP_Implants_Gen4 FlorianRoth/EQGRP_Implants_Gen3 FlorianRoth/EQGRP_BLIAR_BLIQUER FlorianRoth/EQGRP_sploit FlorianRoth/EQGRP_Implants_Gen2 FlorianRoth/EQGRP_Implants_Gen1 FlorianRoth/EQGRP_ssh_telnet_29 FlorianRoth/EQGRP_callbacks FlorianRoth/EQGRP_Extrabacon_Output FlorianRoth/EQGRP_Unique_Strings FlorianRoth/OPCLEAVER_BackDoorLogger FlorianRoth/OPCLEAVER_Jasus FlorianRoth/OPCLEAVER_ShellCreator2 FlorianRoth/OPCLEAVER_SmartCopy2 FlorianRoth/OPCLEAVER_TinyZBot FlorianRoth/OPCLEAVER_ZhoupinExploitCrew FlorianRoth/OPCLEAVER_antivirusdetector FlorianRoth/OPCLEAVER_csext FlorianRoth/OPCLEAVER_kagent FlorianRoth/OPCLEAVER_mimikatzWrapper FlorianRoth/OPCLEAVER_pvz_in FlorianRoth/OPCLEAVER_zhLookUp FlorianRoth/OPCLEAVER_zhmimikatz FlorianRoth/OPCLEAVER_CCProxy_Config FlorianRoth/RAT_Adzok FlorianRoth/RAT_Ap0calypse FlorianRoth/RAT_BlackShades FlorianRoth/RAT_BlueBanana FlorianRoth/RAT_Bozok FlorianRoth/RAT_ClientMesh FlorianRoth/RAT_DarkComet FlorianRoth/RAT_DarkRAT FlorianRoth/RAT_JavaDropper FlorianRoth/RAT_LostDoor FlorianRoth/RAT_NanoCore FlorianRoth/RAT_Paradox FlorianRoth/RAT_QRat FlorianRoth/RAT_ShadowTech FlorianRoth/RAT_Sub7Nation FlorianRoth/RAT_Vertex FlorianRoth/RAT_unrecom FlorianRoth/Casper_Included_Strings FlorianRoth/Casper_SystemInformation_Output FlorianRoth/FVEY_ShadowBrokers_Jan17_Screen_Strings FlorianRoth/OilRig_Malware_Campaign_Gen2 FlorianRoth/Greenbug_Malware_4 FlorianRoth/Greenbug_Malware_5 FlorianRoth/EquationGroup_elgingamble FlorianRoth/EquationGroup_cmsd FlorianRoth/EquationGroup_ebbshave FlorianRoth/EquationGroup_eggbasket FlorianRoth/EquationGroup_sambal FlorianRoth/EquationGroup_cmsex FlorianRoth/EquationGroup_DUL FlorianRoth/EquationGroup_slugger2 FlorianRoth/EquationGroup_jackpop FlorianRoth/EquationGroup_epoxyresin_v1_0_0 FlorianRoth/EquationGroup_estesfox FlorianRoth/EquationGroup__ftshell_ftshell_v3_10_3_0 FlorianRoth/EquationGroup__scanner_scanner_v2_1_2 FlorianRoth/EquationGroup__ghost_sparc_ghost_x86_3 FlorianRoth/EquationGroup__jparsescan_parsescan_5 FlorianRoth/EquationGroup__ftshell FlorianRoth/EquationGroup_Toolset_Apr17_Eternalromance FlorianRoth/EquationGroup_Toolset_Apr17_Gen2 FlorianRoth/EquationGroup_Toolset_Apr17__DoubleFeatureReader_DoubleFeatureReader_0 FlorianRoth/EquationGroup_Toolset_Apr17__EAFU_ecwi_ESKE_EVFR_RPC2_4 FlorianRoth/Regin_Related_Malware FlorianRoth/Unit78020_Malware_Gen1 FlorianRoth/Unit78020_Malware_Gen3 FlorianRoth/APT_Liudoor FlorianRoth/IronPanda_DNSTunClient FlorianRoth/IronPanda_Malware_Htran FlorianRoth/DeepPanda_lot1 FlorianRoth/DeepPanda_htran_exe FlorianRoth/GRIZZLY_STEPPE_Malware_2 FlorianRoth/Sofacy_Fybis_ELF_Backdoor_Gen1 FlorianRoth/PoseidonGroup_Malware FlorianRoth/apt_equation_equationlaser_runtimeclasses FlorianRoth/EquationDrug_HDDSSD_Op FlorianRoth/Payload_Exe2Hex FlorianRoth/WaterBug_wipbot_2013_dll FlorianRoth/apt_hellsing_implantstrings FlorianRoth/IMPLANT_3_v1 FlorianRoth/BernhardPOS FlorianRoth/FVEY_ShadowBroker_Auct_Dez16_Strings FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen2 FlorianRoth/Turla_APT_Malware_Gen3 FlorianRoth/APT_Project_Sauron_Scripts FlorianRoth/APT_Project_Sauron_arping_module FlorianRoth/APT_Project_Sauron_kblogi_module FlorianRoth/APT_Project_Sauron_basex_module FlorianRoth/APT_Project_Sauron_dext_module FlorianRoth/REDLEAVES_CoreImplant_UniqueStrings FlorianRoth/PLUGX_RedLeaves FlorianRoth/Invoke_mimikittenz FlorianRoth/APT_Malware_PutterPanda_Rel FlorianRoth/Codoso_CustomTCP_4 FlorianRoth/Codoso_Gh0st_3 FlorianRoth/Codoso_Gh0st_1 FlorianRoth/Codoso_PGV_PVID_1 FlorianRoth/shimrat FlorianRoth/shimratreporter FlorianRoth/WoolenGoldfish_Sample_1 FlorianRoth/WoolenGoldfish_Generic_3 FlorianRoth/Hacktool_Strings_p0wnedShell FlorianRoth/Nanocore_RAT_Gen_1 FlorianRoth/Nanocore_RAT_Gen_2 FlorianRoth/apt_RU_MoonlightMaze_customlokitools FlorianRoth/apt_RU_MoonlightMaze_customsniffer FlorianRoth/apt_RU_MoonlightMaze_de_tool FlorianRoth/apt_RU_MoonlightMaze_cle_tool FlorianRoth/apt_RU_MoonlightMaze_xk_keylogger FlorianRoth/Trojan_Win32_Plaplex FlorianRoth/Trojan_Win32_Adupib KevTheHermit/Paradox KevTheHermit/Bozok KevTheHermit/unrecom KevTheHermit/DarkRAT KevTheHermit/JavaDropper KevTheHermit/LostDoor KevTheHermit/BlackShades KevTheHermit/Sub7Nation KevTheHermit/BlueBanana KevTheHermit/Crimson KevTheHermit/NanoCore KevTheHermit/DarkComet KevTheHermit/Ap0calypse KevTheHermit/Adzok KevTheHermit/ShadowTech KevTheHermit/Vertex BAMFDetect/dexter_strings BAMFDetect/BlackShadesServer BAMFDetect/diamond_fox BAMFDetect/backoff BAMFDetect/DarkComet BAMFDetect/alina BAMFDetect/NanoCore BAMFDetect/pony BAMFDetect/easterjackpos BAMFDetect/genome BAMFDetect/Bozok BAMFDetect/dendroid

YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/anti_dbgtools YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/CRC32b_poly_Constant YRP/BASE64_table YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen3 FlorianRoth/carbon_metadata FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen3

YRP/Microsoft_Visual_Cpp_70_DLL_Method_3 YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/anti_dbgtools YRP/network_http YRP/network_tcp_socket YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/CRC32b_poly_Constant YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen3 YRP/GenerateTLSClientHelloPacket_Test FlorianRoth/carbon_metadata FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen3

YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/anti_dbgtools YRP/inject_thread YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/CRC32b_poly_Constant YRP/BASE64_table YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen2 YRP/Turla_APT_Malware_Gen3 FlorianRoth/generic_carbon FlorianRoth/carbon_metadata FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen2 FlorianRoth/Turla_APT_Malware_Gen3

YRP/Microsoft_Visual_Cpp_70_DLL_Method_3 YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/anti_dbgtools YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/CRC32b_poly_Constant YRP/BASE64_table YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen3 YRP/GenerateTLSClientHelloPacket_Test FlorianRoth/carbon_metadata FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen3

YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/anti_dbgtools YRP/disable_dep YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/escalate_priv YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/CRC32b_poly_Constant YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen2 YRP/Turla_APT_Malware_Gen3 FlorianRoth/carbon_metadata FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen2 FlorianRoth/Turla_APT_Malware_Gen3

YRP/Microsoft_Visual_Cpp_70_DLL_Method_3 YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/anti_dbgtools YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/CRC32b_poly_Constant YRP/BASE64_table YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen3 YRP/GenerateTLSClientHelloPacket_Test FlorianRoth/carbon_metadata FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen3

YRP/webshell_caidao_shell_guo YRP/webshell_PHP_redcod YRP/webshell_php_sh_server YRP/webshell_cihshell_fix YRP/webshell_php_up YRP/webshell_asp_EFSO_2 YRP/webshell_jsp_up YRP/webshell_Server_Variables YRP/webshell_caidao_shell_ice_2 YRP/webshell_phpspy2010 YRP/webshell_asp_ice YRP/webshell_asp_404 YRP/webshell_webshell_cnseay02_1 YRP/webshell_php_fbi YRP/webshell_B374kPHP_B374k YRP/webshell_php_list YRP/webshell_caidao_shell_404 YRP/webshell_ASP_aspydrv YRP/webshell_Dx_Dx YRP/webshell_MySQL_Web_Interface_Version_0_8 YRP/webshell_phpkit_1_0_odd YRP/webshell_wsb_idc YRP/webshell_php_404 YRP/webshell_webshell_cnseay_x YRP/webshell_asp_up YRP/webshell_phpkit_0_1a_odd YRP/webshell_jsp_k81 YRP/webshell_jsp_cmdjsp YRP/webshell_Java_Shell YRP/webshell_PHP_r57142 YRP/webshell_simple_backdoor YRP/webshell_php_cmd YRP/webshell_PHP_co YRP/webshell_PHP_150 YRP/webshell_PHP_c37 YRP/webshell_PHP_b37 YRP/webshell_PHP_bug_1_ YRP/webshell_ghost_source_icesword_silic YRP/webshell_browser_201_3_400_in_JFolder_jfolder01_jsp_leo_ma_warn_webshell_nc_download YRP/webshell_Dive_Shell_1_0_Emperor_Hacking_Team_xxx YRP/webshell_jsp_reverse_jsp_reverse_jspbd YRP/webshell_gfs_sh_r57shell_r57shell127_SnIpEr_SA_xxx YRP/webshell_itsec_PHPJackal_itsecteam_shell_jHn YRP/webshell_NIX_REMOTE_WEB_SHELL_NIX_REMOTE_WEB_xxx1 YRP/webshell_2008_2009mssql_phpspy_2005_full_phpspy_2006_arabicspy_hkrkoz YRP/webshell_000_403_c5_config_myxx_queryDong_spyjsp2010_zend YRP/webshell_r57shell127_r57_iFX_r57_kartal_r57_antichat YRP/webshell_000_403_807_a_c5_config_css_dm_he1p_xxx YRP/webshell_phpspy_2005_full_phpspy_2005_lite_phpspy_2006_PHPSPY YRP/webshell_c99_locus7s_c99_w4cking_xxx YRP/webshell_r57shell127_r57_kartal_r57 YRP/webshell_webshells_new_con2 YRP/webshell_Expdoor_com_ASP YRP/webshell_webshells_new_php2 YRP/webshell_bypass_iisuser_p YRP/webshell_sig_404super YRP/webshell_webshells_new_JSP YRP/webshell_webshell_123 YRP/webshell_dev_core YRP/webshell_webshells_new_pHp YRP/webshell_webshells_new_pppp YRP/webshell_webshells_new_code YRP/webshell_webshells_new_xxxx YRP/webshell_webshells_new_PHP1 YRP/webshell_webshells_new_asp1 YRP/webshell_webshells_new_php6 YRP/webshell_GetPostpHp YRP/webshell_webshells_new_php5 YRP/webshell_webshells_new_PHP YRP/webshell_webshells_new_Asp YRP/perlbot_pl YRP/php_backdoor_php YRP/Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit_php YRP/shankar_php_php YRP/Casus15_php_php YRP/small_php_php YRP/shellbot_pl YRP/fuckphpshell_php YRP/ngh_php_php YRP/jsp_reverse_jsp YRP/Tool_asp YRP/NT_Addy_asp YRP/SimAttacker___Vrsion_1_0_0___priv8_4_My_friend_php YRP/phvayvv_php_php YRP/r57shell_php_php YRP/rst_sql_php_php YRP/wh_bindshell_py YRP/lurm_safemod_on_cgi YRP/c99madshell_v2_0_php_php YRP/w3d_php_php YRP/WinX_Shell_html YRP/Dx_php_php YRP/csh_php_php YRP/pHpINJ_php_php YRP/sig_2008_php_php YRP/ak74shell_php_php YRP/Rem_View_php_php YRP/Java_Shell_js YRP/STNC_php_php YRP/aZRaiLPhp_v1_0_php YRP/zacosmall_php YRP/CmdAsp_asp YRP/simple_backdoor_php YRP/mysql_shell_php YRP/Dive_Shell_1_0___Emperor_Hacking_Team_php YRP/Asmodeus_v0_1_pl YRP/Reader_asp YRP/phpshell17_php YRP/SimShell_1_0___Simorgh_Security_MGZ_php YRP/jspshall_jsp YRP/rootshell_php YRP/connectback2_pl YRP/shells_PHP_wso YRP/backdoor1_php YRP/elmaliseker_asp YRP/s72_Shell_v1_1_Coding_html YRP/hidshell_php_php YRP/kacak_asp YRP/PHP_Backdoor_Connect_pl_php YRP/Antichat_Socks5_Server_php_php YRP/Antichat_Shell_v1_3_php YRP/Safe_Mode_Bypass_PHP_4_4_2_and_PHP_5_1_2_php YRP/cyberlords_sql_php_php YRP/Ayyildiz_Tim___AYT__Shell_v_2_1_Biz_html YRP/EFSO_2_asp YRP/lamashell_php YRP/Ajax_PHP_Command_Shell_php YRP/JspWebshell_1_2_jsp YRP/Sincap_php_php YRP/Phyton_Shell_py YRP/sh_php_php YRP/phpjackal_php YRP/sql_php_php YRP/cgi_python_py YRP/ru24_post_sh_php_php YRP/telnetd_pl YRP/php_include_w_shell_php YRP/Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php YRP/shell_php_php YRP/telnet_cgi YRP/ironshell_php YRP/backdoorfr_php YRP/aspydrv_asp YRP/cmdjsp_jsp YRP/h4ntu_shell__powered_by_tsoi_ YRP/Ajan_asp YRP/PHANTASMA_php YRP/MySQL_Web_Interface_Version_0_8_php YRP/multiple_webshells_0002 YRP/multiple_webshells_0003 YRP/multiple_webshells_0005 YRP/multiple_webshells_0010 YRP/multiple_webshells_0013 YRP/multiple_webshells_0015 YRP/multiple_webshells_0016 YRP/multiple_webshells_0018 YRP/multiple_php_webshells YRP/multiple_webshells_0019 YRP/multiple_webshells_0022 YRP/multiple_webshells_0027 YRP/multiple_webshells_0030 YRP/multiple_webshells_0031 YRP/multiple_webshells_0032 YRP/PHP_Cloaked_Webshell_SuperFetchExec YRP/WebShell_dC3_Security_Crew_Shell_PRiV YRP/WebShell_simattacker YRP/WebShell_DTool_Pro YRP/WebShell_ironshell YRP/WebShell_b374k_mini_shell_php_php YRP/WebShell_Sincap_1_0 YRP/WebShell_b374k_php YRP/WebShell_SimAttacker___Vrsion_1_0_0___priv8_4_My_friend YRP/WebShell_h4ntu_shell__powered_by_tsoi_ YRP/WebShell_php_webshells_MyShell YRP/WebShell_php_webshells_pws YRP/WebShell_reader_asp_php YRP/WebShell_Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit YRP/WebShell_php_backdoor YRP/WebShell_php_webshells_pHpINJ YRP/WebShell_php_webshells_NGH YRP/WebShell_php_webshells_matamu YRP/WebShell_ru24_post_sh YRP/WebShell_hiddens_shell_v1 YRP/WebShell_c99_locus7s YRP/WebShell_safe0ver YRP/WebShell_php_webshells_kral YRP/WebShell_cgitelnet YRP/WebShell_NTDaddy_v1_9 YRP/WebShell_lamashell YRP/WebShell_Simple_PHP_backdoor_by_DK YRP/WebShell_CmdAsp_asp_php YRP/WebShell_NCC_Shell YRP/WebShell_php_webshells_README YRP/WebShell_backupsql YRP/WebShell_AK_74_Security_Team_Web_Shell_Beta_Version YRP/WebShell_php_webshells_cpanel YRP/WebShell_php_webshells_529 YRP/WebShell_qsd_php_backdoor YRP/WebShell_Ayyildiz_Tim___AYT__Shell_v_2_1_Biz YRP/WebShell_Gamma_Web_Shell YRP/WebShell_WinX_Shell YRP/WebShell_php_include_w_shell YRP/WebShell_PhpSpy_Ver_2006 YRP/WebShell_php_webshells_myshell YRP/WebShell_php_webshells_lolipop YRP/WebShell_simple_cmd YRP/WebShell_go_shell YRP/WebShell_aZRaiLPhp_v1_0 YRP/WebShell_webshells_zehir4 YRP/WebShell_zehir4_asp_php YRP/WebShell_php_webshells_lostDC YRP/WebShell_CasuS_1_5 YRP/WebShell__Ajax_PHP_Command_Shell_Ajax_PHP_Command_Shell_soldierofallah YRP/WebShell__Small_Web_Shell_by_ZaCo_small_zaco_zacosmall YRP/WebShell_Generic_PHP_1 YRP/WebShell__CrystalShell_v_1_erne_stres YRP/WebShell_Generic_PHP_5 YRP/WebShell__findsock_php_findsock_shell_php_reverse_shell YRP/WebShell_Generic_PHP_6 YRP/Unpack_Injectt YRP/FeliksPack3___PHP_Shells_ssh YRP/bin_Client YRP/ZXshell2_0_rar_Folder_ZXshell YRP/RkNTLoad YRP/binder2_binder2 YRP/thelast_orice2 YRP/sendmail YRP/FSO_s_zehir4 YRP/hkshell_hkshell YRP/DarkSpy105 YRP/EditServer_Webshell YRP/FSO_s_reader YRP/svchostdll YRP/HYTop_DevPack_server YRP/vanquish YRP/BIN_Client YRP/Simple_PHP_BackDooR YRP/hkshell_hkrmv YRP/FeliksPack3___PHP_Shells_phpft YRP/bdcli100 YRP/rdrbs084 YRP/HYTop_CaseSwitch_2005 YRP/FSO_s_casus15_2 YRP/installer YRP/elmaliseker YRP/shelltools_g0t_root_resolve YRP/shelltools_g0t_root_Fport YRP/HYTop_DevPack_upload YRP/PasswordReminder YRP/rknt_zip_Folder_RkNT YRP/dbgntboot YRP/PHP_shell YRP/rdrbs100 YRP/Mithril_Mithril YRP/hkdoordll YRP/Mithril_v1_45_dllTest YRP/dbgiis6cli YRP/Debug_cress YRP/FeliksPack3___PHP_Shells_usr YRP/FSO_s_phpinj YRP/xssshell_db YRP/EditServer_Webshell_2 YRP/by064cli YRP/Mithril_dllTest YRP/connector YRP/shelltools_g0t_root_HideRun YRP/regshell YRP/PHP_Shell_v1_7 YRP/xssshell_save YRP/screencap YRP/ZXshell2_0_rar_Folder_zxrecv YRP/_root_040_zip_Folder_deploy YRP/by063cli YRP/icyfox007v1_10_rar_Folder_asp YRP/byshell063_ntboot_2 YRP/shelltools_g0t_root_xwhois YRP/vanquish_2 YRP/ZXshell2_0_rar_Folder_nc YRP/BIN_Server YRP/HYTop2006_rar_Folder_2006 YRP/HDConfig YRP/Webshell_and_Exploit_CN_APT_HK YRP/Pastebin_Webshell YRP/Borland YRP/possible_exploit YRP/powershell YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/Base64d_PE YRP/Misc_Suspicious_Strings YRP/SEH__vba YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_sandboxie YRP/inject_thread YRP/network_tcp_listen YRP/network_dyndns YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/sniff_lan YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Mal_http_EXE YRP/Mal_PotPlayer_DLL YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/WoolenGoldfish_Sample_1 YRP/WoolenGoldfish_Generic_3 YRP/Cerberus YRP/eval_post YRP/md5_71a7c769e644d8cf3cf32419239212c7 YRP/ScanBox_Malware_Generic YRP/Base64_encoded_Executable YRP/Invoke_mimikittenz YRP/GEN_PowerShell YRP/Nanocore_RAT_Gen_1 YRP/Nanocore_RAT_Gen_2 YRP/apt_hellsing_implantstrings YRP/FavoriteStrings YRP/NaikonStrings YRP/Naikon YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/EQGRP_create_dns_injection YRP/EQGRP_screamingplow YRP/EQGRP_MixText YRP/EQGRP_tunnel_state_reader YRP/EQGRP_payload YRP/EQGRP_eligiblecandidate YRP/EQGRP_BUSURPER_2211_724 YRP/EQGRP_networkProfiler_orderScans YRP/EQGRP_epicbanana_2_1_0_1 YRP/EQGRP_sniffer_xml2pcap YRP/EQGRP_BananaAid YRP/EQGRP_config_jp1_UA YRP/EQGRP_userscript YRP/EQGRP_BUSURPER_3001_724 YRP/EQGRP_workit YRP/EQGRP_tinyhttp_setup YRP/EQGRP_EPBA YRP/EQGRP_jetplow_SH YRP/EQGRP_extrabacon YRP/EQGRP_sploit_py YRP/EQGRP_uninstallPBD YRP/EQGRP_BICECREAM YRP/EQGRP_BFLEA_2201 YRP/EQGRP_StoreFc YRP/EQGRP_BBALL YRP/EQGRP_BARPUNCH_BPICKER YRP/EQGRP_Implants_Gen5 YRP/EQGRP_pandarock YRP/EQGRP_BananaUsurper_writeJetPlow YRP/EQGRP_Implants_Gen4 YRP/EQGRP_Implants_Gen3 YRP/EQGRP_BLIAR_BLIQUER YRP/EQGRP_sploit YRP/EQGRP_Implants_Gen2 YRP/EQGRP_Implants_Gen1 YRP/EQGRP_ssh_telnet_29 YRP/EQGRP_callbacks YRP/EQGRP_Extrabacon_Output YRP/EQGRP_Unique_Strings YRP/JavaDropper YRP/QuarksPwDump_Gen YRP/ZhoupinExploitCrew YRP/BackDoorLogger YRP/Jasus YRP/ShellCreator2 YRP/SmartCopy2 YRP/TinyZBot YRP/antivirusdetector YRP/csext YRP/kagent YRP/mimikatzWrapper YRP/pvz_in YRP/zhLookUp YRP/zhmimikatz YRP/OPCLEAVER_BackDoorLogger YRP/OPCLEAVER_Jasus YRP/OPCLEAVER_ShellCreator2 YRP/OPCLEAVER_SmartCopy2 YRP/OPCLEAVER_SynFlooder YRP/OPCLEAVER_TinyZBot YRP/OPCLEAVER_ZhoupinExploitCrew YRP/OPCLEAVER_antivirusdetector YRP/OPCLEAVER_csext YRP/OPCLEAVER_kagent YRP/OPCLEAVER_mimikatzWrapper YRP/OPCLEAVER_pvz_in YRP/OPCLEAVER_zhLookUp YRP/OPCLEAVER_zhmimikatz YRP/OPCLEAVER_CCProxy_Config YRP/Payload_Exe2Hex YRP/Codoso_CustomTCP_4 YRP/Codoso_Gh0st_3 YRP/Codoso_Gh0st_1 YRP/Codoso_PGV_PVID_1 YRP/Havex_Trojan_PHP_Server YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen2 YRP/Turla_APT_Malware_Gen3 YRP/shimrat YRP/shimratreporter YRP/FiveEyes_QUERTY_Malwaresig_20123_cmdDef YRP/FiveEyes_QUERTY_Malwareqwerty_20123 YRP/FiveEyes_QUERTY_Malwaresig_20120_cmdDef YRP/FiveEyes_QUERTY_Malwaresig_20121_cmdDef YRP/apt_equation_equationlaser_runtimeclasses YRP/EquationDrug_HDDSSD_Op YRP/Sofacy_Fybis_ELF_Backdoor_Gen1 YRP/WaterBug_wipbot_2013_dll YRP/Casper_Included_Strings YRP/Casper_SystemInformation_Output YRP/suspicious_packer_section YRP/APT_Malware_PutterPanda_Rel YRP/WindowsCredentialEditor YRP/Amplia_Security_Tool YRP/PwDump YRP/PScan_Portscan_1 YRP/HackTool_Samples YRP/Fierce2 YRP/Ncrack YRP/SQLMap YRP/PortScanner YRP/NetBIOS_Name_Scanner YRP/FeliksPack3___Scanners_ipscan YRP/IP_Stealing_Utilities YRP/PortRacer YRP/scanarator YRP/_Bitchin_Threads_ YRP/portscan YRP/ProPort_zip_Folder_ProPort YRP/StealthWasp_s_Basic_PortScanner_v1_2 YRP/BluesPortScan YRP/scanarator_iis YRP/Angry_IP_Scanner_v2_08_ipscan YRP/crack_Loader YRP/Beastdoor_Backdoor YRP/Powershell_Netcat YRP/CN_Hacktool_MilkT_Scanner YRP/WCE_Modified_1_1014 YRP/iKAT_command_lines_agent YRP/iKAT_startbar YRP/BypassUac2 YRP/BypassUac_9 YRP/APT_Proxy_Malware_Packed_dev YRP/Ncat_Hacktools_CN YRP/MS08_067_Exploit_Hacktools_CN YRP/Hacktools_CN_Burst_sql YRP/Hacktools_CN_Panda_445TOOL YRP/Hacktools_CN_WinEggDrop YRP/Hacktools_CN_Panda_Burst YRP/Hacktools_CN_GOGOGO_Bat YRP/Hacktools_CN_Burst_pass YRP/Hacktools_CN_JoHor_Posts_Killer YRP/Hacktools_CN_Burst_Start YRP/Hacktools_CN_Burst_Blast YRP/VUBrute_VUBrute YRP/VUBrute_config YRP/sig_238_listip YRP/ArtTrayHookDll YRP/EditServer_HackTool YRP/sig_238_letmein YRP/sig_238_token YRP/sig_238_webget YRP/ASPack_Chinese YRP/sig_238_filespy YRP/EditKeyLogReadMe YRP/PassSniffer_zip_Folder_readme YRP/EditKeyLog YRP/PassSniffer YRP/UnPack_rar_Folder_InjectT YRP/Jc_WinEggDrop_Shell YRP/UnPack_rar_Folder_TBack YRP/ByPassFireWall_zip_Folder_Inject YRP/sig_238_sqlcmd YRP/sig_238_2323 YRP/CleanIISLog YRP/sqlcheck YRP/sig_238_RunAsEx YRP/SplitJoin_V1_3_3_rar_Folder_3 YRP/InstGina YRP/sig_238_findoor YRP/WinEggDropShellFinal_zip_Folder_InjectT YRP/gina_zip_Folder_gina YRP/sig_238_xsniff YRP/sig_238_fscan YRP/_FsHttp_FsPop_FsSniffer YRP/Ammyy_Admin_AA_v3 YRP/LinuxHacktool_eyes_scanssh YRP/LinuxHacktool_eyes_pscan2 YRP/LinuxHacktool_eyes_a YRP/LinuxHacktool_eyes_mass YRP/CN_Toolset__XScanLib_XScanLib_XScanLib YRP/CN_Toolset_NTscan_PipeCmd YRP/CN_Toolset_sig_1433_135_sqlr YRP/Mimikatz_Memory_Rule_1 YRP/Mimikatz_Memory_Rule_2 YRP/Mimikatz_Logfile YRP/VSSown_VBS YRP/ccrewMiniasp YRP/MiniASP YRP/Anthem_DeepPanda_lot1 YRP/Anthem_DeepPanda_htran_exe YRP/KINS_dropper YRP/IronTiger_ASPXSpy YRP/IronTiger_wmiexec YRP/IronPanda_DNSTunClient YRP/IronPanda_Malware_Htran YRP/Trojan_Win32_Plaplex YRP/Trojan_Win32_Adupib YRP/IMPLANT_3_v1 YRP/PoseidonGroup_Malware YRP/liudoor YRP/BernhardPOS YRP/Unit78020_Malware_Gen1 YRP/Unit78020_Malware_Gen3 FlorianRoth/QuarksPwDump_Gen FlorianRoth/KINS_dropper FlorianRoth/Win_PrivEsc_gp3finder_v4_0 FlorianRoth/Win_PrivEsc_folderperm FlorianRoth/FiveEyes_QUERTY_Malwaresig_20123_cmdDef FlorianRoth/FiveEyes_QUERTY_Malwareqwerty_20123 FlorianRoth/FiveEyes_QUERTY_Malwaresig_20120_cmdDef FlorianRoth/FiveEyes_QUERTY_Malwaresig_20121_cmdDef FlorianRoth/Nidiran_Trojan_1 FlorianRoth/Nidiran_Trojan_3 FlorianRoth/Mal_http_EXE FlorianRoth/Mal_PotPlayer_DLL FlorianRoth/ScanBox_Malware_Generic FlorianRoth/EQGRP_create_dns_injection FlorianRoth/EQGRP_screamingplow FlorianRoth/EQGRP_MixText FlorianRoth/EQGRP_tunnel_state_reader FlorianRoth/EQGRP_payload FlorianRoth/EQGRP_eligiblecandidate FlorianRoth/EQGRP_BUSURPER_2211_724 FlorianRoth/EQGRP_networkProfiler_orderScans FlorianRoth/EQGRP_epicbanana_2_1_0_1 FlorianRoth/EQGRP_sniffer_xml2pcap FlorianRoth/EQGRP_BananaAid FlorianRoth/EQGRP_config_jp1_UA FlorianRoth/EQGRP_userscript FlorianRoth/EQGRP_BUSURPER_3001_724 FlorianRoth/EQGRP_workit FlorianRoth/EQGRP_tinyhttp_setup FlorianRoth/EQGRP_EPBA FlorianRoth/EQGRP_jetplow_SH FlorianRoth/EQGRP_extrabacon FlorianRoth/EQGRP_sploit_py FlorianRoth/EQGRP_uninstallPBD FlorianRoth/EQGRP_BICECREAM FlorianRoth/EQGRP_BFLEA_2201 FlorianRoth/EQGRP_StoreFc FlorianRoth/EQGRP_BBALL FlorianRoth/EQGRP_BARPUNCH_BPICKER FlorianRoth/EQGRP_Implants_Gen5 FlorianRoth/EQGRP_pandarock FlorianRoth/EQGRP_BananaUsurper_writeJetPlow FlorianRoth/EQGRP_Implants_Gen4 FlorianRoth/EQGRP_Implants_Gen3 FlorianRoth/EQGRP_BLIAR_BLIQUER FlorianRoth/EQGRP_sploit FlorianRoth/EQGRP_Implants_Gen2 FlorianRoth/EQGRP_Implants_Gen1 FlorianRoth/EQGRP_ssh_telnet_29 FlorianRoth/EQGRP_callbacks FlorianRoth/EQGRP_Extrabacon_Output FlorianRoth/EQGRP_Unique_Strings FlorianRoth/OPCLEAVER_BackDoorLogger FlorianRoth/OPCLEAVER_Jasus FlorianRoth/OPCLEAVER_ShellCreator2 FlorianRoth/OPCLEAVER_SmartCopy2 FlorianRoth/OPCLEAVER_SynFlooder FlorianRoth/OPCLEAVER_TinyZBot FlorianRoth/OPCLEAVER_ZhoupinExploitCrew FlorianRoth/OPCLEAVER_antivirusdetector FlorianRoth/OPCLEAVER_csext FlorianRoth/OPCLEAVER_kagent FlorianRoth/OPCLEAVER_mimikatzWrapper FlorianRoth/OPCLEAVER_pvz_in FlorianRoth/OPCLEAVER_zhLookUp FlorianRoth/OPCLEAVER_zhmimikatz FlorianRoth/OPCLEAVER_CCProxy_Config FlorianRoth/ONHAT_Proxy_Hacktool FlorianRoth/RAT_JavaDropper FlorianRoth/malware_sakula_memory FlorianRoth/Casper_Included_Strings FlorianRoth/Casper_SystemInformation_Output FlorianRoth/GhostDragon_Gh0stRAT FlorianRoth/GhostDragon_Gh0stRAT_Sample2 FlorianRoth/kerberoast_PY FlorianRoth/WiltedTulip_ReflectiveLoader FlorianRoth/WindowsShell_s3 FlorianRoth/WindosShell_s1 FlorianRoth/WindowsShell_Gen FlorianRoth/WindowsShell_Gen2 FlorianRoth/ps1_toolkit_Invoke_Shellcode FlorianRoth/ps1_toolkit_Invoke_Mimikatz FlorianRoth/ps1_toolkit_Invoke_RelfectivePEInjection FlorianRoth/ps1_toolkit_Persistence FlorianRoth/ps1_toolkit_Invoke_Mimikatz_RelfectivePEInjection FlorianRoth/ps1_toolkit_Inveigh_BruteForce_2 FlorianRoth/ps1_toolkit_Persistence_2 FlorianRoth/ps1_toolkit_Inveigh_BruteForce_3 FlorianRoth/Pirpi_1609_A FlorianRoth/Pirpi_1609_B FlorianRoth/Regin_Related_Malware FlorianRoth/Unit78020_Malware_Gen1 FlorianRoth/Unit78020_Malware_Gen3 FlorianRoth/APT_Liudoor FlorianRoth/CoreImpact_sysdll_exe FlorianRoth/IronPanda_DNSTunClient FlorianRoth/IronPanda_Malware_Htran FlorianRoth/DeepPanda_lot1 FlorianRoth/DeepPanda_htran_exe FlorianRoth/Empire_Invoke_Mimikatz FlorianRoth/APT_Malware_CommentCrew_MiniASP FlorianRoth/Metasploit_Loader_RSMudge FlorianRoth/Sofacy_Fybis_ELF_Backdoor_Gen1 FlorianRoth/FourElementSword_Config_File FlorianRoth/FourElementSword_ElevateDLL_2 FlorianRoth/PoseidonGroup_Malware FlorianRoth/apt_equation_equationlaser_runtimeclasses FlorianRoth/EquationDrug_HDDSSD_Op FlorianRoth/PoisonIvy_Sample_6 FlorianRoth/Payload_Exe2Hex FlorianRoth/Fidelis_Advisory_cedt370 FlorianRoth/WaterBug_wipbot_2013_dll FlorianRoth/apt_hellsing_implantstrings FlorianRoth/IMPLANT_3_v1 FlorianRoth/BernhardPOS FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen2 FlorianRoth/Turla_APT_Malware_Gen3 FlorianRoth/APT_Project_Sauron_Scripts FlorianRoth/APT_Project_Sauron_arping_module FlorianRoth/APT_Project_Sauron_kblogi_module FlorianRoth/APT_Project_Sauron_basex_module FlorianRoth/APT_Project_Sauron_dext_module FlorianRoth/Invoke_mimikittenz FlorianRoth/APT_Malware_PutterPanda_Rel FlorianRoth/APT6_Malware_Sample_Gen FlorianRoth/Codoso_CustomTCP_4 FlorianRoth/Codoso_Gh0st_3 FlorianRoth/Codoso_Gh0st_1 FlorianRoth/Codoso_PGV_PVID_1 FlorianRoth/PlugX_J16_Gen2 FlorianRoth/NTLM_Dump_Output FlorianRoth/shimrat FlorianRoth/shimratreporter FlorianRoth/WoolenGoldfish_Sample_1 FlorianRoth/WoolenGoldfish_Generic_3 FlorianRoth/Hacktool_Strings_p0wnedShell FlorianRoth/Keylogger_CN_APT FlorianRoth/Nanocore_RAT_Gen_1 FlorianRoth/Nanocore_RAT_Gen_2 FlorianRoth/Trojan_Win32_Plaplex FlorianRoth/Trojan_Win32_Adupib KevTheHermit/JavaDropper

YRP/anti_dbgtools YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/BASE64_table YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen2 YRP/Turla_APT_Malware_Gen3 FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen2 FlorianRoth/Turla_APT_Malware_Gen3

YRP/anti_dbgtools YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/BASE64_table YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen2 YRP/Turla_APT_Malware_Gen3 FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen2 FlorianRoth/Turla_APT_Malware_Gen3

YRP/Microsoft_Visual_Cpp_70_DLL_Method_3 YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/anti_dbgtools YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/CRC32b_poly_Constant YRP/BASE64_table YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen3 YRP/GenerateTLSClientHelloPacket_Test FlorianRoth/carbon_metadata FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen3

YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/anti_dbgtools YRP/inject_thread YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/CRC32b_poly_Constant YRP/BASE64_table YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen2 YRP/Turla_APT_Malware_Gen3 FlorianRoth/generic_carbon FlorianRoth/carbon_metadata FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen2 FlorianRoth/Turla_APT_Malware_Gen3

YRP/Microsoft_Visual_Cpp_70_DLL_Method_3 YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/anti_dbgtools YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/CRC32b_poly_Constant YRP/BASE64_table YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen3 YRP/GenerateTLSClientHelloPacket_Test FlorianRoth/carbon_metadata FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen3

YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/anti_dbgtools YRP/network_http YRP/network_tcp_socket YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/CRC32b_poly_Constant YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen3 FlorianRoth/carbon_metadata FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen3

YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/anti_dbgtools YRP/network_http YRP/network_tcp_socket YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/CRC32b_poly_Constant YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen3 FlorianRoth/carbon_metadata FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen3

YRP/Microsoft_Visual_Cpp_70_DLL_Method_3 YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/anti_dbgtools YRP/disable_dep YRP/inject_thread YRP/network_tcp_socket YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/CRC32b_poly_Constant YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen2 YRP/Turla_APT_Malware_Gen3 YRP/GenerateTLSClientHelloPacket_Test FlorianRoth/carbon_metadata FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen2 FlorianRoth/Turla_APT_Malware_Gen3

YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/anti_dbgtools YRP/inject_thread YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/CRC32b_poly_Constant YRP/BASE64_table YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen2 YRP/Turla_APT_Malware_Gen3 FlorianRoth/generic_carbon FlorianRoth/carbon_metadata FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen2 FlorianRoth/Turla_APT_Malware_Gen3

YRP/Microsoft_Visual_Cpp_70_DLL_Method_3 YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/anti_dbgtools YRP/inject_thread YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/CRC32b_poly_Constant YRP/BASE64_table YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen2 YRP/Turla_APT_Malware_Gen3 YRP/GenerateTLSClientHelloPacket_Test FlorianRoth/generic_carbon FlorianRoth/carbon_metadata FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen2 FlorianRoth/Turla_APT_Malware_Gen3

YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/anti_dbgtools YRP/disable_dep YRP/inject_thread YRP/network_tcp_socket YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/CRC32b_poly_Constant YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen2 YRP/Turla_APT_Malware_Gen3 FlorianRoth/carbon_metadata FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen2 FlorianRoth/Turla_APT_Malware_Gen3

YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/anti_dbgtools YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/CRC32b_poly_Constant YRP/BASE64_table YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen3 FlorianRoth/carbon_metadata FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen3

YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/anti_dbgtools YRP/inject_thread YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/CRC32b_poly_Constant YRP/BASE64_table YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen2 YRP/Turla_APT_Malware_Gen3 FlorianRoth/generic_carbon FlorianRoth/carbon_metadata FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen2 FlorianRoth/Turla_APT_Malware_Gen3

YRP/Microsoft_Visual_Cpp_70_DLL_Method_3 YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/CRC32b_poly_Constant YRP/BASE64_table YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen3 YRP/GenerateTLSClientHelloPacket_Test FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen3

YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/anti_dbgtools YRP/disable_dep YRP/network_tcp_socket YRP/win_mutex YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers1 YRP/CRC32b_poly_Constant YRP/Str_Win32_Winsock2_Library YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen2 YRP/Turla_APT_Malware_Gen3 FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen2 FlorianRoth/Turla_APT_Malware_Gen3

YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/anti_dbgtools YRP/network_http YRP/network_tcp_socket YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers1 YRP/CRC32b_poly_Constant YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen2 YRP/Turla_APT_Malware_Gen3 FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen2 FlorianRoth/Turla_APT_Malware_Gen3

YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VirtualPC_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/vmdetect YRP/anti_dbgtools YRP/disable_dep YRP/network_http YRP/network_tcp_socket YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers1 YRP/CRC32b_poly_Constant YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen2 YRP/Turla_APT_Malware_Gen3 FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen2 FlorianRoth/Turla_APT_Malware_Gen3

YRP/Microsoft_Visual_Cpp_70_DLL_Method_3 YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/anti_dbgtools YRP/disable_dep YRP/network_http YRP/network_tcp_socket YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers1 YRP/CRC32b_poly_Constant YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen2 YRP/Turla_APT_Malware_Gen3 YRP/GenerateTLSClientHelloPacket_Test FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen2 FlorianRoth/Turla_APT_Malware_Gen3

YRP/Microsoft_Visual_Cpp_70_DLL_Method_3 YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/anti_dbgtools YRP/disable_dep YRP/network_tcp_socket YRP/win_mutex YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers1 YRP/CRC32b_poly_Constant YRP/Str_Win32_Winsock2_Library YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen2 YRP/Turla_APT_Malware_Gen3 YRP/GenerateTLSClientHelloPacket_Test FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen2 FlorianRoth/Turla_APT_Malware_Gen3