YRP/Misc_Suspicious_Strings YRP/anti_dbgtools YRP/Big_Numbers3 YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen2 YRP/Turla_APT_Malware_Gen3 FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen2 FlorianRoth/Turla_APT_Malware_Gen3

FlorianRoth/Empire_Invoke_PowerDump FlorianRoth/Empire_Invoke_ShellcodeMSIL FlorianRoth/Empire_Invoke_SmbScanner FlorianRoth/Empire_Invoke_EgressCheck FlorianRoth/Empire_Invoke_PostExfil FlorianRoth/Empire_Invoke_SMBAutoBrute FlorianRoth/Empire_Get_Keystrokes FlorianRoth/Empire_Invoke_DllInjection FlorianRoth/Empire_KeePassConfig FlorianRoth/Empire_PowerShell_Framework_Gen1 FlorianRoth/Empire_PowerUp_Gen FlorianRoth/Empire_PowerShell_Framework_Gen2 FlorianRoth/Empire_KeePassConfig_Gen FlorianRoth/Empire_Invoke_Portscan_Gen FlorianRoth/Empire_Invoke_CredentialInjection_Invoke_Mimikatz_Gen FlorianRoth/Empire_Invoke_Gen FlorianRoth/Mal_http_EXE FlorianRoth/Mal_PotPlayer_DLL FlorianRoth/ScanBox_Malware_Generic FlorianRoth/EQGRP_create_dns_injection FlorianRoth/EQGRP_screamingplow FlorianRoth/EQGRP_MixText FlorianRoth/EQGRP_tunnel_state_reader FlorianRoth/EQGRP_payload FlorianRoth/EQGRP_eligiblecandidate FlorianRoth/EQGRP_BUSURPER_2211_724 FlorianRoth/EQGRP_networkProfiler_orderScans FlorianRoth/EQGRP_epicbanana_2_1_0_1 FlorianRoth/EQGRP_sniffer_xml2pcap FlorianRoth/EQGRP_BananaAid FlorianRoth/EQGRP_config_jp1_UA FlorianRoth/EQGRP_userscript FlorianRoth/EQGRP_BUSURPER_3001_724 FlorianRoth/EQGRP_workit FlorianRoth/EQGRP_tinyhttp_setup FlorianRoth/EQGRP_EPBA FlorianRoth/EQGRP_jetplow_SH FlorianRoth/EQGRP_extrabacon FlorianRoth/EQGRP_sploit_py FlorianRoth/EQGRP_uninstallPBD FlorianRoth/EQGRP_BICECREAM FlorianRoth/EQGRP_BFLEA_2201 FlorianRoth/EQGRP_StoreFc FlorianRoth/EQGRP_BBALL FlorianRoth/EQGRP_BARPUNCH_BPICKER FlorianRoth/EQGRP_Implants_Gen5 FlorianRoth/EQGRP_pandarock FlorianRoth/EQGRP_BananaUsurper_writeJetPlow FlorianRoth/EQGRP_Implants_Gen4 FlorianRoth/EQGRP_Implants_Gen3 FlorianRoth/EQGRP_BLIAR_BLIQUER FlorianRoth/EQGRP_sploit FlorianRoth/EQGRP_Implants_Gen2 FlorianRoth/EQGRP_Implants_Gen1 FlorianRoth/EQGRP_ssh_telnet_29 FlorianRoth/EQGRP_callbacks FlorianRoth/EQGRP_Extrabacon_Output FlorianRoth/EQGRP_Unique_Strings FlorianRoth/OPCLEAVER_BackDoorLogger FlorianRoth/OPCLEAVER_Jasus FlorianRoth/OPCLEAVER_ShellCreator2 FlorianRoth/OPCLEAVER_SmartCopy2 FlorianRoth/OPCLEAVER_TinyZBot FlorianRoth/OPCLEAVER_ZhoupinExploitCrew FlorianRoth/OPCLEAVER_antivirusdetector FlorianRoth/OPCLEAVER_csext FlorianRoth/OPCLEAVER_kagent FlorianRoth/OPCLEAVER_mimikatzWrapper FlorianRoth/OPCLEAVER_pvz_in FlorianRoth/OPCLEAVER_zhLookUp FlorianRoth/OPCLEAVER_zhmimikatz FlorianRoth/OPCLEAVER_CCProxy_Config FlorianRoth/RAT_Adzok FlorianRoth/RAT_Ap0calypse FlorianRoth/RAT_BlackShades FlorianRoth/RAT_BlueBanana FlorianRoth/RAT_Bozok FlorianRoth/RAT_ClientMesh FlorianRoth/RAT_DarkComet FlorianRoth/RAT_DarkRAT FlorianRoth/RAT_JavaDropper FlorianRoth/RAT_LostDoor FlorianRoth/RAT_NanoCore FlorianRoth/RAT_Paradox FlorianRoth/RAT_QRat FlorianRoth/RAT_ShadowTech FlorianRoth/RAT_Sub7Nation FlorianRoth/RAT_Vertex FlorianRoth/RAT_unrecom FlorianRoth/Casper_Included_Strings FlorianRoth/Casper_SystemInformation_Output FlorianRoth/FVEY_ShadowBrokers_Jan17_Screen_Strings FlorianRoth/OilRig_Malware_Campaign_Gen2 FlorianRoth/Greenbug_Malware_4 FlorianRoth/Greenbug_Malware_5 FlorianRoth/EquationGroup_elgingamble FlorianRoth/EquationGroup_cmsd FlorianRoth/EquationGroup_ebbshave FlorianRoth/EquationGroup_eggbasket FlorianRoth/EquationGroup_sambal FlorianRoth/EquationGroup_cmsex FlorianRoth/EquationGroup_DUL FlorianRoth/EquationGroup_slugger2 FlorianRoth/EquationGroup_jackpop FlorianRoth/EquationGroup_epoxyresin_v1_0_0 FlorianRoth/EquationGroup_estesfox FlorianRoth/EquationGroup__ftshell_ftshell_v3_10_3_0 FlorianRoth/EquationGroup__scanner_scanner_v2_1_2 FlorianRoth/EquationGroup__ghost_sparc_ghost_x86_3 FlorianRoth/EquationGroup__jparsescan_parsescan_5 FlorianRoth/EquationGroup__ftshell FlorianRoth/EquationGroup_Toolset_Apr17_Eternalromance FlorianRoth/EquationGroup_Toolset_Apr17_Gen2 FlorianRoth/EquationGroup_Toolset_Apr17__DoubleFeatureReader_DoubleFeatureReader_0 FlorianRoth/EquationGroup_Toolset_Apr17__EAFU_ecwi_ESKE_EVFR_RPC2_4 FlorianRoth/Regin_Related_Malware FlorianRoth/Unit78020_Malware_Gen1 FlorianRoth/Unit78020_Malware_Gen3 FlorianRoth/APT_Liudoor FlorianRoth/IronPanda_DNSTunClient FlorianRoth/IronPanda_Malware_Htran FlorianRoth/DeepPanda_lot1 FlorianRoth/DeepPanda_htran_exe FlorianRoth/GRIZZLY_STEPPE_Malware_2 FlorianRoth/Sofacy_Fybis_ELF_Backdoor_Gen1 FlorianRoth/PoseidonGroup_Malware FlorianRoth/apt_equation_equationlaser_runtimeclasses FlorianRoth/EquationDrug_HDDSSD_Op FlorianRoth/Payload_Exe2Hex FlorianRoth/WaterBug_wipbot_2013_dll FlorianRoth/apt_hellsing_implantstrings FlorianRoth/IMPLANT_3_v1 FlorianRoth/BernhardPOS FlorianRoth/FVEY_ShadowBroker_Auct_Dez16_Strings FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen2 FlorianRoth/Turla_APT_Malware_Gen3 FlorianRoth/APT_Project_Sauron_Scripts FlorianRoth/APT_Project_Sauron_arping_module FlorianRoth/APT_Project_Sauron_kblogi_module FlorianRoth/APT_Project_Sauron_basex_module FlorianRoth/APT_Project_Sauron_dext_module FlorianRoth/REDLEAVES_CoreImplant_UniqueStrings FlorianRoth/PLUGX_RedLeaves FlorianRoth/Invoke_mimikittenz FlorianRoth/APT_Malware_PutterPanda_Rel FlorianRoth/Codoso_CustomTCP_4 FlorianRoth/Codoso_Gh0st_3 FlorianRoth/Codoso_Gh0st_1 FlorianRoth/Codoso_PGV_PVID_1 FlorianRoth/shimrat FlorianRoth/shimratreporter FlorianRoth/WoolenGoldfish_Sample_1 FlorianRoth/WoolenGoldfish_Generic_3 FlorianRoth/Hacktool_Strings_p0wnedShell FlorianRoth/Nanocore_RAT_Gen_1 FlorianRoth/Nanocore_RAT_Gen_2 FlorianRoth/apt_RU_MoonlightMaze_customlokitools FlorianRoth/apt_RU_MoonlightMaze_customsniffer FlorianRoth/apt_RU_MoonlightMaze_de_tool FlorianRoth/apt_RU_MoonlightMaze_cle_tool FlorianRoth/apt_RU_MoonlightMaze_xk_keylogger FlorianRoth/Trojan_Win32_Plaplex FlorianRoth/Trojan_Win32_Adupib KevTheHermit/Paradox KevTheHermit/Bozok KevTheHermit/unrecom KevTheHermit/DarkRAT KevTheHermit/JavaDropper KevTheHermit/LostDoor KevTheHermit/BlackShades KevTheHermit/Sub7Nation KevTheHermit/BlueBanana KevTheHermit/Crimson KevTheHermit/NanoCore KevTheHermit/DarkComet KevTheHermit/Ap0calypse KevTheHermit/Adzok KevTheHermit/ShadowTech KevTheHermit/Vertex BAMFDetect/dexter_strings BAMFDetect/BlackShadesServer BAMFDetect/diamond_fox BAMFDetect/backoff BAMFDetect/DarkComet BAMFDetect/alina BAMFDetect/NanoCore BAMFDetect/pony BAMFDetect/easterjackpos BAMFDetect/genome BAMFDetect/Bozok BAMFDetect/dendroid

YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/anti_dbgtools YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/CRC32b_poly_Constant YRP/BASE64_table YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen3 FlorianRoth/carbon_metadata FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen3

YRP/Microsoft_Visual_Cpp_70_DLL_Method_3 YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/anti_dbgtools YRP/network_http YRP/network_tcp_socket YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/CRC32b_poly_Constant YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen3 YRP/GenerateTLSClientHelloPacket_Test FlorianRoth/carbon_metadata FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen3

YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/anti_dbgtools YRP/inject_thread YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/CRC32b_poly_Constant YRP/BASE64_table YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen2 YRP/Turla_APT_Malware_Gen3 FlorianRoth/generic_carbon FlorianRoth/carbon_metadata FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen2 FlorianRoth/Turla_APT_Malware_Gen3

YRP/Microsoft_Visual_Cpp_70_DLL_Method_3 YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/anti_dbgtools YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/CRC32b_poly_Constant YRP/BASE64_table YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen3 YRP/GenerateTLSClientHelloPacket_Test FlorianRoth/carbon_metadata FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen3

YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/anti_dbgtools YRP/disable_dep YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/escalate_priv YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/CRC32b_poly_Constant YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen2 YRP/Turla_APT_Malware_Gen3 FlorianRoth/carbon_metadata FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen2 FlorianRoth/Turla_APT_Malware_Gen3

YRP/Microsoft_Visual_Cpp_70_DLL_Method_3 YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/anti_dbgtools YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/CRC32b_poly_Constant YRP/BASE64_table YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen3 YRP/GenerateTLSClientHelloPacket_Test FlorianRoth/carbon_metadata FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen3